The FSF's Defective By Design campaign just complained yet again about the kafka-esque beaurocracy around granting exceptions to DMCA1201. If you're in the US they're asking you to complain to your congressperson.
This is why indigenous liberation is a unified struggle that is not confined to any set of imaginary borders dictated by settlers. It necessitates a global movement. The violence against indigenous communities is tied inextricably into the modes and apparatuses that have perpetuated climate change through Settler Colonialism and Neoliberal Capitalism.
Mozilla just laid off 70 fantastic people. If you can help them - open positions, offering helpful conversations and references, anything else - please say so.
Use #MozillaLifeboat as an umbrella tag for easy finding. (It's already flowing on the birdsite.)
If you've been affected, I'm happy to chat directly. Also have some open positions (see rest of this thread). But doesn't have to be today - take time to recover if you can.
Most of all: thank you folks for making the web better.
MICROSOFT TOP SECURITY CRYPTO API DEVELOPMENT TEAM RECRUITER:
ok so we need you to do some whiteboard coding exercises, number one, here's a C++ API for evaluating digital certificates, so the NSA asks you to hide a backdoor in it, what would you change
(sweats) whew that's heavy well uh I'd obviously have to hide it with VERY obfuscated code, uh, give me a moment...
I'm sorry, the correct answer is (checks answer key) "literally just don't even read the parameters". Next.
"However, the world of email has changed drastically during that period. The most notable change in the email world is the influx of massive amounts of spam, which has been used as an excuse to implement another disturbing change. Slowly but surely, email service — both the MTA and the MUA — have been outsourced for most organizations."
@rick_777 How CVE-2020-0601 works.
You pass in a bunch of parameters, all of which together make up a cryptosystem and key.
The API doesn't bother to check all of the parameters you passed in, only the first few, goes 'ennh, sure, that looks close enough to be a match - certificate 100% validated! In a completely different cryptosystem than the one the key was generated for!'
I don't understand how this happens by accident.
"Removing all but the mov instruction from future iterations of the x86 architecture would have many advantages: the instruction format would be greatly simplified, the expensive decode unit would become much cheaper, and silicon currently used for complex functional units could be repurposed as even more cache. As long as someone else implements the compiler."
(I picked this up from my fediverse feed today, but the tab had been open so long by the time I finished reading the article that I can't find who tooted it, sorry!)
metablog: Software-ICs, Binary Compatibility, and Objective-Swift https://blog.metaobject.com/2019/03/software-ics-binary-compatibility-and.html
So... sourcehut actually looks really... good? Has anyone run it?
Also unlike almost everything else out there, it looks maybe sane enough that it could be packaged for Debian and Guix. Even a conversation about it here: https://lists.sr.ht/~sircmpwn/sr.ht-discuss/%3C878svr8b25.fsf%40iris.silentflame.com%3E
re: bluesky, fedi meta
@garbados I've been contacted by 2 reporters today for my opinion, and this is a screenshot of an email I wrote to one of them. My ultra cynical inside baseball take as an ex Big Tech Worker.
I’m a dad of 2 and a software engineer in San Francisco. I like building stuff to help others to build new stuff.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!