RSS Drew DeVault's Blog

Rotating passwords in bulk in the wake of security events

11 May 2017

I’ve been putting this post off for a while. Do you remember the CloudFlare security problem that happened a few month ago? This is the one that disclosed huge amounts of sensitive information for huge numbers websites. When this happened, your accounts on thousands of websites were potentially compromised.

Building a "real" Linux distro

05 May 2017

I recently saw a post on Hacker News: “Build yourself a Linux”, a cool project that guides you through building a simple Linux system. It’s similar to Linux from Scratch in that it helps you build a simple Linux system for personal use. I’d like to supplement this with some insight into my experience with a more difficult task: building a full blown Linux distribution. The result is agunix, the “silver unix” system.

State of Sway April 2017

29 Apr 2017

Development on Sway continues. I thought we would have slowed down a lot more by now, but every release still comes with new features - Sway 0.12 added redshift support and binary space partitioning layouts. Sway 0.13.0 is coming soon and includes, among other things, nvidia proprietary driver support. We already have some interesting features slated for Sway 0.14.0, too!

MSG_PEEK is pretty common and CVE-2016-10229 may be worse than you think

13 Apr 2017

I heard about CVE-2016-10229 earlier today. In a nutshell, it allows for arbitrary code execution via UDP traffic if userspace programs are using MSG_PEEK in their recv calls. I quickly updated my kernels and rebooted any boxes where necessary, but when I read the discussions on this matter I saw people downplaying this issue by claiming MSG_PEEK is an obscure feature.

Principles for C programming

15 Mar 2017

In the words of Doug Gwyn, “Unix was not designed to stop you from doing stupid things, because that would also stop you from doing clever things”. C is a very powerful tool, but it is to be used with care and discipline. Learning this discipline is well worth the effort, because C is one of the best programming languages ever made. A disciplined C programmer will…