Why did Microsoft skip from Windows 8 to 10? Because seven ate nine.
http://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/ describes the situation in more detail, and yes apparently if you have a security need for correctness in arithmetic you should use the exact operators you need, verbosely.
It feels weird that rust panics on integer overflow in debug but not release builds. Such divergent behavior seems like a bad idea, especially when parsing binary files. Is one expected to choose checked arithmetic functions manually when needed?
ogv.js 1.5.7 released with performance boost for VP8/VP9 and Opus, and a fix for audio/webm seeking.
"The folder contains items whose names are too long for the Recycle Bin." #ohwindows
"Other useful business software"... oh SourceForge you silly ad. :)
Setting up runners for the job queue in MediaWiki is ... poorly documented. May need to dive in and shovel some words here and there. :D
Ah... diving into the original MS article https://blogs.msdn.microsoft.com/vcblog/2018/01/15/spectre-mitigations-in-msvc/ I think the idea is as a defense-in-depth mitigation for *trusted* code that processes *untrusted data* (and thus might be tricked into doing something that accesses trusted data elsewhere in the process, on behalf of some untrusted code).
Am I really confused or does this description of MS compiler 'fix' for Spectre variant 1 seem really confused about which code is vulnerable and which is changed? IUIC you could just use a pointer of your choice and not even bother with the Spectre stuff if you can write arbitrary C code injected into a process...? Compiler changes for managed VM code would prevent use of "safe code" loaded in-process for exploiting the attack, though right? Or am I backwards?
#emscripten hack: on IE 11, the Math.imul polyfill is a bottleneck for VP8/VP9 decoding in #ogvjs. Replacing it with direct multiplication results in a noticeable speedup, but assumes no overflows will happen and breaks asm.js validation. ;)
Of course users will get far bigger performance gains from using Edge or Firefox or Chrome or Safari or anything other than IE 11. ;)
Still not sure if beautiful or gross that a billionaire had his rocket company launch a commercial for his car company as a "test payload".
I always read emails from GitHub thinking they're from GrubHub and vice versa
ugh, need C accessors for the JS anyway so ... stick with C it is! \o/
Object-oriented-style C is still kind of a pain. Nice that it doesn't hide the complexity, but annoying that I have to type a lot. Considering C++ for this polymorphic wrapper code. :P
Size overhead in emscripten output is minimal if i build with -fno-exceptions (don't need em in my code). But C++ grates too -- pure-virtual destructors must have a function body, for instance (wait what?)
Any recommendations on good practices for modern C11-era C programming? (or at least a good overview of what's changed and useful vs 'whatever old dialect of C you learned in the 90s and kept using in Linux stuff')
Still pondering how much to directly share code between OGVKit (iOS, C/Obj-C) and ogv.js (web, JS + C/emscripten). Pretty solidly planning to share the demuxer and codec wrapper & support code more since I've been cribbing functions back and forth. But would it be worth doing the player logic in one C implementation with callbacks versus two Obj-C and JS implementations? Decisions, decisions.
Dug out my iPod Touch 5th-gen to double-check that OGVKit still works on iOS 9. Works, but I have to buffer more frames to smooth out VP9 decode-time spikes at scene boundaries...
Wikimedia all-hands meetings were good time except the part where I got sick and missed half the stuff. Now I'm catching up on soooo many emails before getting back to my projects...
Think of all the stuff that still uses gtk2.
Gtk2 is not unmaintained, but it's in life support mode, thanks to people who actually get paid to do it.
Apps that haven't (been able to) switch to gtk3, they are maintained by people who *don't* get paid to do it.
Meanwhile, end users absolutely depend on those apps. We don't have that many "big" applications in free software, and we don't have an infrastructure for people to pay for them.
This is fucked up.