Brion Vibber is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Brion Vibber describes the situation in more detail, and yes apparently if you have a security need for correctness in arithmetic you should use the exact operators you need, verbosely.

‪It feels weird that rust panics on integer overflow in debug but not release builds. Such divergent behavior seems like a bad idea, especially when parsing binary files. Is one expected to choose checked arithmetic functions manually when needed?‬

ogv.js 1.5.7 released with performance boost for VP8/VP9 and Opus, and a fix for audio/webm seeking.


@kelsonv you won't want to open the app package with app-o-smart!

@kelsonv that's... fun. :( describes some steps for installing apps across users (linking the accounts as a 'family' etc) but I haven't tried this myself, so ymmv

@jlamar Win32 has a maximum length for paths (drive letter, all directories, and the actual filename). If you move a deep subdir tree from one folder to another (such as moving to "Recycle Bin") it's fairly easy to hit this limit unexpectedly!

"The folder contains items whose names are too long for the Recycle Bin."

"Other useful business software"... oh SourceForge you silly ad. :)

Setting up runners for the job queue in MediaWiki is ... poorly documented. May need to dive in and shovel some words here and there. :D

Ah... diving into the original MS article I think the idea is as a defense-in-depth mitigation for *trusted* code that processes *untrusted data* (and thus might be tricked into doing something that accesses trusted data elsewhere in the process, on behalf of some untrusted code).

Am I really confused or does this description of MS compiler 'fix' for Spectre variant 1 seem really confused about which code is vulnerable and which is changed? IUIC you could just use a pointer of your choice and not even bother with the Spectre stuff if you can write arbitrary C code injected into a process...? Compiler changes for managed VM code would prevent use of "safe code" loaded in-process for exploiting the attack, though right? Or am I backwards?

hack: on IE 11, the Math.imul polyfill is a bottleneck for VP8/VP9 decoding in . Replacing it with direct multiplication results in a noticeable speedup, but assumes no overflows will happen and breaks asm.js validation. ;)

Of course users will get far bigger performance gains from using Edge or Firefox or Chrome or Safari or anything other than IE 11. ;)

Still not sure if beautiful or gross that a billionaire had his rocket company launch a commercial for his car company as a "test payload".

I always read emails from GitHub thinking they're from GrubHub and vice versa

ugh, need C accessors for the JS anyway so ... stick with C it is! \o/

Object-oriented-style C is still kind of a pain. Nice that it doesn't hide the complexity, but annoying that I have to type a lot. Considering C++ for this polymorphic wrapper code. :P

Size overhead in emscripten output is minimal if i build with -fno-exceptions (don't need em in my code). But C++ grates too -- pure-virtual destructors must have a function body, for instance (wait what?)

Any recommendations on good practices for modern C11-era C programming? (or at least a good overview of what's changed and useful vs 'whatever old dialect of C you learned in the 90s and kept using in Linux stuff')

Still pondering how much to directly share code between OGVKit (iOS, C/Obj-C) and ogv.js (web, JS + C/emscripten). Pretty solidly planning to share the demuxer and codec wrapper & support code more since I've been cribbing functions back and forth. But would it be worth doing the player logic in one C implementation with callbacks versus two Obj-C and JS implementations? Decisions, decisions.

Dug out my iPod Touch 5th-gen to double-check that OGVKit still works on iOS 9. Works, but I have to buffer more frames to smooth out VP9 decode-time spikes at scene boundaries...