02:58 <FromGitter> <mixflame> Amber lives

02:58 <FromGitter> <mixflame> I win

02:58 <FromGitter> <mixflame> Redis adapter had remote execution issues via insecure crystal-redis

02:58 <FromGitter> <mixflame> Exploited embarassingly 4-5 times and warned of by Rizon Staff

02:59 <FromGitter> <mixflame> Watch command lines and run time schedulers that are linked to input as always

08:00 <FromGitter> <rishavs> Thanks @syeopite

12:50 <raz> mixflame: > Redis adapter had remote execution issues via insecure crystal-redis

12:51 <raz> is this tracked somewhere? that sounds pretty serious

12:51 <raz> (not seeing anything on crystal-redis repo)

15:46 <FromGitter> <iamtesty:matrix.org> I AM TESTYYYYYY

16:13 <FromGitter> <rishavs> umm hi?

17:06 <FromGitter> <RespiteSage> @iamtesty:matrix.org Are you an enthusiastic human or a bot?

17:17 <FromGitter> <mixflame> raz: No. Untracked. I had to work it out myself.

17:17 <FromGitter> <mixflame> It's resolved in mixflame/crystal-redis

17:17 <FromGitter> <mixflame> I didn't do a PR yet for crystal-redis

17:17 <FromGitter> <mixflame> the code is pushed and required by my custom/accepted Amber fork

17:18 <FromGitter> <mixflame> They were exploiting my site after heavy mods, I wrote the extension of the amber redis websocket multichannel adapter

17:18 <FromGitter> <mixflame> the original adapter was very limited

17:22 <raz> what kind of remote execution is it? arbitrary redis commands or even arbitrary code altogether?

17:43 <hightower4> what's the underlying issue? that exceptions in redis shards got returned as values, or?

17:44 <hightower4> s/shards/calls/

20:28 <FromGitter> <jfontan:matrix.org> I've created a command from my parallel find experiment. Works similar to `find -regex`. It lists 2 million files (after cache is warm and redirecting to `/dev/null`) in around 1 second.

20:28 <FromGitter> <jfontan:matrix.org> https://github.com/jfontan/parallel-find

20:36 <FromGitter> <Blacksmoke16> fwiw `Crystal::System::*` isn't a public API, might be better off just using `Dir`

20:36 <FromGitter> <Blacksmoke16> as it's API will be stable

20:37 <FromGitter> <jfontan:matrix.org> using Dir the speed is not as good, it issues stat commands to all the files and dirs

20:38 <FromGitter> <Blacksmoke16> https://github.com/crystal-lang/crystal/blob/c97946b/src/dir.cr#L17 i dont see how

20:38 <FromGitter> <Blacksmoke16> unless you mean the looping part of it?

20:41 <FromGitter> <jfontan:matrix.org> well, now that I look again is that with Dir I only get file names and I need a stat call to check if it's a dir or a file

20:41 <FromGitter> <jfontan:matrix.org> I'll check again in case I can retrieve the dirent with it

20:42 <FromGitter> <Blacksmoke16> mm yea, doesn't look like it :/

20:42 <FromGitter> <Blacksmoke16> all the iterators seems to yield `String`

21:37 <FromGitter> <stellarpower> > Memory is allocated by the GC, we use boehm. You can do `LibC.malloc` and `LibC.free` if you want, but there's no support for custom allocators (Crystal is not a low-level language) ⏎ ⏎ @asterite @yxhuvud Sorry, I completely forgot about sending this message in the morning. The context was the potential for an IPC shard, so was curious if an entire Crystal object and its subobjects could ever be

21:37 <FromGitter> ... allocated into a custom region of memory, that being a shared segment of memory mapped into the process' address space. If the GC manages all this typically, then would that be the way in, is there meant to be a level of decoupling from the language and the point anything is allocated before calling initialize? I was thinking of ... [https://gitter.im/crystal-lang/crystal?at=61241500f3449e13a434211d]