- Lug-nuts - bigbrie.com

Re: Seeking speaker for June LUGOD meeting!

by Brian E. Lavender

Hey Bill, How is life in England? Any interesting LUGS? I was scanning old posts from SacLUG. Brian On Sun, Jun 05, 2016 at 07:28:56PM -0700, Bill Kendrick wrote: > > I've got speakers lined up for July and August, but no one for June. > Anyone interested in speaking? LUGOD's June meeting is on Monday the 20th. > > Thanks! > > -- > -bill! > Sent from my computer > _______________________________________________ > Lug-nuts mailing list > Lug-nuts(a)saclug.org > http://lists.saclug.org/cgi-bin/mailman/listinfo/lug-nuts -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 months, 1 week

3
4
0 0

September Meeting Byte Vision presentation

by Brian E. Lavender

We will be back at Bel Air on Arden. https://www.saclug.org/articles/2025/september-2025.html When: Tue September 16, 2025 06:00 PM to 08:00 PM Speaker: Kevin Brisson Location: Bel Air #502 S.E.G.R. 4320 Arden Way Sacramento, CA 95864 Kevin will present his Byte Vision local document analysis tool. https://github.com/kbrisso/byte-vision I hope to see everyone there! Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 months, 2 weeks

1
0
0 0

social this Tuesday at Kupros

by Brian E. Lavender

See you at Kupros this Tuesday! https://www.saclug.org/articles/2025/august-2025.html Time: 6:30pm - 8:30 pm We usually sit upstairs at one of the big tables. I will try to put a "penguin" in one of the number holders. Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 months, 2 weeks

2
4
0 0

GIMP floating logo

by Brian E. Lavender

In haste, I used a GIMP script fu to create the SacLUG log for the current site. Some have blessed it because it reminds them of a logo for the year 2000. Others have cursed it for the same reason. I admit the logo is a bit ridiculous. I just hopped over the GIMP tutorials and I found a page for creating simple floating logo. https://www.gimp.org/tutorials/Floating_Logo/ Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 months, 3 weeks

1
0
0 0

Boeing 787 has critical failure of mode of all electrical power

by Brian E. Lavender

Did you know that the Generator Control Units for the Boeing 787 will go into failsafe mode causing loss of all AC electrical power if they are left on for more than 248 days? https://www.federalregister.gov/documents/2015/05/01/2015-10066/airworthine… This something that could have been prevented with the use of formal methods. Check this slide presentation from Vermon Tech and their CubeSat project. http://lemuria.cis.vermontstate.edu/CubeSat/PUBLIC/SPARK-Frama-C-Day-2017.p… Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 months, 3 weeks

2
4
0 0

Debian 13 is out!

by Brian E. Lavender

Debian 13 is out! https://www.debian.org/News/2025/20250809 -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

2 months, 3 weeks

1
0
0 0

looks like libxml2 needs some love

by Brian E. Lavender

I just did a system update and once again I see some high vulnerabilities on libxml2. I am sure it could use some love. It looks like a build with autoconf. I can do that! https://gitlab.gnome.org/GNOME/libxml2 See if I can build this thing as a start. Brian libxml2 (2.9.10+dfsg-6.7+deb11u8) bullseye-security; urgency=high * Non-maintainer upload by the LTS Team. * Fix CVE-2024-34459: Heap buffer overflow with `xmllint --htmlout` (Closes: #1071162). * Fix CVE-2025-6021: Integer overflow issue in xmlBuildQName. (Closes: #1107720). * Fix CVE-2025-6170: Potential buffer overflows in the interactive shell (Closes: #1107938). * Fix CVE-2025-49794: Use-after-free issue in xmlSchematronReportOutput (Closes: #1107755). * Fix CVE-2025-49796: Type confusion issue in xmlSchematronReportOutput (Closes: #1107755). -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

3 months

1
1
0 0

Locale: Not that I'm Paranoid

by Gary

Somehow, my locale on one of my systems was changed to am_ET.uft8. I might not have noticed, actually. It only obviously broke a few farily minor things. But, I use xdotool scripts with "search --name" parameters and they stopped working. The target of these commands is my Firefox browser. It turns out that Firefox will default to it's "C" locale if it doesn't recognize the locale as set. Everything looked the same, but was in fact different :) After switching the locale back to en_US.utf8, my xdotool scripts worked just fine. It seems to me that resetting the locale in this way could be used for all kinds of attacks. If an attacker could change my locale, I have two questions: How did they do it and what else did they change. It happened on one of my more secure systems where I don't visit weird sites. I was stracing some stuff and used a few related programs and was playing with file descriptors. That may be the culprit too :) I'm going to move this activity to another system, which will be more cumbersome. But, I'd like to keep the affected system relatively secure After forcing Google/Gemini to treat these changes as an attack, it gave me back some pretty generic advice but nothing about a specific attack other than some attacks look at the locale. Just an FYI and seeing if anyone has any experience or thoughts. I found the insideous nature of the effects of the locale change interesting.

3 months

3
10
0 0

August General meeting Aug 19, at Kupros

by Brian E. Lavender

Next meeting is social at Kupros Who: you Time: 06:30 PM to 09:00 PM Date: Tue August 19, 2025 Location: Kurpos 1217 21st Street Sacramento, CA 95811 Topic: We will return to Kupros for this meeting. It will be open discussion. Bring your gadgets, questions, and projects that you may be working on. Brian -- Brian Lavender https://www.brie.com/brian/ "There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies." Professor C. A. R. Hoare The 1980 Turing award lecture

3 months, 1 week

1
0
0 0

[kbrisso@gmail.com: Re: Locale: Not that I'm Paranoid]

by Gary

I did a little reading and I'd be interested in the whole ecosystem: Lucene, Solr, Elastic and how your project fits in and what it does. I'm definitely a "small ball" player at the opposite end of the spectrum from the enterprise folks, but I like to keep in touch :). Besides, I have a lot of files that I am still working on organizing and need to occasionally find. Finding isn't as easy as I would like and cam be stressful. AFA weird sites: Noting that I linked to from another site, nothing where I don't have some kind of other relationship with the owner of the site outside of the internet, nothing used for software development of any kind. Date: Mon, 28 Jul 2025 14:06:23 -0700 From: Kevin Brisson <kbrisso(a)gmail.com> To: Gary <saclug(a)garymcglinn.com> Cc: lug-nuts(a)bigbrie.com Subject: Re: [Lug-nuts] Locale: Not that I'm Paranoid Hi Gary- That is very strange. (you might want to burn the computer) I guess that local is Amharic (Ethiopia) . Tell me more about " visit weird sites. " BTW my Github AI project has 40+ stars! https://github.com/kbrisso/byte-vision Anyone interested in a demo of local document analysis? Kevin Brisson On Mon, Jul 28, 2025 at 11:01 AM Gary <saclug(a)garymcglinn.com> wrote: > Somehow, my locale on one of my systems was changed to am_ET.uft8. I > might not have noticed, actually. It only obviously broke a few farily > minor things. But, I use xdotool scripts with "search --name" parameters > and they stopped working. The target of these commands is my Firefox > browser. It turns out that Firefox will default to it's "C" locale if it > doesn't recognize the locale as set. > > Everything looked the same, but was in fact different :) > > After switching the locale back to en_US.utf8, my xdotool scripts worked > just fine. > > It seems to me that resetting the locale in this way could be used for all > kinds of attacks. If an attacker could change my locale, I have two > questions: How did they do it and what else did they change. It happened > on one of my more secure systems where I don't visit weird sites. > > I was stracing some stuff and used a few related programs and was playing > with file descriptors. That may be the culprit too :) I'm going to move > this activity to another system, which will be more cumbersome. But, I'd > like to keep the affected system relatively secure > > After forcing Google/Gemini to treat these changes as an attack, it gave > me back some pretty generic advice but nothing about a specific attack > other than some attacks look at the locale. > > Just an FYI and seeing if anyone has any experience or thoughts. I found > the insideous nature of the effects of the locale change interesting. > _______________________________________________ > Lug-nuts mailing list -- lug-nuts(a)bigbrie.com > To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com > ----- End forwarded message -----

3 months, 1 week

1
0
0 0

2025

2024

2023

2022

Lug-nuts