Landlock Your Vibe Coding| blog.gnoack.org
Argument passing adventures| blog.gnoack.org
I accidentally broke Emacs mouse support on the Linux console. o_O The TIOCLINUX patch for disabling dangerous IOCTLs for the Linux console driver (background discussed on the Wiki) ended up accidentally making the mouse cursor invisible on the Linux console (the proper text mode one, not xterm). I apologize for breaking this. We luckily found a patch for it and it is now rolling out to stable Linux kernels. If your mouse does not work as expected in Emacs on the Linux console, please update ...| Blog on blog.gnoack.org
Git without a hosted platform| blog.gnoack.org
Thoughts on sandboxing, found via Aaron Swartz’s weblog, who in turn found it in a writeup about Dan Bernstein’s 2005 research activities (at the end): The software installed on my newest home computer contains 78 million lines of C and C++ source code. Presumably there are hundreds of thousands of bugs in this code. Removing all of those bugs would be quite expensive. Fortunately, there’s a less expensive way to eliminate most security problems. Consider, for example, a compressed musi...| Blog on blog.gnoack.org
Upcoming conferences 2025 Q1| blog.gnoack.org
📢 I gave a talk about the recent changes in Landlock and its new support for restricting IOCTL usage at the Linux Security Summit Europe 2024 in Vienna: 🌍 Talk page | 🎥 Video on YouTube | 😎 We have stickers! Talk Summary The Landlock security module lets Linux processes restrict what they can do and puts developers in charge of defining appropriate sandboxing policies for their programs. We will give a brief overview over Landlock’s current features, recent developments, and tal...| Blog on blog.gnoack.org
In the context of Alejandro Colomar stepping down as a man-pages maintainer :(, I learned from him that it is possible with git to create an email patch set that spans multiple target repositories. Specifically, he pointed to a review thread by Jiri Olsa where this was done, and whose outline takes a similar shape to this (simplified): [PATCH proj v3 0/3] foobar: Add transmogrifier [PATCH proj v3 1/3] foobar: Prepare flux compensator [PATCH proj v3 2/3] foobar: Add transmogrifier feature [PAT...| Blog on blog.gnoack.org
The Landlock security module lets Linux processes restrict what they| blog.gnoack.org
Landlock IOCTL control in Linux 6.10| blog.gnoack.org
Hot take!| blog.gnoack.org
A dive into Linux' /proc file system| blog.gnoack.org
Go-Landlock: Networking support| blog.gnoack.org
The Design of Mailprint| blog.gnoack.org
Motivation and use of the Go Landlock library| blog.gnoack.org
In which I decide to leave social media and use this blog instead| blog.gnoack.org
A Unix trick that took me too many years to realize| blog.gnoack.org
How to make your use of Landlock backwards compatible with older kernels| blog.gnoack.org
Landlock truncation support in Linux 6.2| blog.gnoack.org
Unprivileged self-sandboxing on Linux| blog.gnoack.org
An opinion piece on code style matters.| blog.gnoack.org
Go: Test Cleanup in Go 1.14| blog.gnoack.org
Go: Path simplification library| blog.gnoack.org
There are some use cases where abstractions with generics are better| blog.gnoack.org
How to make beautiful art from a few lines of code| blog.gnoack.org
Shared base fixture| blog.gnoack.org
GPG with the CCID Driver| blog.gnoack.org
Hexiamonds| blog.gnoack.org
Python-like generator functions| blog.gnoack.org
If you subscribe to Linux mailing lists in 2023, you're doing it wrong.| blog.gnoack.org
How to set up multiple keyboards with the Sway Wayland compositor.| blog.gnoack.org
Error Handling Links| blog.gnoack.org
Opinions on how to write good tests, some controversial| blog.gnoack.org
A 20-line implementation of coroutines| blog.gnoack.org
Rendering drawings from point coordinates and pen pressure data| blog.gnoack.org
Why do we bother with this, if only the externally visible behavior counts?| blog.gnoack.org
A nice way to inherit between template collections in html/template| blog.gnoack.org
A comparison of programming idioms for doing cleanup work| blog.gnoack.org
Mutation Testing works| blog.gnoack.org
Wireguard is in the Linux kernel| blog.gnoack.org
Go programming notes| blog.gnoack.org
Why I think that try() is the right solution.| blog.gnoack.org
An Emacs anecdote| blog.gnoack.org
Notes on Plan9's 9P protocol| blog.gnoack.org
Tips for having meaningful and smooth code reviews| blog.gnoack.org
How I redirected my Internet Radio to talk to my Raspberry Pi| blog.gnoack.org
A systematic approach for surfacing each error to the right stakeholder| blog.gnoack.org
There are my core dumps!| blog.gnoack.org
Or: Why my attempt to implement pledge() on Linux failed| blog.gnoack.org