Exactly! As an open source developer who has a notable-enough-for-Wikipedia 25-year-old project out there (MaraDNS), let me tell you, a lot of “security bugs” found by are anything but security bugs. Just some examples…
Agreed. This blog entry was really good, but then it started getting really left-leaning and making leftist cancel-culture type arguments by the end. Why is it relevant that Odin’s developer follows Matt Walsh on…
I have read the entire blog entry while waiting for all of MaraDNS’s automated tests to pass so I could release MaraDNS 3.5.0038. My impression is that I generally agree that people on social media upvote and make go…
I agree with you about the notability aspects, but using the word “proprietary” has a very specific meaning and Odin may be many things, but it’s not “proprietary”—it’s open source. When I saw you use the word…
>Apparently [Brainfuck] is "notable" but Odin is not Brainfuck has been extensively discussed in the following journal papers: https://doi.org/10.1080%2F07350198.2020.1727096 https://doi.org/10.7559%2Fcitarj.v9i3.432 If…
>Odin is a proprietary language What do you mean by “proprietary language”? To me “proprietary” means closed source, where one can only download binaries, not source code, and/or with a license which is not open-source.…
I’ve seen a lot of blog entries using typography so horrible, I had to use reader view to read the page—there was a trend in the mid-2010s to use pencil-thin fonts and there is now and then still a blog out there using…
AI is a huge bubble, just as dot-com was a huge bubble (I remember when people spent huge amounts of money to have key .com domains; as much as people paid for linux.com back then, the domain essentially went nowhere),…
The solution is simple: If using an AI-assisted scanner and a guardrail gets hit, then the code is obviously malicious and needs to be automatically flagged (and refuse to run the code!). As an aside, I got hit by the…
The Southwest thing is confirmed: https://archive.ph/20250311162848/https://www.cnbc.com/2025/... “Southwest has been under increasing pressure to raise revenue and improve returns after activist hedge fund Elliott…
This looks interesting, and it’s good to have alternatives to Lua in the embedded space, although MiniScript is an awful lot like Lua on first glance (e.g. using keywords instead of brackets to end loops and…
xz is pretty universal across POSIX and clones though. It comes with any modern Linux distro, Busybox even has an .xz decompressor, so `tar xvJF file.tar.xz` does the right thing in *NIX land, which I presume includes…
For people who are interested, here is the solution. In standard PGN, the solution is: 1. e4 e5 2. Nf3 Nf6 3. Nxe5 Nxe4 4. Qe2 Nxd2 5. Nc6+ Ne4 6. Nxd8 Kxd8 7. Qxe4 a6 8. Bg5+ Be7 9. Qxe7# In the Stockfish notation this…
Very good question. I can tell you why I chose Lua 5.1 for MaraDNS: • Lua 5.1 is smaller than Lua 5.4 • Lua 5.1 is LuaJIT compatible; Lua 5.4/5.5 isn’t as compatible LuaJIT is a version of Lua 5.1 which is an incredibly…
>>>uses dummy accounts to bend the voting and discussion<<< This is a false accusation with no evidence to back it up. Let me state this clearly: I am not using sockpuppet accounts nor am I stacking the vote.…
This list is very useful; Vile isn’t quite Vi, but it’s close enough, and it includes a Windows32 binary which works with CP-1252 [1] (albeit in a separate window), and fits in under 700k (7-zip compressed). What I wish…
“The software has to present a worthwhile target (ie have a substantial long term userbase) before anyone will bother to look for exploits” MaraDNS is a worthwhile target; two people have been auditing it this year, in…
Apologies for being confrontational; accusations of there being security holes are serious accusations in my book, and need to be backed up with solid facts. Yes, that’s how seriously I take security with the software I…
Agreed, it made a lot more sense to write MaraDNS in C in 2001 though. The main advantage of writing in C over Rust here in 2026 is that C has two different Lua interpreters, and there isn’t a port of Lua to Rust yet;…
The point of djbdns and qmail was this: It allowed administrators to run a local DNS server securely without needing to constantly patch the code. They were limited in scope, but were perfect for admins who valued…
>>>The patch landing in 2021, instead of 2014, being one of those concerns.<<< What makes you think I was using Lua in 2014? Seriously, do you even know how to use “git log”? I added Lua to MaraDNS in 2020:…
A lot of security and other audits have been performed against it though; MaraDNS, after all, is notable enough to have a Wikipedia page and hundreds of GitHUB stars. For example, when the Ghost Domain Name DNS…
It’s useful for things like 10.1.2.3.ip4.internal style queries, or having a DNS server that always returns a given IP for any query given to it. More discussion is on the coLunacyDNS overview page:…
DJB is a lot of things, and I have great respect for him, even though I feel he didn’t responsibly maintain Qmail/DJBdns/Publicfile. He made MaraDNS more secure because I carefully read his documentation—I got the idea…
You weren’t replying to me. The parent poster made a good point—a vulnerability in Lua doesn’t mean software running Lua can necessarily be exploited—but, more to the point, I do update Lunacy and make sure it’s secure,…
Exactly! As an open source developer who has a notable-enough-for-Wikipedia 25-year-old project out there (MaraDNS), let me tell you, a lot of “security bugs” found by are anything but security bugs. Just some examples…
Agreed. This blog entry was really good, but then it started getting really left-leaning and making leftist cancel-culture type arguments by the end. Why is it relevant that Odin’s developer follows Matt Walsh on…
I have read the entire blog entry while waiting for all of MaraDNS’s automated tests to pass so I could release MaraDNS 3.5.0038. My impression is that I generally agree that people on social media upvote and make go…
I agree with you about the notability aspects, but using the word “proprietary” has a very specific meaning and Odin may be many things, but it’s not “proprietary”—it’s open source. When I saw you use the word…
>Apparently [Brainfuck] is "notable" but Odin is not Brainfuck has been extensively discussed in the following journal papers: https://doi.org/10.1080%2F07350198.2020.1727096 https://doi.org/10.7559%2Fcitarj.v9i3.432 If…
>Odin is a proprietary language What do you mean by “proprietary language”? To me “proprietary” means closed source, where one can only download binaries, not source code, and/or with a license which is not open-source.…
I’ve seen a lot of blog entries using typography so horrible, I had to use reader view to read the page—there was a trend in the mid-2010s to use pencil-thin fonts and there is now and then still a blog out there using…
AI is a huge bubble, just as dot-com was a huge bubble (I remember when people spent huge amounts of money to have key .com domains; as much as people paid for linux.com back then, the domain essentially went nowhere),…
The solution is simple: If using an AI-assisted scanner and a guardrail gets hit, then the code is obviously malicious and needs to be automatically flagged (and refuse to run the code!). As an aside, I got hit by the…
The Southwest thing is confirmed: https://archive.ph/20250311162848/https://www.cnbc.com/2025/... “Southwest has been under increasing pressure to raise revenue and improve returns after activist hedge fund Elliott…
This looks interesting, and it’s good to have alternatives to Lua in the embedded space, although MiniScript is an awful lot like Lua on first glance (e.g. using keywords instead of brackets to end loops and…
xz is pretty universal across POSIX and clones though. It comes with any modern Linux distro, Busybox even has an .xz decompressor, so `tar xvJF file.tar.xz` does the right thing in *NIX land, which I presume includes…
For people who are interested, here is the solution. In standard PGN, the solution is: 1. e4 e5 2. Nf3 Nf6 3. Nxe5 Nxe4 4. Qe2 Nxd2 5. Nc6+ Ne4 6. Nxd8 Kxd8 7. Qxe4 a6 8. Bg5+ Be7 9. Qxe7# In the Stockfish notation this…
Very good question. I can tell you why I chose Lua 5.1 for MaraDNS: • Lua 5.1 is smaller than Lua 5.4 • Lua 5.1 is LuaJIT compatible; Lua 5.4/5.5 isn’t as compatible LuaJIT is a version of Lua 5.1 which is an incredibly…
>>>uses dummy accounts to bend the voting and discussion<<< This is a false accusation with no evidence to back it up. Let me state this clearly: I am not using sockpuppet accounts nor am I stacking the vote.…
This list is very useful; Vile isn’t quite Vi, but it’s close enough, and it includes a Windows32 binary which works with CP-1252 [1] (albeit in a separate window), and fits in under 700k (7-zip compressed). What I wish…
“The software has to present a worthwhile target (ie have a substantial long term userbase) before anyone will bother to look for exploits” MaraDNS is a worthwhile target; two people have been auditing it this year, in…
Apologies for being confrontational; accusations of there being security holes are serious accusations in my book, and need to be backed up with solid facts. Yes, that’s how seriously I take security with the software I…
Agreed, it made a lot more sense to write MaraDNS in C in 2001 though. The main advantage of writing in C over Rust here in 2026 is that C has two different Lua interpreters, and there isn’t a port of Lua to Rust yet;…
The point of djbdns and qmail was this: It allowed administrators to run a local DNS server securely without needing to constantly patch the code. They were limited in scope, but were perfect for admins who valued…
>>>The patch landing in 2021, instead of 2014, being one of those concerns.<<< What makes you think I was using Lua in 2014? Seriously, do you even know how to use “git log”? I added Lua to MaraDNS in 2020:…
A lot of security and other audits have been performed against it though; MaraDNS, after all, is notable enough to have a Wikipedia page and hundreds of GitHUB stars. For example, when the Ghost Domain Name DNS…
It’s useful for things like 10.1.2.3.ip4.internal style queries, or having a DNS server that always returns a given IP for any query given to it. More discussion is on the coLunacyDNS overview page:…
DJB is a lot of things, and I have great respect for him, even though I feel he didn’t responsibly maintain Qmail/DJBdns/Publicfile. He made MaraDNS more secure because I carefully read his documentation—I got the idea…
You weren’t replying to me. The parent poster made a good point—a vulnerability in Lua doesn’t mean software running Lua can necessarily be exploited—but, more to the point, I do update Lunacy and make sure it’s secure,…