weijh imweijh

FAQ on the xz-utils backdoor (CVE-2024-3094)

This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.

Background

On March 29th, 2024, a backdoor was discovered in xz-utils, a suite of software that

We have had some success using LS-to-LS over HTTP(S), which supports an HTTP(s) Load Balancer or Proxy in the middle, and can be secured with TLS/SSL. It can be made to be quite performant, but doing so requires some specific tuning.

Upstream (HTTP Output)

The upstream pipelie would contain a single HTTP output plugin aimed either directly at a downstream Logstash or at a Load Balancer, importantly configured with:

format => json_batch (for performance; without this one event will be sent at a time) and
retry_non_idempotent => true (for resilience; without this, some failures cannot be safely retried).

Depending on whether we ar sending directly to another Logstash or through an SSL-terminating Load Balancer or proxy, the output may need to be configured

with HTTP Basic credentials (user/password),

In the last years I've been asked multiple times about the comparison between raylib and SDL libraries. Unfortunately, my experience with SDL was quite limited so I couldn't provide a good comparison. In the last two years I've learned about SDL and used it to teach at University so I feel that now I can provide a good comparison between both.

Hope it helps future users to better understand this two libraries internals and functionality.

Backup your Notability notes on your machine using webdav

Setup

Prepare a folder where you want your backup to be.
Install rclone for your system
Run the webdav server using rclone

Building C apps on Windows in 2021

This document was written on April 3, 2021. The procedure may change over time. This is a companion gist to the youtube video here, where I go through every step of both options

Moved to skeeto/scratch/aidrivers

	// Draw a triangle on Windows using OpenGL 1.1
	// $ gcc -mwindows -o triangle triangle.c -lopengl32
	// This is free and unencumbered software released into the public domain.
	#define WIN32_LEAN_AND_MEAN
	#include <windows.h>
	#include <GL/gl.h>

	#define countof(a) (int)(sizeof(a) / (sizeof(*(a))))

	static LRESULT CALLBACK handler(HWND h, UINT msg, WPARAM wparam, LPARAM lparam)

	// $ cc -o persona persona.c
	// $ ./persona <test.txt
	// Ref: https://old.reddit.com/r/C_Programming/comments/1bmfb7p
	#include <stddef.h>
	#include <stdint.h>
	#include <string.h>

	#define assert(c) while (!(c)) (volatile int )0 = 0
	#define countof(a) (ptrdiff_t)(sizeof(a) / sizeof(*(a)))
	#define new(a, t, n) (t *)alloc(a, sizeof(t), _Alignof(t), n)

	// Font rendering demo
	// $ cc -o demo demo.c $(sdl2-config --cflags --libs)
	// Ref: https://old.reddit.com/r/C_Programming/comments/13ga82a
	// This is free and unencumbered software released into the public domain.
	#include "SDL.h"

	// https://itch.io/jam/lowrezjam2016/topic/19413/minimal-sprite-font-with-upperlower-cases-cleanreadable
	#define FONTW 72
	#define FONTH 143
	#define CHARW 9

	// UOS 或 deepin 打包流程
	// 参考 https://www.vvave.net/archives/how-to-build-a-debian-series-distros-installation-package.html
	// sudo apt-get install dh-make
	// sudo apt-get install build-essential

	const fs = require('fs-extra');
	const path = require('path');
	const { spawn } = require('child_process');
	const globby = require('globby');