Notices by Enno T. Boland (gottox@chaos.social)

There are people that are doing security and there are people that are doing compliance. There are very few people that can do both.

@q66 in the other hand I have a superior power button that actually lights up!

@q66 don't call it loose connection, call it extra button instead!

@q66 btw, we're sharing the same taste 🙂

@dalias @ariadne They are not attracted to file systems, but to drama.

#rust Quick Tip for people that develop in rust and hate the long compile times while developing:

1. install the mold linker [1]

2. add this to your ~/.cargo/config.toml (adapt for your platform)

```
[target.x86_64-unknown-linux-gnu]
linker = "clang"
rustflags = ["-C", "link-arg=-fuse-ld=/usr/bin/mold"]
```

3. Praise the mold developers

[1] https://github.com/rui314/mold/

I may have done the greatest misuse of the Rust type system ever!

How do I know?

#followerpower #kubernetes Anyone seen something like this? - It's a crd I just created and it's just Schrödering... Oo

Ooooooooooh...

@psykose @q66 Ha, you never worked in bigcorps, did you?

@dalias It's a misconception that `goto`s must not be used. There are usecases - especially in C which lacks the 'defer' statement - where it's just needed to write non-awful code.

@dalias I never thought I would've said that, but please use gotos! :D

Another lesson I learned throughout my career: Don't write code that can be easily changed. You'll develop a mental model what changes you expect. Turns out, these are very rarely the changes you need to do. Instead write code that can be easily deleted.

@ska in my spare time, I'm preferring C because it's fun to me. If I'm being paid, I owe it my clients to not waste their money on debugging segfaults, weird posix edge cases and race conditions. Also I don't want to be paid to implement linked lists for the 100th time.

@ska (I know every C programmer starts their own utility library containing a linked list implementation - it's a law of nature!)

A thing I wasn't aware of: systemd switched to dlopen'ing compression libraries on demand, rendering the #xz attack useless with one of their next releases. That's why apparently the attackers tried to push distributions to include the new xz version on their stable releases before the mitigation in systemd was included.

@dalias utf8/16, fontrendering and terminal escape codes are my candidates for the next big security issues. They are widely considered simple and non-issues but are in fact complex beasts.

@ariadne I'm actually not talking about the init system here, but all the stuff around it. init systems are enough out there.

@ariadne chimera at least starts the stuff, that alpine failed to do. I don't know if it will succeed, as it is a small project, but I see steps in the right direction.