Michael Lynch issues

Results 128 issues of


                                            Michael Lynch

Update Target / WantedBy in systemd service definitions

Running lintian on our Debian package after pulling in the service definitions results in lint errors about our Target and WantedBy values ``` W: tinypilot: ]8;;https://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-targetsystemd-service-file-refers-to-obsolete-target]8;; syslog.target [lib/systemd/system/update-tls-cert-common-name.service] W: tinypilot:...

bug

Support a "force QWERTY" mode

## Problem TinyPilot sends keyboard input by forwarding key events by sending the [`KeyboardEvent.code`](https://developer.mozilla.org/en-US/docs/Web/API/KeyboardEvent/code) value for the input event. The the `KeyboardEvent.code` is agnostic to keyboard layout, as it represents...

enhancement

Brainstorm: Proactively suggest video troubleshooting steps to the user when uStreamer fails to receive a signal

We're soon going to have an [FAQ](https://github.com/tiny-pilot/tinypilotkvm.com/issues/837) explaining to users how to troubleshoot and diagnose "No signal" screen. It would be good if we could proactively suggest remediation steps to...

enhancement

Remove outdated references to external tools

evmone's tests no longer support testing other EVMC-compatible EVM implementations. `evm-test` dropped support for external EVM implementations [in 2020](https://github.com/ethereum/evmone/pull/262/files#diff-164433c97916ccb25c2acf05bac88cb9a9be3e5fdc737f0541cd838444536a94R27). `evmone-fuzzer` doesn't support fuzzing external EVM implemenations. It looks like they...

Include required license notices for third-party code

The [`include` directory](https://github.com/Notselwyn/CVE-2024-1086/tree/48889cafd4a95b099dbef511eb9b2269976ec0c5/include) contains third-party code without the required license notice. - [libftnl](https://www.netfilter.org/projects/libnftnl/index.html) is GPLv2+. - [libmnl](https://netfilter.org/projects/libmnl/) is LGPLv2.1+. - Linux has [a few different licenses](https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/LICENSES?h=v6.1.72). You should put the...

panic: runtime error: invalid memory address or nil pointer dereference

Thanks so much for this patch. I'm excited for the merge. I was able to upload a few files, but minio now seems to crash on every new upload attempt....

Chapter 3: Denial of Service vulnerability

Chapter 3 accepts arbitrary uploads from remote users, but it doesn't limit the size of the upload. https://github.com/matryer/goblueprints/blob/aae50b4b30fa6dfd73e3c411b3bfe1972294be61/chapter3/chat/upload.go#L12 A malicious user could upload a very large file and exhaust server...

Chapter 3: Remote code execution vulnerability

Chapter 3 features a [directory traversal vulnerability](https://owasp.org/www-community/attacks/Path_Traversal), which, combined with #78 leads to remote code execution. The vulnerability is on this line: https://github.com/matryer/goblueprints/blob/aae50b4b30fa6dfd73e3c411b3bfe1972294be61/chapter3/chat/upload.go#L23 Both `userID` and `header.Filename` are attacker-controlled values,...

Chapter 3: Insecure file permissions on user upload

Chapter 3 applies a bitmask of `0777` to user uploads. https://github.com/matryer/goblueprints/blob/aae50b4b30fa6dfd73e3c411b3bfe1972294be61/chapter3/chat/upload.go#L24 Worse, the book includes this advice to readers: >The 0777 value specifies that the new file we create should...

Lots of null reference errors on first load

I cleared my AppData\Local\Twinder folder, and rebuilt from 533fd47d93ca10b4383107fc5ee219a649b5bce1 but after I complete the FB auth flow, I get a bunch of null reference exceptions and can't run Twinder. ```...