varx @varx@infosec.exchange
- pronouns
- he/they
- alts
- https://cybre.space/@varx (varx at i.write.codethat.sucks is dead)
- languages
- 📖 en, es; ✍️ en, ~es
- that cavern thing I'm always nattering about
- https://github.com/timmc/cavern
Boston-area meat construct ␥ I just do what the plants tell me ␥ I'd rather be pentesting^Wsleeping^Wundermining the client-server paradigm
Joined Oct 2017
varx
boosted
The year is 5019. Humans, as we know them, are long gone. The Earth is inhabited chiefly by advanced, sapient machines.
For legacy reasons, everyone's name starts with "Mozilla/5.0 (compatible;".
For legacy reasons, everyone's name starts with "Mozilla/5.0 (compatible;".
Good piece on the misuse of the word "viral" in describing the GPL: https://heathermeeker.com/2019/03/05/open-source-and-the-eradication-of-viruses/
TL;DR: The GPL does not "infect" attached pieces of code, so it doesn't make sense to say it has a "viral clause".
If you screw up and include GPL'd code in your proprietary binary, sure, you're in violation of the license. But you don't sign away rights to your own code just by linking a library!
varx
boosted
Some people may have thought I was joking in my blog post about de-googling your Android phone. https://nolanlawson.com/2019/06/13/how-to-de-google-your-android-phone/
OnePlus doesn't provide update files that *just* update the firmware/radio. So when a LineageOS update fails because it wants a newer radio version, you're expected to… download this random file from a Hungarian forum poster called "shadowstep" who hosts it on MediaFire: https://www.reddit.com/r/LineageOS/comments/9745gg/oneplus_5t_this_package_requires_firmware_version/e4ii9c3/
varx
boosted
Then I used lightning to find a hole in my work... #glassblowing #RealTimeChem
varx
boosted
What heretical software features can you imagine that would never fly at a growth oriented company but could totally work on free open source social media?
For example, algorithmic timelines are one way to deal with information overload. But what if instead your software offered suggestions for people to unfollow (this person posts a lot and you hardly ever interact with them)? Not necessarily a good idea but it's an idea we could implement that would NEVER happen on Twitter, Facebook, etc
varx
boosted
varx
boosted
we have a spiral thermometer at home. it has a gauge ranging from -50°C to +50°C. when it stays in direct sunlight for long, it shows +50°C, but if it's really hot, it may go further to -50°C, they're really close at the bottom (0° is at the top).
that's how you explain integer overflow (and year 2038 problem) to people who aren't programmers. found this analogy when my gf asked about Y2038 ^^"
varx
boosted
Everyone knows that debugging is twice as hard as writing a program in the first place. So if you’re as clever as you can be when you write it, how will you ever debug it?
— The Elements of Programming Style, 2nd edition, chapter 2
« How should users think about sharing, permissions, and feedback [in local-first software]? If we can’t remove documents from others’ computers, what does it mean to “stop sharing” with someone? »
https://www.inkandswitch.com/local-first.html
Been thinking about this. If I delete all my posts, what happens to your copies of them? Is it like email, where what's sent is sent? That would empower you, but not me. Would the delete propagate? That would empower me, but not you.
What would empower both of us?
varx
boosted
Our company just assigned security training to the entire staff. The email said the training would focus on learning to not click links in emails.
The training could only be started by clicking a very, very suspicious link in the email.
varx
boosted
RT @SteveElsewhere@twitter.com
We don't let our servers get to 100% utilization, why would we want that for our people?
@dominicad@twitter.com #DevOpsDaysTO
#burnout #productivity
In particular, I'm wondering if Keybase's v2 key model is a good idea: https://keybase.io/blog/keybase-new-key-model
For the purposes of this thread, I don't care about the social media/domain ownership side of things, just the key management—device keys, paper keys, the bidirectional trust thing. (Maybe also the blockchain part, if it seems necessary.)
I'm interested particularly in how hard it is for both users and developers to fuck it up, from a crypto-pragmatics perspective.
If we want trusted, distributed communications, we need cryptographic identities for users. If we want it to be *safe*, it needs to be easy for users to respond when (not if!) a key is compromised. And they need to be able to use both more and less safe devices, because life.
What sort of cryptographic identity system should be used? Are there any implementations I should look into?
varx
boosted
"""
So npm Inc is a private entity in control of our commons, and we are not. Does that make it evil? No. It doesn’t. It doesn’t make it good, either.
The question of its benevolence is the wrong question to ask.
npm is not a benevolent institution. It CANNOT be one.
The possibility of it being that ended the day its owner took VC funding instead of putting it into a foundation or some other form of community ownership. That decision turned npm into a financial instrument.
"""
varx
boosted
#Google's cloud is down in some parts of the US. A HN user reports that they can't let their guests into their house, as their #Nest "smart" lock apparently requires Google's cloud infrastructure to be up.
Reason #125234 why current approach to consumer #IoT is a stupid idea and waste of money.
(The non-garbage approach to IoT essentially makes "I" expand to "Intranet" and doesn't tie physical devices to Internet services.)
varx
boosted
JS talks I'm becoming less and less interested in over time:
- hey here's this amazing new browser API, it can make your sites 2 milliseconds faster
More interesting:
- why are we doing this
- what does it all mean
- what are the economics behind all this stuff that devrel folks are way too uncomfortable to bring up
varx
boosted
'OK, that fixed my problem. But why didn't you say that in the first place? / Admittedly the wording in the error message is slightly strange. "Formal parameter" is a fancy way of saying "function argument". And we use the word "malformed" because all Firefox engineers are huge fans of 19th-century Gothic horror novels.'
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Malformed_formal_parameter
It hit me just now that Web 2.0 was a Mistake, Actually.
It was exciting and fun at first. Then it turned out that "wow, the web is interactive, and you can make it more interesting by posting stuff!" was actually "hey now all your stuff is in someone else's sandbox".
Basically, they're requiring me to cooperate in circumventing a security feature in their own site.
Man, PayPal has really Got It Together.
« We apologize for the inconvenience, however, due to a security issue the numbers of the Receipt ID provided has been censored as (XXXX-XXXX-XXXX-5911). We would appreciate your help in this matter to ensure a swift resolution for your issue.
Please provide us your Receipt ID in an alphabetical format, e.g. One Two Four Seven – Three Five Six Eight – Nine Nine Two One – Six Three Five Zero. »
This kind of shit is why people fall for scams.
- pronouns
- he/they
- alts
- https://cybre.space/@varx (varx at i.write.codethat.sucks is dead)
- languages
- 📖 en, es; ✍️ en, ~es
- that cavern thing I'm always nattering about
- https://github.com/timmc/cavern
Boston-area meat construct ␥ I just do what the plants tell me ␥ I'd rather be pentesting^Wsleeping^Wundermining the client-server paradigm
Joined Oct 2017
