Older blog entries for chalst (starting at number 265)

28 Oct 2010 (updated 30 Oct 2010 at 11:48 UTC) »
Texlive 2010's security model
Manuel Pégourié-Gonnard, Texlive's texdoc maintainer, posted a response to my question about Texlive's restricted execution model, explaining why the feature was yanked from Texlive 2009, and saying that the change is that details have been sorted out.

redi: I see it now, but my, probably flawed, recollection was that direct certifications didn't need time to affect your recentlog filter. FWIW, I waited a few minutes before feeling compelled to write my last diary entry.</b>

28 Oct 2010 (updated 28 Oct 2010 at 08:32 UTC) »
Advogato glitch
marnanel is visible on my ratings report at 2.2, so I have tried twice to bump his rating up to something that clears my preferred recentlog threshold.

Alas, no success. I get the confirmation page, but the rating visible to me doesn't change. A server configuration bug, or something in mod_virgule, maybe?

27 Oct 2010 (updated 27 Oct 2010 at 12:16 UTC) »
Texlive 2010 has restricted shell \write18
...which is, I think a good thing. It was discussed for Texlive 2009, but didn't make it because of worries to do with restricted shell access to binaries which themselves had shell escaping.

I only discovered this feature through a post on the new tex.stackexchange.com website, How should one use \write18 with BibTeX? I asked a follow-up question, What analysis of Texlive's restricted permissions model exists?, and the answers so far don't seem to suggest that much in the way of security modelling, however informal, has been done by the Texlive team. Joseph Wright did, however, post a link to a USENIX paper, Are Text-Only Data Formats Safe? Or, Use This LATEX Class File to Pwn Your Computer, which is something like a survey of attack vectors through Latex, with proof-of-concept implementations in the context of Miktex on Windows. They make the point that, besides class and style files, Bibtex entries, typically shared without close examination, suffice for an exploit.

I'd be grateful, and reassured, to learn of more work that has been done on this.

Dos and Don'ts of diary syndication
We should have, I think I have said before, have a nice front-page article about how to go about syndicating your RSS Feed to Advogato, and why it is one's best interests to follow the advice or not syndicate at all. I should write it, shouldn't I? But...

...I've not had a lot of appetite to contribute to Advogato in the last few months, though. I generally feel that there are too many things broken around here, and if one of the strengths of Advogato is that it can be and is run by the participants, and not the benevolent dictator, on the other hand that means that there is great inertia standing in the way of improving things.

The impetus for this post comes from a couple of mindcrime's recent posts. Kudos to mindcrime for the progress with Project Shelley, but posting diary entries with more than ten large screenshots in them is not the kind of syndication that recentlog should be receiving. I don't want to drop mindcrime's output from my view of recentlog, but equally, I don't want to have this kind of material there.

5 Feb 2010 (updated 5 Feb 2010 at 15:31 UTC) »
A Compromising Situation
Take a look at humaurtumonline...

The URL isn't right, but a spammer with Journeyer all the same.

ncm, atai, explain yourselves...

Wow, aryson is serious! 22 SEO spam bulletins together! A new sleazeball, or an old antagonist with a new strategy?

Who doubts that we are talking about 22 paying clients here?

3 Feb 2010 (updated 3 Feb 2010 at 15:20 UTC) »
mjg59 reports that he's engaged. Congratulations, and I wish him some peace with his family's sure-to-come odd behaviour...

I saw a lovely photo of the newly engaged couple, though I have to say that Matthew looks like he has put on a bit of weight!

18 Jan 2010 (updated 13 Jan 2011 at 11:19 UTC) »
A POSIX question
I posted the following to superuser.com, and put about a third of the reputation points I had into it:
Impossible paths
Are there any legal paths in POSIX that cannot be associated with a file, regular or irregular? That is, for which test -e "$LEGITIMATEPOSIXPATHNAME" cannot succeed?
I'm not very impressed by the smartness or helpfulness of answers there, so I doubt that I will get adequate responses. I should just read the standards, but I am not feeling unlazy.

Oh, ... and a Happy New Year, Advogato!

It turns out that /dev/tty/impossible is impossible, since POSIX says that /dev/tty must be a character device file, and I understand that paths can only be the dirname of a file if they are directories or symlinks. The answerer I awarded my bounty on at SU didn't figure that out, but he gave me a clue that helped me.

Merry Christmas, Advogato
I'm typing this entry while talking to relatives on the phone.
10 Dec 2009 (updated 10 Dec 2009 at 09:26 UTC) »
Guile's eval
wingo posts a meta-circular evaluator for Guile. I've not time now, but I want to take a closer look at the code.

I have two thoughts about eval for guile:

  1. It can be good to write the target scheme in such a way that it can allocate all of its closures on the stack, as scheme48->prescheme does. This is a nontrivial transformation, but it means that (i) you don't need to worry about TCO, since tail calls are achieved by popping the stack, and so (ii) you can use pretty, dimwitted ceval-like code without trouble, and (iii) it's a stretch to call this an interpreter, but since you only need source-to-source transformation, it's higher level than what we usually mean by compilation. Dan Friedman has written up some relevant stuff on the transformations needed to do this.
  2. More generally, is there any interest in rearchitecting the elisp bytecode so that it fits the Guile VM?
Cf. let's bytecode it!: message by wingo to guile-devel, April 2008.

256 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!