Up to Main Index Up to Journal for March, 2024 JOURNAL FOR SUNDAY 31ST MARCH, 2024 ______________________________________________________________________________ SUBJECT: Minor updates to vendor trading DATE: Sun 31 Mar 20:10:18 BST 2024 I’ve just pushed out some updates for vendor trading to the public dev branch. This includes a complete re-working of how trades are loaded and initialised for vendors. It now follows the standard inventory and item initialisation all other inventories and items use. The code is a lot cleaner and the wasteful double copy of the trades is gone. Trades for a vendor are now consistently ordered. The layout of trades has also been improved: >buy baker The baker has the following trades available: 100c - some waybread 1c - a small loaf of bread 3c - a large loaf of bread 2c - a small pastry 5c - a large pastry > Observers are now notified when a player interacts with a vendor and queries the trades available: > Diddymus talks with the baker. > Progress, but not as much as I would have liked for a long weekend :( I have been working to update the vendors in the stock zones and to give values to items. It’s just going to take a little longer. I blame the shenanigans with the xz-utils packages and CVE-2024-3094[1], which came out Friday. That and the mad rush to check and secure all machines :/ I thought something was off when I saw in the change log that xz-utils had been rolled back multiple versions by the Debian security team. However, the change log was brief on details and poking around the git repository didn’t shed any light. It was only Saturday I found out about CVE-2024-3094 :( Luckily, for my machines, I don’t run systemd[2]. For my Raspberry Pi running 32-bit RPi OS I’ve not seen any package updates for the testing distribution appear for over month now. Which means I missed the xz-utils 5.6.0 and 5.6.1 versions. I’ve posted to the RPi forums[3] in the hope packages start flowing again. The only other thing of note is that the clocks went forward an hour today and we are now on British summer time. Outside it’s cold, wet and gloomy and there is a yellow rain warning in force… *sigh* -- Diddymus [1] xz-utils malicious code (CVE-2024-3094): https://security-tracker.debian.org/tracker/CVE-2024-3094 [2] The xz-utils malicious code seems to have been exploiting sshd via systemd. [3] RPi forum post: 32-bit trixie/testing repo not getting updates? https://forums.raspberrypi.com/viewtopic.php?t=368297 Up to Main Index Up to Journal for March, 2024