S-Rank Daddy’s Girl, episode 11

You’re not going to believe this, but Our Homesick Daughter was packing up for a fall visit home when suddenly guild business delayed her long enough for winter to completely cancel the trip. Unpossible, amiright?

For safety’s sake, she leaves The Trouble Twins with her gal-pals, which is sure to trip a few flags, but fortunately Our Haunted Dad has decided to finally face his past and seek out his old adventuring friends, so he wouldn’t have been home anyway.

Meanwhile, one of said friends is haunted by his own memories from those days, killing time in the county jail by cadging booze from little girls in exchange for adventuring stories.

Verdict: Our Best Catgirl in a clingy dress? Sold! The problem is, we’ve only got two episodes left, and there are a lot of balls in the air. Are they going to awkwardly wrap it up or try for a second cour?

(wrong catgirl, but she’ll do in a pinch)

Frieren, episode 14

In which love is in the air. Literally. Also, Himmel was a sly dog.

Verdict: Pouty Fern! Happy Fern! Sneaky Frieren! Smiley Frieren!

Gate manga, volumes 7-9

These (7, 8, 9) quietly slipped out on November 30, so they’ve slowed the release pace quite a bit, but haven’t stopped. Spiffy.

Unrelated,

Homebrew’s decision to move everything from /usr/local to /opt/homebrew got even more annoying when neither Perlbrew nor Plenv could successfully build XS modules with internally consistent libraries. When I started working through the issues with SVG and Pango in PDF::Cairo, I ended up with a busted install that would try to mix the libgtk from Homebrew with an older libglib that it found somewhere in the file system. Apparently instead of having predictable (if often insecure) library-path environment variables, MacOS has gone to a caching system where the first copy found wins, non-deterministically; the suggestions I’ve found mostly require scrubbing the disk of all duplicate libraries (I count at least 13 copies of libglib, most of them embedded in apps), deleting the cache, and rebooting.

So for now I’m installing all modules directly into Homebrew’s perl, and re-installing all of them every time there’s a minor version update (local::lib currently isn’t playing well with Homebrew’s perl at the moment, either, sigh). I haven’t had the time to completely untangle everything yet, because Christmas prep and job interviews have first pick of my brain cells.

(Oh, have I failed to mention the job-hunting? Yeah, someone thinks half of my team can be replaced with new hires at the Prague office. Magic 8-Ball says “good luck with that”)

Dear Llama-2-7B-chat (MLX),

Don’t quit your day job:

“tell me a story about catgirls” (5000 tokens)

(note: the mlx-example script defaults to a constant seed, so that the output is repeatable; if you like what you get, you can simply repeat it with a larger number of tokens)

more...

The entire Moderation Team for the Rust programming language has resigned. This came as a surprise to everyone who didn’t know that Rust had a moderation team, or what it was contributing to the development of the language.

The answer is, of course, Toxic CoC Syndrome:

Remarks that moderators find inappropriate, whether listed in the code of conduct or not, are also not allowed.

In other words, “we’re the Tone Police, and whatever we say goes”.

Also:

And if someone takes issue with something you said or did, resist the urge to be defensive. Just stop doing what it was they complained about and apologize. Even if you feel you were misinterpreted or unfairly accused, chances are good there was something you could’ve communicated better — remember that it’s your responsibility to make your fellow Rustaceans comfortable.

So if someone says “your pull request is worthless garbage that breaks the build”, they are required to apologize and stop harassing you over your earnest desire to decolonize the language by renaming all problematic functions.

For more fun, this CoC incorporates by reference the “Citizen Code of Conduct”, which includes this hilarious little gem:

No weapons will be allowed at [COMMUNITY_NAME] events, community spaces, or in other spaces covered by the scope of this Code of Conduct. Weapons include but are not limited to guns, explosives (including fireworks), and large knives such as those used for hunting or display, as well as any other item used for the purpose of causing injury or harm to others.

Since the “covered spaces” of the Rust-y CoC primarily consist of Discord channels, online forums, and git checkins, I’m assuming they’re referring to weaponized emoji here:

🥢 👞 🧀 🗡 🏓 🔞 🚔 🧸 🥋 🌂 🔩 🧫 🤺 🛁 🎛 ⛏ 🥩 🇺🇸 🥓 🪓 ©️ 🧨 🔪 🛑 🖋 🧷 🏏 💤 🏒 ⚠️ 🔧 🥊 💣 ⚓️ 🗑 🧼 🧻 🔨 🛂 🔫 🦨 🙈 🙉 🙊

I’m amused to see Ghostscript described as a small library, but deeply annoyed that a critical “run arbitrary code on your machine” vulnerability disclosed sometime last year is still unfixed, despite it having been verified and bug bounties paid out.

The new proof-of-concept exploit is only 20 lines of Python.

Since it’s embedded in all sorts of software, you may not know that you’re affected by this hole, or for how long you’ll be vulnerable. All it takes is for something in your daily workflow to decide to render a downloaded SVG file via GS.

My home router (an old Shuttle running OpenBSD 6.3) went down due to bad blocks on /var. I had recent backups, but my cold spare still had a 5.x install on it, so after manually fscking the old machine enough to get it back online for the day, I downloaded a fresh copy of OpenBSD 6.9, installed it, copied over all the config files, and swapped it into place.

It didn’t work. More precisely, everything worked except sending traffic out the public interface to the Internet. I couldn’t reach the gateway. I could ssh into the router from my laptop over the private interface just fine, though.

Thinking perhaps that I’d outsmarted myself by trying to preserve the MAC address of the old server to deal with the common cable-modem issue of fixating on a specific MAC, I removed that clause from the config and rebooted both router and modem.

That didn’t help, so I fired up tcpdump on the public interface to see if there was anything showing up at all, and everything started working fine.

Kill tcpdump, packets stop. Start it back up, packets flow. In other words, everything works perfectly as long as the public interface is in promiscuous mode. This isn’t one I’ve run into before in my 15-ish years of managing OpenBSD routers, or even the 6 years I’ve owned this Shuttle DS61.

I’m going to have to swap a new SSD into the other router (identical hardware), install the same configs, and do some testing. Which is a lot easier if I’m online, so for now, /etc/rc.local contains:

nohup tcpdump -n -i re0 -w /dev/null icmp &

The experience of being suddenly forced to shutdown Lightroom in the middle of an editing session because you decided that I wasn’t logged into your Clown service any more is sub-optimal. Also a pretty good way to encourage customers to stop paying you a monthly fee and look elsewhere for software.

Just sayin’…

As I mentioned earlier, I’ve been doing some simple load-testing of Jira instances using Gatling. Detailed sample code after the jump, because I couldn’t find anyone else’s and I’ve got decent pagerank.

more...

Adobe CC periodically removes downloaded fonts that it decides you’re not using… in Adobe CC. Using them in other applications doesn’t count, apparently. To get them back from the Clown, you can either completely deactivate the family, switch menus, and reactivate, or click the Clown-down icon for each and every font file that’s been removed.

In other news, Adobe will finally be abandoning support for Type 1 fonts in their product line in an upcoming release. In J-specific news, Adobe doesn’t include my go-to poster font Barmeno in their Clown, and it’s $300 from Berthold. I think I’ll try converting it with Fontforge first…

(Adobe disguises the location of their Clown font files, so to use them in my PDF::Cairo scripts, I have a Perl script that symlinks them into directories scanned by Fontconfig)

There are several lessons to be learned from the Samsung Blu-ray player fiasco, in which pretty much their entire product line turned into a useless pile of e-waste.

1. You don’t know what your Internet-connected appliances are doing, and the manufacturer won’t tell you. Customer service probably doesn’t even know about most of it.

2. The people designing your appliances often don’t think about or thoroughly test boot or update processes.

3. Always mount a scratch monkey.

4. XML makes a terrible config-file format. Ditto YAML and Apple’s Plist format (both of which are just as complex and unforgiving as XML).

When I was at WebTV, every client release meeting included someone who had precise statistics on how many devices were bricked by each previous release, how much it cost to replace them, and the effect on customer churn. This neatly negated the efforts by development and marketing to take shortcuts with QA.

On the service side, we were usually able to just roll back to a previous code or content release within a few minutes of detecting a problem, but there were occasional out-of-band updates, as well as external dependencies. One that bypassed QA one night was an update to the XML config file that controlled ad rotation on the home page. As each ad server retrieved the new file and parsed it, they locked up. When I traced the appropriate process, I saw it spinning in a tight loop trying to parse a comment; someone had manually removed one ad from the rotation. At least, that’s what they thought they’d done, with their limited understanding of XML syntax.

In our case, the code checked for errors, but never got there because it was stuck in an infinite loop; the Samsung startup code simply didn’t check for errors. If the file was syntactically valid, of course it must be semantically valid.