On "one of my other blogs" ('surprise, it's raining...') I am turning to the world with the cynicality it deserves. Not sure this entry should go there :)
While about to install FreeType 2 due to matplotlib which actually my project currently doesn't need at all (well done me, well done us), I came by the lack of obvious setup instructions (but you do find an article about why the name of GNU doesn't matter if you're really interested at that point) on the project's main page.
FreeType apparently is distributed etc. as a community effort (which is great!) and I guess is widely used as a prerequisite for matplotlib (which is ...).
Then it may hit your eye: 'emergency release'.
(... well ...) this severe vulnerability has apparently been
hanging around since 2.6, which means for a bit over (... not so great...) badum tss
5 years.
I got here as I was looking for the installation instructions and clicked the first hit, which was "How to Install FreeType 2.8 in Ubuntu 16.04, 17.04" (by UbuntuHandbook, from 2017 - a http link, no real need click it).
Not only it opened up with an insecure HTTP protocol about an hour ago, it even seems to redirect your browser from a https access attempt to that one.
So ... well, yes :) I thought 'why not avoid that PPA' and then 'well, it's raining a bit harder than usual'.
May have gotten caught up in a stream ... 'would you like to keep your eyes shut? yes, please.' ;)
P.S.: also note that I'd been trying (without much success) to use my memory foam pillow comfortably (upside down, by the way :D ) for about 7 years now. With any luck I'd have surely made it to 10 if I wasn't to decide to find some reassuring reviews, which I - surprisingly - didn't. I did find some insulting photos though of them, who used it in the right way. The takeaway here is I believe I just got reassured that this pillow is an embarrassment. At least a bit of success at the end of the day =b
P.S. 2: What I actually was (i.e. ye olde matplotlib version was) missing is just a sudo apt install libfreetype6-dev. My bad. Period? ;)
No comments:
Post a Comment