Gary, computers are hard and shouldn't be used by retired folks. :) Run it
like below, it will load last. Use AI for docs - much easier and faster
than our brains.
Type=idle
Behavior of idle is very similar to simple; however, actual execution of
the service program is delayed until all active jobs are dispatched. This
may be used to avoid interleaving the output of shell services with the
status output on the console. Note that this type is useful only to improve
console output, it is not useful as a general unit ordering tool, and the
effect of this service type is subject to a 5s timeout, after which the
service program is invoked anyway.
https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html
Kevin
I just did a system update and once again I see some high
vulnerabilities on libxml2. I am sure it could use some love.
It looks like a build with autoconf. I can do that!
https://gitlab.gnome.org/GNOME/libxml2
See if I can build this thing as a start.
Brian
libxml2 (2.9.10+dfsg-6.7+deb11u8) bullseye-security; urgency=high
* Non-maintainer upload by the LTS Team.
* Fix CVE-2024-34459: Heap buffer overflow with `xmllint --htmlout`
(Closes: #1071162).
* Fix CVE-2025-6021: Integer overflow issue in xmlBuildQName. (Closes:
#1107720).
* Fix CVE-2025-6170: Potential buffer overflows in the interactive shell
(Closes: #1107938).
* Fix CVE-2025-49794: Use-after-free issue in xmlSchematronReportOutput
(Closes: #1107755).
* Fix CVE-2025-49796: Type confusion issue in xmlSchematronReportOutput
(Closes: #1107755).
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Somehow, my locale on one of my systems was changed to am_ET.uft8. I might not have noticed, actually. It only obviously broke a few farily minor things. But, I use xdotool scripts with "search --name" parameters and they stopped working. The target of these commands is my Firefox browser. It turns out that Firefox will default to it's "C" locale if it doesn't recognize the locale as set.
Everything looked the same, but was in fact different :)
After switching the locale back to en_US.utf8, my xdotool scripts worked just fine.
It seems to me that resetting the locale in this way could be used for all kinds of attacks. If an attacker could change my locale, I have two questions: How did they do it and what else did they change. It happened on one of my more secure systems where I don't visit weird sites.
I was stracing some stuff and used a few related programs and was playing with file descriptors. That may be the culprit too :) I'm going to move this activity to another system, which will be more cumbersome. But, I'd like to keep the affected system relatively secure
After forcing Google/Gemini to treat these changes as an attack, it gave me back some pretty generic advice but nothing about a specific attack other than some attacks look at the locale.
Just an FYI and seeing if anyone has any experience or thoughts. I found the insideous nature of the effects of the locale change interesting.
Next meeting is social at Kupros
Who: you
Time: 06:30 PM to 09:00 PM
Date: Tue August 19, 2025
Location: Kurpos
1217 21st Street
Sacramento, CA 95811
Topic:
We will return to Kupros for this meeting. It will be open
discussion. Bring your gadgets, questions, and projects that you may be
working on.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
I did a little reading and I'd be interested in the whole ecosystem: Lucene, Solr, Elastic and how your project fits in and what it does. I'm definitely a "small ball" player at the opposite end of the spectrum from the enterprise folks, but I like to keep in touch :). Besides, I have a lot of files that I am still working on organizing and need to occasionally find. Finding isn't as easy as I would like and cam be stressful.
AFA weird sites: Noting that I linked to from another site, nothing where I don't have some kind of other relationship with the owner of the site outside of the internet, nothing used for software development of any kind.
Date: Mon, 28 Jul 2025 14:06:23 -0700
From: Kevin Brisson <kbrisso(a)gmail.com>
To: Gary <saclug(a)garymcglinn.com>
Cc: lug-nuts(a)bigbrie.com
Subject: Re: [Lug-nuts] Locale: Not that I'm Paranoid
Hi Gary-
That is very strange. (you might want to burn the computer) I guess that
local is Amharic (Ethiopia) . Tell me more about " visit weird sites. "
BTW my Github AI project has 40+ stars!
https://github.com/kbrisso/byte-vision
Anyone interested in a demo of local document analysis?
Kevin Brisson
On Mon, Jul 28, 2025 at 11:01 AM Gary <saclug(a)garymcglinn.com> wrote:
> Somehow, my locale on one of my systems was changed to am_ET.uft8. I
> might not have noticed, actually. It only obviously broke a few farily
> minor things. But, I use xdotool scripts with "search --name" parameters
> and they stopped working. The target of these commands is my Firefox
> browser. It turns out that Firefox will default to it's "C" locale if it
> doesn't recognize the locale as set.
>
> Everything looked the same, but was in fact different :)
>
> After switching the locale back to en_US.utf8, my xdotool scripts worked
> just fine.
>
> It seems to me that resetting the locale in this way could be used for all
> kinds of attacks. If an attacker could change my locale, I have two
> questions: How did they do it and what else did they change. It happened
> on one of my more secure systems where I don't visit weird sites.
>
> I was stracing some stuff and used a few related programs and was playing
> with file descriptors. That may be the culprit too :) I'm going to move
> this activity to another system, which will be more cumbersome. But, I'd
> like to keep the affected system relatively secure
>
> After forcing Google/Gemini to treat these changes as an attack, it gave
> me back some pretty generic advice but nothing about a specific attack
> other than some attacks look at the locale.
>
> Just an FYI and seeing if anyone has any experience or thoughts. I found
> the insideous nature of the effects of the locale change interesting.
> _______________________________________________
> Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
>
----- End forwarded message -----
What is mead? It is honey wine! Tonight's meeting will be at Strad
Meadery.
2539 Mercantile Dr. Suite 1
Rancho Cordova, CA 95742
Tuesday, July 15, 2025
6:30 - 8:30pm
Topic
C# on GNU/Linux.
presented by Brian Lavender (me).
https://www.saclug.org/articles/2025/july-2025.html
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
We will discuss C# on GNU/Linux. Strad Meadery graciously provided their
facility to us for hosting the meeting.
July General Meeting
When: Tue July 15, 2025 06:30 PM to 08:30 PM
Speaker: Brian Lavender
Location: Strad Meadery
2539 Mercantile Dr. Suite 1
Rancho Cordova, CA 95742
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Perhaps this is a testament to SPARK/Ada's focus on secure programming?
Ada jumps to number 11 from 25
https://www.tiobe.com/tiobe-index/
I gained new respect for the Pascal family of languages after I started
working with Delphi and later teaching introduction to programming. Much
of Ada is influenced by Pascal.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Back in the day, we used to love to hate Microsoft. I imagine that still
may be true with some.
Did you know that Dot net is open source / free software?
https://dotnet.microsoft.com/en-us/platform/open-source
I am thinking that next meeting, we do C# on Fedora.
I was just working through the following tutorial.
https://learn.microsoft.com/en-us/dotnet/csharp/tour-of-csharp/tutorials/tu…
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
Reminder for the SacLUG meetup tomorrow at Kupros on 21st St.
Time: 6:30 - 8:30
https://www.saclug.org/articles/2025/june-2025.html
I will bring a paper printout of the tux penguin and put it in the
holder on the table.
Brian
--
Brian Lavender
https://www.brie.com/brian/
"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."
Professor C. A. R. Hoare
The 1980 Turing award lecture
