Skip to main content




Daniel's weekly report November 8, 2024

lists.haxx.se/pipermail/daniel…

release. rock-solid, fosdem, talks, curl -v google.com, podcasts, uncurled, security, polhem prize




I wonder how developers at Tailscale, Zoom, the Google Meet team, etc. test restrictive firewall and NAT scenarios in their office or, these days, home-office environments. Do they get cheap routers with OpenWrt or the like to emulate the external firewall products that corporate IT types use? Do they buy those actual firewall appliances? Do they set up a virtual network on their workstation inside VMware or the like? Something else?
in reply to Matt Campbell

I think even the cheap routers, when they have OpenWRT installed, behave well.
in reply to Matt Campbell

aren't mobile phones and carrier grade NATs the ultimate boss enemy?


Just tried to explain Mastodon & the Fediverse to my husband, which was tricky because like.. I don't entirely understand everything myself 😅
He's currently rolling out a software product and I think he should have a presence here, but I'm not sure whether it would make the most sense for him to run his own server, which he's not keen on, or.. how to find one that would be a good fit.
It's an RPG virtual table top online thingy, so if you know a server where that would be at home, lmk I guess?
in reply to WearyBonnie

I picked my instance purely on the fact that they accept people who care about tinkering and the intersectionality of tech and people.
Never had any problems being on defcon.social


youtu.be/aB_4jel8XH8


You Might Not Need that [JavaScript] Framework frontendmasters.com/blog/you-m… #webdev #webdevelopment #javascript


One more GNOME development and socializing meetup in Hamburg with @camelCaseNick and @FineFindus ! Today was a really productive day. @FineFindus created a libadwaita MR for some API we also want in Papers, and merged a locatization MR in udisks-rs. And @camelCaseNick and Ihelped debugging the libadwaita code and got 5 MRs in Papers in! As always, send us a message if you come around!

#GNOME #Papers #postmarketOS #Hamburg



Feeling grumpy

Sensitive content

This entry was edited (1 week ago)
in reply to Wenwei

Feeling grumpy

Sensitive content




Mood: I just put a second pair of glasses on the first pair of glasses that were already on my face.

(is it still Monday?)



I would love to see a study on how much productivity plummeted post-election over the second week of November in the technology sector, as the folks in these kinds of jobs are overwhelmingly liberal/left-leaning and are probably exposed to the fallout in some kind of way. Speaking for myself, I can say that my ability to pay attention and deliver my normal level of output has fallen ~50-75%. Luckily, I'll have a long weekend to reset.
in reply to Tristan

agreed, now that would be interesting to see. I noticed a lot of my meetings got moved, project deadlines extended a little quietly, stuff like that - even though my company is EU-based they had respect for the political climate here and some of them no doubt felt nervous watching the outcome too. The tech sector, as vital as it is, will get caught up and from a business side chum up to the new admin though, which is why stocks jumped too. Odd dichotomy for sure!


I wish I could tell Firefox to NEVER open a new tab from an external URL in some of the window. Or always in ONE specific.

For now it's just a crap shoot.

in reply to Ben Cox

@ben I don't want a new window. I just want it to NEVER open them in the window that is on the second screen.
in reply to Hubert Figuière

Oh yeah, that drives me nuts too. I'd like a lock button on the tab bar that means "don't you dare ever open anything else in this window"


I posted this on elsewhere, and folks found it helpful, so here it is for y’all

For #lgbtq married couples, it's time to take steps to protect your marriage in case same-sex marriage is officially dissolved in the coming years. My husband and I did this when Roe V Wade was overturned, so I hope this is helpful. 👇



This is an important effort to help explore what can be done to make the #Web less energy-hungry…. and thereby help reduce the impact of the overall #Internet on #ClimateChange. (Since web traffic is such a huge amount of Internet traffic.) Good to see this happening!

From: @w3c
w3c.social/@w3c/11344250260640…



A few months ago I wrote about how I approach alternative text for images and tried to offer context for each of my considerations.

“My Approach to Alt Text”

adrianroselli.com/2024/05/my-a…

I also link other resources that are not mine.

#a11y #accessibility



So much for being the 'ethical, safe one'

Anthropic teams up with Palantir and AWS to sell AI to defense customers

techcrunch.com/2024/11/07/anth…

#ai

#AI
This entry was edited (1 week ago)


Imagine describing Alt+Tab as "popular", rather than, you know, critical in allowing non-mouse users to operate their computers: pcworld.com/article/2514044/wi…


Du weißt, dass eine Webseite scheiße ist, wenn sie automatisch übersetzten Tutorial-Text enthält, in dem curl als Locken übersetzt wurde.

#curl #Locken

in reply to erAck

Hast Du wieder mal in den offiziellen Google-Dokumentationen was gesucht? 🙊 💨

Ernsthaft: bevor ich da anfange zu lesen, ändere ich IMMMER zuerst "hl=de" zu "hl=en". Sonst wirste wahnsinnig – oder wie der Sachse sagt: "Orschwerdbleede!" 💡



Aaaaah, kate rusby's see amid the winter snow, bloody gorgeous! I always turn to her music when things get a bit ropey.
in reply to Kay

Yep, that's the one that has track 6 in particular, See Amid The Winter Snow, so huge thanks for the inspiration. Off it goes now. Hark Hark.


If you're worried about storing your data with US tech companies in light of the election results, this link has a list of European alternatives. These include:

- Email hosting
- Cloud storage
- Domain name registration
- Navigation apps
- Many other services

Stay safe.

european-alternatives.eu/

Edit: Follow the creator at: @european_alternatives

This entry was edited (1 week ago)


Sad to see that @mozilla needs to layoff 30%😢

Is Google’s ban on paying Mozilla for including G Search in Firefox the reason?

All #privacy companies must unite against Big Tech now! 💪
👉 tuta.com/blog/will-ban-on-goog…

This entry was edited (1 week ago)
in reply to Tuta

Mozilla stopped being a privacy company a while ago TBH. The latest blow is the removal of uBlock Origin Lite. We need to develop an alternative browser engine.

I'm not even willing to try chromium based browsers.


in reply to Tzip

i just looked up a picture of wombats why are they so cuddly looking 🥺
in reply to Tzip

@Tzipporah did you know that wombat asses are super reinforced and when they’re in danger they stick their heads in their burrow with their asses sticking out and when a predator sticks its head in a small opening behind their ass they slam their ass into the predator’s head to kill or injure it
@Tzip


Can someone explain why the #Rosenbergs were executed for providing classified documents to Russia whilst convicted felon Trump did the same thing but was elected President of the United States🇺🇸?

#Treason #TrumpIsATraitor #Russia #politics



Me and my best friend listened to this banger a lot in college. Fickle Friends - Pretty Great.
youtube.com/watch?v=iEee4W9rEv…

reshared this



When nobody want the feature, include it in the base and increase the price to at least offset the cost:

Microsoft is bundling its AI-powered Office features into Microsoft 365 subscriptions

theverge.com/2024/11/7/2429026…




Any cryptographers who are sad about the post-quantum competitions coming to an end and looking for a new problem, here's one I've seen in a few places:

There's a trend towards end-to-end encryption for all datacentre interconnects (no plaintext on the wire, for any wire that leaves the CPU package). This includes things like PCIe, 100 GigE, and so on. As a result, we're rapidly approaching a world where there's over 1 Tb/s of encrypted traffic flowing in and out of every node.

At this rate, bit flips are inevitable somewhere (especially when you scale this up to a datacentre size). This leads to a couple of problems. The first one is bit flips on the wire.

The integrity tags in AES will catch these, but if you need to retransmit that's very painful (the bandwidth-delay product means the buffer sizes get huge), so ideally you want to bake in some forward error correction after encryption. But now you're reducing data rates.

Problem 1:

Can you design an integrity scheme for a symmetric cypher that also provides error correction, is easy to implement in hardware, and does not provide an oracle. I honestly have no idea whether this is even theoretically possible.

Beyond that, the AES engines are hot. Encrypting at even 10 Gb/s consumes a fair bit of power (Problem 0: Can you design a symmetric cypher that can be implemented in 10% of the power of AES in a hardware implementation?). This means that bit flips can occur in the middle of the encryption. These will corrupt the data but may have valid integrity tags.

Problem 2:

Can you design a symmetric cypher such that the integrity tag calculation can be computed in a pipeline that's independent of the main encryption (without duplicating a load of work or massively increasing the number of calculations) such that a bit flip in either pipeline will cause the integrity checks to fail?

Currently, I believe the work around for this is to add forward error correction before encrypting, such that a single block failing can be small, but that also adds a lot of overhead (i.e. lower bandwidth).

Problem 3:

Can you build a cypher scheme with both of these properties? Integrity tags permit error correction and can be computed cheaply in an independent pipeline so that they can catch bit flips during encryption.



I wish I was a #bot, not a #human. Whenever I get a #captcha, the #AI bots can all solve it just fine. I, being a #blind human, cannot.
in reply to Samuel Proulx

Tell me about these AI bots that can solve captchas. Clearly we need to package one as an NVDA add-on, browser extension, or something.
in reply to Samuel Proulx

Also, the #AI#bots have more rights than us #blind humans. Blind folks had to fight for years and years for copyright exemptions that would allow us to access and read books. The AI bots are just allowed to read as many books as they want, and swallow entire libraries whole. Yup; I'd definatly be better off as a bot.


Na druhou stranu, šestiprstá kytarová sóla od umělých inteligencí by mohla nabízet určitou konkurenční výhodu...
in reply to Chao-c'

😀😀 Jj už žádné cikánské G s palcem, pěkně šesti prsty, šest strun.
in reply to Archos

@archos to už jsem u akordů, ale vlastně to je to samé. Prostě technologická singularita přinese samé nečekané nástrahy...
in reply to Chao-c'

Mimozemšťané, kteří v roce 70 naprogramovali Paco de Lucia, nepotřebovali 6 prstů.

youtube.com/watch?v=2oyhlad64-…



If Trudeau gave half a rats fuck about foreign interference in Canada X would already be banned.

#cdnpoli



I just read this in a newsletter and thought it worth quoting and sharing. "I suggest that instead you keep your focus on all that is good in your life, and what matters most to you. I came across this quote from Maya Angelou that is perfect for this moment in our history:

My wish for you is that you continue. Continue to be who and how you are, to astonish a mean world with your acts of kindness. Continue to allow humor to lighten the burden of your tender heart."



Saw a YouTube short asking Kamala voters if they would date a Trump voter, and all the women go:

Eh, no. This is a person who has literally voted to put me at risk.

One white guy: sure! We need to tolerate that people have different opinions.

That right there.

Harm that doesn’t happen to you.
You can tolerate it because it doesn’t happen to you.



it should be even more obvious now that there are clear use cases for private, censorship-resistant ways to transfer money.

it should also be obvious that "crypto industry" grifters who are backing trump don't give two shits about that & are cozying up to fascists for profit

in reply to Evan Greer 🏳️‍⚧️

like, i never wanna hear liberals say shit like "there is no legitimate use case for private money" in a country that is on the cusp of criminalizing all reproductive and gender affirming care

i also never wanna hear crypto industry lobbyists claim to care about privacy while backing authoritarians



A comment from a non-native Finnish speaker made me realise today that our word for a fire, "tulipalo", is a compound word made from "tuli" and "palo", which both also mean fire. It's a fire fire.

#Finnish



Intel Brings Back Workers' Free Coffee To Boost Morale developers.slashdot.org/story/…


7️⃣ Here's the 7th installment of posts highlighting key new features of the upcoming v257 release of systemd.

The graphical login prompt you see when your computer boots up is a sensitive UI: typically, when starting to work, without much thinking you'll type in your username and password, expecting it to log you in and provide you with your desktop session. However, what if someone just opened a website in a browser in full screen mode with contents that just *looks* like your login screen, …

This entry was edited (1 week ago)


I made an experiment. Went to YouTube front page, blocked all the AI/crypto scam ads that popped up and then refreshed the page. They stopped coming after 13 iterations during which I blocked 17 different ads.

I'd really love to know how much of the ad business is made up of scams, because it feels like it's a lot.

in reply to Gabriele Svelto

they fake numbers to charge more. They claim to target, they don't. Etc. Two different scams going at once.


Emigration is not a good way of avoiding authoritarian regimes. Sometimes its necessary, especially if the regime is turning violent

But emigrating from one authoritarian state to another will usually leave you genuinely worse off and being a foreigner in even a progressive state is always going to be a very vulnerable position.

Most countries will also outright refuse to give you a work visa if you are too old or disabled.