#twisted-dev

wsanchez: are you trying to resolve an ipv6 address?

Wait... okay nevermind

That's weird

Wsanchez: can you paste the exact error with the restricted resolv.conf?

okay

who is ready for 16.5

this owl is

oh my god

i am an idiot

i forgot to cherry pick #8861

who wants a fast follow 16.6?

everyone!

hawkowl: RELEASE CONTINUOUSLY

glyph i'll get out the hamster wheel

hawkowl: that UAF I fixed is probably also worth releasing soon

whats a uaf

hawkowl: use-after-free

oh

in iocp?

yep

hawkowl: on trunk now, you can use iocp without sending random uninitialized memory to your peer! cool huh

A+ twisted best quality

that sounds pretty serious

not like .1 serious

it could probably be weaponized

but like a "I guess there's enough cool stuff in 16.6"

but, the workaround is 'upgrade, or use select'

do we need to get a CVE

or

can we just request a freaking block at this point

we probably have enough hidden DoSs and accidentally quadratic behaviour

hawkowl: well, it _might_ be weaponizable, but it would be pretty hard

thats what they said about raccoons

oh hey this is pretty cool

did you know that there's a MITRE database of _types_ of exploit?

yeah

see relationships, too

"ChildOfWeakness Class398Indicator of Poor Code Quality"

that's C code alright

hawkowl: A PLUS TWISTED _BEST QUALITY_

so like

this is in pyrex right?

I really wish it were, like, possible to write tests for C code.

cython, w/e

hawkowl: cython now, but yes

so like

cython lets you write unsafe code????

hawkowl: hahaha okay let me break down the bug for you

what the hell is the point of using python at that point

hawkowl: it is not a _userland_ UAF

oh no

hawkowl: you give a pointer to the kernel and you're like, GL HF

hawkowl: the kernel does indeed HF

hawkowl: then you free() it because hey it was just a buffer on the stack, Python has no need of that memory any more

hawkowl: so it was never "wrong" in that you could never provoke a crash or get the Python process to chase a dead pointer

glyph i feel like you should write this up for the MONTHLY STATUS REPORT i will totally write for real

hawkowl: you just told the kernel to grab a buffer that you then re-use

oh no

*oh no*

and of course you told it to OVERLAPPED* the heck out of it

So the kernel reads the buffer ~asynchronously~ in a dedicated kernel thread

hawkowl: do you see why I am impressed with my genius

was your genius to throw your computer out the window

so wait

did this cause iocp test failures?

hawkowl: intermittently!

was this one of the rare ones?

hawkowl: only with send buffer sizes of between 64k and 128k

that never showed up on uh

appveyor

because appveyor is fast

hawkowl: it did. this is the web distrib test failures.

hawkowl: it showed up on all the windows builders eventually; and I could repro it locally after at most 3 test runs.

wait i didnt see those before

hawkowl: the reason I started working on this is that _all_ my other PRs were failing with it :)

anyway it's way more reliable now

it might leak memory though so ¯\_(ツ)_/¯

meh

memory is cheap

and correctness > memory usage

okay well i will write the release notes for 16.5

then yell at work's mqtt implementation a bit more

and then tonight i might cut a 16.6rc1

so if you want some random trash in it then now's the time :D

glyph reviewed <https://tm.tl/#8505>; - Build pypy on Travis-Ci with coverage reports (assigned to adiroiban)

kenaan_: hi

its nick is wrong

I thought it had a /msg interface?

idk

there i fixed it

uh

...

oh cool amptrac fell over too

Tickets pending review: https://tm.tl/#8659, #7934 (eeshangarg), #8828, #8370 (the0id), #8325 (the0id), #8805

there i fixed it

amptrac fell over so it didnt talk about reviews

lol

Amber Brown (HawkOwl) <hawkowl@atleastfornow.net>; closed <https://tm.tl/#8816>; - Release Twisted 16.5.0

glyph hey

glyph can you give my new google acct (hawkowl@atleastfornow.net) access to blogger?

(i renamed my old one which was a semi-google-acct, the new one is g suite)

glyph also what do you think about retiring the 12.04 buildbots and replacing them with 16.10 ones

i feel like more than two Ubuntu LTS releases is excessive

or maybe fbsd ones

since that is a gap in our infrastructure right now

we can afford the fbsd ones anyway

hawkowl: sure

glyph ^

hawkowl: rackspace supports _all_ the linuxes

hawkowl: actually why don't i just make your old account an admin so you can add yourself?

...i mean at that point its probably more effort than just making my *new* one an admin

;)

hawkowl: there's a whole email handshake thing with adding the new one which is easier if you do it yourself :)

oh

hawkowl: your old one's an admin now

okay

I also pruned a few old authors since I noticed we have many non-contributors and even a few deleted accounts in there

hawkowl: A TEST FAILED

hawkowl: CHECK IT OOOOOUT

twisted.trial.unittest.FailTest: Old-style classes in twisted.internet.test.test_resolver: twisted.internet.test.test_resolver.DeterministicThreadPool

\o/

noooooo

wait is that good

Error: Your Xcode (8.0) is outdated.

Please update to Xcode 8.1 (or delete it)