Hey Bill,
How is life in England? Any interesting LUGS?
I was scanning old posts from SacLUG.
Brian
On Sun, Jun 05, 2016 at 07:28:56PM -0700, Bill Kendrick wrote:
>
> I've got speakers lined up for July and August, but no one for June.
> Anyone interested in speaking? LUGOD's June meeting is on Monday the 20th.
>
> Thanks!
>
> --
> -bill!
> Sent from my computer
> _______________________________________________
> Lug-nuts mailing list
> Lug-nuts(a)saclug.org
> http://lists.saclug.org/cgi-bin/mailman/listinfo/lug-nuts
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
We will be back at Bel Air on Arden.
https://www.saclug.org/articles/2025/september-2025.html
When: Tue September 16, 2025 06:00 PM to 08:00 PM
Speaker: Kevin Brisson
Location: Bel Air #502 S.E.G.R.
4320 Arden Way
Sacramento, CA 95864
Kevin will present his Byte Vision local document analysis tool.
https://github.com/kbrisso/byte-vision
I hope to see everyone there!
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
See you at Kupros this Tuesday!
https://www.saclug.org/articles/2025/august-2025.html
Time: 6:30pm - 8:30 pm
We usually sit upstairs at one of the big tables. I will try to put a
"penguin" in one of the number holders.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
In haste, I used a GIMP script fu to create the SacLUG log for the
current site. Some have blessed it because it reminds them of a logo for
the year 2000. Others have cursed it for the same reason. I admit the
logo is a bit ridiculous.
I just hopped over the GIMP tutorials and I found a page for creating
simple floating logo.
https://www.gimp.org/tutorials/Floating_Logo/
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Did you know that the Generator Control Units for the Boeing 787 will go
into failsafe mode causing loss of all AC electrical power if they are
left on for more than 248 days?
https://www.federalregister.gov/documents/2015/05/01/2015-10066/airworthine…
This something that could have been prevented with the use of formal
methods. Check this slide presentation from Vermon Tech and
their CubeSat project.
http://lemuria.cis.vermontstate.edu/CubeSat/PUBLIC/SPARK-Frama-C-Day-2017.p…
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Debian 13 is out!
https://www.debian.org/News/2025/20250809
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Gary, computers are hard and shouldn't be used by retired folks. :) Run it
like below, it will load last. Use AI for docs - much easier and faster
than our brains.
Type=idle
Behavior of idle is very similar to simple; however, actual execution of
the service program is delayed until all active jobs are dispatched. This
may be used to avoid interleaving the output of shell services with the
status output on the console. Note that this type is useful only to improve
console output, it is not useful as a general unit ordering tool, and the
effect of this service type is subject to a 5s timeout, after which the
service program is invoked anyway.
https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html
Kevin
I just did a system update and once again I see some high
vulnerabilities on libxml2. I am sure it could use some love.
It looks like a build with autoconf. I can do that!
https://gitlab.gnome.org/GNOME/libxml2
See if I can build this thing as a start.
Brian
libxml2 (2.9.10+dfsg-6.7+deb11u8) bullseye-security; urgency=high
* Non-maintainer upload by the LTS Team.
* Fix CVE-2024-34459: Heap buffer overflow with `xmllint --htmlout`
(Closes: #1071162).
* Fix CVE-2025-6021: Integer overflow issue in xmlBuildQName. (Closes:
#1107720).
* Fix CVE-2025-6170: Potential buffer overflows in the interactive shell
(Closes: #1107938).
* Fix CVE-2025-49794: Use-after-free issue in xmlSchematronReportOutput
(Closes: #1107755).
* Fix CVE-2025-49796: Type confusion issue in xmlSchematronReportOutput
(Closes: #1107755).
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Somehow, my locale on one of my systems was changed to am_ET.uft8. I might not have noticed, actually. It only obviously broke a few farily minor things. But, I use xdotool scripts with "search --name" parameters and they stopped working. The target of these commands is my Firefox browser. It turns out that Firefox will default to it's "C" locale if it doesn't recognize the locale as set.
Everything looked the same, but was in fact different :)
After switching the locale back to en_US.utf8, my xdotool scripts worked just fine.
It seems to me that resetting the locale in this way could be used for all kinds of attacks. If an attacker could change my locale, I have two questions: How did they do it and what else did they change. It happened on one of my more secure systems where I don't visit weird sites.
I was stracing some stuff and used a few related programs and was playing with file descriptors. That may be the culprit too :) I'm going to move this activity to another system, which will be more cumbersome. But, I'd like to keep the affected system relatively secure
After forcing Google/Gemini to treat these changes as an attack, it gave me back some pretty generic advice but nothing about a specific attack other than some attacks look at the locale.
Just an FYI and seeing if anyone has any experience or thoughts. I found the insideous nature of the effects of the locale change interesting.