_ /\  ||  /\ _
      / X  \.--./  X \
     /_/ \/`    `\/ \_\
   ( |` (_(.OooO.)_) `| )
   ` |  `//\(  )/\\`  |`
     (  // ()\/() \\  )
      ` (   \   /   ) `
         \         /        
          `       `          


Last active 5 months ago


Last active 9 months ago


Last active 9 months ago


Last active 1 year, 1 month ago


Last active 1 year, 3 months ago


Last active 1 year, 4 months ago


Last active 1 year, 4 months ago


Last active 1 year, 10 months ago


Last active 2 years ago


Last active 2 years ago
View more

Recent activity

[NOTICE] murse is moving 5 months ago

From welt to ~welt/murse-lowfreq

murse's repository is going to be moving to the ~webb user on SourceHut. 
You can find new links to them below.


The links on spiderden.net will be updated shortly. Future release 
binaries will be on the new repository.

[RELEASE] murse v0.3.2 6 months ago

From welt to ~welt/murse-lowfreq

murse v0.3.2 has been released.

This fixes a bug that prevents murse from deleting folders with 
children. If you were having issues upgrading or verifying, they should 
be fixed now.



- Switch to os.RemoveAll in all circumstances, fixes issue with TVN
   repositories that don't specify all the children removed, as well as
   directories with custom content.

[SECURITY] Signing Vulnerability in murse v0.3.0 6 months ago

From welt to ~welt/murse-lowfreq

In murse v0.3.0, signing support was introduced. There is a bug in the 
code for the verify subcommand that causes it to ignore the supplied 
key, allowing an attacker to create directories and delete files.

For Open Fortress players, this does not affect you as of this post; 
signing is not enabled on the servers (so you already have to trust the 
mirror you use.) However, once/if signing is available, then 
verification will be vulnerable to the issues.

To mitigate the issue, simply upgrade to v0.3.1. Downloads for v0.3.0 
will be removed shortly.

This bug is caused by a simple typo. In murse, there is a Client object 
that handles downloading and verification of revisions.

[RELEASE] murse v0.3.1 6 months ago

From welt to ~welt/murse-lowfreq

murse v0.3.1 has been released.

This is a security release, fixing a bug in verification with signing. 
More details will come in a follow-up post. Users should upgrade as soon 
as possible.



- SECURITY: Fixes a bug that caused the verification command to ignore
   the supplied key, allowing directories to be created before properly
   stopping the program.

[RELEASE] murse v0.3.0 6 months ago

From welt to ~welt/murse-lowfreq

murse v0.3.0 has been released.

As mentioned in the previous announcement, this update is a transitional 
release in preparation for some breaking changes. For more information 
on that please refer to the previous announcement.

For repositories using the new format for revision files, signatures can 
now be checked by using the -s/--verify-sigs flag and piping the key to 
stdin. It does not accept a file argument.

murse upgrade open_fortress -s < file.pem
curl https://example.com/key.pem | murse verify -s -r game_dir

The toaster has been fixed, if you've had problems with it you can use

[ANNOUCEMENT] Upcoming Breaking Changes To murse 6 months ago

From welt to ~welt/murse-lowfreq

TVN has gone through some specification changes that require breaking 
changes in murse. In particular, the format used for revision files have 
been changed to include the revision number to prevent reordering 
attacks with signatures. This was done to enable the community to mirror 
the game files while ensuring they haven't been tampered with, as well 
as allowing people to download the game on untrusted networks.

The next non-patch release (0.3.0) will be a transitional release. It 
will support both the new format and the old format for upgrades and 
verification, but in a future non-patch version it will be removed. I 
expect 0.4.0 to remove this unless circumstances change.

What does this mean for Open Fortress players and server owners? Now's 
the time to upgrade murse in preparation for signing. 0.3.0 will

re: How I wish I could organize my thoughts 7 months ago

From welt to ~sircmpwn/public-inbox

This sounds extremely similar to MasterPlan. It's not free software but 
it is source-readable.


IsaacScript article and some information (with correction) 1 year, 4 months ago

From welt to ~welt/public-mail

I was gonna write an article about IsaacScript but you've beaten me to 
it. Good article.

I'm the one who did that long rant you quoted in Lamb's Discord guild 
(with the spider emoji as the username).

 > From a skim of the outputted code [IsaacScript] seemed to have 
quadrupled the line count in most of the functions I looked at compared 
to normal Lua (ignoring the branching functions where it tries to 
emulate some features)

I wanted to include more details about what I was testing at the time, 
and share some data and source code.

Re: Some self-hosting updates (fixed) 1 year, 5 months ago

From welt to ~welt/public-mail

(Resending because I messed up the mailing list)

Time for some cope seething over one of your blog posts.

I agree that Matrix is bloated, but I disagree with basically every 
other point you made against it and for XMPP.

 > The Matrix protocol is very complex and unorthodox, which means that 
independent developers looking to develop a server software for it are 
looking at a large amount of work and testing.

What you're saying about effort would be true for anything, including a 
complete, usable XMPP server. In terms of the Matrix landscape I see 
more actually impressive/usable projects than I've seen in the XMPP world.

Signature 1 year, 11 months ago

From welt to ~tyil/rms-support

name: welt
link: https://welt.spiderden.net