n3wjack

aadbrinkman, 1 month ago to random Dutch

Agent doet volstrekt onnodig een "bokkepootje" bij Thunberg. Dan ben je je functie niet waard. Dan ben je sadist met een bloedhekel aan klimaatactivisten.

aportengen, 1 month ago to animals Dutch

New hashtag #Saturdog

Deal with it!

#dogsofmastodon

n3wjack, 1 month ago to random

So I made the mistake of clicking a suggested video on YT about some freaky scuba diving accident.

OMG, my suggestions are full of horrible death traps now. 😱

n3wjack, 1 month ago to random

@JenMsft I have a Windows feature request. When you use multiple keyboard layouts to switch between azerty and qwerty (for games) it would be great if the login screen would indicate what keyboard layout is active.
I often mistype my password because it's still in qwerty and OF COURSE my password has an A in it. 😁
It usually takes me a few tries before I remember that's the problem. 🤦‍♀️

baymud, 1 month ago to random

So many tabs open with new music to listen to today. I may have bitten off more than I can chew, but I will try to get through all of it #overwhelmed #BandcampFriday

n3wjack, 1 month ago to random

It must be Bandcamp Friday today. 😄

AmandaMarcotte, 1 month ago to random

Charlie Kirk's claims that birth control "screws up female brains" and turns them into "angry, bitter young ladies" was not a one-off.

MAGA leaders, in a semi-coordinated fashion, are conditioning their followers to back birth control bans.

https://www.salon.com/2024/04/05/screws-up-female-brains-maga-leaders-are-conditioning-to-back-birth-control-bans/

n3wjack, 1 month ago (edited 1 month ago) to music

I often see Bandcamp release with just a single track in it. I tend to skip those, as I like to get albums, and a chunk of music at once, instead of having to download/organize a bunch of single releases.

How do you people feel about this?

#music #bandcamp

n3wjack, 1 month ago to random

Boost if you've had it with this shite weather. ☔🌦️🌧️🌧️🌧️⛈️

listenfaster, 1 month ago to random

I'm not sure I have my bearings in this Mastodoniverse. I don't know the etiquette. I can't tell if I'm doing it wrong, or if this local server is quiet. Seems like most of what I see is from the federated timeline as opposed to the local, and the local seems VERY constrained to livecoding-related discussion.

Maybe a Mastodon question I have is: if I'm on a server with a particular focus, I don't think we're meant to limit our discourse to that focus, right? The local timeline on this server feels very constrained - like maybe I should find another server if I want to talk about Csound or UPIC ;)

Curious if I'm the only one having these thoughts? :) Advice / guidance welcome.

n3wjack, 1 month ago to random

Weird. I have this post in my timeline, and I have no idea why.
I don't follow the account, and there are no hashtags in it. It's also not boosted.
Why am I seeing this?

Alex, 1 month ago to random

The #xz vulnerability really has me feeling good about not living on the bleeding edge. I'm sure there's still some risk of a terrible backdoor somewhere in Debian or Ubuntu that hasn't been found yet, but at least there's a much higher chance of someone catching it before it bites me.

Only thing of mine that was affected was my Termux installations on my Android devices, something I never use for SSH anyway.

n3wjack, 1 month ago to random

It keeps amusing me, how the Twitter name is so hard to kill.

n3wjack, 1 month ago to random

@kev did you check your spam? Because I did send an email, about those post-emails. 😁
Apparently that didn't come through. I sent it the 28th around 19:18 CET.

pluralistic, 1 month ago to random

Here's a fun AI story: a security researcher noticed that large companies' AI-authored source-code repeatedly referenced a nonexistent library (an AI "hallucination"), so he created a (defanged) malicious library with that name and uploaded it, and thousands of developers automatically downloaded and incorporated it as they compiled the code:

https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

1/

theropologist, 1 month ago to random

I was reading up on the xz backdoor and found a pretty good rundown on it here:

https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-feared/

A couple of thoughts on this. First, the scary thing about this on the surface was that the malicious code was intentionally introduced by a trusted contributer who had worked on the project for over two years. This was a supply chain attack, but also a bit of social engineering of the OSS community. Prior to this new contributer showing up out of the blue, xz had been languishing somewhat under a single maintainer who appeared to be less and less able to keep up with it. In short, he was looking for someone to pass it on to and Jia Tan seemed like the perfect candidate—apparently by design. So when we say he was a trusted contributer, we really only mean that he gained the trust of the original maintainer. You con the right person and show you are helpful and competent for a few years and you are handed the keys to the kingdom. And since the kingdom is a boring compression utility that most people don't think about, there's not as much scrutiny on it as you might think, or more accurately, hope.

But wait, you might say, isn't the whole point of open source that you have many eyes on the actual source code so that malicious code and vulnerabilities are discovered essentially through crowd sourcing? Yes! That is indeed a huge advantage of OSS. And if the actual code that was in the repo for everyone to see was actually being used by the package managers of major Linux distros, this would have never been a problem. Which brings me to point number two, which is far scarier to me. Apparently most distros prefer using manually built upstream tarballs over pulling git sources directly. Including boring old stable Debian, where the malicious code was first detected. To be clear this was in Debian sid, and the malicious code never made it to a stable release, but then again it was only found out because a software engineer at Microsoft decided to investigate why an ssh login was taking 500ms too long. Which is way too close for comfort in my book.

So why is this so shocking? Well, the malicious code never made it into the git repo where all of those crowdsourced eyeballs would have had a chance to catch it. Instead it was embedded in a build script in the upstream tarball that nobody was looking at. Instead of trusting the collective wisdom of the open source community, distros installing via this tarball were trusting only the person who signed the tarball. In this case Jia Tan, and that trust was extended only because the original maintainer trusted him and allowed him to create and sign the tarballs. So basically, because one person was conned, the entire infrastructure of the Internet was put at risk. To me, that's what we should really be worrying about.

Time and again, technology has promised to eliminate the need for personal trust. Mechanisms are created so that everything is in the open and can be verified, but those mechanisms only work as long as people understand them, and are paying attention, and the problem is that's a lot of work, so we fall back on ad-hoc systems of personal trust, which are a lot easier for our primate minds to understand. They feel more real than something as abstract as the collective wisdom of the open source community.

Or, to take another recent example, people want to get into crypto but they don't want to have to learn about blockchains and public and private keys so they trust conmen like SBF to do it for them because they saw a slick commercial with Larry David in it. Once again we use personal trust as a shortcut to gain access to the shiny new object that is only shiny and new because it's supposed to eliminate the need for that trust in the first place.

This is not to say that person-to-person trust is not valuable. As the admin of a small Mastodon instance I rely on building and maintaining that trust with my users. However, meditating that trust through technology doesn't make it easier or more secure, it just makes it harder in a different way. By the way I'm including systems of government and finance in the broad definition of "technology" here. If we develop systems to replace personal trust we need to understand that they are not a solution in and of themselves. The systems themselves must be maintained and understood, and we need to keep in mind that our brains are poorly suited to innately understanding the abstractions they produce. In short, technology doesn't obviate our need to think critically—it in fact makes it all the more critical for us to do so.

mmu_man, 1 month ago to random French

Anyone knows a good web form #password brute forcing tool?

This *** Samsung copier we got donated we don't know it, and the panel fails to boot, and reflashing it requires… the password 🤷

poke @aeris @imil

brooke, 1 month ago to random

the terminator (1984) is so good

a few effects shots didn't age well (nor did the hairstyles) but the film's just so well done and acted

flockofnazguls, 1 month ago to random

deleted_by_author