Gottox

Gottox, 22 hours ago to random

Aaaaand I released a small helper after rewriting it in rust(tm). Beforehand it was an awful mixture of shell script and Makefiles. I hope it'll be helpful to you <3

https://github.com/Gottox/mk/releases/tag/v0.1.1

Gottox, 13 days ago to random

cursed idea: kubelet running in browsers, scheduling wasm workloads.

Gottox, 1 month ago to random

A thing I wasn't aware of: systemd switched to dlopen'ing compression libraries on demand, rendering the #xz attack useless with one of their next releases. That's why apparently the attackers tried to push distributions to include the new xz version on their stable releases before the mitigation in systemd was included.

teleclimber, 1 month ago to random

I've seen a lot of hot takes this weekend about the #xz hack. Most are about how it was a long effort and how it's a supply chain problem, etc... Many are god takes. But...

One thing I haven't seen a single time is: why is a compression library able to hook in to incoming SSH connections?

Is there not a system to sandbox linked libraries? And if not, wouldn't this be worth investigating?

WASM and JS Realms are showing the way here.

Gottox, 1 month ago to random

The worst conclusion I read from the #xz backdoor was to blame autotools. Yes there are better build systems out there, but it's naive to believe that with cmake/meson/make supplychain attacks are avoidable.

dalias, 2 months ago to random

The Unicode SHY (soft hyphen) debate came up again and this feels like a good time to remind folks that hyphenation is extremely hostile to accessibility by non-native readers, folks with visual/tracking impairments or perceptual issues, etc. and is pure nostalgic typography nerd wankery.

b0rk, 2 months ago to random

i uh spend a lot of time thinking about whether various surprising software design choices are

a) intrinsic to the problem domain ("it turns out it DOES make sense!”)
b) made sense historically ("this made sense in 1992, but it didn't age well”)
c) just a typo/mistake (the "Referer" header)
d) related to budget/time constraints (“well, prototyping with shell scripts is fast!”)
e) cultural/organizational (“well, Google is the main funder for this project, and…”)
f) something else

Kurorori, 2 months ago to random German

Ich suche einen schönen Rucksack für 1-2 15,4" Laptops.

Der Rucksack sollte wahlweise nach "Ich studiere Grundschullehramt und lecke gerne an Fliegenpilzen 🍄🧚" oder "Woher wusstest du, dass ich früher Snakebites hatte 🖤"-Vibes abgeben.

Jemand einen Tipp abseits von traurigen bürobeige Vaude/Osprey/Deuter, in dem Laptops trotzdem gut geschützt sind?

eater, 3 months ago to random

tomorrow i have meeting? interview? for a job, i am excite

Gottox, 3 months ago to random

Are there any TVs that are not "smart"? I want HDMI input, fast boot time and a CEC support.

Gottox, 4 months ago to random

Help! How do I compile ASMR?

b0rk, 4 months ago to random

i don’t think i’ll ever understand monads even though I literally spent years studying category theory in grad school but I really liked this paper “What we talk about when we talk about monads” https://tomasp.net/academic/papers/monads/monads-programming.pdf

I love that it talks about cases where monads have been misapplied and the social aspects of how they’re used

(please do not try to explain monads to me and please no links to your favourite monad explanation)

Kurorori, 4 months ago to random German

Nächstes Jahr stürze ich mich auch wieder ins Chaos :fairydust: - dieses Jahr brauch ich zum Jahresende einfach eine sichere Höhle und gelegentlich ein paar Snacks. Wünsche euch ganz viel Spaß auf dem #37c3, seid lieb zu den Engeln und denkt an 6-2-1 Regel. :blahaj:

Gottox, 4 months ago to random

Gibt's eigentlich das Hair Operation Center oder muss ich mich selbst rasieren? #37c3

Gottox, 4 months ago to random

TIL: C trigraphs

kubikpixel, 5 months ago to analog

~ Happy 2 Bit Advent ~
00, 01, 10, 11 = 1, 2, 3, 4 ≈ 🕯️🕯️
—
#advent #december #christmas #nerd #advents #candles #candle #analog #2bit

bagder, 5 months ago to random

PHP sources with CURLOPT_SSL_VERIFYPEER set to false (disables certificate verification, most typically wrongly): 102K hits on GitHub right now... 😱

realn2s, 6 months ago (edited 6 months ago) to rant

#Rant
I'm just trying to restore a web project for which the production server got accidentally deleted.

As I have to do it on an available replacement server, some things are change and I have to read up on stuff. One thing I come across in many tutorials is

chown -R www-data.www-data PATH_TO_WEB_PRESENCE
(often followed by a chmod 66x)

And I think this is WRONG!!!

The directories and the data should NOT be owned by the user of the webserver. Vor security reasons the webserver should only have READ access to the stuff!!

Please correct me if I'm wrong or are overlooking something.
(and yes I understand that with this ownership you avoid permission problems)

Gottox, 6 months ago to random

Dumb devices are the new smart devices!

gsuberland, 6 months ago to random

just checked a major review site and not a single smart TV was released in the past two years without integrated ads that you can't opt out from or disable. that's depressing.

b0rk, 6 months ago to random

started asking people to follow some very basic rules in the replies to my posts on here (like “no starting arguments" and “no unsolicited advice/explanations”) and it's going really well so far, everyone is really nice about it

Mastodon started off being much worse than twitter for me (at first I got a LOT of unsolicited advice that was not helpful to me). It's gotten way better and I really like it here now, but I think it could be even better

(1/2)

Gottox, 6 months ago to random

When people speak about high availability setups, they overestimate the propability of hardware failures and underestimate the influence of human error.

That's why most technologies are totally missing the point.