nsnotifyd-2.1 released

The other day I learned about the Rust crate lexopt which describes itself as, A pathologically simple command line argument parser. Most argument parsers are declarative: you tell them what to parse, and they do it. This one provides you with a stream of options and values and lets you figure out the rest. For “pathologically simple” I still...

I commented on Lobsters that /tmp is usually a bad idea, which caused some surprise. I suppose /tmp security bugs were common in the 1990s when I was learning Unix, but they are pretty rare now so I can see why less grizzled hackers might not be familiar with the problems. I guess that’s some kind of success, but sadly the fixes have left behind...

A couple of notable things have happened in recent months: There is a new edition of POSIX for 2024. There’s lots of good stuff in it, but today I am writing about getentropy() which is the first officially standardized POSIX API for getting cryptographically secure random numbers. On Linux the getentropy(3) function is based on the getrandom(2)...

Following my previous post on rate limiting with GCRA, leaky buckets without the buckets, I reviewed my old notes on rate limiting for Exim. I thought I should do a new write-up of the ideas that I hope will be more broadly interesting. Exponential rate limiting uses an exponentially-weighted moving average to measure the client’s rate. It is...

Yesterday I read an article describing the GCRA rate limiting algorithm. I thought it was really interesting, but I wasn’t entirely satisfied with Brandur’s explanation, and the Wikipedia articles on leaky buckets and GCRA are terrible, so here’s my version. what is GCRA? GCRA is the “generic cell rate algorithm”, a rate-limiting algorithm that...