With the data it has Facebook could help prevent suicides. Instead it sells vulnerable moments to advertisers. https://arstechnica.com/business/2017/05/facebook-helped-advertisers-target-teens-who-feel-worthless/
Wow, I did a plot google search to find the title of "As Good As it Gets", and I found this piece of long form bigotry denouncing movies with gay characters as "clearly not made for revenue". Looked at the book's title. "Porn Generation: How Social Liberalism Is Corrupting Our Future". There are surely voters that read this cover to cover...
You can't make this up. Nomx is now claiming that their un-authenticated CSRF leading to admin privileges on a public URL poses "non-existing threat" because "the user must visit a hacked website".
That's it. CSRF is solved folks! You wanted to rework the OWASP Top 10 anyway, no?
Folks, if you require direct secure communications with someone on Mastodon, take it off Mastodon and use a secure E2E messenger.
Wire if you only want to provide a username to the other party.
Signal if you are comfortable with sharing your phone number with the other party.
Uh, I would have expected Alpine to have a reproducibility story. 🙁 It usually picks up the most simple/secure practices first.
Good news, rclone is not backdoored! Why reproducible builds matter, and how easy they are in Go
Figured it out! 🙌 And got it to reproduce 💥
The default GOROOT matters to the build ID because it's written to zversion.go, which is intentionally hashed in to detect toolchain changes.
Not, as I thought, because of the filepaths in the stdlib build IDs. The tree is recomputed with the current GOROOT instead. So every time you change GOROOT, the stdlib *is* rebuilt. (My previous tweet was wrong!)
All bets are off, it's Filippo is stupid.
But! Go binaries also get the *default* GOROOT copied in. The one that the compiler will use if no GOROOT is set, which was set at (compiler) compile time. Binaries need to know it to behave exactly like the compiler that built them.
So this is a fixed diff. But I don't see how it would affect the build ID.
Interesting read: https://github.com/golang/go/issues/17943
Three hours in. I know much more about embedded GOROOT paths.
Interestingly, the compiler will patch the paths of the symbols in the stdlib to match the GOROOT. That's smart, avoids recompiling the stdlib at every GOROOT change, but allows debuggers to find the stdlib files.
Also, should make reproducible builds just work.
So it's not this.
Why you never need to nuke your $GOPATH/pkg. I love the Go toolchain.
The whole pkg.go file is a good read.
🙌 BA just upgraded us to Club World on an overnight 8h 787 flight! Never had that happen before check-in 😃
Trying to reproduce the release build of a popular Go software. There are Makefiles and it's pretty basic, but coming up with slight differences. Taking bets:
3/5 Filippo is stupid
3/10 Owner messed up
"In Praise of Drop-In Libraries"
Just today I was mentioning how SQLite (drop-in library) and youtube-dl (drop-in Python "script") are case studies in how simplicity of adoption can make the success of something (even complex).
TIL "Despite being Clang-based, Apple's compiler version numbers have no apparent relationship to Clang version numbers."
Started a fuzzing job, forgot to add a way to extract crashes. Immediately found 2 crashes. Restarted it with logging. 2 hours with no results. Ok.
Hoping SO hard that "interviews don't work" becomes the next cargo cult among startups.
Just wasted over 2 hours (partially) dockerizing what seems to be a standard Gulp-based static site generator. It only works if node_modules is generated at the repo root, with that precise sequence of commands, that changed three times in the last year. Every mistake is fatal and the only solution is to start over.
Good tooling is judged by how it adapts, how narrow its scope is, and how does it works when you step off the happy path.