Skip to content

Category: Computer Science

So when is Pre-Increment not $v += 1?

This is some really old stuff, but unlike most of the weirdness of old PHP, it’s still there even in PHP 7. You probably should never use “++” and “–” operators in PHP.

$ php -v
PHP 7.0.15-0ubuntu0.16.04.4 (cli) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.15-0ubuntu0.16.04.4, Copyright (c) 1999-2017, by Zend Technologies
$ php -r '$a = "1z"; $a += 1; echo $a, "\n";'
2
$ php -r '$a = "1z"; echo ++$a, "\n";'
2a
$ php -r '$a = "aa"; echo ++$a, "\n";'
ab

I wonder which old shit prevented the PHP Core Team from fixing this.

4 Comments

Namespaces, but “uname -r” says 2.6

In this blog post, RedHat explains how they not only fork codebases, but also Version Numbers, making any RedHat install cryptic and hard to compare against upstream codebases and developments.

A simple things such as

rpm --queryformat="%{name}\t%{version}\n" -qa

may allow you to say something about lesser distros, but not RedHat.

From the article:

 rpm -q --changelog openssl | grep -E --color \
"(CVE-2016-2108|CVE-2016-0799|CVE-2016-0705|CVE-2016-6304|CVE-2016-2109|CVE-2016-0798|CVE-2016-2182|CVE-2016-6303|CVE-2014-8176)"
- fix CVE-2016-2182 - possible buffer overflow in BN_bn2dec()
- fix CVE-2016-6304 - unbound memory growth with OCSP status request
- fix CVE-2016-2108 - memory corruption in ASN.1 encoder
- fix CVE-2016-2109 - possible DoS when reading ASN.1 data from BIO
- fix CVE-2016-0799 - memory issues in BIO_printf
- fix CVE-2016-0705 - double-free in DSA private key parsing
- fix CVE-2014-8176 - invalid free in DTLS buffering code

Just say “no” to this mess.

3 Comments

App can’t be opened because the identity of the developer cannot be confirmed

Policy Settings can prevent the execution of unsigned binaries.

MacOS can be set to prevent the execution of unsigned binaries. This is done by pushing a security policy to the system, which is then enforced by the SecAssessment subsystem.

Of course, you can still install XCode and compile binaries locally, and even execute them. You can also code in interpreted languages such as the local Python, and call system functions from there, so the policy is only of very limited use in locking down the system.

9 Comments

Gaming Laptops – your recommendations?

The current vacation is hard on me, because I hardly get to use my own computer – the best wife of all and the Schnuppel both compete for time on my machine in order to play Transport Fever and Cities: Skylines. That’s an annoyance not only because I can’t get the keyboard, but also because a MacBook pro apparently sucks as a gaming machine.

So this website lists a bunch of relatively recent laptops with proper graphics cards, and household peace seems to require a premade machine and a transportable device (not a desktop device).

What would be your recommendation (see above, and maybe Elite Dangerous and No Man’s Sky), and why?

16 Comments

BFQ is coming…

LWN reports that the 4.11 merge window opens. Among other things, Maik Zumstrull reminds us, we get

The multiqueue block layer finally has support for I/O scheduling. That is useful in its own right, but the real news is that it enables the merging of the long-awaited BFQ I/O scheduler. That, says block maintainer Jens Axboe, “should be ready for 4.12”.

Of course, if you are on a LTS release of a Linux kernel, it’s unlikely that you will profit from this any time soon.

Leave a Comment

OMG, our cybervaccines are failing

Dark Reading is scared: All new malware is “zero-day”, for an interesting and wrong definition of zero-day, because then the article reads much more impressive.

The actual definition of a Zero Day is a previously unknown exploit that is being used by some party to compromise a machine. In the article, the term is used differently, meaning a file that is a known malware, but has changed itself so that it has a checksum that is not in currently distributed signature catalogs of known malware.

That is of course neither correct, nor new.

Leave a Comment

FOSDEM: The coming Radio Lockdown

The European Radio Equipment Directive requires all devices that are able to send and receive radio signals to be locked down. Without further specification of exceptions, which has not yet been done, this will affect all devices, including pure receivers such as GPS receivers and car radios, but also mobile phones and amateur radio operators and of course almost all Internet of Trash (IoT) devices.

Hardware manufacturers are required to “install technical measurements to protect the devices from being flashed with ‘non-compliant software'”.

The talk by Max Mehl is available on the FOSDEM site.

2 Comments