I've verified vim_9.1.0199.orig.tar.xz in Debian was taken from `git+github.com/vim/vim#tag=v9…` with no modifications (and published a writeup on how I did it): lists.reproducible-builds.org/pipermail/rb-g…

The only moderating force for build systems is "are downstreams and users willing to put up with it"

There are people passionate about "Linux without GNU", but are there also people trying to build "Linux without autotools"?

The fine folks behind rustls have released the first version of their ABI compatible drop-in replacement for OpenSSL, implemented in Rust: github.com/rustls/rustls-… Exciting! ✨

There is no point in advancing technology if it doesn't lead to increased happiness, safety, and quality of life uwu

Provenance data. There you have it. whatsrc.org/artifact/sha25… Quite often there's established consensus about "what's the source code", no need to make opensource developers go web3. The problem at hand is how we have zero data about who claims to have code reviewed this.

There was an exploitable bug in the chrome .bmp image parser in 2024: issues.chromium.org/issues/41494860 This kind of -1 bug is common in C programming due to the way C devs encode error codes into return values. Can users please have more self-respect and demand better memory-safety.

May 2024, 7 weeks after Jia Tan, Friday evening. Soundtrack: open.spotify.com/track/5JDxs6Ic…

I've reworked the diff feature and you can now diff the curl-8_8_0 git tag and the autotools pre-processed curl 8.8.0 dist-tarball content. whatsrc.org/diff-right-tri… Using the "diff from/diff to" links you can check what different vendors consider "the curl 8.8.0 source code".

In which case does the setsockopt syscall on Linux return EBUSY? According to the ERRORS section of both setsockopt(2) and setsockopt(3p) this code is never set by this function, but my computer seems to think otherwise.

the files I put on the internet are free, it's ok, you can take them home; I have 20

Coordinated disclosure is a forced power imbalance that will correct itself if too many people become aware of its existence

I appreciate how, 7 years ago, I was feeling a lil silly and it still sparks joy in some people every now and then ✨

If free public libraries didn't already exist and someone tried to invent them today, they'd be considered a plot by the LLM people to take away your capitalism opportunities.

Today I learned, with embedded Rust in 2025 it's common to depend on both embedded_hal 1.0 and 0.2 at the same time, because the timer traits haven't been stablized in 1.0 yet, and everybody imports them from the old crate. Can't complain about stuff I got for free tho. <3

Developing hidden services with the new Tor #rust libraries is really nice. No external services, everything happens inside your process. If you're curious how this looks like in practice, I put some code over here for both a server and client: github.com/kpcyrd/apt-swa…

I made about 1k eur with Github sponsors last year. It cost me about 2.7k eur to have a business to receive the money with. I'm not very good at this.

Service tweet since Germans apparently tend to be unsure who to vote for, but also hate discussing/disclosing who they vote for: I'm going to give both votes to 'die Linke' tomorrow and have done so for years. You're welcome to do the same. ✨

This is the 4th Debian release I'm involved in, but for some reason none of the previous ones have stressed me out as much as the current one.