@castarco@hachyderm.io
@castarco@hachyderm.io avatar

castarco

@castarco@hachyderm.io

🌍 · 🔻 · ✊🏼✊🏽✊🏾✊🏿 · 🧙‍♂️ · 💉 · 🇺🇦

#MachineLearning & #Software Engineer
Leftist leaning towards anarchism & degrowth
ex-Berliner

https://blog.coderspirit.xyz

My toots are searchable at https://tootfinder.ch/

This profile is from a federated server and may be incomplete. Browse more on the original instance.

thomasfuchs, to random
@thomasfuchs@hachyderm.io avatar

Low key wonder if “it’s antisemitism to say cluster bombing babies is wrong” has something to do with deteriorating brain function after COVID

castarco,
@castarco@hachyderm.io avatar

@thomasfuchs I'm a little bit more pessimistic than that.

I think we've always been surrounded by despicable people presented in many flavours, and some of them just hide for some years when it was unpopular to be like they were.

"moral progress" is probably more unevenly distributed than economic & technological progress, I'd say that some people are thousands of years apart from others.

aeveltstra, to typescript
@aeveltstra@mastodon.social avatar

Hey, devs: is there any way to compile typescript without needing NPM and Node?

Microsoft’s documentation says the easiest way to install tcl is by using NPM. That means they aren’t saying it’s the only way. But it also lacks mention of other ways.

I’m not adverse to building tcl myself if needed, or use different methods for different operating systems.

Please advise!

castarco,
@castarco@hachyderm.io avatar

@aeveltstra You could use either Bun or Deno (but they just run/compile, without type checking)

castarco, to chrome
@castarco@hachyderm.io avatar

So... I'm... surprised.

It's obviously "not a bug", because both #Chrome and #Firefox behave the same way.

I didn't expect this, that a standard browser API would be so broken (I suppose that this is because of and old rotten spec?)

Anyone around who knows why they left DOMParser behave this way?

#infosec #security

» const parser = new DOMParser() » const html =

fasterthanlime, to random
@fasterthanlime@hachyderm.io avatar

lmao, if I'm reading this right, a check in the xz CMakeLists.txt for whether a certain sandboxing mechanism is supported was disabled by... adding a period before the "void" keyword, making it fail.

https://git.tukaani.org/?p=xz.git;a=blobdiff;f=CMakeLists.txt;h=0e4d464faba62a1270b40a0cb24c2c59e4ace409;hp=1f0191673b453ed789d915e35ee874a17818494a;hb=f9cf4c05edd14dedfe63833f8ccbe41b55823b00;hpb=af071ef7702debef4f1d324616a0137a5001c14c

castarco, (edited )
@castarco@hachyderm.io avatar

@fasterthanlime Leaving aside the most important stuff of this story (mental health issues, lack of support, and malicious actors..)

I find it astonishing how little effort most projects place on static analysis and other kinds of automated safety checks.

If I was to burn myself working for free, at least I'd specifically prioritise what most private companies do not allow me to do: good engineering.

castarco, to til
@castarco@hachyderm.io avatar

#TIL Today I learnt that adding ? after * transforms a #regex expression from being "greedy" into "lazy" (important for performance, safe validators, and protection against DoS attacks).

I don't know how I missed this bit of knowledge for so long. :blobfoxbox:

castarco,
@castarco@hachyderm.io avatar

@barubary It's not a panacea at all. True. And of course it cannot be applied always, there are semantics involved.

But in many circumstances it can help to reduce the chances of catastrophic backtracking because it forces backtracking much sooner (the exploration tree is much smaller as a consequence).

castarco,
@castarco@hachyderm.io avatar

@barubary

Sure. What follows is a dumb example ( executed in https://regex101.com/ ), but illustrates my point.

In this particular case you could say that ? is semantically required for <script> because we could have more than one, but many times we don't have this distinction and it still affects how many steps the #regex has to perform.

(Sorry for having the text selected in the 2nd image, I was copying it for the alt of the images 😅 )

[Result: 1 match, 75 steps, 0.0ms Regexp (with the ? symbol): /([sS]*?)</script>/gi

Text:

<main> Hello World <script>console.log("hello!"); More stuff Just a decoy!](https://media.hachyderm.io/media_attachments/files/111/914/833/409/432/020/original/3925f50f868f8a82.png)
molly0xfff, to random
@molly0xfff@hachyderm.io avatar

fuck i love blogs. if i had nothing but time i would just read blogs all day.

castarco,
@castarco@hachyderm.io avatar

@molly0xfff I don't think mine is interesting enough, but I don't mind sharing :)

https://blog.coderspirit.xyz

thomasfuchs, to random
@thomasfuchs@hachyderm.io avatar

I also can't export the followers list, ughhhhhhhh.

All I want is to see, for a single domain, all followers I have from there.

castarco,
@castarco@hachyderm.io avatar

@thomasfuchs I see that some people have pulled together some experimental hacks to do exactly that https://fabulous.systems/posts/2023/06/fetch-own-followers-from-mastodon-api/

eniko, to random
@eniko@peoplemaking.games avatar

so the UK government told people they weren't allowed to get a covid vaccine cause they were "too young and healthy" and is now trashing millions of doses of covid vaccine that could've been used to keep the people they refused a vaccine healthy

good job, UK https://mstdn.social/@junesim63/111866648042745510

castarco,
@castarco@hachyderm.io avatar

@eniko Similar case in Spain. They didn't actively disallow it, but the effects of our policy were almost the same:

  • 1st, discouraging people from even asking or trying.
  • 2nd, avoiding to inform about the vaccination campaign to anyone younger than 65 years old.

I just broke all the "rules" and made an appointment. They were surprised when they saw my age, but I got the vaccine because they knew they were going to throw away thousands of vaccines anyway.

hywan, to random
@hywan@fosstodon.org avatar

I miss the Semantic Web.

castarco,
@castarco@hachyderm.io avatar

@hywan I feel kinda similar... but then I remember who would benefit the most from having all that metadata available for them: big tech like Google, Microsoft, Meta...

Migueldeicaza, to random
@Migueldeicaza@mastodon.social avatar

Nobody likes the 30% AppStore fee, but it has never been a credit card processing cost.

It has always been a marketplace access fee.

That’s the principle of building malls and other commercial public spaces: they invest to create a space for people to flock into and advertise and maintain it.

That’s what you are paying for.

castarco,
@castarco@hachyderm.io avatar

@Migueldeicaza I think most people don't like it not because they see it as a hefty fee, but because they don't have a choice to sell elsewhere...

This is not because that marketplace is fantastic and the others suck, but because Apple makes it virtually impossible to sell elsewhere* with the excuse of security (clearly in bad faith), acting as a monopoly.

*Note: an app for iPhone is NOT the same product as an app for Android or other systems, as it requires explicit adjustments.

castarco,
@castarco@hachyderm.io avatar

@Migueldeicaza @elkmovie

There are no other marketplaces:

  • Apple restricts the engine that browsers can use on iPhone
  • The provided engine limits what's possible on that system, much more than the native APIs
  • Even if web APIs were equivalent to native ones: perf...
  • An app for iPhone is not the same product as one for other systems, as it requires specific adjustments, therefore that specific product can only be sold in that specific markeplate... by explicitly forbidding other channels.
fasterthanlime, to random
@fasterthanlime@hachyderm.io avatar

Starting to think that CEOs using sport metaphors is a red flag

Thinking back on personal experience it certainly seems to be a signal 😬

castarco,
@castarco@hachyderm.io avatar

@fasterthanlime Any kind of metaphor coming from a C*O is a red flag. I say that while being the "CTO" of my own pico-company.

rakyat, to random
@rakyat@hachyderm.io avatar

Good!

castarco, (edited )
@castarco@hachyderm.io avatar

@rakyat What bothers me (not only this, but also the past initiatives from Threads & Flipboard) is that all of these actors are treating the ActivityPub fediverse as a dumping ground.

All of them rush to dump stuff on "us", but take it very slow to introduce integrations with the opposite information flow direction.

thomasfuchs, to random
@thomasfuchs@hachyderm.io avatar

Btw there’s zero excuses for anyone using Substack, there’s competitors that allow you to switch to them in a few minutes while keeping subscribers, billing data, etc.

Like Buttondown which is not only much cheaper but also explicitly said that they’re not catering to any extremists.

https://buttondown.email

castarco,
@castarco@hachyderm.io avatar

@thomasfuchs Thank you :D , you saved me the time of having to look for alternatives.

simon, (edited ) to random
@simon@simonwillison.net avatar

I wrote about the AI trust crisis: when companies like Dropbox and OpenAI say "we won't train models on your private data", it's increasingly clear that a lot of people simply don't believe them.
https://simonwillison.net/2023/Dec/14/ai-trust-crisis/

castarco,
@castarco@hachyderm.io avatar

@simon I know it's super-pedantic to say this, but I think we should stop saying AI until we have one of them for real. As of today, they are "just" LLMs with some small extras.

I'm writing this only because there are a lot of people who read you, so it's fair to say that you have some influence.

castarco, to random
@castarco@hachyderm.io avatar

@Tutanota Hi! I wanted to ask you something. It seems that my account is on an outdated plan ("Premium"), which no longer exists.

What's going to happen with it on the next billing cycle? And what are the differences with the "closest" plans available today? (I can't find any information of what where the characteristics of my current plan so I could compare).

Thanks!

andypiper, to random
@andypiper@macaw.social avatar

I like this approach, and hope more organisations adopt it. https://www.xlast.org/

castarco,
@castarco@hachyderm.io avatar

@ed @andypiper I wouldn't say that's the simplest indicator.

But in any case, you can always attach this information to the query string of the url, it has been a common practice for ages, because in many contexts it is not possible to pass the referral header.

gamingonlinux, to random
@gamingonlinux@mastodon.social avatar

People and SEO Spam like this are ruining the internet. Fuck this shite.

image/jpeg

castarco,
@castarco@hachyderm.io avatar

@gamingonlinux

It worries me that some people believe it's ok to brag about these shitty behaviours & attitudes in the open (It most certainly means that they have a wide audience who also believe the same; which is even worse than the publicised fact in itself).

aeva, to random
@aeva@mastodon.gamedev.place avatar

I saw another person take issue with the term "software engineering" and I think that's fine, but I think we should all call ourselves "computer scientists" instead, because imo that's even more offensive

castarco,
@castarco@hachyderm.io avatar

@dee @aeva I tend to use different terms depending on what the professional actually does (independently of their titles and studies).

Engineer only for the few ones who take it "seriously enough" to care about safety, quality, performance, etc.

Scientist for the few who do actual research.

Programmers and developers for the ones who create software but don't give a shit about research or creating sound software.

fasterthanlime, to random
@fasterthanlime@hachyderm.io avatar

TIL what "taint tracking" is and I think computer scientists should be barred from naming more things until further notice

https://codeql.github.com/docs/writing-codeql-queries/about-data-flow-analysis/#normal-data-flow-vs-taint-tracking

castarco,
@castarco@hachyderm.io avatar

@fasterthanlime I was pretty fond of that particular name xD. It makes a lot of sense (at least for me).

fell, to CSS
@fell@ma.fellr.net avatar

CSS has a containment property whichs sole purpose is to improve rendering performance.

So, first, we develop an abstraction so developers don't have to worry about implementation details like performance. Then, as soon as we realise that our abstractions are (obviously) dog slow, we add more stuff to make them fast again and have developers worry about that instead.

At this point, we might as well ship websites as compiled binaries.

castarco,
@castarco@hachyderm.io avatar

@fell The idea of having compiled websites (or single pages) as a bundle is compelling.

It would be a bliss being able to share technical/scientific articles with interactive simulations/widgets in a sort of self-contained web bundle file, instead of print-ready-but-boring PDF files.

However, I wouldn't say that >=1MB is acceptable for most cases, except for complex apps. I'd also like to keep the ability to choose between SPA and MPA.

castarco, to rust
@castarco@hachyderm.io avatar

I did not expect to say this so soon: looking for a new job again (still employed, but quite unhappy where I am).

Looking for , , , and tooling related positions.

I care about team dynamics & good communication, but also about good engineering practices. I understand tech debt is a given, but I'm not ok with unjustified & careless bad practices.

Specifically running away from bad communication and bad "engineering" practices.

HeavenlyPossum, to random
@HeavenlyPossum@kolektiva.social avatar

The Israeli state’s crushing violence against the people of Gaza—the siege, the indiscriminate bombardment, cutting off food and water and electricity and fuel, all under the guise of fighting “terrorism”—is the same approach that the Asad regime took in Aleppo and countless other Syrian cities and towns, and I watched helplessly for years while plenty of online leftists cheered that on.

I don’t despair but it’s not always easy.

castarco,
@castarco@hachyderm.io avatar

@HeavenlyPossum I came to conclude that self-labelling as leftist does not make oneself a leftist.

Being a leftist is (or should be) about values, not about sides on a conflict. Whoever betrays those values (I'm talking about core values, such as human rights, not about minor discrepancies) can't rightfully claim that label for themselves.

That, or we need to popularise new umbrella terms to "cover" these core values "from scratch", without having to refer to existing parties.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • khanakhh
  • magazineikmin
  • InstantRegret
  • tacticalgear
  • thenastyranch
  • Youngstown
  • rosin
  • slotface
  • modclub
  • everett
  • ngwrru68w68
  • anitta
  • Durango
  • osvaldo12
  • normalnudes
  • cubers
  • ethstaker
  • mdbf
  • tester
  • GTA5RPClips
  • cisconetworking
  • Leos
  • megavids
  • provamag3
  • lostlight
  • All magazines
    •