Programming Leftovers
-
The Unicode Blog: Announcing The Unicode Standard, Version 15.0
Version 15.0 of the Unicode Standard is now available, including the core specification, annexes, and data files. This version adds 4,489 characters, bringing the total to 149,186 characters. These additions include two new scripts, for a total of 161 scripts, along with 20 new emoji characters, and 4,193 CJK (Chinese, Japanese, and Korean) ideographs.
-
Unicode 15 released [LWN.net]
Version 15 of the Unicode standard has been released.
-
Linux And Android Waste Coding Effort
For many years it has been standard practice to test that you get the memory you ask for, but it has all be a huge waste of time. Operating systems get in on the act before you have a chance to do anything about it.
We try to write code that behaves well - or most of us do. One particular catastrophe that we have all been schooled in avoiding is running out of memory. A C/C++ programmer uses the malloc function to allocate memory. The function usually returns a pointer to the memory requested, but if there isn't enough memory it returns a NULL.
-
Linus Torvalds talks Rust on Linux, his work schedule, and life with his M2 MacBook Air
I've known Linus Torvalds for decades, but since Covid hit, we haven't had a chance for a face-to-face interview in years. Finally, at 2022's Linux Plumbers Conference, the annual get-together of the world's top Linux developers, we had a chance to talk in person again.
-
The Rust Programming Language Blog: Security advisories for Cargo (CVE-2022-36113, CVE-2022-36114)
The Rust Security Response WG was notified that Cargo did not prevent extracting some malformed packages downloaded from alternate registries. An attacker able to upload packages to an alternate registry could fill the filesystem or corrupt arbitary files when Cargo downloaded the package.
These issues have been assigned CVE-2022-36113 and CVE-2022-36114. The severity of these vulnerabilities is "low" for users of alternate registries. Users relying on crates.io are not affected.
Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros.
-
Easy creation of SFS from DEB packages with deb2sfs
EasyOS has 'dir2sfs', that will convert a folder to a SFS file.
[...]
One thing I need to implement is updating. If you already have an older Chrome SFS installed, there should be an offer to update. That's on the to-do list.
Next up, plan to find some more packages available as DEB packages, and convert to SFS.
-
Request Page Redesign - Round Two - Open Build Service
Previously we started the redesign of the request workflow as part of the beta program. We received a lot of feedback from you and still have a lot on our TODO list. This time we focused our attention on the support of multi-action submit requests and on creating more clarity in the conversations area by highlighting comments.