Tux Machines

Mozilla, Rust, and More

Posted by Roy Schestowitz on Apr 10, 2024

today's leftovers
Security and Windows TCO Leftovers

Mozilla ☛ Support.Mozilla.Org: Keeping you in the loop: What’s new in our Knowledge Base?

↺ Support.Mozilla.Org: Keeping you in the loop: What’s new in our Knowledge Base?
Hello, SUMO community!
We’re setting the stage for something big: a revamp of our style guide designed to make our support content not just user-friendly, but user-delightful. To get a clearer picture of the SUMO user experience, we enlisted the help of an external agency, embarking on a research project designed to peel back the layers of how users interact with our platform. The results were quite revealing. Many users, it turns out, find themselves overwhelmed by the vast amount of information available, often feeling confused and struggling to pinpoint the exact answers they’re searching for. To address this, we’re rolling out targeted improvements focused enhancements to our style guides and contributor resources, aiming to refine how we organize, categorize, and present our support content in SUMO for a smoother, more intuitive user journey.

Rust Blog ☛ The Rust Programming Language Blog: Changes to Rust's WASI targets

↺ The Rust Programming Language Blog: Changes to Rust's WASI targets
WASI 0.2 was recently stabilized, and Rust has begun implementing first-class support for it in the form of a dedicated new target. Rust 1.78 will introduce new wasm32-wasip1 (tier 2) and wasm32-wasip2 (tier 3) targets. wasm32-wasip1 is an effective rename of the existing wasm32-wasi target, freeing the target name up for an eventual WASI 1.0 release. Starting Rust 1.78 (May 2nd, 2024), users of WASI 0.1 are encouraged to begin migrating to the new wasm32-wasip1 target before the existing wasm32-wasi target is removed in Rust 1.84 (January 5th, 2025).
↺ WASI 0.2 was recently stabilized
↺ WASI 0.2 was recently stabilized

Rust Blog ☛ The Rust Programming Language Blog: Announcing Rust 1.77.2

↺ The Rust Programming Language Blog: Announcing Rust 1.77.2
The Rust team has published a new point release of Rust, 1.77.2. Rust is a 1.77.2 is as easy as:
This release includes a fix for CVE-2024-24576.
↺ CVE-2024-24576
Before this release, the Rust standard library did not properly escape arguments when invoking batch files (with the bat and cmd extensions) on Windows using the Command Hey Hi (AI) An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping.
↺ Command
↺ CVE-2024-24576
↺ Command

Tiger Oakes: ResizeObserver is a safe place to read scrollWidth/clientWidth

↺ Tiger Oakes: ResizeObserver is a safe place to read scrollWidth/clientWidth
Avoid forced synchronous layout and safely read an element's size.
gemini.tuxmachines.org