Na priči sedím, sedím a sedím. Štipľavú machorku z fajočky kädím. Do okna hľadím, dymím a dymím, aby som nevidel v duši, čo vidím.
V ďaleku pri ohni vojaci sedia. Štipľavú machorku z fajočiek kädia. Všetci sú červení, všetci sú mladí, všetci sú veselí, všetci sú radi: všetci už nakukli z tej strany hája do našich dediniek, do nášho kraja…
Prečo ja na priči sedím a sedím, do okna hľadím, z fajočky kädím?
Petrohrad 26. X. 1917 Janko Jesenský - Zo, zajatia. Zbierka.
myslíš si že ja som niečo vedel? Zo zajatia si musím ešte niečo prečítať... teraz čítam Verše - III. Verše sentimentálne a snažím sa hladať sentiment. I. Piesne (krásne naozaj) a II. Pohľadnice som už prečítal skoro celé.
I don’t know why I am recently having thoughts along the lines of “what will happen to our iPhones, Pixels, Mac/Windows computers 20 or 30 years from now?”, or “What would happen if native-instruments, iLok licensing, Github, etc, servers stopped working one day? :) Least worried about Github though… :)
For NI, nothing much unless you moved computers and needed to reauthenticate. I don't think they phone home after registration though I could of course be wrong.
@kepi @The_ERROR U mě je blbé, že musím používat jednu německou aplikaci v práci. Do ní musím zapisovat všechno a třeba do Commerzbank se bez aplikace photoTan nedostanu. Musím být rád, že mi zatím všechno funguje na GrapheneOS. Dva telefony jsem chvíli zkoušel, ale nakonec jsem raději nainstaloval na GrapheneOS Google Play.
the Hunt brothers tried to corner the silver market and managed to acquire a third of it but when they couldn't get loans anymore and the exchange halted silver futures contracts it's not like they could just sit on their silver and only sell what they needed to cover their loan repayments. They couldn't sell it fast enough obviously and they weren't going to stop mining it. So it all spiraled and crashed.
TLDR They'll mine silver faster than you can buy it, it's not that scarce
Oooooh I meant it's for trapping Mormons because they're so attracted to silver haha I see the confusion, and no it's not a common phrase or anything. I know @barrett likes silver too and he's in Mormon country. I bet he has some inside knowledge of their plans for all this silver 😂
@feld Interesting story but nothing new really in the world of money con men, I mean Wall Street. I'm missing the Morman trap reference though. What's that?
The city of Montreal has given its employees a rulebook for dealing with English-speaking citizens, with step-by-step instructions that spell out when, and how, service in English is allowed.
The city of Montreal has given its employees a rulebook for dealing with English-speaking citizens, with step-by-step instructions that spell out when, and how, service in English is allowed.
Thinking about the attack on certain popular npm packages that made news today, it occurs to me that my favorite language's package manager (Rust's Cargo) is far too much like npm for comfort. Proponents and creators of languages with no standard language package manager (especially C and the various C alternatives other than Rust) are posting their takes.
But I still like Rust and don't want to give it up; C and the other C alternatives don't have nearly as good a story when it comes to memory safety. So that leaves me with no good answer to the kind of problem that has been brought to light (again) by today's attack, except, I guess, to just be more selective about what dependencies we add, and be a little more willing to write straightforward though possibly tedious code ourselves rather than adding a dependency that could become a liability.
My current thought is that while the cargo package manager per se wasn't a mistake, the central crates.io registry might have been. Maybe we should normalize pulling packages directly from git, and especially from the package owner's own domain rather than a centralized host like GitHub. So packages owned by the Rust project (e.g. hashbrown and libc) would come from git.rust-lang.org, tokio packages from git.tokio.rs, Windows API bindings from git.microsoft.com, etc.
I don't think that particularly changes the outcomes, at least as soon as you have signed package infrastructure. github.com/rust-lang/rfcs/pull… and it instead just makes any signing efforts harder to deploy.
This RFC was co-authored by Walter Pearce (@walterhpearce) and Josh Triplett (@joshtriplett).
Here, we propose the alternative adoption and implementation of The Update Framework for providing the ...
That's essentially how Go's package management started. Module names are essentially URLs of a git repo, or of a website that has some special metadata pointing at the repo.
It had a few problems:
1. If a popular project with frequent CI builds used you as a dependency, your code host will get hammered. 2. You might not be able to rebuild your project if the hosting for a dependency is offline. 3. You might not be able to transfer ownership of a module without also changing its name (e.g. if it was published in the Github personal namespace of the original author).
The first two problems were solved by introducing a module proxy run by Google. Instead of hitting the upstream directly, you download a zip file of the module source from the proxy. That version is only retrieved from upstream once, and can persist even if the code host goes away.
@jamesh I don't like the Google proxy solution because it depends on big tech's largess, as does crates.io. I think the Zig Software Foundation has the right idea here, limiting their hosting responsibility to their own releases and delegating even that to mirrors as much as possible. ziglang.org/news/migrate-to-se… I just wish I liked Zig's approach to memory safety more, but Rust has spoiled me there.
You can set an environment variable to have the toolchain bypass the module proxy and clone things from git directly. You then run into the reliability problems in CI, where each job usually starts with none of the dependencies available.
You can also also point the toolchain at a different module proxy, and there are a few open source implementations (e.g. Athens). Frustratingly you can't run the same proxy as Google, since they built it on top of internal infrastructure and haven't released the source.
this would make everything worse. Without a central authority to filter malware, users would search the open web for random packages with zero possibility for community-wide mitigation. Every lapsed developer vanity domain, every failed startup, would immediately result in mass compromise.
If there is a problem with crates/npm/pypi, it’s that the abstraction of a “package” obscures the trust relationship with the org that produced it. It’s too hard to audit those relationships.
@glyph But what if we add TOFU POP MONK (blog.glyph.im/2011/04/calling-…)? OK, I'm a bit of a Glyph fanboy, but I remembered the acronym even without the memable images or videos.
this article was very much of its time, predating Let’s Encrypt, and somewhat failed to appreciate the operational difficulties of running a certificate authority;)
@glyph In the specific context of package management without a centralized registry though, maybe TOFU POP MONK could still work. The POP part, if I understood it correctly, would defend against the domain squatting risk you raised.
the big problem with a system like this is, for lack of a better term, the password reset problem. People, even people in big serious corporate environments, lose their credential material all the time. They have to be able to recover somehow. The MONK bit might provide some way to do this with social proof, but my back-of-the-napkin sketch level of design can’t realistically cope with that constraint.
yeah they can criticize all that want but the alternative seems to be "walled garden" and "just download the package from it's own website". Whereas technically the same bullshit could happen to the Arch repos but only AUR has ever been effectively poisoned afaik
If you've been planning on registering any domain names September 11th is coming up soon and I promise if you register then you'll never forget to renew it
I anticpate retirement to be semi-employment, with some steady clients. Maintaining their systems, patching, upgrading etc. I see myself on retainer, and working on stuff as it comes up. Should be fun.
Is it ok for people on the ActivityPub network to speak negatively about other distributed social networks?
#EvanPoll #poll
[ ] Yes
[ ] Yes, but...
[ ] No, but...
[ ] No
@feld @SlicerDicer I don't know if you've been in a grow room (doo dee do) but they're hot (and humid). If you're not in a place where it's legal to grow, IR is Often used (from the air) to find homes with Super Hot Spots.
The fun part Slicer is that it would seem they're STUPID easy to steal. (?!?)
Aside: When I was in Uni, every year they'd put sodium bulbs in the lamp posts over three or four bridges, and about two weeks after the quarter started, they would all disappear. A-MA-Zing.
On this day in 1966, Star Trek first beamed into living rooms across America. None of us could have imagined then the journey it would set us on. And not just the cast and crew, but the millions of fans who would find hope, inspiration, and community in its vision of the future.
Over the decades, I’ve been humbled and grateful for the love you’ve shown, not only to me, but to the ideals of Star Trek itself: diversity, unity, and the belief that together, humanity can boldly go where none have gone before. Thank you for your unwavering support and for keeping this dream alive all these years. Live long and prosper, always.
The French government fall was caused by a horseshoe vote: The left and the extreme-right voted against confidence. The left because they are the biggest parliamentary group, the extreme-right because the PM wasn't fascist enough (this include some "Republicans").
* Network Switch: enables you to toggle between 4G and 5G network modes 🛡️ * Screenlite Web Kiosk: a simple Android kiosk browser app that displays web content in full-screen mode 🛡️
This is a repository of apps to be used with your F-Droid client. Applications in this repository are official binaries built by the original application developers, taken from their resp. repositories (mostly Github, GitLab, Codeberg).
#deltachat is being used in virtually all world regions where one or more other messengers fail to work. We recently released a major milestone (V2 security hardening releases) that prepared the ground for chat profiles to have multiple #chatmail relays at once ... failure or blocking of a single relay would not disrupt chatting anymore. But multi transport also helps with the "centralization problem in decentralized systems" ... delta.chat/en/2025-06-04-surge… (Funding is looking good currently btw!)
Beginning June we witnessed a sudden surge of Delta Chat usage especially in the US and Cuba. We don’t know the social dynamics behind it but it probably helps that Delta Chat apps resiliently work...
For Goodbye Stranger there is an edited version that is often played on radio and found on "best of" that is shorter as they edited out a few bar of electric piano soloing (in the bridge).
It's not even like the wanted to erase words like in "Creep" (Radiohead song)
Today we are mourning our sweetest prince Jake the Bird.
His only job in life was to be loved by everyone and his loving personality made every bird and human fall for him instantly.
In all, he gave Fiona, Freddie, Beemo, Bonnie, A. and me nearly nine years of sweet companionchirp.
All that while living with a chronic illness, that while manageable, could at times be extremely annoying. Not once did he let that impact the affection for his flock.
On September 8 2025, around 13:00 UTC, someone compromised Josh Junon’s npm account (qix) and started publishing backdoored versions of his package.
Someone noticed and let Josh know:
Josh confirme...
I have been pushing for #Inkscape to remove/decommission it's Twitter account. But I didn't want to do it unilaterally, bossing people about, but through reasoned policy that can be applied to other captured banana-pants social media platforms.
So I've drafted a policy, which I'm interested in having more people look at as it's going to be one of those gnarly things that's important to get right:
Until now, if you lost or broke your phone, your Signal message history was gone, a real challenge for everyone whose most important conversations happen in Signal. So, with careful design & development, we’re rolling out opt-in secure backups.
Secure backups will let you save an archive of your Signal messages remotely in privacy-preserving form, refreshed daily.
Now available in the latest Android beta release, rolling out to iOS & Desktop soon
In the past, if you broke or lost your phone, your Signal message history was gone. This has been a challenge for people whose most important conversations happen on Signal.
Indeed, it's a dire situation, and I think the world will be worse but for the vain aspirations of a small man. It's an unfortunate but common refrain these days.
Apologies, about the previous post, my subtle ironies are sometimes too subtle. 😅
Just because you add some ARIA and call something “accessible” doesn’t actually mean it is.
Looking at a self-described “Accessible, high-perf” infinite scroll (it really just starts over) that is janky as fuck, doesn’t take keyboard focus (in Safari), uses scroll snap to awful effect, and lets the scrollbar thumb become a liar.
would that our local police were as committed to arresting asshole pickup truck drivers as the Prince George RCMP was to arresting this guy driving a toy Barbie jeep
#dobréRáno
SuspiciousDuck
in reply to SuspiciousDuck • • •Ralfeek
in reply to SuspiciousDuck • • •SuspiciousDuck
in reply to Ralfeek • • •Na čom žijem?
Ako Slovák trpko žijem,
bárs nevidno na tvári.
Trpký predsa ten život môj,
bárs nie je ešte starý.
No keď chcete vedieť, čo ja
jem a z čoho ja žijem,
čítajte a uvidíte!
Lebo včuľ o tom pejem.
Ráno vstanem, mlieko pijem,
ku nemu chlieb, najviac nič.
Už vidno to aj z raňajok:
Slováku len málo žič.
Ďalej poďme! O pol jednej
ku obedu prisadám,
polievku, mäso a chlebík
na ten obed dostávam.
Hybaj ďalej! Na večeru
zas len chlieb a ďalej nič.
Len za málo, málo vždycky —
a bárs akokoľvek krič.
Dictum, factum to je takto,
et deinde na čom spať.
Ako Slovák a za málo
musíš tvrdé lôžko mať.
Že dakedy lepšie časy
prídu i mne — verum est.
Najviac predsa veľmi riedko
musím len zlé — málo jesť.
Slávus sum et discipulus,
cum ille sci non bonus.
A na žiaka vždycky padá
po latinsky „veď“ — onus.
Ralfeek
in reply to SuspiciousDuck • • •SuspiciousDuck
in reply to Ralfeek • • •SuspiciousDuck
in reply to SuspiciousDuck • • •@Ralfeek
Na priči…
Na priči sedím, sedím a sedím.
Štipľavú machorku z fajočky kädím.
Do okna hľadím, dymím a dymím,
aby som nevidel v duši, čo vidím.
V ďaleku pri ohni vojaci sedia.
Štipľavú machorku z fajočiek kädia.
Všetci sú červení, všetci sú mladí,
všetci sú veselí, všetci sú radi:
všetci už nakukli z tej strany hája
do našich dediniek, do nášho kraja…
Prečo ja na priči sedím a sedím,
do okna hľadím, z fajočky kädím?
Petrohrad 26. X. 1917 Janko Jesenský - Zo, zajatia. Zbierka.
Ralfeek
in reply to SuspiciousDuck • • •SuspiciousDuck
in reply to Ralfeek • • •myslíš si že ja som niečo vedel? Zo zajatia si musím ešte niečo prečítať... teraz čítam Verše - III. Verše sentimentálne a snažím sa hladať sentiment. I. Piesne (krásne naozaj) a II. Pohľadnice som už prečítal skoro celé.
edit: píšem si poznámky