Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/hyc/statuses/116590491465194202">Howard Chu @ Symas (hyc@mastodon.social)'s status on Monday, 18-May-2026 00:01:09 JST</a><a href="https://mastodon.social/@hyc" title="hyc@mastodon.social"><img src="https://gnusocial.jp/avatar/29613-48-20221117233524.webp" width="48" height="48" alt="Howard Chu @ Symas" style="position: absolute; left: 0; top: 0;">Howard Chu @ Symas</a><div><a href="https://infosec.exchange/@nxadm/116590482483337268" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/88732" title="nxadm@infosec.exchange">nxadm</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@nxadm">@nxadm</a> <a href="https://hachyderm.io/@dalias">@dalias</a> yes, but still that's an open door for malware, wherever you point it. <a href="https://mastodon.social/@hyc/113999242008616734" rel="nofollow">https://mastodon.social/@hyc/113999242008616734</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/6403596#notice-12612267">In conversation</a><time datetime="2026-05-18T00:01:09+09:00" title="Monday, 18-May-2026 00:01:09 JST">about 5 days ago</time> <span>from <span><a href="https://mastodon.social/@hyc/116590491465194202" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@hyc/116590491465194202">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://mastodon.social/@hyc/113999242008616734">Howard Chu @ Symas (@hyc@mastodon.social)</a></h5><div> from <span>Howard Chu @ Symas</span></div></header><div>#BoltDB is a Go rewrite of #LMDB (mostly; it has a lot more limitations). It's no longer maintained. Since 2021 some forks had a backdoor giving remote command access to machines.https://snyk.io/blog/go-malicious-package-alert/All of this is inconceivable for LMDB, since it has no other dependencies. Also, the thought of an embedded DB engine having access to any networking APIs at all is just mindboggling.The Go build system, and its automatic pulling of dependencies from github, is ludicrous.#golang</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Howard Chu @ Symas (hyc@mastodon.social)'s status on Monday, 18-May-2026 00:01:09 JSTHoward Chu @ Symas
in reply to
- Rich Felker
- nxadm
@nxadm @dalias yes, but still that's an open door for malware, wherever you point it. https://mastodon.social/@hyc/113999242008616734
In conversationabout 5 days ago from mastodon.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Howard Chu @ Symas (@hyc@mastodon.social)
  from Howard Chu @ Symas
  #BoltDB is a Go rewrite of #LMDB (mostly; it has a lot more limitations). It's no longer maintained. Since 2021 some forks had a backdoor giving remote command access to machines. https://snyk.io/blog/go-malicious-package-alert/ All of this is inconceivable for LMDB, since it has no other dependencies. Also, the thought of an embedded DB engine having access to any networking APIs at all is just mindboggling. The Go build system, and its automatic pulling of dependencies from github, is ludicrous. #golang

Public

Embed Notice

HTML Code

Corresponding Notice