Zaki @zmanian@mastodon.social

And while we're at it. Since 1.4 RC is live, and available to test out.
There is a feedback thread relating to it:
https://discourse.joinmastodon.org/t/1-4-rc-feedback/134

#discourse #mastodon #feedback #releasecandidate

Tonight's reading material: Bitcoin's 0.12 mempool PRs. There's a lot of new logic there which may or may not be suitable for Zcash, but definitely needs to safely interact with our z-addr mempool logic.

Backporting Is Fun! (TM)

adopted a bunny today
https://mastodon.social/media/HrqcCfpR3a0kHsbowGg
https://mastodon.social/media/NHHd-7ENMDT-J01UTGg

Hey there fediverse friends! Welcome to Mastodon 😁 Have fun and remember to Be Excellent to One Another! Hack the Planet!

Announcing Rust 1.17
https://blog.rust-lang.org/2017/04/27/Rust-1.17.html

(submitted by steveklabnik)

Good news, rclone is not backdoored! Why reproducible builds matter, and how easy they are in Go

https://blog.filippo.io/reproducing-go-binaries-byte-by-byte/

https://mastodon.social/media/4sAGZNN6ijOiNz5oK90

Kaitai Struct: declarative binary format parsing language
http://kaitai.io/

(submitted by mpweiher)

Yussss, John Wiegley's talk from Bayhac about lenses is up. I got a lot out of this one.

https://www.youtube.com/watch?v=QZy4Yml3LTY

C is just inhumanly tricky.

https://github.com/sandstorm-io/capnproto/commit/2ca8e41140ebc618b8fb314b393b0a507568cf21#commitcomment-21851248

Here's the Debian Project's statement about the arrest of Dmitry Bogatov, a Debian Maintainer who worked in the Debian Haskell group and currently maintains several packages for command line and system tools. He was arrested by Russian authorities, and Debian has removed his keys from their servers in case they're compromised. https://www.debian.org/News/2017/20170417

Here's more context around his arrest: https://meduza.io/en/feature/2017/04/10/mathematics-teacher-accused-of-inciting-mass-riots-now-also-accused-of-supporting-terrorism-and-once-again-detained
'According to investigators, “the suspect posted materials calling for riots in the center of Moscow with the help of special software designed to hide traces of his Internet presence, [namely] using servers based in [foreign states].”' -- so, it seems, organizing protests in Moscow, possibly using Tor

I've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ cc @rootkovska

A cool video showing how SecureDrop works, by Lucy Parsons Labs in Chicago https://www.youtube.com/watch?v=LkgN244ggzs

Just published a #mastodon guide on converting your instance to "single user mode": https://github.com/ummjackson/mastodon-guide/blob/master/single-user-mode.md

@ericblade@mastodon.rocks @hupfen Just published it yesterday! 😁 https://github.com/ummjackson/mastodon-guide/blob/master/up-and-running.md

actually why are Mastodon instances not called herds

Uber likely responsible for 24-35% reduction of drunk driving accidents in NYC
http://www.economist.com/blogs/graphicdetail/2017/04/daily-chart-0

(submitted by petergatsby)

imagine a future where in order to stay afloat birbsite has to implement ostatus

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

Is there an Mastodon instance run on an .onion yet?