HomeSearchPrevious dayNext day

00:32:23mls quits [Ping timeout: 268 seconds]
00:33:49mls (mls) joins
00:39:20Snivy (Snivy) joins
00:43:19xkey quits [Quit: WeeChat 4.8.1]
00:43:31xkey (xkey) joins
01:37:17etnguyen03 quits [Client Quit]
01:42:46etnguyen03 (etnguyen03) joins
02:37:06etnguyen03 quits [Remote host closed the connection]
04:17:52<pabs>Servo is progressing https://lwn.net/Articles/1067467/
04:44:48Nekroschizofrenetyk joins
05:14:49BennyOtt quits [Ping timeout: 268 seconds]
05:25:14BennyOtt joins
06:00:41rohvani quits [Quit: The Lounge - https://thelounge.chat]
06:02:02rohvani joins
06:04:30retrograde quits [Remote host closed the connection]
06:04:53retrograde (retrograde) joins
06:06:50Nekroschizofrenetyk quits [Client Quit]
06:49:11<klea>https://news.ycombinator.com/item?id=47757695 phabricator mentioned :o
06:54:24retrograde quits [Ping timeout: 260 seconds]
06:54:45retrograde (retrograde) joins
06:55:23retrograde quits [Remote host closed the connection]
06:55:47retrograde (retrograde) joins
07:05:43SootBector quits [Remote host closed the connection]
07:06:52SootBector (SootBector) joins
07:51:35etnguyen03 (etnguyen03) joins
07:55:15etnguyen03 quits [Remote host closed the connection]
08:01:36SootBector quits [Remote host closed the connection]
08:02:44SootBector (SootBector) joins
09:11:27Webuser921953 joins
10:03:15Webuser921953 quits [Client Quit]
10:25:28nine quits [Quit: See ya!]
10:25:40nine joins
10:27:54HackMii quits [Remote host closed the connection]
10:28:11HackMii (hacktheplanet) joins
10:34:42Goofybally quits [Killed (NickServ (GHOST command used by Goofybally7!~Goofyball@167.100.249.143))]
10:34:48Goofybally joins
10:55:13nine quits [Ping timeout: 268 seconds]
10:56:08nine joins
11:00:02Bleo1826007227196234552220110 quits [Quit: The Lounge - https://thelounge.chat]
11:02:46Bleo1826007227196234552220110 joins
11:36:19simon816 quits [Quit: ZNC 1.10.1 - https://znc.in]
11:40:42simon816 (simon816) joins
11:47:23retrograde quits [Remote host closed the connection]
11:48:11retrograde (retrograde) joins
13:25:08Juesto (Juest) joins
13:26:55Juest quits [Ping timeout: 268 seconds]
13:27:33Juesto is now known as Juest
13:28:10<klea>https://joearms.github.io/published/2013-11-21-My-favorite-erlang-program.html Why js to load a page on GH pages aaaa.
14:04:15<klea>https://purplesyringa.moe/blog/recovering-garbled-bitcoin-addresses/
14:09:55Nekroschizofrenetyk joins
14:20:00Nekroschizofrenetyk quits [Client Quit]
14:21:48h|ca2 quits [Ping timeout: 268 seconds]
14:39:58Nekroschizofrenetyk joins
14:55:02PredatorIWD4 joins
15:02:03Webuser815404 joins
15:10:30Nekroschizofrenetyk quits [Client Quit]
15:16:37h|ca2 (h) joins
15:17:55ducky quits [Ping timeout: 268 seconds]
15:29:05Nekroschizofrenetyk joins
15:39:38HackMii quits [Remote host closed the connection]
15:40:07HackMii (hacktheplanet) joins
15:40:34<klea>Uh, https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh
15:41:43justauser is unaffected
15:45:12HackMii quits [Remote host closed the connection]
15:45:29HackMii (hacktheplanet) joins
15:46:11Nekroschizofrenetyk quits [Client Quit]
16:19:07ducky (ducky) joins
16:39:24ducky quits [Ping timeout: 268 seconds]
16:54:33ducky (ducky) joins
18:56:39yasomi quits [Quit: ZNC 1.10.1 - https://znc.in]
19:19:42yasomi (yasomi) joins
19:51:08Nekroschizofrenetyk joins
20:18:31Goofybally quits [Killed (NickServ (GHOST command used by Goofybally1))]
20:18:37Goofybally joins
20:43:22DigitalDragons quits [Quit: Ping timeout (120 seconds)]
20:43:34lumidify quits [Quit: leaving]
20:43:36DigitalDragons (DigitalDragons) joins
20:44:41lumidify (lumidify) joins
21:11:41MetaNova quits [Remote host closed the connection]
21:15:10MetaNova (MetaNova) joins
21:38:06MetaNova quits [Client Quit]
21:39:01@rewby quits [Ping timeout: 268 seconds]
21:39:12MetaNova (MetaNova) joins
21:40:45rewby (rewby) joins
21:40:45@ChanServ sets mode: +o rewby
21:53:09<steering>klea: ruhroh
21:53:24<klea>?
21:53:29<steering>vim ghsa
21:56:39<klea>AFAIK it also got a CVE, the variant that was wider in scope didn't (they made two GHSAs, one for the issue that was reported to them and one which covered more in-depth search.)
22:00:01HackMii quits [Remote host closed the connection]
22:00:17HackMii (hacktheplanet) joins
22:04:25<steering>it seems like they missed oss-sec (and gentoo)...
22:04:41<klea>Make a post to oss-sec yourself?
22:05:18<steering>there's also just been a crapload of GHSAs recently lol
22:05:51klea gives steering a crap security report about Emacs, https://github.com/califio/publications/blob/main/MADBugs/vim-vs-emacs-vs-claude/Emacs.md
22:06:15<klea>I think you will notice that it is possible to trigger it by just running `git status` :p
22:07:27<steering>yeah, this is why git has safe.directory, doing git ops in an untrusted copy of a repo isn't safe
22:07:56steering still uses git_ps1 anyway
22:08:27klea adds a shell function `git() { exec git -c safe.directory=$PWD "$@"; }`.
22:08:35<steering>easier to set it to *
22:09:18<klea>I have a few shared directories in safe.directory in a shared pubnix.
22:09:42<steering>oh no, your shared pubnix might get pwnt, how awful
22:11:08<steering>honestly using git in scripts is pretty painful
22:12:05<klea>My distro has a fix pending review :p
22:12:12<steering>IMO there needs to be some safe and less configurable subset of it extracted into a separate tool for stuff like this emacs functionality or git_ps1 or ... just looking at a tar'd up git repo
22:12:13<nicolas17>I have done dirty things with git-filter-branch in the past
22:12:32<nicolas17>but it's now deprecated and for good reason
22:12:45klea would like more information about it.
22:13:11<nicolas17>git-filter-branch is a bash script and calls many external commands... for each commit
22:14:07<klea>Fun
22:14:11<steering>yeah i kinda doubt that core.fsmonitor is the only way to exploit that chain
22:14:31<nicolas17>I have also done dirty things with python-dulwich
22:14:31<klea>Idea: make a bwrap wrapper to nullify crap git could do.
22:14:34<nicolas17>and every time it was like
22:14:35<steering>but idk at least most of the other *obvious* ways require some action like a commit
22:14:46<steering>(or a checkout or etc, still very easy to socially engineer someone into)
22:14:58<nicolas17>"this took me 2x longer to write but ran in seconds instead of hours"
22:15:11<klea>Yay?
22:15:41<nicolas17>yeah, when something takes hours and you look at the result and you go "oh wait I forgot this detail" and you have to do it again...
22:16:40<klea>2026-04-14 22:12:12 <steering> IMO there needs to be some safe and less configurable subset of it extracted into a separate tool for stuff like this emacs functionality or git_ps1 or ... just looking at a tar'd up git repo <- I wonder how hard it'd be to make a patch that compile-time disable specific parts of it, and gates write features behind a environment variable being
22:16:40<klea>set.
22:20:09<steering>https://bugs.gentoo.org/971885 oh boy
22:22:09klea reverts steering to the first commit to fix security issues.
22:22:35<steering>good idea
22:24:24<klea>Hey, the first commit of git was committed with git, so it works :P
22:36:16Irenes leaves [WeeChat 4.8.1]
22:36:48Nekroschizofrenetyk quits [Client Quit]
23:04:34ducky quits [Read error: Connection reset by peer]
23:16:55ducky (ducky) joins
23:46:40rohvani quits [Ping timeout: 268 seconds]

HomeSearchPrevious dayNext day