1. 8

    This is especially nasty on linux, where inotify(7) events for write(2) and truncate(2)/ftruncate(2) both result in an IN_MODIFY. To make it worse, open(2) with O_TRUNC doesn’t result in IN_MODIFY, but only IN_OPEN events and there is no way to distinguish between O_RDONLY, O_WRONLY and/or O_RDWR.

    At the time tail receives and handles the events and uses stat(2) to try to detect truncations the file could have already grown to the size before the truncation or larger and there is no way to tell if the file was truncated at all.

    1. 3

      Because [Podman] doesn’t need a daemon, and uses user namespacing to simulate root in the container, there’s no need to attach to a socket with root privileges, which was a long-standing concern with Docker.

      Wait, Docker didn’t use user namespacing? I thought that was the whole point of Linux containers.

      1. 7

        There are two different things called user namespaces. CLONE_NEWUSER which creates a namespace that doesn’t share user and groups IDs with the parent namespace. And the kernel configuration option CONFIG_USER_NS, which allows unprivileged user to create new namespaces.

        Docker and the tools from the article both use user namespaces as in CLONE_NEWUSER.

        Docker by default runs as privilegued user and can create namespaces without CONFIG_USER_NS, I’m not sure if you can run docker as an unprivilegued user because of other features, but technically it should be able to create namespaces if CONFIG_USER_NS is enabled without root.

        For the tools described in the article, they just to create a namespace and then exec into the init process of the container. Because they are not daemons and don’t do a lot more than that, they can run unprivileged if CONFIG_USER_NS is enabled.

        Edit: Another thing worth mentioning in my opinion is, UID and GID maps (which are required if you want to have more than one UID/GID in the container) can only be written by root, and tools like podman use two setuid binaries from shadow (newuidmap(1) and newgidmap(1)) to do that.

        1. 1

          It can, but for a long time it was off by default. Not sure if that’s still true.

        1. 3

          as always, feel free to submit feedback, criticism or issues!

          1. 3

            Just some nitpicking on dependencies:

            • When depending on a Git repository (as you do with your colored dependency), it is a good practice to point to a particular commit or tag using the rev or tag parameter instead of the branch, as the branch’s HEAD can change but a commit or tag can only point to only one specific state of the repository.
            • When publishing a binary (executable) crate, it is a good practice to publish along the crate the Cargo.lock. You can find the reasoning on why you should publish this file in Cargo’s FAQ

            I will try it later though! I always complained that some prompt frameworks are using scripting languages like Python or Ruby that have slow spin-up rate, so this project seems interesting and a cool way to customize my ugly and boring prompt.

            1. 1

              You kind of cover this but the Cargo.lock would capture the commit that the git dependency was at when the lock file was generated. So if the Cargo.lock was checked in everyone would build against the same commit.

            2. 2

              I already implemented a similar tool some months ago rusty-prompt, maybe you can get some inspiration out of it.

              1. 1

                sure! thanks for sharing!

              2. 1

                My bashes (both the one that comes with Mac OS and the latest 5.0.7 from brew) seem to cache PS1 somehow, making pista break quite a lot.

                ➜  ~ /usr/local/bin/bash
                bash-5.0$ PS1=$(pista)
                ~
                $ cd git
                ~
                $ PS1=$(pista)
                ~/git
                $ cd nomad
                ~/git
                $ PS1=$(pista)
                ~/g/nomad master ·
                $
                
                1. 2

                  Try PS1='$(pista)'. What’s happening is that pista is getting called once, when you set PS1, and then never again. The single quotes force PS1 to literally contain the expansion, which then gets expanded (and thereby call pista) each time the prompt is printed

                  1. 2

                    Ohhh, no :( Of course. I feel like I should step far away from the computer now.

                    1. 3

                      looks like the installation instructions were faulty!

                      1. 1

                        Oh, whew, thanks for that. Now I feel slightly less stupid :)

                  2. 1

                    cant seem to replicate this, but it looks like a PROMPT_COMMAND thing.

                  3. 1

                    @hostname is nice to have if $SSH_CONNECTION is set.

                    1. 4

                      i have plans to extend pista into a library, so you could build your own prompts with pista’s functions. maybe ill add a hostname function :^)

                  1. 2

                    See Firejail, if you haven’t already. It’s a sandbox for untrusted applications.

                    With it, you can put firejail --private /usr/bin/firefox "$@" in an executable in your PATH, to spawn a safer amnesiac session when needed. Firefox + firejail without the --private flag is also practically indistinguishable from without firejail.

                    1. 5

                      Everyone interested in firejail for “untrusted” software/security reasons should read this oss-sec thread.

                      1. 1

                        Can you guide us there?

                        1. 3

                          firejail, for something that should improve security, had quite some CVEs:

                          https://www.cvedetails.com/vulnerability-list/vendor_id-16191/Firejail-Project.html

                          Some of the CVEs are easy to exploit and have a high impact.

                          1. 2

                            But that’s still better than nothing, as long as you understand it’s not perfectly ‘secure’, right? I think the problem would be that folks may not understand it has some major CVEs and expect it to be a complete solution (when it is not).

                            1. 3

                              It is really not, firefox itself already sandboxes processes, its not perfect and there a things to improve. But there are people reviewing it and looking for bugs. Firejail is a setuid binary, which already gains more privileges than firefox would ever have. Firejail introduced privilege escalation and other security issues, which lead to root by just having firejail installed and accessible to a user.

                              1. 1

                                Indeed. On the typical single-user desktop giving applications full access to the user account is just as bad as giving them root access because a root escalation does not provide significant benefits to an attacker.

                                Firejail will not block an attacker that is both skilled and motivated but at least it effectively contains a spammy or nosy application.

                                Any better solution?

                                1. 1

                                  Indeed. On the typical single-user desktop giving applications full access to the user account is just as bad as giving them root access.

                                  This is funny because firejail is setuid and runs as root until it drops privileges again (Some CVEs result in root for any user who can access the firejail binary). Firefox does sandboxing itself, using the same or similar techniques, but would never gain root privileges.

                                  Firejail is way to complex and the design doesn’t really look like it was build with security in mind. It does way to many things in one big setuid binary. This already elevates privileges to root from a normal user, this is not how it should be designed. The perfect solution would be something that is designed with least privileges in mind and do things like dbus or xorg forwarding/proxying in a completely different low privileges process.

                                  There are things like bubblewrap, but they are not as easy to use for desktop applications because they are not designed around it, you can still make with work by bind mounting the Xorg socket into the namespace or letting it connect to a separate server like Xephyr so the sandboxed application doesn’t have access to all other windows. Other things like dbus would also be handled manually.

                              2. 1

                                Yeah, anything will have vulnerabilities but what are the odds of anything targeting users on Firefox + Firejail around? And then the odds of you actually getting it?

                                1. 1

                                  Looks good but my current main OS is Windows and I can’t seem to be able to find a Windows version on the repo. Is there one?

                            2. 3

                              Firejail doesn’t have the best security record, and only works on linux.

                            1. 18

                              I’d really like to know why they seem to list requirements that seem squarely in musl libc’s core design goals yet post this like it’s a novel suggestion. Perhaps they have reasons for skipping on musl but it seems lazy or contemptuous to not at least mention why they would prefer to avoid existing glibc alternatives.

                              1. 10

                                The only thing that comes to mind is that google doesn’t own/control musl, so google’s proposed changes may not be accepted by musl. With their own libc, google can introduce things that other libc implementation would never merge.

                                1. 7

                                  This is easy to say about any project but I found this post originally via twitter from the musl author: https://twitter.com/RichFelker/status/1143292587576635402

                                  There has likely been no discussion of what might be accepted. If the merge problem is really the case, it probably doesn’t belong in LLVM either. Good riddance throw-it-over-the-fence style OSS if you ask me. Google can keep it to themselves if they’re incapable of this kind of conversation as a corporation (not trying to take offense to developers who may be stuck between to hard places as employees).

                                  1. 6

                                    This is easy to say about any project

                                    Well, yeah, because it’s true a lot of the time. Happens all the time and it’s totally understandable. It really is not even remotely a stretch to imagine that the goals of MUSL wouldn’t align with the goals of Google.

                                    I once wondered whether I should try to contribute a faster version of memchr to MUSL, but just looking at the tickets on that project made me immediately reconsider. Which isn’t to say MUSL is bad, but it’s to say that MUSL clearly has a specific set of goals in mind, and they do not always line up with everyone else’s goals.

                                    1. 7

                                      There is actually a interesting mailing list thread with googlers on the musl mailing list from a few years back where they considered including musl in chromium, which failed at the end.

                                      TL;DR: Lawyers/Legal team had a problem with some files/headers that are in “public domain” and requested a re-license of those files.

                                      https://www.openwall.com/lists/musl/2016/03/15/1

                                      1. 6

                                        Interesting. I’ve been on the bad end of a bunch of Googlers and their licensing concerns too. Not a pleasant experience.

                                    2. 3

                                      This is easy to say about any project

                                      Well, yea, but it’s not every day a major company decides to go off and do their own implementation (or fork) of (insert thing here with a some widely-available OSS implementations), and google has a history of doing this (BoringSSL immediately comes to mind).

                                  2. 7

                                    Rich Felker (of musl) posted a follow-up in the thread, taking the viewpoint that: 1) LLVM shouldn’t build its own from-scratch libc, and preferably 2) shouldn’t ship a libc at all, whether a new one or musl or otherwise.

                                    1. 3

                                      isn’t musl linux-only?

                                      1. 2

                                        Not technically but it seems to have been designed with Linux in mind & using it with others kernels can require a lot of effort.

                                    1. 2

                                      Without knowing much about the implementation, the bidirectional wormholes look nice on the surface.

                                      1. 2

                                        I think a new take on bind and maybe union mounts would have been cooler.

                                        Symlinks already make things complicated, but now you have two types and who knows if there is the need for something like lstat(2) or additional flags for open(2) like O_NOFOLLOW.

                                        Edit: Firmlinks only work for volume groups is limiting compared to bind mounts. But I guess this is why they don’t really need extra syscalls or flags to deal with it because they are only intended to map to the “Data” volumes in volume groups.

                                      1. 9

                                        When I switched from duckduckgo bangs to firefox keywords search I found %S by coincidence for search terms without url escaping. I couldn’t find this in any documentation. This allows me to just add !archive in front of the url to get redirected to the web archive:

                                        https://web.archive.org/web/*/%S
                                        
                                        1. 1

                                          That’s really really useful! Thank you!

                                        1. 15

                                          After the recent announcement of the F5 purchase of NGINX we decided to move back to Lighttpd.

                                          Would be interesting to know why instead of just a blog post which is basically an annotated lighthttpd configuration.

                                          1. 6

                                            If history has taught us anything, the timeline will go a little something like this. New cool features will only be available in the commercial version, because $$. The license will change, because $$. Dead project.

                                            And it’s indeed an annotated lighttpd configuration as this roughly a replication of the nginx config we were using and… the documentation of lighttpd isn’t that great. :/

                                            1. 9

                                              The lighttpd documentation sucks. Or at least it did three years ago when https://raymii.org ran on it. Nginx is better, but still missing comprehensive examples. Apache is best, on the documentation font.

                                              I wouldn’t move my entire site to another webserver anytime soon (it runs nginx) but for new deployments I regularly just use Apache. With 2.4 being much much faster and just doing everything you want, it being open source and not bound to a corporation helps.

                                              1. 1

                                                Whatever works for you. We used to run our all websites on lighttpd, before the project stalled. So seemed a good idea to move back, before nginx frustration kicked in. :)

                                                1. 3

                                                  Im a bit confused. You’re worried about Nginx development stalling or going dead in the future. So, you switched to one that’s already stalled in the past? Seems like the same problem.

                                                  Also, I thought Nginx was open source. If it is, people wanting to improve it can contribute to and/or fork it. If not, the problem wouldn’t be the company.

                                                  1. 2

                                                    The project is no longer stalled and if it stalls again going to move, again. Which open source project did well after the parent company got acquired?

                                                    1. 3

                                                      I agree with you that there’s some risk after a big acquisition. I didnt know lighttpd was active again. That’s cool.

                                                      1. 2

                                                        If it was still as dead as it was a couple of years ago I would have continued my search. :)

                                                        1. 1

                                                          Well, thanks for the tip. I was collecting lightweight servers and services in C language to use for tests on analysis and testing tools later. Lwan was main one for web. Lighttpd seems like a decent one for higher-feature server. I read Nginx was a C++ app. That means I have less tooling to use on it unless I build a C++ to C compiler. That’s… not happening… ;)

                                                          1. 3

                                                            nginx is 97% C with no C++ so you’re good.

                                                            1. 1

                                                              Thanks for correction. What’s other 3%?

                                                              1. 2

                                                                Mostly vim script with a tiny bit of ‘other’ (according to github so who knows how accurate that is).

                                                                1. 1

                                                                  Alright. I’ll probably run tools on both then.

                                                                  1. 2

                                                                    Nginx was “heavily influenced” by apache 1.x; a lot of the same arch, like memory pools etc. fyil

                                                      2. 2

                                                        SuSE has been going strong, and has been acquired a few times.

                                                        1. 1

                                                          SuSE is not really an open-source project though, but a distributor.

                                                          1. 3

                                                            They do have plenty of open-source projects on their own, though. Like OBS, used by plenty outside of SuSE too.

                                                2. 5

                                                  It’s a web proxy with a few other features, in at least 99% of all cases.

                                                  What cool new features are people using?

                                                  Like, reading a few books on the topic suggested to me that despite the neat things Nginx can do we only use a couple workhorses in our daily lives as webshits:

                                                  • Virtual hosts
                                                  • Static asset hosting
                                                  • Caching
                                                  • SSL/Let’s Encrypt
                                                  • Load balancing for upstream servers
                                                  • Route rewriting and redirecting
                                                  • Throttling/blacklisting/whitelisting
                                                  • Websocket stuff

                                                  Like, sure you can do streaming media, weird auth integration, mail, direct database access, and other stuff, but the vast majority of devs are using a default install or some Docker image. But the bread and butter features? Those aren’t going away.

                                                  If the concern is that new goofy features like QUIC or HTTP3 or whatever will only be available under a commercial license…maaaaaybe we should stop encouraging churn in protocols that work well enough?

                                                  It just seems like much ado about nothing to me.

                                                  1. 6

                                                    maaaaaybe we should stop encouraging churn in protocols that work well enough?

                                                    They don’t work well enough on mobile networks. In particular, QUIC’s main advantage over TCP is it directly addresses the issues caused by TCP’s congestion-avoidance algorithm on links with rapidly fluctuating capacities. I share your concern that things seem like they’re changing faster than they were before, but it’s not because engineers are bored and have nothing better to do.

                                                  2. 4

                                                    New cool features will only be available in the commercial version, because $$.

                                                    Isn’t that already the case with nginx?

                                                1. 5

                                                  Am I the only one who uses set -g alternate-screen off in tmux to keep the output of programs like vim on the screen which allows me to peek back by just scrolling up?

                                                  1. 9

                                                    And http://libdill.org/, from the same authors, but without sticking to “go-style”.

                                                    1. 4

                                                      Also libdill has support for structured concurrency, whereas libmill doesn’t.

                                                    1. 1

                                                      I wonder if long shebangs have MAX_SIZE of 128 bytes, why those Nix scripts have more than that, doesn’t it always be truncated assuming linux-version < 5.0-rc1? What’s the point on having those big lines on them? if they will never be used to whatever purpose was intended for them in the first place.

                                                      1. 3

                                                        perl reads/parses the shebang itself again when executed and doesn’t use the command line passed by the kernel if it sees that its truncated.

                                                        https://lobste.rs/s/zmxyhk/case_supersized_shebang#c_dfkskv

                                                        1. 1

                                                          Thanks for answering. I assume such behaviour is only in place inside of the perl interpreter, is it different from other versions of perl (say version 1 for example)? are there other dynamic language interpreter that do it? It seems a little weird as a hack and thus non-standard and incorrect, but I may be the one incorrect, because I don’t know much else. By the way, thanks for your work on void.

                                                      1. 2

                                                        Is someone aware of an efficient shuffling algorithm that is biased for something like shuffling playlists? I basically want to put tracks into nested buckets (artist -> album) then shuffle each bucket and distribute each track as far as possible. It should then distribute the tracks from the same artist as far as possible and also distribute tracks from the same album as far as possible.

                                                        There are implementations, but I would like to know if there is something better.

                                                        Spotify used to do Fisher-Yates shuffle but switched to an algorithm like this.

                                                        http://keyj.emphy.de/balanced-shuffle/ https://labs.spotify.com/2014/02/28/how-to-shuffle-songs/ https://cjohansen.no/a-better-playlist-shuffle-with-golang/

                                                        1. 2

                                                          Spontaneous thought: Fisher–Yates picks the next element uniformity in the range [i,n] – why could you not pick using another distribution defined by similarity to the previously locked song? With dynamic programming you should be able to get a reasonably efficient and optimal solution.

                                                          1. 2

                                                            I think that’s pretty much state of the art. You can get better results in some cases by starting with a larger target array. Say 4x the number of inputs. This reduces the number of collisions.

                                                            I didn’t fully follow the last example, but I think it’s possible to do better than trying to pile the first track into index 0 every time.

                                                          1. 5

                                                            Its really not practical to do a chromium rebuild for every small update. Symbol versioning is annoying and Void Linux started to make every package that is build against glibc to depend on glibc>=buildversion because partial updates are allowed but versioned symbols break all the shared library checks.

                                                            1. 9

                                                              In practice, package builds already do a chromium rebuild for every small update. Developers do incremental builds regardless of the method of linking.

                                                              Really, the reason to build Chrome with shared objects is that the linker will fall over when building as a single binary with debug info – it’s already too big for the linker to handle easily. The last time I tried to build Chrome to debug an issue I was having, I didn’t know you had to do some magic to build it in smaller pieces, so the linker crunched on the objects for 45 minutes before falling flat on its face aborting. I think it didn’t like 4 gigabyte debug info sections.

                                                              Also, keep in mind that this wiki entry is coming from a Plan 9 perspective. Plan 9 tends to have far smaller binaries than Chromium, and instead of large fat libraries, it tends to make things accessible via file servers. HTTP isn’t done via libcurl, for example, but instead via webfs.

                                                              1. 2

                                                                That separation also means you can rebuild webfs to fix everything using it without rebuilding them, which is what shared libraries were supposed to help with.

                                                              2. 6

                                                                Well, I feel like that’s the only way to handle it in Void really.

                                                                Anyway, I’d trade disk space for having static linked executables every day. Must be why I love Go so much. But I still understand why it’s used, both for historical and practical reasons. This post showcases the difference between static and dynamic cat but I’m scared of what would happen with something heavy with lots of dependencies. For example qt built statically is about 2/3rd of the size.

                                                                1. 4

                                                                  If the interface has not changed, you technically only need a relink.

                                                                  1. 3

                                                                    If you have all the build artifacts laying around

                                                                    1. 3

                                                                      Should a distribution then relink X applications pushing hundreds of megabytes of updates or should they start shipping object files and link them on the user system where we would basically imitate shared libraries.

                                                                      1. 6

                                                                        One data point: openbsd ships all .o for the kernel, which keeps updates small.

                                                                        (I don’t think this is actually new. Iirc, old unix systems used to do the same so you could relink a modified kernel without giving away source.)

                                                                        1. 3

                                                                          That’s how SunOS worked, at least. The way to relink the kernel after an update also works if you have the source too; it’s the same build scaffolding.

                                                                          1. 2

                                                                            Kernel, but not also every installed port or package

                                                                          2. 3

                                                                            It would be viable to improve both deterministic builds and binary diffs/delta patches for that. With deterministic builds you could make much better diffs (AFAICT) since the layout of the program will be more similar between patches.

                                                                            1. 4

                                                                              Delta updates would be nice a nice improvement for the “traditional” package managers. Chrome does this for its updates, but instead of just binary diffs, they even disassemble the binary and reassemble it on the client. http://dev.chromium.org/developers/design-documents/software-updates-courgette

                                                                              1. 2

                                                                                What do you mean by delta updates? What should they do differently than what delta RPMs have been doing until now?

                                                                                1. 1

                                                                                  Yes maybe this, not sure how delta rpms work specifically, do they just diff files in rpms or are those deltas of each binary/file inside of the rpm?

                                                                                  1. 1

                                                                                    They ship new/changed files, and I think they also do binary diffs (at least based on what this page says)

                                                                            2. 1

                                                                              Chrome already ships using binary diffs, so this is a solved problem.

                                                                              1. 0

                                                                                where we would basically imitate shared libraries.

                                                                                Except without the issue of needing to have just one version of that shared library.

                                                                                1. 2

                                                                                  Proper shared libraries are versioned and don’t have this issue.

                                                                          1. 18

                                                                            One word entirely missing from the article is “Oracle”.

                                                                            It doesn’t matter what Sun said when. It matters what Oracle may do now. That’s the airquotes-terror.

                                                                            You might argue that they’ve more or less left things alone, but the whole thing centers around a bad actor and an uncommon license.

                                                                            1. 3

                                                                              Exactly. Oracle relicensed DTrace to GPL. They could do the same with ZFS. Why didn’t they?

                                                                              1. 2

                                                                                Some say its because tracing in linux got better and they lost the competitive advantage for oracle linux.

                                                                            1. 6

                                                                              Is this about packages or NixOS itself? If it’s about packages, I noticed the CHICKEN package is still on 4.13. Our current release is 5.0.0, which is now fully reproducible. If someone were to update it and all eggs, that would raise the percentage a tiny bit again :)

                                                                              1. 5

                                                                                Everything is a package, but the packages in iso_minimal.x86_64-linux are “minimal”.

                                                                                I think the packages are limited to the packages listed in the base profile and their dependencies.

                                                                                1. 1

                                                                                  Thanks for clarifying!

                                                                                2. 4

                                                                                  Duncaen got it right. Here is the full list of what was built: https://r13y.com/reproducibility-log-f2a1a4e93be2d76720a6b96532b5b003cc769312

                                                                                  1. 2

                                                                                    I merged the chicken 5.0.0 update PR for nixpkgs some time ago, so it should be in unstable :)

                                                                                    1. 1

                                                                                      Wonderful, thank you!

                                                                                  1. 5

                                                                                    Not using $CC? Using $LDFLAGS for required libraries is a bit annoying, let users use it to specify their own flags without having to copy all the required libraries out of your makefile.

                                                                                    And its also good to name it GNUmakefile if you require GNU features.

                                                                                    1. 2

                                                                                      That ship has sailed. GNU make is the practical standard. Do you name your shell scripts that non-POSIX bash features .bash instead of .sh? Should the $CFLAGS be named $GCCFLAGS?

                                                                                      1. 1

                                                                                        I don’t see a problem with using GNUmakefile if you have the choice, it has no negative side effects afaik. File extensions are different, they are useless anyways, we use shebangs and yes non-POSIX shell scripts with a #!/bin/sh shebang are really really bad, 100x worse than the makefile situation.

                                                                                      2. 1

                                                                                        And its also good to name it GNUmakefile if you require GNU features.

                                                                                        I suppose it technically is gnu-specific… The only things I can see are -include, which is not included in the standard, along with % rules. FreeBSD appears to use GNU make. NetBSD supports -include syntax, though it doesn’t appear to support pattern rules (though it’s been on the todo-list for almost four years). Pattern rules are very useful, though this makefile could be rewritten to use suffix rules instead, though it is not very idiomatic. There is also a proposal to add them to posix, but it appears to not have been updated since 2011.

                                                                                        edit: it appears -include is standard posix as well, leaving only pattern rules

                                                                                        1. 5

                                                                                          FreeBSD appears to use GNU make.

                                                                                          FreeBSD does not use GNU Make[1]. You can install Gnu Make as gmake via packages.

                                                                                          [1] https://www.freebsd.org/cgi/man.cgi?make(1)

                                                                                          1. 1

                                                                                            Ah, I guess I misread that.

                                                                                            I’m kindof surprised at how many implementations don’t have pattern rules given how useful they are out of the basic functionality shown in OP’s makefile.

                                                                                      1. 2

                                                                                        ooh. A zero dependency Python script is certainly better than ghq, but I need it to expand bare user/proj into github URLs automatically :)

                                                                                        1. 1

                                                                                          Very interested in how it can be improved. Can you give an example of what you mean?

                                                                                          1. 1

                                                                                            git get user/project

                                                                                            without typing https://github.com

                                                                                            1. 2

                                                                                              Zero dependency POSIX shell version: http://sprunge.us/WanJ6v uncomment line 14 for github default.

                                                                                              1. 1

                                                                                                This link has gone dead with:

                                                                                                This application is temporarily over its serving quota. Please try again later.

                                                                                              2. 1

                                                                                                Ah! Gotcha. I added an issue here: https://github.com/pietvanzoen/git-get/issues/5

                                                                                                Thanks for the suggestion.

                                                                                          1. 4

                                                                                            In addition to “design” of C Standard Library, “implementation” side also contains some amazing stuffs. strstr is ANSI C and does string search. Correct implementation is trivial. Efficient implementation is decidedly not. You may imagine it uses Knuth-Morris-Pratt or Boyer-Moore, but no, production algorithm is called Two-Way. Here it is:

                                                                                            https://sourceware.org/git/?p=glibc.git;a=blob;f=string/str-two-way.h;hb=HEAD

                                                                                            1. 8

                                                                                              A few notes on this otherwise excellent post.

                                                                                              C99 provides a macro SIZE_MAX with the maximum value possible in size_t. C89 doesn’t have it, although you can obtain the value by casting (size_t)-1. This assumes a twos’ complement architecture, which is the most common number representation on modern computers. You can enforce the requirement like this: […]

                                                                                              This actually assumes nothing and is perfectly portable because the standard says so.

                                                                                              From C89 (draft), “3.2.1.2 Signed and unsigned integers” (emphasis mine):

                                                                                              When a signed integer is converted to an unsigned integer with equal or greater size, if the value of the signed integer is nonnegative, its value is unchanged. Otherwise: if the unsigned integer has greater size, the signed integer is first promoted to the signed integer corresponding to the unsigned integer; the value is converted to unsigned by adding to it one greater than the largest number that can be represented in the unsigned integer type.

                                                                                              The rationale was explicitly to avoid a change in the bit pattern except filling the high-order bits.


                                                                                              DOS used \n\r for line endings.

                                                                                              As far as I know, DOS used \r\n and Mac OS (classic) used \n\r. EDIT: Mac OS (classic) used \r.


                                                                                              OpenBSD provides arc4random() which returns crypto-grade randomness.

                                                                                              arc4random() is also available on FreeBSD, NetBSD and macOS.

                                                                                              1. 8

                                                                                                arc4random() is also available on FreeBSD, NetBSD and macOS.

                                                                                                And on illumos systems!

                                                                                                1. 4

                                                                                                  MS-DOS used ‘\r\n’ (in that order). Classic Mac OS (pre-OS X) used ‘\r’ and Unix has always used ‘\n’.

                                                                                                  The wide character stuff was the most interesting to read.

                                                                                                  1. 1

                                                                                                    I stand corrected; thanks. I’ll fix my comment.

                                                                                                  2. 3

                                                                                                    Thank you (and the other commenters) for your corrections, I’ll update the article. Learning from the discussion is another great thing about writing these articles.

                                                                                                    1. 0

                                                                                                      arc4random() is also available on FreeBSD, NetBSD and macOS.

                                                                                                      This is also helpfully defined in stdlib.h on linux and can be linked to with -lbsd.

                                                                                                      1. 4

                                                                                                        libbsd is a thirdparty library with its own issues because it can’t decide which BSD to use as source, resulting in different APIs and random breaks when they switched between implementations. https://cgit.freedesktop.org/libbsd/commit/?id=e4e15ed286f7739682737ec2ca6d681dbdd00e79

                                                                                                        1. 3

                                                                                                          fwiw that doesn’t appear to have affected the arc4random* functions. The core issue seems to be different signatures between the bsds. While changing implementations may be a problem for code using libbsd to port programs, it isn’t as big of a problem for software written with the library in mind. Additionally, the arc4random functions appear to have consistent signatures across the BSDs, so a breacking change like what you linked wouldn’t be necessary. As it is, libbsd is an easy and sane way to get random numbers across different unixes.

                                                                                                    1. 4

                                                                                                      The choice to use alt as mod key and therefor to overwriting commonly used keybindings seems very counter productive.

                                                                                                      1. 3

                                                                                                        Considering that most people who even would want to use this, will compile this by themselves, replacing Mod1Mask with something else shouldn’t be that difficult. These things are made to be hacked with after all.

                                                                                                        1. 4

                                                                                                          XMonad does this too; I think they pick a bad default specifically in order to make people install the Haskell compiler and learn enough to change it.

                                                                                                          1. 1

                                                                                                            Didn’t know it was intentional in the case of Xmonad. That’s probably also the reason I never got into it too, since it’s not only haskell but an entire DSL you’d have to learn.

                                                                                                            1. 3

                                                                                                              It’s only speculation, but it’s hard to find any other explanation for such a bad default.

                                                                                                        2. 2

                                                                                                          I’m probably in the minority, but changing my mod key to alt is the first thing I do when I configure my window manager. I just have a easier time to hit alt.

                                                                                                          1. 1

                                                                                                            This drives me insane.

                                                                                                            1. 1

                                                                                                              I use dwm which also uses alt keys and I don’t recall it ever being a problem. Programs I use seem to prefer ctrl keys.

                                                                                                              1. 1

                                                                                                                most shells and gnu readline have alt+w and alt+b moving by words by default, alt+hjkl are commonly used too, but they seem to do different things in different shells.

                                                                                                                edit: and I forgot about the the common pattern of GUI applications using alt to access the file, edit… etc menu by underlining the character that is bound: https://i.imgur.com/DyNr4kd.png