00:20 <Scopeuk> Well that's "fun" someone published a backdoor in sshd via over loading crypto functions using hooks in xz, it looks like deliberate action on the part of one of the dev[s, caught in respray rawhide and Debian unstable before proper deployment

00:21 <Scopeuk> https://access.redhat.com/security/cve/CVE-2024-3094?extIdCarryOver=true&sc_cid=701f2000001OH7EAAW

02:08 <analoq> Scopeuk: impressive that someone was able to spot it :?

02:09 <InPhase> analoq: A simple backdoor not running high cpu load might have made it out the door. And maybe occasionally has.

02:09 <InPhase> High cpu load is going to get flagged though. People follow up on that sort of thing.

02:13 <InPhase> I hope people are doing the due diligence of systematically looking into all the other contributions this person made to other software packages.

02:18 <analoq> InPhase: i tried to figure out who it was, but no luck. I doubt he will use the same acc/ his true name

03:11 <InPhase> analoq: Oh, that information is being reported widely. It is allegedly co-mainter since 2022 of the xz project, Jia Tan. The relevant commits came from this person's account, and many contacts to various distros were made under this person's name urging them to upgrade to the compromised version.

03:12 <InPhase> analoq: Most people reporting this are holding some possibility that this person's accounts were all wildly compromised, but given the quantity of communication out there under this person's name about the compromised releases, this is not being regarded as the likely explanation.

03:14 <InPhase> Whether it is this person or not, the commits from this person need to be gone over with a fine toothed comb, as clearly their account has been doing malicious things over some stretch of time covering two point releases at minimum.

03:15 <pca006132> I think that maybe libraries that are important to security should have a simpler build system and simpler code for auditing...

03:15 <InPhase> If it is that person, then it could potentially also be a criminal matter.

03:16 <InPhase> pca006132: lol. Quality libraries has been on my better-world wish list for some time, but we are far from it.

03:16 <pca006132> true

03:17 <pca006132> especially due to performance requirements... those libraries often contain various asm/hooks to make it faster

03:17 <pca006132> and making this kind of obfuscation a bit easier to do

03:17 <InPhase> pca006132: The problem is "important to security" is a very huge portion of them, and we pretend otherwise. This was after all just a file compression tool, and a project that went stagnant because it had basically one maintainer for a long time. Prior maintainer Lasse Collin appointed Jia Tan co-maintainer because Lasse just couldn't handle it anymore, and no one else stepped forward to help.

03:18 <pca006132> true

03:19 <InPhase> Obfuscated code is even easier to slip in when nobody is really watching. We're kind of lucky here, relatively speaking, working on an "interesting" project that is experiencing a steady growth in maintainer interest.

03:20 <InPhase> s/maintainer/contributer/ I guess you don't even need to say the word maintainer for a project like this.

07:09 <gbruno> [github] jonjelinek opened pull request #23 (🐛 fix cannot find ../wasm/openscad.js) https://github.com/openscad/openscad-playground/pull/23

11:34 <gbruno> [github] t-paul closed pull request #23 (🐛 fix cannot find ../wasm/openscad.js) https://github.com/openscad/openscad-playground/pull/23

11:34 <gbruno> [github] t-paul pushed 1 modifications (Merge pull request #23 from jonjelinek/main 🐛 fix cannot find ../wasm/openscad.js) https://github.com/openscad/openscad-playground/commit/bc2e36b37bc2c6d12eab0786c008e0fb541ea3b7

16:13 <JordanBrown1> InPhase, pca006132: https://xkcd.com/2347/

16:16 <InPhase> Yep. :)

16:46 <guso78k> https://imgur.com/a/cEZ3e74

16:46 <guso78k> i got a viable solution until we get a better one working

16:49 <InPhase> guso78: Did you see my example?

16:50 <guso78k> InPhase nope!

16:50 <guso78k> when did you post it ? let me recheck

16:52 <guso78k> i see it now. let me check it out :)

16:54 <guso78k> InPhase looks promising. the cubes are absolutely regularily placed  ?

17:00 <guso78k> The code is great! i just dont understand it yet. in order to finally use it: is it possible to additionally  specify direction of x ,y and z axis ?

17:05 <guso78k> and it suppose the points come in a defined order, so its easily predictable, which ones make up a triangle ...

17:11 <InPhase> guso78k: I hardcoded it to a rectangularly defined corner pieces with fixed orientation in order to keep my head straight while writing it.

17:12 <InPhase> I figure one could orient afterward. Or, modify once the reference example is working if it really needed to do other things.

17:12 <InPhase> When you spoke about defining based on a rectangle corners, that's when this solution hit me. This constraint gives the other coordinate for around the corner, as the other point on a rectangular solid.

17:28 <guso78k> yes, i think i can make it  .. after putting your credits into the code :)

18:00 <InPhase> guso78k: My first thought was a 3-way weighted bezier-like calculation, with points that are, in some manner, symmetrically distributed. It's surely possible, but while I think I could work out the math, it wasn't obvious how to arrange the points in such a space. There's no obvious parametric iterator. Maybe 2 axes of "toward the corner" for one and "around the triangle" for the other, but that

18:00 <InPhase> seemed confusing to think about. :)

18:01 <InPhase> But I'll just put that out there as probably not impossible, but it didn't fit within the margin I had available for the problem.

19:43 <JordanBrown1> I think you're reinventing wheels, and you want a Bézier patch.

19:48 <guso78k> JordanBrown1, i presumed it existed and i asked for an implementation ;)

19:48 <InPhase> JordanBrown1: But... That's for a rectangular matrix. :)

19:49 <JordanBrown1> What is a triangle, but a rectangle with one side of length zero?

19:49 <InPhase> JordanBrown1: A corner is triangular dimensions.

19:50 <JordanBrown1> BOSL2 used to have triangular Bézier patches, but they removed them. Might ask Adrian or Revar what they expect the replacement to be.

19:51 <InPhase> JordanBrown1: Well that gets you to almost what I actually did... But then you have the problem of trying to get the edge points to line up to a bezier for all three edges, which is lost for the bezier surface collapse if you're not careful. And then you want points inside to be roughly distributed in a good manner so that it doesn't look biased like this triangle is.

19:52 <JordanBrown1> Bias I can't answer. I *think* that lining up the edges is just a matter of using the same control points as the edges that you're trying to line up with.

20:04 <InPhase> Yeah. This is what I did.

20:05 <InPhase> And then auto-picked a sensible middle control point, since that wasn't provided by guso78k's problem definition.

20:07 <InPhase> But then I broke it apart to dynamically adjust the point density, in deviation from the normal Bezier surface you would get if you squished one side.

20:09 <InPhase> Otherwise I think it's basically the same math, just reordering the coefficients to only be inside the summations they are over.

21:25 <guso78k> https://imgur.com/a/xKxOKqP

21:26 <guso78k> i believe its hard to do such thing the manual way

21:45 <guso78k> justr wondering if openscad already owns a function for point in polyset  ? its not in PolySetUtils.cc ...

21:49 <JordanBrown1> InPhase, guso78k: https://imgur.com/a/2xwRmtp uses a degenerate Bézier patch to connect three Bézier patches.

21:50 <JordanBrown1> I'm still working on the program a little, trying to make the parameters for the connecting patch be derived from the parameters for the other three patches.

21:50 <JordanBrown1> But that's 30 lines, based on BOSL2.

22:03 <gbruno> [github] kintel closed issue #2868 (Bad geometry - holes & degenerates) https://github.com/openscad/openscad/issues/2868

22:21 <guso78k> JordanBrown1, this look great! please keep me updated on the progress

22:21 <JordanBrown1> The hard part is _understanding_ how the geometry fits together.

22:22 <JordanBrown1> What do the various points *mean*, and how do they have to relate to one another.

22:29 <JordanBrown1> Also deciding to what extent I am joining three Bézier-rounded edges, and to what extent I am joining three arbitrary Bézier patches.

22:30 <guso78k> JordanBrown1 i think its actual a designer decision, which of the 3 vectors of the joint shall be degenerate. lets see if we can make this user friendly

22:31 <JordanBrown1> I don't think that's really an issue.

22:35 <JordanBrown1> I updated the image a little, making it so none of the edges are boring and symmetric.

22:36 <JordanBrown1> The interesting points are the center two, the two with diagonal lines connecting them to the intersection point.

22:37 <JordanBrown1> I think those two are constrained in two axes each, but the third axis is independent.

22:38 <guso78k> wow. i did not know that someone can alter an image on imgur once uploaded

22:39 <JordanBrown1> it's not exactly altering the image. it's altering the post.

22:39 <JordanBrown1> I deleted the old image from the post, and added a new one.

22:40 <guso78k> so you altered the history of this irc chat ?

22:43 <JordanBrown1> no

22:43 <JordanBrown1> I edited my imgur post

22:43 <JordanBrown1> imgur does not (exactly) store images

22:43 <JordanBrown1> it stores posts, that contain images

22:44 <JordanBrown1> you can edit a post after you initially post it

22:44 <JordanBrown1> add images

22:44 <JordanBrown1> change text

22:44 <JordanBrown1> delete images

22:44 <JordanBrown1> so I edited that post

22:44 <JordanBrown1> deleted the old image

22:44 <JordanBrown1> added a new image

22:45 <guso78k> ok, got it now :)

23:23 <gbruno> [github] kintel closed issue #2944 (Update docs for latest version of OpenSCAD) https://github.com/openscad/openscad/issues/2944

23:33 <InPhase> :) I usually just add the second image to avoid wildly confusing people. ;)

23:34 <InPhase> guso78k: Did you figure out the tesselation of my solution? I'd like to compare how it looks to JordanBrown1's solution.

23:35 <InPhase> I suspect it will look a bit more axially balanced, but you never know for sure until you see the final thing.

23:36 <guso78k> InPhase sorry, i did not proceed much. i spent some time on moving the origin of the corner somewhere else but then i was continuing on selecting edges in my script

23:44 <guso78k> next i extend the fillets to do union and intersection filleting with automatic edge selection

23:45 <guso78k> this is what SDF can do for a long time already, but SDF has other disadvantages ...