robryk @robryk@qoto.org
I enjoy things around information theory (and data compression), complexity theory (and cryptography), read hard scifi, currently work on weird ML (we'll see how it goes), am somewhat literal minded and have approximate knowledge of random things. I like when statements have truth values, and when things can be described simply (which is not exactly the same as shortly) and yet have interesting properties.
I live in the largest city of Switzerland (and yet have cow and sheep pastures and a swimmable lake within a few hundred meters of my place :)). I speak Polish, English, German, and can understand simple Swiss German and French.
If in doubt, please err on the side of being direct with me. I very much appreciate when people tell me that I'm being inaccurate. I think that satisfying people's curiosity is the most important thing I could be doing (and usually enjoy doing it). I am normally terse in my writing and would appreciate requests to verbosify.
I appreciate it if my grammar or style is corrected (in any of the languages I use here).
Joined Nov 2020
I'm confused. The way you stated the question if someone doesn't eat anything until lunch they do eat "breakfast", and only the people who "eat" a meal of only coffee, tea, or juice first don't. Was this what you intended?
What kinds of choices do you refer to? Things like finding a place for residency?
@freemo If I gather correctly, you are thinking of a construction that is loaded ~only in compression. Am I right?
What's the order of magnitude of the size you're thinking about (it's not obvious, because it depends on the angle in the pyramid's tip)? Less than 1% of Earth's mass/more than that?
> But it seems to me like we should be fixing this on the OS level, not trying to cram the OS into browsers.
OSes have much of the same problem that browsers do: the interfaces they expose are terrible and cannot change, because something relies on every aspect of that terribleness (see e.g. POSIX filesystems woes, where interacting with a directory where an untrusted entity can write is something that people virtually always get wrong in a way that gives that entity a file read/write oracle, because it's absurdly hard or impossible to get right depending on what operations you want to perform).
I have higher hopes for implementing interfaces with limited scope using the non-terrible part of the OS API than fixing the terrible OS-provided ones (because former admits easier experimentation and mixing-and-matching, if for no other reason).
@rysiek What I find weird and frustrating is that it's very often hard to convince people that making them less leaky is worthwhile (e.g. that it's worthwhile to be able to succinctly formulate the contract something exposes to the things above it).
robryk
boosted
Related to the latest round of everyone finding out what happens when you write image decoders in C++ now known as CVE-2023-5129: you may want to update every electron app on your machine as much as possible. Electron is built on the foundation of Google Chrome and it turns out that the webp vulnerability is also present in Electron. Annoyingly, this is going to require you to figure out which vendors have patched their apps for the vulnerability. Good luck.
You probably should update Discord immediately.
@christianp do you know that this problem wasn't happening earlier? Might it have been masked by something, which then changed with the mastodon update and stopped masking it? (For example, maybe there is a fallback to a CDN, which is now made infeasible by a change in cors.)
@christianp also, I strongly doubt it has anything to do with cors. Font sanitization is there to protect the computer from the websites.
@christianp maybe try replacing the font with its sanitized version?
This sounds like _when the thing is downloaded for use a font_ Firefox considers it invalid.
https://github.com/mozilla/gecko-dev/blob/57f94ca1d57ab745242daafc8926690377579b83/gfx/thebes/gfxUserFontSet.cpp#L692 is where the error is likely generated, and https://github.com/mozilla/gecko-dev/blob/57f94ca1d57ab745242daafc8926690377579b83/gfx/thebes/gfxUserFontSet.cpp#L193 is likely where it's caused.
That seems to refer to https://github.com/khaledhosny/ots, which seems to have a CLI tool to sanitize a font: https://github.com/khaledhosny/ots/blob/main/util/ots-sanitize.cc
If I have time in the evening I might try building it and running it against the font you have to see what the problem is.
@mynotaurus ... and stuffing them into the laptop, so that they are "internal" :)
> But they're not and we don't, which is the whole point!
I think an issue that causes all that hedging is that people start do behave as if this wasn't true, and expect others to precisely promise results.
@rq What would you expect the compiler to do in the desired world if it couldn't determine whether the assumption is always held?
@rq What did you mean by blow up? I thought you meant safely crashing. If so, you can add the verification at the beginning of the function itself and crash there.
Why doesn't checking if it's in the range at the beginning and blowing up if not do what you want?
There's also the chaotic (and confusing) option: alternate between different ones.
@matthew_d_green BTW you might find https://github.com/google/wuffs interesting.
Hm~ on the off chance it's obvious to someone: I'm trying to use the built-in I2C hardware in STM32Lsomething. I use RIOT-OS's library for interacting with that I2C hardware, and what happens is that as soon as the pins are switched to the alternate function of I2C they get pulled down (afterwards it seems that no I2C operations ever complete, but that's not that weird considering this messed up initial state). Is there something obvious I could be doing wrong, or something I ought to check?
Then we'd have likely picked webp as one of those formats (IIRC it's better than png and git for lossless compression, but please don't trust my imperfect recall).
Alas, many computers are battery-powered now, so lack of optimization for energy usage remains noticeably bad. On the runtime performance side, the will to improve decompression speed grows with increasing available bandwidths (because decompression becomes a larger fraction of the total latency), as long as we continue to compensate for those increases by increasing the amount of data we send in equivalent situations.
I enjoy things around information theory (and data compression), complexity theory (and cryptography), read hard scifi, currently work on weird ML (we'll see how it goes), am somewhat literal minded and have approximate knowledge of random things. I like when statements have truth values, and when things can be described simply (which is not exactly the same as shortly) and yet have interesting properties.
I live in the largest city of Switzerland (and yet have cow and sheep pastures and a swimmable lake within a few hundred meters of my place :)). I speak Polish, English, German, and can understand simple Swiss German and French.
If in doubt, please err on the side of being direct with me. I very much appreciate when people tell me that I'm being inaccurate. I think that satisfying people's curiosity is the most important thing I could be doing (and usually enjoy doing it). I am normally terse in my writing and would appreciate requests to verbosify.
I appreciate it if my grammar or style is corrected (in any of the languages I use here).
Joined Nov 2020
