2023-03-24 08:44:28 <veltas      > KipIngram: Believe it or not, printf is quite similar to a C function you might be familiar with :P
2023-03-24 08:50:15 <KipIngram   > :-)  I'd certainly hope so.
2023-03-24 09:07:50 <KipIngram   > I mean, putting that f on the end should actually SAY something.
2023-03-24 09:21:12 <thrig       > printf(1) at least did not implement %n, or at least the good versions do not
2023-03-24 09:47:33 <veltas      > Why are you hating on %n
2023-03-24 09:49:18 <veltas      > One of the big technical annoyances with PDF generation is the encoding system
2023-03-24 09:49:36 <veltas      > It's all pre-unicode so there's a lot of gymnastics
2023-03-24 09:50:33 <veltas      > And for some reason they prefer 'names' for glyphs, rather than codes. So I am going to have to compile a big table to map these names to unicode codepoints
2023-03-24 09:51:40 <veltas      > In PDF land there are no codes that combine to form one glyph, sensibly, so another difference from unicode unfortunately
2023-03-24 09:51:53 <veltas      > It's 1 code = 1 glyph
2023-03-24 09:52:12 <thrig       > a program that uses %n on OpenBSD causes a syslog message to be generated, and then the program is aborted
2023-03-24 09:52:42 <veltas      > A program that uses %n on OpenBSD causes a kernel panic, and then the operator is executed
2023-03-24 09:53:03 <veltas      > IMO BSDs always make bad choices on this stuff
2023-03-24 09:53:40 <veltas      > Although it's allowable in OpenBSD but in other BSDs is just annoying
2023-03-24 09:53:47 <thrig       > enjoy your exploits
2023-03-24 10:07:12 <veltas      > Can you explain how %n is an exploit?
2023-03-24 10:08:17 <veltas      > Just because something's not standard doesn't mean it's dangerous. There are plenty of safe yet compatible choices
2023-03-24 10:08:29 <veltas      > And BSDs always seem to prefer going with the least compatible
2023-03-24 10:08:47 <veltas      > In my humble opinion
2023-03-24 10:16:08 <crc         > veltas: https://www.exploit-db.com/docs/english/28476-linux-format-string-exploitation.pdf has some examples using %n
2023-03-24 11:20:29 <veltas      > Oh you know what I'm mixing up %n with %i
2023-03-24 11:21:12 <veltas      > But I've not read the paper and it's not clear there's an inherent issue with %n to me, I'd have to read it and think about it
2023-03-24 11:22:07 <thrig       > %n is very much exploitable
2023-03-24 11:22:21 <crc         > veltas: https://www.exploit-db.com/docs/english/28476-linux-format-string-exploitation.pdf has some examples using %n
2023-03-24 11:22:28 <crc         > sorry, pasted by mistake
2023-03-24 11:23:34 <crc         > %n has printf() write to a memory location. This could be used with other issues to allow for exploits.
2023-03-24 11:27:33 <veltas      > crc: That's the C function, not the utility
2023-03-24 11:28:16 <veltas      > Passing a user string into the format string is obviously bad, although it's an interesting read
2023-03-24 11:30:13 <veltas      > What can I say, there's a lot of stuff in format string that's literally UB if you get it wrong, so passing in a string the user can write is the thing that should be avoided
2023-03-24 11:32:05 <veltas      > To me it feels a bit like removing array indexing because if a user specifies the index without any bounds checking then it can cause UB
2023-03-24 11:34:27 <thrig       > probably the OpenBSD devs got tired of programmers writing shit code with %n
2023-03-24 11:35:53 <KipIngram   > I'm of mixed feeling about a user-defined format string.  It certainly seems like it should be subjected to some sort of inspection/validation before it's used for that purpose.
2023-03-24 11:36:21 <KipIngram   > The goal would be allowing flexibility within certain bounds.
2023-03-24 11:36:49 <KipIngram   > But I'm not sure if that really brings any advantage that letting the user specify some parameters and then USING those to construct a format string wouldn't also get.
2023-03-24 11:37:18 <thrig       > hmm, only one sprintf CVE so far this year, in GNU libc
2023-03-24 11:37:23 <KipIngram   > It is the sort of thing I might consider doing given that I'm usually writing code for my own use.
2023-03-24 11:38:44 <KipIngram   > I definitely see that it is a territory frought with risk in a general community environment, though.
2023-03-24 11:39:29 <KipIngram   > Similar to allowing / not allowing HTML in forum comments and that kind of thing.
2023-03-24 11:40:00 <KipIngram   > How simple it would be to just not bother to implement a bunch of formatting tools (bold, italic, etc.) and just say "do what you like..."
2023-03-24 11:40:13 <KipIngram   > But I see why they often don't do it that way.
2023-03-24 11:40:50 <KipIngram   > You're displaying this stuff in a browser, and yet you're forced to suppress a large measure of that browser's capability.
2023-03-24 11:41:41 <KipIngram   > Because people can't be trusted.
2023-03-24 11:41:50 <KipIngram   > A person can be - people can't be.
2023-03-24 11:59:01 <veltas      > thrig: Why do you think %n implies shit code? I've had to use it sometimes although rarely
2023-03-24 12:01:10 <veltas      > KipIngram: Someone ran a music jukebox at a LAN party once and it turned out there were no filters on the filenames, so people started uploading files that contained all sorts of funny stuff
2023-03-24 12:01:18 <veltas      > Until it crashed the server and the webpage
2023-03-24 12:01:22 <thrig       > at best it's a code smell, at worst you get a nice write up in the CVE database. why risk programmers programming? instead blow up and fix the shit code
2023-03-24 12:04:57 <veltas      > I think my objection comes down to .... by this same logic really 'C' itself is 'shit' and 'insecure'
2023-03-24 12:05:23 <veltas      > And I don't really agree
2023-03-24 12:06:43 <veltas      > It's a cultural thing I think
2023-03-24 12:08:25 <veltas      > I'd be more inclined to prevent passing external strings as format strings, unfortunately I don't know of a reasonable way to do this
2023-03-24 12:17:02 <veltas      > I wonder what they think of scanf lol
2023-03-24 12:36:48 <KipIngram   > This is pretty good:
2023-03-24 12:36:49 <KipIngram   > file:///home/kipingram/Downloads/Pure_quantum_interpretations_are_not_via%20(1).pdf
2023-03-24 12:36:56 <KipIngram   > Ooop.  Sorry - that won't work.
2023-03-24 12:37:23 <KipIngram   > Um, I guess I don't have the direct link anymore - if anyone is interesting they could google that title I guess.
2023-03-24 12:38:06 <KipIngram   > I am struck, though, at the amount of energy we've had to expend on bizarre ideas like Many Worlds, though - it just amazes me that so many people have bitten into those ideas.
2023-03-24 12:38:56 <thrig       > several folks got into Dutch Tulips
2023-03-24 12:39:04 <KipIngram   > How does one get so arrogant as to assume that any of our theories are necessarily TOTALLY correct?  Every theory we've ever had has wound up being at best approximately true - right up to and including Newton's gravitation theory.
2023-03-24 12:40:03 <KipIngram   > What we do is create models that we hope match up with reality fairly well, but then someone comes along and tries to say that the model is PRECISELY what the world is.
2023-03-24 12:41:00 <KipIngram   > Max Tegmark has even gone so far as to say that reality IS *math*.
2023-03-24 12:41:08 <KipIngram   > That the math IS the thing that's real.
2023-03-24 12:41:24 <thrig       > Laozi instead lit off to the hinterlands (after leaving some words behind)
2023-03-24 12:41:53 <KipIngram   > That's the Tao / Dao guy, right?
2023-03-24 12:42:01 <thrig       > yep
2023-03-24 12:42:42 <KipIngram   > Well, he had a strong element of "words can't capture it" going on in his thinking, which seems far more likely right to me.
2023-03-24 12:47:06 <KipIngram   > One of the ones that really manages to push my buttons somehow is Sean Carroll.  I can hardly watch him without just being gobsmacked by how arrogant he seems.
2023-03-24 12:47:53 <KipIngram   > I have no doubt he's smart as hell, but geez - we're barely out of the cradle as a SPECIES; I just don't see how the idea that we could be so totally right about anything even occurs to someone.
2023-03-24 12:49:23 <KipIngram   > It's all kind of a big "map has become the territory" kind of thing.
2023-03-24 17:02:20 <KipIngram   > Here's one of those things I don't understand.  The Nature Briefing I just got complains that "2/3 of science jobs in the USA are occupied by whites," and refers to that as an "underrepresentation of minorities."
2023-03-24 17:02:28 <KipIngram   > But... 62% of the US population is white.
2023-03-24 17:02:40 <KipIngram   > I recognize that's slightly less than 2/3, but it's pretty damn close.
2023-03-24 17:02:55 <KipIngram   > Wouldn't the ideal be for the fraction of scientists to MATCH the fraction of population???
2023-03-24 17:02:59 <KipIngram   > And if not, why not?
2023-03-24 17:03:15 <KipIngram   > That aspect was not mentioned at all in the brief, though.
2023-03-24 17:04:49 <KipIngram   > But I'm pretty used to this in Nature Briefs - I've felt for a long time they slant the presentation to suit their message.
2023-03-24 17:10:01 <thrig       > as opposed to the past, where the presentation was slated to suit their message (look at the Los Alamos marketing from the good old days)
2023-03-24 17:20:11 <KipIngram   > Well, that's no doubt fair.  Wasn't any more good then.
2023-03-24 17:20:52 <KipIngram   > Here's the thing, though.  The implication of the brief is that they think 50% of all jobs of all types should be held by minorities.
2023-03-24 17:20:56 <KipIngram   > But there's a problem with that.
2023-03-24 17:21:05 <KipIngram   > THERE AREN'T ENOUGH MINORITIES.
2023-03-24 17:21:10 <KipIngram   > It can't be done.
2023-03-24 17:21:53 <KipIngram   > I was actually surprised to find that 62% of the country is still white.  I would have guessed lower at this point.
2023-03-24 17:22:22 <KipIngram   > But that's what it said here:
2023-03-24 17:22:27 <KipIngram   > https://statisticalatlas.com/United-States/Race-and-Ethnicity
2023-03-24 17:23:40 <KipIngram   > It's going to change over the next couple of decades, though, because down on the same page is a graphic showing that the "white majority" is decidedly older folk.
2023-03-24 17:24:03 <KipIngram   > It'll be a few decades, but it's coming.
2023-03-24 17:24:40 <KipIngram   > What I like seeing most is that the slice of folks identified as "'mixed" is growing larger over time.
2023-03-24 17:25:00 <KipIngram   > It's still quite small, but I think mixing things to the point where none of it even makes sense anymore may be how we finally beat this crap.
2023-03-24 17:26:18 <KipIngram   > What that one shows, basically, is that "mixed" and "Hispanic" categories are growing.  White category is shrinking.  Blacks and "other" are staying about the same.
2023-03-24 17:27:31 <KipIngram   > Asian seems to be shrinking too, but it's a pretty small slice to start with so that's not a big overall effect.
2023-03-24 17:28:02 <KipIngram   > What I meant to say is that those are "coming changes."
2023-03-24 17:28:17 <KipIngram   > The changes I listed are showing up as you go down in age in the age brackets.
2023-03-24 17:28:38 <KipIngram   > But I guess it all comes from the same year's data.
2023-03-24 17:29:27 <KipIngram   > Two of my kids are half Asian, and the other three are a quarter Hispanic, so I think I can claim to having contributed to the mixing.
2023-03-24 17:42:29 <gordonjcp   > KipIngram: Americans are a bit weird about heritage though
2023-03-24 17:43:23 <gordonjcp   > KipIngram: lots of "yeah I'm Irish and Scottish and German and Cherokee" kind of thing
2023-03-24 17:58:47 <KipIngram   > I actually think it's fine to feel that way - to have some "pride of heritage," so long as you don't let it make you start to feel like you're inherently better than other folks.  I.e., there's a harmless version of such pride, in addition to there being a poisonous version.
2023-03-24 18:01:05 <KipIngram   > Maybe it's as simple as "having pride in your own cultural heritage == good," "criticizing the cultural heritage of others == bad."  Or maybe there's more to it than that - I'm no sociologist.
2023-03-24 18:01:08 <gordonjcp   > what's wrong with just being American?
2023-03-24 18:01:21 <KipIngram   > Nothing wrong with that either - it's most of how I feel.
2023-03-24 18:02:05 <KipIngram   > I have an elevated interest in the history of the parts of the world my dna says I percolated up from, but that's really about the extent of it.
2023-03-24 18:02:13 <KipIngram   > I'm pretty interested in history in general, actually.
2023-03-24 18:02:34 <gordonjcp   > like, if I wanted to really get into it I'd say I was some smallish fraction Irish, some smallish fraction Danish, quite a bit Norwegian, quite a bit Cornish, somewhat Pictish, a fair bit Doric
2023-03-24 18:02:38 <gordonjcp   > but, I'm Scottish
2023-03-24 18:02:47 <KipIngram   > And I'm flat out fascinated with the way we can now use DNA testing to actually unveil information about our overall history.
2023-03-24 18:03:33 <KipIngram   > I'm like 85% British Isles, and 10-11% Scandinavian.  And a dash of 3-4 others, mostly southern Europe.
2023-03-24 18:03:54 <KipIngram   > Sounds like you've detailed yours out better than I have.
2023-03-24 18:04:13 <KipIngram   > I've been tempted to get one of those Y chromosome specific tests, that shows an actual migration path of paternal ancestry.
2023-03-24 18:04:32 <gordonjcp   > I'd be frankly baffled if my son started telling folk "yeah I'm a three-eights east Coast scots, an eighth Kernow, an eighth Austrian and the rest various kinds of Hungarian"
2023-03-24 18:04:57 <gordonjcp   > mostly because he's two and a half, and tends to mostly give you long long stories about diggers, cats, and pies
2023-03-24 18:04:57 <KipIngram   > :-)  I'm kind of past being surprised by my kids.
2023-03-24 18:06:01 <KipIngram   > I probably shouldn't even say that, though - now I'm bound to get a surprise this weekend or something.
2023-03-24 18:08:39 <KipIngram   > Oh, the other sobering data point from that age range breakdown of demographics was just the total population counts per bracket.
2023-03-24 18:08:53 <KipIngram   > I'm in the last big one - beyond my bracket, they begin getting smaller FAST.
2023-03-24 18:09:15 <KipIngram   > Age is really about to turn against me.  Gotta make sure I exercise and stuff - I don't think I really have much "grace period" left on that.
2023-03-24 18:09:34 <KipIngram   > That said, I'm gonna go for a walk - back in a bit.
2023-03-24 18:10:35 <thrig       > : boomer ;    ok
2023-03-24 19:35:20 <KipIngram   > Barely; Wikipedia says boomers are '45 to '64 - I snuck in in '63.
2023-03-24 19:45:28 <KipIngram   > Hey, does anyone know if it's possible to mass-delete my whole archive of old voicemails on Android?
2023-03-24 19:45:37 <KipIngram   > I can't seem to find any way to do it other than one at a time.
2023-03-24 20:17:10 <P8j6        > KipIngram: select one voicemail and hold finger on it. It will unroll menu where you can select "More items..."
2023-03-24 21:08:12 <KipIngram   > Oh, let me try that.
2023-03-24 21:10:02 <KipIngram   > No, I don't seem to get a menu.  If I long hold it it toggles a checkmark on it.  So I can select multiple ones one at a time, I don't see a menu.
2023-03-24 21:11:00 <thrig       > when the menu hits your eye like a meatball line, that's a More ...
2023-03-24 21:14:37 <KipIngram   > Oh, I got it.
2023-03-24 21:14:56 <KipIngram   > When I select one, it adds a control up at the top line (status line) that lets me do a "select all."
2023-03-24 21:15:15 <KipIngram   > So what was throwing me was that I was lookin for a "select all" without having selected any.  It's just not there then.
2023-03-24 21:25:13 <thrig       > interface design is teh hard?