GUADEC 2024 – Day 2, track 2
GUADEC is the GNOME community’s largest conference, bringing together hundreds of users, contributors, community members, and enthusiastic supporters for a w...YouTube
Hey: if you're in the tiny group of folks who generated a GPG key pair a few years back on an airgapped system, copied it to a paper backup, generated & signed subkeys that you migrated to machines you use daily: today is a great day to not just check on the continued existence of your paper backup but also to test restoring it to your airgapped machine and making sure it works.
There's no quiet story in the background of infosec masto prompting this reminder. It's just a good day for it.
good lord. I pulled a microSD card out of a Raspi inside an IoT product and it appears they had some developer use a raspi to develop/test some software, and then they just yanked the SD card out of that machine and duped it on to all of their deployed products.
it's got .bash_history of the development process! there's git checkouts of private repos! WHY WOULD YOU DO THIS?
reshared this
Among the things that I realised, this year is that I need to try to find more time to organise myself among some groups around the place where I live.
It is cool to be an activist in Spain, doing things in Spanish like texts or videos or whatever. But I need to be more involved within the communities I am surrounded by.
I tried to find some affinity groups between January and May but my mental health pushed me back last year and I've been recovering since then.
So, just in case there are people on the fediverse to whom it can reach:
I'm Andrew, a they/them person from Spain currently based in Cymru/Wales or, in other words, the Aberystwyth area.
I am interested in queer theories, intersectional feminism and anarchy communism.
I really would like to meet people with similar interests, but I am not really good at socialising. ❤ kisses and hugs.
A frustrating part of bylaw #3 discussion is that a larger part of the discussion wasn’t about the bylaw, but a relitigation of whether the Python community should have an enforced CoC and whether it should be cool to call women sluts because there was a hilarious SNL skit in the 1970s.
It feels like it should be obvious, but again for those in the back: if you want a community to grow, the behavioral standards and expectations regress to the biggest common denominator. (1/8)
But you literally can’t have a growing community behaving like a dozen of dudes in an IRC channel. The solution isn’t to be a jerk to people giving their best to continue Python’s success, but simply to form smaller communities with the necessary trust and context.
I’m a different person in a private chat channel or when meeting Python friends, too! This is like the most sociology 101 ever. (4/8)
an old libcurl answer of mine on stackoverflow being questioned because I did not provide links to back up my statement when answering questions about code I wrote...
stackoverflow.com/a/28714247/9…
😂
(but yeah, I have stopped answering questions over there)
Persistent connection with libcurl
The following is from the libcurl homepage: curl and libcurl have excellent support for persistent connections when transferring several files from the same server. Curl will attempt to reuseStack Overflow
This reminds me of a "discussion" over at the dark side (twitter), as Grady Booch replied to a post of Elmo that he has no idea of software engineering. Shortly after a fanboy ask Grady what he has ever done for software engineering and he thinks Grady has no clue.
That was popcorn time 😁
Allow us to introduce you to Mike, our potential mascot. He made his debut last year at #FOSDEM, but never made an appearance since. What do you think, should we embrace him into our family? Let us know in the poll!
#mascot #branding #OpenSourceDesign
AntennaPod reshared this.
It immediately reminded me of Cl***y, even before I read any comment. That is, not really good memories.
As long as it comes hidden behind a content warning, I guess I can live with it.
I don't mean to be harsh or devaluate the work done here, so I'll try to be more specific. The combo metallic-object-that-sit-on-a-desktop with eyeballs-that-stare-at-you-all-day under those exageratingly-friendly-eyebrowns, it reminds me of office work, management, and surveillance.
Michael Gemar (@michaelgemar@mstdn.ca)
@Migueldeicaza@mastodon.social @davew@mastodon.social More details specifically on Crowdstrike moving its macOS implementation off of kernel and into user space (in 2020): https://www.crowdstrike.com/blog/crowdstrike-supports-new-macos-big-sur/Mastodon Canada
the ocsp fetcher on seirdy.one has problems now. i need to switch to a proper ocsp fetcher to complete my “I can’t believe it’s not Caddy™” setup. Disabled OCSP Stapling in the meantime.
using shell scripts for ocsp stapling file refreshing is bad for puppy.
Seirdy’s Home
My personal IndieWeb site. I write about and develop software to promote user autonomy. Topics include accessibility, security, privacy, and software freedom.Seirdy’s Home
events.gnome.org/event/209/pag…
#GUADEC2024
I see a joke template.
"As someone fascinated by infant baptism, The Godfather (1972) was a real disappointment. How would you like it if I took you to see a film called 'Sicilian New Yorkers Murdering One Another' and it was just an hour and a half of people promising to bring up a child as a Christian"
youtube.com/live/ynIKMiRwn3s?f…
#GUADEC2024
GUADEC 2024 – Day 2, track 1
GUADEC is the GNOME community’s largest conference, bringing together hundreds of users, contributors, community members, and enthusiastic supporters for a w...YouTube
PSA: when a company has a sudden disaster and then you hear on the socials “the CEO sold stock two days before it happened!” or whatever, almost every single time, that’s because the CEO sells stock on a preannounced, fixed, repeating schedule, which is specifically to avoid insider information influencing the decision when and whether to sell. And if you’re selling on a fixed, repeating schedule, then there will always be one that happens to have been not too long before any given disaster.
I’m not saying that the illegal version of this never happens, I’m saying it doesn’t happen quite as often as people posting this stuff in a scandalized tone think it does. I mean, what, do you think the C-suite of Crowdstrike were pre-informed that they were gonna accidentally crash their own product and decided to offload some of their stock instead of stop the push to production?
I thought being a programmer was a waste of effort, a thankless job that would never make a difference.
Then #CrowdStrike showed me that with a single line of code, I can make the world a better place.
#DieAnstalt vom 16. Juli 2024
Herr Neffton zum Globalen Süden:
"Der #CO2-Ausstoß würde sich vervierfachen, wenn Sie so leben würden, wie die!" "Ach ja, also, weil die nicht aufhören wollen, darf der Globale Süden erst gar nicht anfangen, oder was? Ja, aber eine Grundversorgung wäre schön: Strom, sauberes Wasser, so was ..."
Im Globalen Süden leben 80% aller Menschen weltweit.
Weite Teile würden unbewohnbar, wenn die #Erderwärmung weiterhin so zunimmt, wie derzeit - betroffen wären rund 3,3 Milliarden Menschen!
zdf.de/comedy/die-anstalt/die-…
Die Anstalt vom 16. Juli 2024
Vor dem Sommerurlaub schaut das Anstaltsteam auf die klimatischen Bedingungen. Dabei geht es nicht ums Reisewetter, sondern vielmehr um den aktuellen Stand der Klimaziele.Zweites Deutsches Fernsehen
You know in GUIs where sometimes a window is split into two parts, but you can click and drag on the divider bar to change how big each part is?
What's that bar called? What terminology should I be searching for if I want to add one of these to a gui and want to find a widget I can just use or sample code or whatevs.
I'm building a network infrastructure for laptop bands.
. . . As a way of procrastinating on the sound design.
Apocalypse
#technomage #unix_surrealism #comic #glenda #openbsd #cirno #9front #fediart #mastoart #penguin #counter #crowdstrike
Incorrect usage: “The lawyer that represented the client”
Correct usage: “The lawyer who represented the client.”
Like Horton said, a person is a person, no matter how small. A person is never “that.”
LEt'S GO BAYBEEEE IT'S A LOGIC ERROR IT COULD PROBABLY HAPPEN IN EVERY LANGUAGE THE COPIUM CAN OFFICIALLY CONTINUE THAT C AND C++ ARE FINE!
crowdstrike.com/blog/technical…
Technical Details on July 19, 2024 Outage | CrowdStrike
Learn more about the July 19, 2024 CrowdStrike outage and the technical details related to it.CrowdStrike
A lot of people think I'm being sarcastic here, which is fair because I only went toe-to-toe against people on Twitter and didn't do much here, so I'll state my full opinion below anyhow:
I would agree with anyone about not wanting to replace C (or C++). But, C has been alive for 50 years (or just 35 from C89) and Rust has been alive for just barely under 10 (since Rust 1.0). Even if you measure the last 10 years of Rust versus the last 10 years of C or C++, one of these languages is making leaps and bounds ahead in providing people better primitives to do good work.
SafeInt secured pretty much all of Microsoft Office from some of the hardest bugs back in, around, 2005. C++ still lacks safe integer primitives; C only just got 3 functions to do overflow-checked math in C23, after David Svoboda campaigned for years. Rust just... has them baked into the standard library, for all the types you care about, too.
Similarly, people have been having memory issues in C and C++ for a while too. Most of the way to get better has been clamping down on static analysis and doing more testing, but we're still getting these errors. Meanwhile, teams writing Rust have been making way less errors on this in all the openly-published data from corporations like Google, and privately we are hearing a lot more about people taking complex financial and parsing code and turning it into Rust and having a fraction of the issues.
Even if I want to see C doing better, I have to acknowledge we were (a) too slow and not brave enough to do the things that could fix these portions of the language; (b) have fundamental design issues in the language itself that make ownership impossible to integrate as part of the language without breaking a ton of code; (c) do not provide good in-language tools and keep depending on vendors to "do the right thing" (i.e. adding or expanding U.B. and then just saying "vendors will check it" rather than taking responsibility with our language design); (d) are moving monumentally too slow to address the needs of the industry that many people -- especially security people -- have been yelling about since the mid 90s.
As much as I just want to pretend that I can write off every developer with "haha lole skill issue test better sanitize better IDIOT", if the root cause on this bug is "there was some C and/or C++ code that looked nominally correct but did batshit insanity in production", we absolutely will have problems to answer for. This doesn't absolve CrowdStrike for cutting 100s of workers and playing fast and loose, this doesn't excuse the fact that hospitals went down and people likely dead from lack of access to care, this doesn't change that it's abhorrent to have unmitigated hardware access in Ring0 just for a "security product", which has been the trend of every app wanting to plug in its own RootKit-like tool just for the sake of "app security" lately (League, NProtect, School Exam Spyware, etc.). There's a LOT of levels of "what the fuck have we let happen?" in play here, but I don't control those other levels.
I'm responsible for C, so I'm gonna look at the C bit. Other people responsible for the other parts of this stack should, hopefully, take sincere responsibility for those parts. (I doubt it, though, lmao.)
reshared this
Lieber wäre es mir aber, deutlich und ich meine wirklich deutlich effizienter mit Braille und gerne sogar mit Braille-Only arbeiten zu können.
2/2
Freedom Scientific FSCast
The official podcast of Freedom Scientific, leaders in assistive technology for blind people and those with low vision.fscast.libsyn.com
Pencils Made From Recycled Coffee Grounds Are Functional and Smell Great » Moss and Fog
Utilizing discarded coffee grounds, this pencil shows that food waste can be turned into something useful and beautiful.Moss And Fog (Moss and Fog)
victor tsaran reshared this.
I just stumbled across a truly cool design hack that leverages unicode to bold characters where no bolding is possible.
When i went to bookmark thetinypod.com/ the title inserted into the form was bolded.
I wrote the code that put the title in that form. There's NO way formatting should - or can - come through.
Then it got weirder.
🧐 Mini Investigation Time
🧵 1/?
NVDA on Windows with eSpeak NG reads it like this:
back hand index pointing right letter 1d601 letter 1d5f6 letter 1d5fb letter 1d606 Pod back hand index pointing left
Seirdy likes this.
Both NVDA with the Windows OneCore David voice (the default for new NVDA installs) and Windows 11 Narrator with one of the newer natural voices read it as "back hand index pointing right Pod back hand index pointing left".
I don't have JAWS on this machine.
@matt
TalkBack / Firefox: right finger tiny pod left finger.
IIRC, TalkBack started treating math symbols as letters a couple versions ago because of their misuse on social media. Which has left the blind mathematics community annoyed.
Sensitive content
reshared this
Folks, I just spoke to my MP and the main takeaway was that we have to mobilise people who aren't transphobic because MPs are inundated with cis women who are scared and angry about trans folks.
They are simply not hearing from people who aren't scared and angry.
If you haven't contacted your MP about this - please do it now! Especially if you're a cis woman.
reshared this
Best analysis I've seen of the disastrous failures at Microsoft and Clownstrike" that took down so many vital services: wheresyoured.at/crowdstruck-2/…
"What we're seeing today isn't just a major fuckup, but the first of what will be many systematic failures — some small, some potentially larger — that are the natural byproduct of the growth-at-all-costs ecosystem where any attempt to save money by outsourcing major systems is one that simply must be taken to please the shareholder."
CrowdStruck
Soundtrack: EL-P - Tasmanian Pain Coaster (feat. Omar Rodriguez-Lopez & Cedric Bixler-Zavala) When I first began writing this newsletter, I didn't really have a goal, or a "theme," or anything that could neatly characterize what I was going to …Edward Zitron (Ed Zitron's Where's Your Ed At)
Flaki
in reply to Chris 🌱 :verified_purple: • • •Odin Halvorson
in reply to Chris 🌱 :verified_purple: • • •Chris 🌱 :verified_purple:
in reply to Odin Halvorson • • •Odin Halvorson
in reply to Chris 🌱 :verified_purple: • • •🐙🐙
in reply to Chris 🌱 :verified_purple: • • •it really depends on if the hinge is up to the task.
my dell xps 13 hinge is wobbly when i touch it and it makes using it as a touch screen less pleasant.
gnome touch gestures are nice, itd be interesting to see it on a tablet.