Programming languages typically include one or two ways to comment out code so that the compiler doesn’t read it. One being line comments, such as

foo(); // comment here

which will comment out any code up until the end of the line, and the other being block comments, such as

foo(42 /* a 
    good 
    number */ )

which will comment out code in a block.

Block comments aren’t restricted to a single line, and can sometimes be nested (so that /* /* */ */ behaves correctly).

But what happens when you mix the two?

Hi! I wrote some Excellent Javascript that lets you change an image based on the funny little characters you type in the box at the bottom. I’ve vaguely heard of XSS, so I know that I should escape the characters, so I copied the escaping rules from Tera.

Namely, replacing &, <, >, ", \``, and /` with their associated HTML entities.

Your task is to call submitFlag with the string value <>. If you succeed, I will alert a fun message for you :)

I was playing around with Open Camera with a very long exposure (10 seconds), with a somewhat high ISO (3000ish), with my camera placed against a flat object so it doesn’t see any outside light. This is a great way of capturing sensor noise, though it does seem to be brighter around the outside, and less in the middle. Light leakage? Or just how the sensor works?

Anyways, I did that, and then played around with every nearly filter the stock photos app on my phone had, which results in some neat wallpapers.

I was looking at a tool to send matrix messages from the CLI, and it got me thinking about how we handle authentication for tools like this. I don’t want to give everything my password, especially if it doesn’t need permissions to do literally everything that I can do.

First off, does this matter to you? No. No it doesn’t. Unless you’re backing up gigabytes of completely attacker controlled data, to an attacker controlled service, and need to ensure they don’t know you’re backing up said data, it Doesn’t Fucking Matter.

With that said, it’s a somewhat neat attack!

A watermarking attack is when an attacker who can get you to store an attacker-controlled piece of data can then detect the presence of that attacker controlled data. It’s not a huge deal, but is a concern if someone is able to inject a watermark into, say, copywritten or leaked content, and then automatically terminate the cloud storage/backup accounts of users that can be shown to have that data on their drive.

Discord is removing username discriminators, which got me thinking about usernames as a whole, and how to design a platform without them.

This post is written with discord in mind, but applies to basically any chat platform.

Sometimes I will be part of exchanges such as:

Me: It would be cool if you could prove the lack of stack overflows in code!

Someone: Proving that code will not stack overflow is the same as solving the halting problem though.

Which is very much true, if you demand no false positives. But rather pointless. It’s being overly pedantic as a way of (intentionally or otherwise) being dismissive about useful feature ideas.

I was going into town today, and took the chance to take some pictures.

You can click them to open them as a JPEG XL for the original size and higher quality. If your browser doesn’t support JPEG XL, try opening it in something that does.

This was my first time using darktable. I don’t know what I’m doing in it, but at least I managed to nicely censor out the license plates.

(also, these were taken on the 17th, but i’ve not slept since for it is nearly 1AM, so i still consider that today)

Assuming modern codecs and computing power, could we have video sharing sites over a dialup connection and have it be watchable?

Turns out, yes! Kinda!

I was using my shell one day, and hit tab on a . and ended up with

jess@neon ~
# .circleci
----------Completing external command----------
.circleci    .emscripten  .github
----------Completing builtin command----------
.

what the fuck? why do i have .circleci as a command?

First off, the script:

xon_mpc_artist="$(mpc status -f "%artist%" | head -n1 | sed 's/;/;/g' | sed 's/\^/^^/g')"
xon_mpc_title="$(mpc status -f "%title%" | head -n1 | sed 's/;/;/g' | sed 's/\^/^^/g')"
xon_mpc_album="$(mpc status -f "%album%" | head -n1 | sed 's/;/;/g' | sed 's/\^/^^/g')"

if [ "$playing" = true ]; then
echo "say /me ^8np^7 ^x6b6$xon_mpc_artist ^xa44${xon_mpc_title:0:60} ^x345$xon_mpc_album" | head -n1 > "$HOME/.local/share/xonotic/.xonotic/data/np.cfg"
else
echo "" > "$HOME/.local/share/xonotic/.xonotic/data/np.cfg"
fi

And on the xonotic side, it’s just bind n "exec np.cfg".

Many times have I come across an image with no source given, and no signature visible, or someone else is asking where a particular image comes from. I’m writing this in the hopes that next time you post an image you found without a source, you spend the 5 minutes it takes to at least look to see where it came from.

A while ago, I saw a post about how C did in-place string modification better than Rust. So, for example, you could take a string that is percent encoded, and decode it, perfectly in place, without external allocations.

This seemed rather neat, so I went out to implement it in Rust, so this can be done safely.

Content-defined chunking (CDC) is a method to more efficiently store various versions of the same file, while achieving deduplication both in the same file and across different files.

I made a trans flag wallpaper in blender!

I actually made this like a year ago but I’m publishing it now.

The rust language has a clearly defined notion of unsafe code. In short, any function for which it is ever possible to cause undefined behaviour by misusing it must be marked as unsafe. And any function for which it is not possible to ever cause undefined behaviour using it, should be marked as safe. Therefore, a codebase consisting of entirely safe code can never cause undefined behaviour.

But what if the kind of unsafety you’re dealing with is not undefined behaviour, but instead something else, like leaking crypto keys, or SQL injection?

A common complaint about rust is that it does nothing to prevent this. Which is true, but perhaps we could re-use the notion of unsafe for these things?

When writing a box blur implementation, initially I had a fun bug where the rolling sum for values on the left were incorrect, since I did not include early values in the blur. It looks really cool so I kept the code for it.

If you just want to try it out on your own images, I wrote a JS version.

Below is the code, with the required fix commented out. This does a box blur on a single row of the image, with a specified width.

here you go have a full on album ig,,,

as always source embedded in the files

There’s a better post to be made about making music with bitshifting but that post is still due to be released on the year of the linux desktop.

Volume Warning: Is reasonable on my machine. Check yours.

Source Code: Run strings on the file.

After PEP 3131, python normalises identifiers in order to support non-ASCII identifiers.

That means that if you write 𝚠 = 50, where that character is U+1D6A0 MATHEMATICAL MONOSPACE SMALL W, you can later refer to that variable as w (or, indeed, anything that normalises into w).

So I wrote a program to randomly replace every character in some code with any character that normalises into it while trying not to break the program.

Ever wanted custom literals in rust? No? Too bad!

let x = "#123456": [[Color]];
// x is a Color

This runs at compile time. If the parser panics, you get a compile failure. Neat, huh?

This also doesn’t only work for strings. Any value known at compile time can be used. As long as you can do your processing in a const fn, it’s fair game.

Inspired by a post about using as many language extensions as possible in haskell, I decided to make a 60*4 block of nightmares that requires as many nightly rust features to compile as possible.

I’m not expecting it to work, or even run. My benchmark was just “compile”. I managed to get 17 features in my 60 by 4 block of code. No idea if this is any good or not.

My requirements for URLs on websites, and what makes a good URL.

URLs MUST be stable. A link to a specific post, shouldn’t change what it points to 5 years down the line. Nor should it die, if the content’s still available but under a different name.

URLs SHOULD be user editable, and the parts that aren’t should be obviously opaque.

URLs MAY have immediately relevant information in them that isn’t strictly needed to resolve the URL.

By default, the content in the RSS feed is the post description, then the excerpt (if it exists), and then finally the actual page content.

IMO, this is a bad default. If people want to read the first few paragraphs in a RSS reader but switch to my website to read the rest, they can do that. But I don’t want to force them to do that.

In any case, I’ve included a patch against cobalt.rs’s current master branch to just always use the page content, but still let you use the excerpt for other things, like page contents. And if you’ve not used my site’s RSS feed because it didn’t show full contents, you can use it now.

Formatting’s still a bit weird on my reader, but it’s usable.

I have a few problems with git-annex which lead me to stop using it (I’m running git annex uninit as I write this).

It’s close to what I want, but not quite there yet.

These suggestions are for a new system, not one based on git. And it may be biased towards what I tried to use git-annex for.

This new system should be usable to manage all user data on a system. That means it needs to be able to sync data too, and act as a backup system. My ideal system is one where all user data is versioned, and all system data is handled by NixOS, making a reproducible in 1 command system.

C# has a broken type system. And by that I mean the vast majority of function signatures that you write in C# are lies, and your function won’t be able to do meaningful work with all values that compile, and that there’s nothing you can do to fix this.

Short post here, but I was interested in a problem and think I found a good solution to it.

The problem is: Write a function f that takes a 2 dimensional byte array (Vec<Vec<u8>>), and converts it into a 1 dimensional byte array (Vec<u8>) in an order-preserving way. Empty outer or inner vectors are allowed, and must order correctly. As little overhead as possible is ideal.

Use case is if you have a B-tree and want to query it using tuples instead of a plain key, and have ordering work correctly (as in, a bytewise comparison should give the same results as ordering the tuples do).

Git’s a distributed code versioning system, but software projects are more than just code. We should be able to version our issues and pull requests in the same repo. When you clone a repo from one service (Say, GitHub), and push that repo to some other service (Say, a self-hosted git server), the code and all issues and pull requests / other items should be moved along with it.

Below I’ve written up some rough thoughts about how we should do this.

This is a hopefully small post about how I got from my vim setup to a neovim setup.

This does not keep the same config working on vim, and just copies over what I still need. Vim stays functional, they’re running on 2 completely separate configs.

Here’s my “initial commit” of my blog.

I think it’s a legal requirement or something for all blogs to have one.

Anyways, my setup is using cobalt, a static site generator in Rust.

Static site so that all the web server needs to do is be able to serve files from the file system. If it can do that, then I’m good.

Rust because lol borrowchecker go brrrrrr

I have a formatting test page over at /pages/formatting-test. The formatting of the site is liable to wildly change as I get feedback told it looks shit.

Other than that, hello! I’ve got a few post ideas that I will hopefully be posting shortly.