Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

359
active users

med-mastodon.com: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.9

#glibc

0 posts0 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@mrmasterkeyboard @landley My choice of @musl for @OS1337 is because I want my stuff to be statically linked and not every minor update to have the risk to brick shit, because #GlibC is notorious for that since the #GNU project are nonchalantly thinking "just recompile it" is a valid excuse.

  • Espechally since (for better or worse) not everything is (A)GPL(v3)-licensed and prople may need to deal with #binaries and/or #CCSS because in many cases patents and licensing are not allowing the distribution of it.

I mean, we all 'loved' to live in a world where this wasn't the case but if I were to like deal with a vocoder for MELP, AMBE or TWELP I'm pretty shure I'd never ever be allowed to distribute it's source code, even for "clients exempted from the need to obtain licensing"...

en.wikipedia.orgMixed-excitation linear prediction - Wikipedia
Replied in thread
Public *
Kevin Karhan :verified:

@lmemsm basically the Idea behind it is to be a brutally simple #toybox + #musl / #linux distro that grew out of the necessity for me to actually think about #firmware for some projects.

Basically I want something that is so simple and auditable that it's practical to make it pass any #verification demands for #SecureTerminal|s in #CriticalInfrastructure and #Communications.

  • OFC one may point at my other projects and say: "Why don't you just put #RaspberryPiOS on a #microSD?" ignoring that the smallest image is >330MB in size and that seems kinda overkill for essentially my demands for a minimalist #Linux with very few programs in userspace.

Not to mention a #GNUfree - #Linux distro is the way to go if I want that thing to not get bricked constantly by minor #GlibC-changes...

  • End goal is something akin to #MSDOS in it's brutal simplicity, but way more extendable.

I hope that answers your question...

  • Sorry for the delay.
Infosec.SpaceOS/1337 (@OS1337@infosec.space)1.38K Posts, 46 Following, 178 Followers · A minimalist musl + toybox/Linux Distribution focussed on being the bare minimum of a useable desktop whilst making most of the space it does.
Public
datenwolf

All I want is just a collection of #binutils, #GCC, #llvm+#clang, #glibc and #musl that are "free standing" / relocatable, which I can pack into a #squashfs image to carry around to my various development machines.

You'd think that for something as fundamental as compiler infrastructure with over 60 years of knowledge, the whole bootstrapping and bringup process would have been super streamlined, or at least mostly pain free by now.

Yeah, about that. IYKYK

Continued thread
Public
IBBoard

Reading through the code, and I'm not even sure that some of the PHP functions make sense!

PHP has a `crypt` function that takes a string and a salt. But the Wordpress code _and_ the in-page function are using the hashed password as the salt. Which makes no sense. How can you salt a password with the hashed password and get something that you can compare against?

Wait. There _is_ something in the PHP docs. Not well signposted. But apparently "salt" _is_ extracted from hashed values. Which is SO obvious from the parameter naming 🙄

Should say up-front "$salt is not actually the salt - it's a string containing the salt and other characters that's processed according to the chosen crypt algorithm"

*digs further*

Oh. It looks like that magic behaviour is ACTUALLY the fault of glibc2 😑 linux.die.net/man/3/crypt

(Not clear yet how it handles `$P$` not being one of its known prefixes 😐)

#PHP#WTF#Wordpress
Continued thread
Public
Felix Palmen :freebsd: :c64:

Solved! 🥳

This was a pretty "interesting" bug. Remember when I invented a way to implement #async / #await in #C, for jobs running on a threadpool. Back then I said it only works when completion of the task resumes execution on the *same* pool thread.

Trying to improve overall performance, I found the complex logic to identify the thread job to put on a pool thread a real deal-breaker. Just having one single MPMC queue with a single semaphore for all pool threads to wait on is a lot more efficient. But then, a job continued after an awaited task will resume on a "random" thread.

It theoretically works by making sure to restore the CORRECT context (the original one of the pool thread) every time after executing a job, whether partially (up to the next await) or completely.

Only it didn't, at least here on #FreeBSD, and I finally understood the reason for this was that I was using #TLS (thread-local storage) to find the context to restore.

Well, most architectures store a pointer to the current thread metadata in a register. #POSIX user #context #switching saves and restores registers. I found a source claiming that the #Linux (#glibc) implementation explicitly does NOT include the register holding a thread pointer. Obviously, #FreeBSD's implementation DOES include it. POSIX doesn't have to say anything about that.

In short, avoiding TLS accesses when running with a custom context solved the crash. 🤯

Replied in thread
Public
Aho

@MichaelRoss something I have been trying to look for is a #Linux #ls that isn't depending on #glibc or another #libc implementation, the reason is there was some malware that attached itself to glibc and prevented you to see the directories and files it used and also the process directory in /proc
Had you a ls that wasn't built with glibc, then all the files and directories would be listed.

Public
Freexian :debian:

Debian LTS contributors released 46 Debian LTS Advisories about security updates for various packages in April 2025.

These include critical security bug fixes for jetty9, zabbix and glibc and more. Also several LTS contributors prepared packages for the recent point release of current stable Debian 12, with many prepared in conjunction with related LTS updates of the same packages.

Read more about this in our monthly report for April here: freexian.com/blog/debian-lts-r

This work is funded by Freexian's Debian LTS offering.

Your organization too can sponsor the Debian LTS (freexian.com/lts/debian/) and join the esteemed list of sponsors in the monthly report.

Freexian · Monthly report about Debian Long Term Support, April 2025Like each month, have a look at the work funded by Freexian’s Debian LTS offering. Debian LTS contributors In April, 22 contributors have been paid to work on Debian LTS, their reports are available: Adrian Bunk did 56.25h (out of 56.25h assigned). Andreas Henriksson did 15.0h (out of 20.0h assigned), thus carrying over 5.0h to the next month. Andrej Shadura did 10.0h (out of 6.0h assigned and 4.0h from previous period).
#debian#debianlts#freexian
Public
jbz

⚠️ Steam Will Stop Working on Outdated Linux Systems This August | Linuxiac

「 According to a recent announcement, the Steam client will no longer run on any distribution with a GNU C Library (glibc) version older than 2.31 starting August 15, 2025.

Users who stay on an outdated toolchain will find not only Steam but also any purchased games unable to launch until the underlying operating system is upgraded 」

linuxiac.com/steam-will-stop-w

Linuxiac · Steam Will Stop Working on Outdated Linux Systems This AugustStarting August 15, 2025, Steam will no longer work on Linux systems using glibc older than version 2.31.
#steam#glibc#linux
Public
Vitex

glibc (2.41-7) unstable; urgency=medium

Starting with glibc 2.41, shared libraries requiring an executable stack
cannot be dynamically loaded through the #dlopen mechanism from a binary that
does not require an executable stack. This change aims to improve security,
as the previous behavior was used as a vector for RCE (#CVE-2023-38408).
Attempting to do so will result in the following error:

cannot enable executable stack as shared object requires: Invalid argument

While most libraries generated in the past 20 years do not require an
executable stack, some third-party software still need this capability. Many
vendors have already updated their binaries to address this.

If you need to run a program that requires an executable stack through
dynamic loaded shared libraries, you can use the glibc.rtld.execstack
tunable:

Glibc6_TUNABLES=glibc.rtld.execstack=2 ./program

-- Aurelien Jarno <aurel32@debian.org> Sun, 13 Apr 2025 14:41:11 +0200

#Debian#Changelog#GLibC
Public
Felix Palmen :freebsd: :c64:

Today, I implemented the #async / #await pattern (as known from #csharp and meanwhile quite some other languages) ...

... in good old #C! 😎

Well, at least sort of.

* It requires some standard library support, namely #POSIX user context switching with #getcontext and friends, which was deprecated in POSIX-1.2008. But it's still available on many systems, including #FreeBSD, #NetBSD, #Linux (with #glibc). It's NOT available e.g. on #OpenBSD, or Linux with some alternative libc.

* I can't do anything about the basic language syntax, so some boilerplate comes with using it.

* It has some overhead (room for extra stacks, even extra syscalls as getcontext unfortunately also always saves/restores the signal mask)

But then ... async/await in C! 🥳

Here are the docs:
zirias.github.io/poser/api/lat

zirias.github.ioposer: PSC_AsyncTask Class Reference
#coding
Public *
Felix Palmen :freebsd: :c64:

I finally eliminated the need for a dedicated #thread controlling the pam helper #process in #swad. 🥳

The building block that was still missing from #poser was a way to await some async I/O task performed on the main thread from a worker thread. So I added a class to allow exactly that. The naive implementation just signals the main thread to carry out the requested task and then waits on a #semaphore for completion, which of course blocks the worker thread.

Turns out we can actually do better, reaching similar functionality like e.g. #async / #await in C#: Release the worker thread to do other jobs while waiting. The key to this is user context switching support like offered by #POSIX-1.2001 #getcontext and friends. Unfortunately it was deprecated in POSIX-1.2008 without an obvious replacement (the docs basically say "use threads", which doesn't work for my scenario), but still lots of systems provide it, e.g. #FreeBSD, #NetBSD, #Linux (with #glibc) ...

The posercore lib now offers both implementations, prefering to use user context switching if available. It comes at a price: Every thread job now needs its private stack space (I allocated 64kiB there for now), and of course the switching takes some time as well, but that's very likely better than leaving a task idle waiting. And there's a restriction, resuming must still happen on the same thread that called the "await", so if this thread is currently busy, we have to wait a little bit longer. I still think it's a very nice solution. 😎

In any case, the code for the PAM credential checker module looks much cleaner now (the await "magic" happens on line 174):
github.com/Zirias/swad/blob/57

GitHubswad/src/bin/swad/cred/pamchecker.c at 57eefe93cdad0df55ebede4bd877d22e7be1a7f8 · Zirias/swadSimple Web Authentication Daemon. Contribute to Zirias/swad development by creating an account on GitHub.
#C#coding
Public *
Boud

The #Maneage #reproducibility system for scientific research papers that starts from a minimal POSIX-like host OS does not yet build [1] the #GNUCLibrary = #GLibC . We have a draft implementation building glibc *after* #GCC [2]; and an alternative proposal arguing that building glibc *first* and gcc second would be more long-term sustainable [[1] comment18].

Should GLibC be built first? Why (or why not)?

[1] savannah.nongnu.org/task/?1539
[2] gitlab.com/maneage/project-dev

· 0 people · Closed
savannah.nongnu.orgManeage - Tasks: task #15390, Installing GNU C Library within... [Savannah]Savannah is a central point for development, distribution and maintenance of free software, both GNU and non-GNU.
Replied in thread
Public
Kevin Karhan :verified:

@landley @burnoutqueen Yeah...

#GPLv3 is a desaster as it's 99% ideology and 1% license text and alongside #AGPLv3 completely ignores the reality of how #licensing and #patents and #IP works.

  • Not that I like the status-quo, but we'd rather see businesses steer clear of anything GPLv2+ or GPLv3 or worse.

And on the flipside we basically get "source available" stuff like #SSPL which only serves as a means to commit #AssetDenial and monopolize commercial offerings...

#linux#gplv2only#fsf
ExploreLive feeds
About