Brad boosted

Software is like an onion. If you open up the inner layers you start crying

Brad boosted

So, we have the PinePhone, the Pinebook Pro, and now the MNT Reform.

None of these systems will blow you away spec wise.

That's not the point. The point is a few years ago systems built with open source and even sustainability in mind where laughable.

Now they're here.

Brad boosted

The FSF's Defective By Design campaign just complained yet again about the kafka-esque beaurocracy around granting exceptions to DMCA1201. If you're in the US they're asking you to complain to your congressperson.

defectivebydesign.org/blog/it_

Brad boosted
Brad boosted

This is why indigenous liberation is a unified struggle that is not confined to any set of imaginary borders dictated by settlers. It necessitates a global movement. The violence against indigenous communities is tied inextricably into the modes and apparatuses that have perpetuated climate change through Settler Colonialism and Neoliberal Capitalism.

truthout.org/articles/violence

Brad boosted

Mozilla just laid off 70 fantastic people. If you can help them - open positions, offering helpful conversations and references, anything else - please say so.

Use as an umbrella tag for easy finding. (It's already flowing on the birdsite.)

If you've been affected, I'm happy to chat directly. Also have some open positions (see rest of this thread). But doesn't have to be today - take time to recover if you can.

Most of all: thank you folks for making the web better.

Brad boosted

MICROSOFT TOP SECURITY CRYPTO API DEVELOPMENT TEAM RECRUITER:

ok so we need you to do some whiteboard coding exercises, number one, here's a C++ API for evaluating digital certificates, so the NSA asks you to hide a backdoor in it, what would you change

ME:

(sweats) whew that's heavy well uh I'd obviously have to hide it with VERY obfuscated code, uh, give me a moment...

RECRUITER:

I'm sorry, the correct answer is (checks answer key) "literally just don't even read the parameters". Next.

Brad boosted

"However, the world of email has changed drastically during that period. The most notable change in the email world is the influx of massive amounts of spam, which has been used as an excuse to implement another disturbing change. Slowly but surely, email service — both the MTA and the MUA — have been outsourced for most organizations."

ebb.org/bkuhn/blog/2015/09/15/

Brad boosted

@rick_777 How CVE-2020-0601 works.

You pass in a bunch of parameters, all of which together make up a cryptosystem and key.

The API doesn't bother to check all of the parameters you passed in, only the first few, goes 'ennh, sure, that looks close enough to be a match - certificate 100% validated! In a completely different cryptosystem than the one the key was generated for!'

I don't understand how this happens by accident.

news.ycombinator.com/item?id=2

Brad boosted

Much sympathy goes out to the laid off employees of Mozilla today, and sympathy to both them and the still-employees having to deal with a ton of social media motherfuckers valiantly claiming the company could be run better “if only they would [x]”

Brad boosted

"Removing all but the mov instruction from future iterations of the x86 architecture would have many advantages: the instruction format would be greatly simplified, the expensive decode unit would become much cheaper, and silicon currently used for complex functional units could be repurposed as even more cache. As long as someone else implements the compiler."

stedolan.net/research/mov.pdf

(I picked this up from my fediverse feed today, but the tab had been open so long by the time I finished reading the article that I can't find who tooted it, sorry!)

Brad boosted
Brad boosted
Brad boosted

RT @jlwallen@twitter.activitypub.actor
Tonight at midnight it will be the only instance of Ramones time the world has ever known. It will be 2020, 24 hours to go. In honor of that, we must all be sedated.

Brad boosted
OpenSSL's deprecation of RSA_generate_key() is giving us a sneak peak into the security vulnerabilities of tomorrow.
image.png
Brad boosted

If they can patch movies now, then we can hack them too. Look forward to my all-Margret-Dumont speedrun of Duck Soup.

Brad boosted

So... sourcehut actually looks really... good? Has anyone run it?

sourcehut.org/

Also unlike almost everything else out there, it looks maybe sane enough that it could be packaged for Debian and Guix. Even a conversation about it here: lists.sr.ht/~sircmpwn/sr.ht-di

Brad boosted

re: bluesky, fedi meta 

Brad boosted
Brad boosted
Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!