Docker, RCE, Phishing, Btrfs, Security, Element, SQLite
Fixing docker build files, oh joy. Matrix-Commander, so broken. "COPY matrix-commander.py . -> COPY matrix_commander/matrix_commander.py matrix-commander.py" and now it works, sooo annoying. Why it's broken? Why it's not already fixed, I guess I should push merge request. Ref: matrix-commander/docker/Dockerfile (@ GitHub).
"An attacker is be able to cause unexpected application termination or arbitrary code execution" - So classic, I've found couple of these. Usually in C programs. Those mistakes rarely happen with pure Python apps.
Got ridiculous phishing mail, there they wanted to supply us what we need. They didn't specify at all what it would be. I'm sure they'll say that they happen to have "just that" whatever I request. I just need to prepay with Monero (XMR) (@ Wikipedia) and then they'll air ship "it" to us. - Sounds like a lucrative plan, maybe I should be in that business as well?
Btrfs sub-allocation disinformation? Is everyone just repeating this disinformation without checking the facts? I encountered discussion where people were really happily telling that that Btrfs supports and uses tail-packing. But that doesn't seem to be true. It does support data-inlining in leaf-node. Btw. Ext4 also supports data-inlining. But that's not technically same thing as tail packing / sub-allocation / tail merging. If I write file which is 1 block + 1 byte. Btrfs will allocate 2 full blocks. If I write 100 of such files, well, obviously 200 blocks will get allocated. If tail-packing would be supported, the number of blocks allocated would be much less. Or even if the last 1 byte block would be inlined. Or it cloud be "blocks of data" + last block inlined in the directory leaf-node, but nope. That won't happen either. I call bad smell about sub-allocation talks with Btrfs (@ Wikipedia) at least so far. - I did find some nerd asking about this back in 2012, and the answer was the same. Yet after that there has been countless disinformation posts, which claim tail block merging. Duh! (Or #filefrag program is giving out serious disinformation, that's also a possibility) - I'm not saying it's bad, it's just annoying how widely disinformation is being spread. Whole point of extents is to make managing large number of smaller blocks efficient. It doesn't make big difference: if small blocks are efficiently joined by extents, or if large blocks are shared by multiple files utilizing sub-allocation. Both improve space usage. - If anyone has links / facts about this thing, I'm really curious to hear!
I always split technical and theoretical security. Theoretical security is based on policy, that something should be or should not be done. But violating that policy is technically possible. Technical security means that doing the thing is extremely hard, even if they really would like to break their policies. That's why policy based security is such a bad idea. As example site is anonymous, but all identifying information is stored. Then it's not anonymous. Even if the information isn't given out in normal circumstances, it's still possible to dig it up, when needed. If it's actually anonymous, there's no information to dig even if administrators would desperately want it.
Element Android audio message feature is totally broken. The message content is almost always lost when trying to send message longer than a few seconds. I'm totally lost how they can implement it so badly. It's almost like intentional trolling. In this one case Element on Android doesn't show edits. So if user posts ["1", "1,2", "1,2,3"] sequence using edit, updating the string with new value, only the first value is shown. After clearing cache and reloading data the last version is shown. Classic. Someone asked, if this is a user problem. Hmm, hard to see how it would be. But it just tells that something is inherently really broken in the ways they handle data.
SQLite3 Fiddle (@ sqlite.org) - SQL database play field and sandbox in browser. I don't need it, but it's excellent play field for many. Highly recommended.