6 Aug 2025
Voldenet It bet it'd be fine to use existing libraries for built-in cryptography 22:30
lizmat I recently found out that OpenSSL::Digest offers all of them: sha1 .. sha512 22:54
which makes me wonder whether it would be an idea to include all of OpenSSL into MoarVM
7 Aug 2025
Voldenet I think it'd need to be configurable, on windows there's builtins that support everything: learn.microsoft.com/en-us/windows/...dentifiers 00:41
there's also ancient wincrypt.h 00:44
I'd consider making something like platform/crypt.h but apart from really trivial APIs like `MVM_platform_sha256(buf, size)` it's bound to not work well 00:51
there'd be apis using TPMs that need tpm context (even sha256 would suddenly reuire MVMCryptoContext), there'd be also various key handles for dsa, contexts for streaming aead 00:57
so after pondering about it a bit - if only sha256 is needed, I'd consider some implementation that doesn't bring any additional library in 01:08
because in most cases using NativeCall wrappers directly without indirection is simply the best option 01:10
jdv mef: you ok? 18:31
8 Aug 2025
lizmat I just noticed this when building Moar for Rakudo: 16:57
Updating submodules .................................... fatal: couldn't find remote ref refs/heads/master
no idea which submodule that was referring to, or whether it is something to worry about 16:58
9 Aug 2025
Voldenet 3rdparty/mimalloc doesn't have master anymore 03:31
all other submodules do 03:32
lizmat ah, so this *is* something to worry about, as we would be missing mimalloc updates? 10:35
Voldenet most likely, there are 3 major versions (possibly with breaking changes), so I'm not sure if it can be automatically updated 15:44
however, latest version linked to moarvm is from 2 months ago 15:47
and latest version released overall is from 2 months ago as well, so it's probably up-to-date at the moment anyway 15:48
11 Aug 2025
librasteve_ rakudoweekly.blog/2025/08/11/2025-...esilience/ 15:45
14 Aug 2025
lizmat looks like we still have a build issue on Alpine! 13:29
correction: El_Che was able to build now, 2025.06 packages on their way now 13:47
18 Aug 2025
librasteve_ rakudoweekly.blog/2025/08/18/2025-...esilience/ 18:55
lizmat librasteve_++ 19:29
19 Aug 2025
Geth MoarVM: AntonOks++ created pull request #1952:
build_release.yml: Adding latest macos uns windows runners
17:32
25 Aug 2025
librasteve_ rakudoweekly.blog/2025/08/25/2025-...reducible/ 19:10
lizmat librasteve_++ 21:56
28 Aug 2025
jdv where is "anton oks"? 21:09
in any case. i want to ask him, what is up with this?: github.com/MoarVM/MoarVM/releases/tag/2025.08 21:10
this release is done 21:11
1 Sep 2025
librasteve_ rakudoweekly.blog/2025/09/01/2025-...tive-data/ 18:26
8 Sep 2025
rakudoweekly.blog/2025/09/08/2025-...rg-reboot/ 19:19
lizmat librasteve_++ 22:08
15 Sep 2025
librasteve_ rakudoweekly.blog/2025/09/15/2025-37-astquery/ 15:39
20 Sep 2025
lizmat MasterDuke timo github.com/rakudo/rakudo/issues/5954 16:06
21 Sep 2025
[Coke] I am onboarded with Snyk, scanned moarvm repo, found 1 H, 22 Medium, 10 Low issues under code analysis. 18:47
japhb Were you able to confirm whether any of them were "real"? 19:07
[Coke] IANACP 19:12
I opened an example from the rakudo repo. Will do one for MoarVM
e.g. github.com/MoarVM/MoarVM/issues/1954 19:14
22 Sep 2025
remaining types of errors reported in Snyk: Improper Null Termination; Dereference of a NULL Pointer; Use After Free; Missing release of memory after Effective Lifetime; Potential Buffer Overflow; Double Free 12:08
github.com/MoarVM/MoarVM/blob/69cd...tf8.c#L647 seems a reasonable complaint about use after free, e.g. 12:09
.... ah, no it doesn't, because there's a throw in there 12:10
So more like it's not understanding our code base, I guess.
I suspect many of them are of that nature. 12:11
japhb Better to deal with some false positives than have no visibility at all. Still, I'd feel better if it found something real, because then I'd know that it was looking deep enough. (I don't really believe you can have a previously unaudited codebase the size of MoarVM without at least *one* real bug existing.) 15:00
[Coke] Yup. Happy to share keys to Snyk with any core devs, but also understand we don't want to drown them with more crap. 16:12
We can also scan the other moarvm repos we have that have patches in them from other places.
importing others (including the web site) 16:31
librasteve_ rakudoweekly.blog/2025/09/22/2025-...clone-liz/ 18:47
25 Sep 2025
Geth MoarVM: MasterDuke17++ created pull request #1955:
Zero top of register when getting uint32 class member
02:44