This note summarizes local evidence for CRLF injection through runtime-expanded variables in NGINX output paths, with a focus on upstream-friendly reproduction rather than broad parser policy changes.
The narrow question is whether NGINX should refuse to serialize CR/LF/NUL or invalid field names when it is generating HTTP/1.x output from runtime variables.
This is separate from:
Local-first migration guidance for Linux, Windows, Microsoft Graph, ENEX, Markdown, and documentation-heavy workflows.
If you want to leave Evernote without losing your archive, do not aim for a one-time export. Build a repeatable local-first pipeline.
That is the difference between:
Audience: maintainers, platform engineers, and defensive security teams
Scope: user-configurable desktop automation that invokes shell commands
Desktop tools often expose a setting like a post-action command: after the app changes a file, a theme, a wallpaper, or a workspace state, it runs a user-defined shell command.
That feature is useful. Users may intentionally rely on shell behavior such as pipes, redirects, &&, environment variables, and small scripts.
Prepared by: LOUST.PRO Infrastructure & Security
Author: David Mireles
Keywords: Linux Kernel, PSI, cgroups v2, inotify, Redis, PM2, systemd, Remote Development, Wayland, DMS
Abstract: This case study documents a redacted infrastructure hardening engagement across a sovereign VPS and a local Linux operator workstation. The work separated transport, runtime, observability, queue orchestration, and desktop notification concerns while preserving live production services. The core lesson is simple: observability and automation must be cheaper than the incident they are meant to control.
Status: implemented in Waypaper PR #286 and merged.
swww and awww both support a --filter option for image scaling. Exposing that option in Waypaper gives users a backend-supported way to choose the tradeoff between speed, softness, and sharpness for their displays.
Scaling filters are visible when wallpaper sources and outputs do not match exactly:
This gist describes a privacy-preserving way to inspect desktop state when wallpapers, transparent terminals, desktop shells, and per-monitor renderers overlap.
It intentionally avoids raw screenshots, local hostnames, private paths, account names, and machine-specific output names. The goal is maintainer-friendly evidence: typed state, sanitized tokens, and clear ownership boundaries.
On a Wayland desktop, several issues can look identical from the screen:
This note documents a narrow Linux desktop integration pattern: a user service can start before the graphical session has fully exported the environment that wallpaper tools need.
The concrete case is Waypaper's slideshow daemon, but the pattern also applies to tray tools, notification bridges, desktop wrappers, and compositor-adjacent launchers.
Waypaper PR #283 shipped the small service foundation:
This is a public engineering note for the Waypaper, linux-wallpaperengine, Wayland desktop, and Wallpaper Engine compatibility work. It is not a request to merge unrelated work as a bundle.
The goal is to show how one visible desktop failure was split into reviewable ownership boundaries: launcher behavior in Waypaper, renderer behavior in linux-wallpaperengine, daemon packaging/readiness, and local observability that remains outside upstream.
This case study follows a real Linux Wayland animated-wallpaper workflow from symptom to maintainable upstream slices. The stack spans Waypaper in Python, linux-wallpaperengine in C++, Wallpaper Engine project metadata, per-monitor launch behavior, and systemd user services.
The core lesson is ownership discipline. A launcher can make renderer failures observable, but it should not hide renderer bugs. A renderer can improve runtime compatibility, but it should not decide Waypaper's UI model or service lifecycle.
Last updated: 2026-04-22
This note is intended as a follow-up deployment guide, not as a claim that PR #173 already implements IRC-side translation.