Pinned toot

New alt announcement Show more

Pinned toot

I'm starting a Social Media Design community on Dreamwidth for longer-form, more persistent discussion of what we want in social media systems:

social-media-design.dreamwidth

Anyone who's interested in talking out new approaches, getting feedback on designs, analyzing current systems, or just plain brainstorming on how to Make Stuff Better is encouraged to join and participate.

Aw man, my UPS seems to have bitten the dust.[1] It started complaining about "battery overload" by making a continuous tone (and devices on the battery backup side lost power! not very uninterruptible) but seemed fine after a power cycle. Couple days later, did it again, but weaker tone.

Now it's just making these glitchy chirps and clicks and won't battery at all. :-/

10+ years, I guess it had a good run?

[1] "I'll take 'Idioms That Sound Weird When You Change the Verb Tense' for 500, Alex"

url: (23) Failed writing bodcurl: (23) Failed wriy (2612 != 7502)

I know that feeling too, curl.

yesssss

ccurl: (2u8r)l :R e(2sol8v)i nRge stolvimiendg otuitm eadfter 2519 mil out afterl i2s5e2c1o nmidlsliseconds

There is a long-awaited API v2 that will probably take care of some of these problems, but NFSN runs on a shoestring (hence the "nearly free"!) and doesn't exactly have an enormous development staff to work on that, so I don't have any idea when that will be ready.

Fun fact: The ToS prohibits me from creating multiple "memberships" (user accounts). Only one natural person per membership, and vice versa. So I can't even segregate API key access by site by putting them on different memberships. D-:

I've generally been pretty happy with NearlyFreeSpeech.net (NFSN) as a web host (+ DNS provider & domain registrar) but their API support is a little troubling.

Like, I'm glad they have an API! But I had to file a ticket to get an API key, and they *emailed* the key to me, and the key is capable of doing basically anything to any of my sites on any of my accounts. (Can't scope it down to e.g. "DNS on site foo".) So now I have to protect this thing with my life.

varx boosted

computer garbage, devops Show more

varx boosted

electronics Show more

varx boosted

TIL that Tron was written by Alan Kay's wife. That adds so many new dimensions to that movie, and makes 'I fight for the users' even *more* appropriate as a slogan.

varx boosted

if non-relational key-value store databases are so good, why don't they have a sequel

Aw yeah, concurrency:

curl: (2cu8rl: (28) ) OOppeerraattiioonn ttiimmeedd oouutt aafftteerr 22000000 mmiilllliisseeccoonnddss wwiitthh 00 bbyytteess rreecceeiivveedd

varx boosted

Lots of people weren't around for when the fediverse was at its first peak at around 2010-2011. Google Plus swept in and plenty of people quit the fediverse saying "Google will do a better job keeping this running than independent sites can." For this and some other reasons, for some time the fediverse was a ghost town.

Let's not forget that next time.

varx boosted

linux in a nutshell Show more

varx boosted

programming whatever Show more

Feel like ImageMagick doesn't have enough vulnerabilities?

Now introducing: ImageMoreMagick

varx boosted

While Google publicly supported employees who protested company policies, it quietly asked the government to narrow the right to organize over work email.
bloomberg.com/news/articles/20

Parsers followup (success!) Show more

If Coordinated Disclosure isn't working out so well, may I recommend Competitive Disclosure instead? It works like this:

0. Find a vulnerability
1. Announce on social media that you've found one in product or company X
2. Contestants (of any hat color or alliance) publicly guess what component is vulnerable
3. You respond with "hotter"/"colder" (GOTO 2 with more specific questions)
4. Whichever side finds and patches/exploits the vulnerability first, wins!

At least it won't be a dull day!

varx boosted

Michal Stanek over at Twitter did a quick look at the crypto behind file encryption. Not entirely surprisingly, what he found wasn't pleasant:

twitter.com/3lbios/status/1087

The direction browsers are going, locking down what is possible for extensions to do, reminds me of Newspeak from Orwell's 1984.

Our collective imagination of "what can you do with and in a browser" is being shaved down into a neat little package that is convenient for the browser vendors (and in the case of Chrome, the adtech company that sponsors development.)

Firesheep was the extension that gave us an HTTPS web. You couldn't make Firesheep in today's browsers.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.