I’m Martin (or mort). I’ve been writing about weird C stuff lately, and random technical stuff before that.

Link: https://mort.coffee

Sadly, there’s no RSS feed; it’s something I plan to maybe eventually add, but my static site generator was my first C project, and is something I haven’t touched in many years, so it might take a while.

I suppose I know why, but I hate that D is always left out of discussions like this.

The content is good, but this kind of UI jitter is really distracting: https://gfycat.com/PotableSameGoldenmantledgroundsquirrel

Seems that this implements a basic slab cache on top of malloc (or other) using C++ map data structures. Though I think maybe technically a slab cache allocates by dividing up a contiguous block of memory into specifically-sized chunks instead of piecing individual small chunks together in a queue. You can see in your example on your github page that your two 100-byte allocations are not at contiguous memory addresses.

I don’t know much about the speed of C++ things, but it would be nice to see some speed comparisons to malloc, since I think malloc does some binning/caching of its own instead of immediately returning stuff to the system.

Also, in allocate_memory(), if _alloc_fun() returns NULL due to underlying allocator (i.e., malloc) failing, it will still increment _used_mem, which will lead to incorrect accounting. It might also cause some problems when the NULL pointer is freed.

WWDC is a developers conference, not a consumer/product conference. Why would new hardware be announced in WWDC?

The site’s CSS could use some media queries: https://cloud.mort.coffee/index.php/s/DNLt7PdysZw6Ast/preview

“but WebAssembly is designed to run safely on remote computers, so it can be securely sandboxed without losing performance.”

Assuming the hardware works correctly. This assumption is failing more often now. You pretty much have to know what the code is going to do up front to securely run it.

(Astute readers will notice they are all AMD (Socket AM4) motherboards. The whole Meltdown/Spectre debacle rendered my previous Intel system insecure and unsecurable so that was the final straw for me — no more Intel CPUs.)

I mean, it’s not like AMD’s that much better in that regard….

I just wonder, how is it possible to have 124000 employees, yet leave such an important application untouched for so many years? The line ending thing is really important, but one could argue that MS haven’t cared for non-Windows systems, but Notepad has also been broken in other ways; ctrl+backspace inserts a square instead of deleting a word, for example.

MS exhibits this behavior towards other important apps too. Explorer.exe still doesn’t use the “new” APIs to support paths more than a couple hundred characters, meaning people end up with folders they can’t delete using Explorer. Explorer’s text input fields also insert a square when you hit ctrl+backspace, just like Notepad. CMD.exe just recently was updated to let the window be maximized.

I find it a little ironic that after using the open-web browser that I am not able to inspect the sessionstore-backups/recovery.jsonlz4 file after a crash to recover some textfield data, as Mozilla Firefox is using a non-standard compression format, which cannot be examined with lzcat nor even with lz4cat from ports.

The bug report about this lack of open formats has been filed 3 years ago, and suggests lz4 has actually been standardised long ago, yet this is still unfixed in Mozilla.

Sad state of affairs, TBH. The whole choice of a non-standard format for user’s data is troubling; the lack of progress on this bug, after several years, no less, is even more so.

1. Because all product decision authority rests with the “Product Owner”, Scrum disallows engineers from making any product decisions and reduces them to grovelling to product management for any level of inclusion in product direction.

i.e. the product has a clear owner, and you build the thing that customers want rather than the thing that engineers want.

2-3,9, most of 11: true, and these things result in better software.

This lack of ownership results in: Poor design Lack of motivation (“It isn’t my thing”, “It was broken when I start working on it”)

That’s the opposite of my experience. Lack of ownership means I don’t need anyone’s permission to improve code I’m working on, and means the design can be evolved by the people actually working on it, leading to better design.

5-7, 14: not my experience.

8, 12: don’t do that then.

Do managers or Product Owners track and estimate every task they engage in

Track and estimate tasks? No, because those are reactive positions - QA folk or people on support duties this week don’t estimate either. The point of estimating is to be able to make prioritisation decisions, so it only really applies when there’s a

with little or no say in what they work on?

Yes? Managers and owners are expected to solve everything people bring to them, they don’t get any chocie.

Are they required to present burn down charts that show that they are on target to finish?

No, nor are developers.

Are they required to do bi-weekly sell-off meeting to justify their activities?

No, again like QA or support people.

13, 14: no actual argument to justify those claims, not my experience.

15. Scrum ignores the fact that any task that has been done before in software does not need to be redone because it can be easily copied and reused. So, by definition, new software tasks are truly new territory and therefore very hard to estimate.

Disagree. Scrum does everything reasonably possible to acknowledge that estimation is hard: estimating in officially meaningless points, daily standups to give you an assessment point to realise if a task is diverging from its estimate and reasses if need be. At the same time, ultimately you do want some way to have engineering estimates feed into task prioritization decisions - you need some minimal level of estimation to be able to make the “do I do task A or task B or task C this week” decision. Scrum accomplishes that better than anything else I’ve seen.

I’d rather write Pug, honestly (it’s a Haml-like HTML dialect). Am I the only one? I don’t want to remember all these rules for lists and line breaks and whatnot. Markdown strikes me as both simple and confusing.

If there’s a compelling non-HTML target for writing Markdown, I totally understand; power to them. I never found one myself.

I was hoping to get some tips I could use, but my use of a CAPTCHA isn’t on the web, it’s to allow legacy Telnet access to my Multics installation. It all started with a MASSIVE amount of automatic cracking attempts, which I linked to the Mirai botnet, but simply have never slowed down!

This is issue is affecting many other legacy system providers as well (see their 07-Jun-17, 01-Dec-17, and 04-Dec-17 updates).

Example of what I’m seeing over a period of about two or three months:

 » mlt_ust_captcha
 CAPTCHA: 32 passed, 18632 failed.

My solution was to present untrusted connections via legacy methods like telnet a text-based CAPTCHA - I am using only low ASCII characters for numbers and lowercase letters A through F, because at that stage of the connection, I can’t be sure exactly what terminal type the user is connecting with:

 Please input the following text to enable access from your host.
 You have 4 chances, 15 seconds each, or else you will be banned.
   _          _
  | |__    __| |  __ _   ___
  | '_ \  / _` | / _` | / __|
  | |_) || (_| || (_| || (__
  |_.__/  \__,_| \__,_| \___|
  
  >

I tried various methods for turning the tables and lessening the burden of proof on the human to prove they are human, like examining keystroke timing, but everything I tried seemed to increase the false positive rate unacceptably!

My biggest complaint with this CAPTCHA system is, by it’s nature, it makes my resources inaccessible to computers - which means it also makes things inaccessible to those who depend on computer-based accessibility tools, such as those used by the blind.

For my Multics use-case, it’s OK, because there channels like Mosh or SSH connections that are exempted from the CAPTCHA and won’t affect blind or disabled users. As more and more of the web moves to programmed JavaScript-based pages, I worry that it’s becoming less accessible, or that disabled and blind users will be forced to experience second-rate presentation and content.

This is scary. Because even at the time of install, after carefully reading all reviews, and inspecting the network tab everything looks okay. It’s only weeks/months later that the malicious code gets remotely loaded and executed.

Google needs to take a hard look at their Chrome Extension Store.

When was the last time you productively used an octal number-representation?

Whenever I terminate a C string with a null character.

That’s why even when I worked with an IDE I rarely used the debugger. Instead I prefer to use debug prints.

This author lost all credibility with me here. One simply cannot be effective working with large legacy code bases without using the debugger. So many things are obvious when you can step through the code.

“it is not acceptable to display a page that carries only third-party branding on what is actually a Google URL”

That seems like an odd position to take. The early Web was filled with people hosting their own content on their ISP using Apache’s /~username feature.

Tag proposal :D

I predict some ppl will get overexcited & start rewriting

That really kind of put me off the article… I’ll read it, but I really don’t believe such SMS speak is appropriate for a blog post.

I like being aware of this. Sometimes people try to improve things that are perfectly ok already and when you examine why, it’s usually because they feel that they need to do something. It happens outside of software and engineering too,