@blake@infosec.town

blake

@blake@infosec.town

A software developer with a passion for the powers, rights, and freedoms of users. Developer of dahliaOS, LucidLog, Bodacious, and more. Sometimes tries to design and write. Cool tech enthusiast.

Likely to post about #FOSS, #FreeSoftware, and #OpenSource (specifically, my various projects), radio stuff, and some other technology-related stuff. For my climate activism and solarpunk adjacent stuff, see my alt account linked below.

  • I hereby opt in my public posts to be searchable on tootfinder
  • My profile picture is not up to date, even though I just took some for this purpose
  • Recovering from being a lot of bad things, still have more to go. Keep me in check please

This profile is from a federated server and may be incomplete. Browse more on the original instance.

joel, (edited ) to Signal
@joel@fosstodon.org avatar

is making usernames a thing at last. Wanna chat?

How to set it up:

https://community.signalusers.org/t/public-username-testing-staging-environment/56866

blake,

@adamsdesk
I assume it's an abuse combating measure. If you want to preserve anonymity at the cost of bad actors, there's always Session.
@joel

blake,

@adamsdesk @joel The "abuse" of other people having your phone number is reduced to near zero with usernames -- having a phone number in the first place is going to give you way more abuse of it. As for tracking, I'd bet there's a way to validate the source code to make sure it's doing exactly what it says it's doing.

In the end, no matter how you slice it, every good system requires some amount of trust. I'd argue Session is not a good system as there's zero abuse prevention and it's also pretty well tied to the blockchain (even though your messages and whatnot are off the record).

blake,

@joel @adamsdesk I think a good compromise would be to have a "very limited" account state for non-phone number users, where you can't send messages to new people or join groups on your own; you have to be the one contacted, by someone who has verified their phone number. That would help more people than just paranoid anonymity freaks, too, such as families where some younger family members don't have mobile data (but do have, say, a tablet), while keeping the speed bump there. It could be useful for bots and alt-accounts (say, for business), too.

blake,

@joel
The "you have to be contacted" idea is per person-who-contacts-you, not a verification mechanism in and of itself, for exactly that reason.
@adamsdesk

blake, to Matrix

New blog post. I forgot to reinstall Node when recreating my development environment so I had to do that, but it's up now. The page discusses the recent news about the relicensing-and-CLA situation, and how it relates to Spades and (to a tiny degree) the Fediverse.

https://blakes.dev/posts/2023-11-06-element-closing-matrix/?cachebuster=1

leroy, to random
@leroy@indiehackers.social avatar

Being very used to my Mastodon feed now makes it very evident how ad-heavy other platforms are.

It’s refreshing to only see posts that I made a conscious effort to see. And it’s bonkers that it’s a rare concept.

blake,

@leroy Turning on the TV to watch a sports game is about the only time I see ads nowadays. How do people live like that?!

blake, to random

Dear companies/stores:
If you cannot adequately staff your stores, close the store.
This goes for holidays that your employees collectively want off, as well as just in general if you can't hire enough people to do the job right on a regular day.
Thanks, literally everyone.

blake, to random

I need a server to test Spades with so I'm about to set up the server for blakes.dev (and blakeslabs.com). I'd like to use Metronome but I'm not sure if or how well it works with Docker¹. Prosody doesn't support MIX (a must for me) and it's also old, crusty, and you know, replaced by Metronome. So now I'm looking at Ejabberd² which doesn't seem to have a community modules system so I don't think I can (easily) extend features onto it, like MIX-MUC, the way Prosody (and Metronome) could. I believe there's also Openfire which I've seen is also behind on features (it doesn't support XEP-0050 Blocking Command?).

I'm probably going to set up Ejabberd but some advice would be appreciated.

¹ I'm using Docker to manage all my shit, like how most of us nerds use Kubernetes. Isn't K8s used for multiple-server servers? I'm only running one VPS, so it's not that useful for me.
² They said they were adding Matrix support some time back. That would be very useful to me. I don't see any mention of it in the docs or even the source code though.

blake,

@jabberati i'm building an app with it so yeah (the unholy mess that is MUC will come later)

blake,

@jabberati latest Metronome has it and latest Ejabberd has it too. I'm looking at that one and it looks like whoever wrote the docs isn't a native English speaker so it's a little difficult to understand. It might work well for my purposes.

Do you know about data portability between different servers? If I ever wanted to, is there a path to switch from, say, Tigase to Ejabberd? Reconfiguring it is no big deal, but I'm mostly wondering about archives, rosters, blocks, users, etc.

blake,

@jabberati I guess something like that but at the server level. Ideally it would be a process where, by the time it's done, it'll run on the same domain, any bots I put on there can continue to work, and any group chats or MUCs I run on it too.

I don't think any software in federated space has this. There was talk a while back about setting up a database migration from Mastodon to what was then Calckey.

santiago, to retrocomputing
@santiago@masto.lema.org avatar

It’s not yet in this country but Marx 🐱 is already posing on his favorite :apple_inc: devices.

blake,

@santiago I thought the chrome one was a toaster for a second 🫣

frameworkcomputer, to random
@frameworkcomputer@fosstodon.org avatar

Framework Laptop 16 really can play games.

blake,

@frameworkcomputer In all honesty, if other laptop/computer manufacturers adopted the expansion card form factor I could totally see this becoming a thing.

That would be pretty cool, I think.

blake,

@travisfw @frameworkcomputer There's less than there should be, that's for sure. Physical games on a read-only device can't be remotely deleted ;)

joel, to random
@joel@fosstodon.org avatar

I am looking at you, random Mastodon user who is not using a password manager right now.

You should be ashamed.

blake,

@joel
The people who need a password manager the most are the ones who couldn't figure out how to use it if they tried. Mostly, old people.

steamdeckhq, to Steamdeck
@steamdeckhq@mastodon.world avatar

While we can’t wait for #CitiesSkylines2, the recent performance news from Paradox has us worried about playing on the #SteamDeck.

https://steamdeckhq.com/news/cities-skylines-2-wont-run-well-on-steam-deck/

blake,

@steamdeckhq Cities Skylines struggles to run well on the beefiest supercomputers money can buy. I don't see how CS2 is going to be any better.

blake, to random

This reminds me: why do Bluetooth headphones with a USB charger (USB-C!) not let you use the headphones over USB?! They'll stop outputting audio altogether if it's plugged in! Not even ones that have a 3mm aux jack! It's really outrageous and such a waste. Imagine getting stellar audio quality and low/zero latency over USB! Instead, you can only get low latency over aux or stellar quality via Bluetooth, and sometimes neither!

CC (quoted): @dannysullivan

RE: https://mastodon.social/users/dannysullivan/statuses/111223829989946002

blake, to wordpress

Oh yeah! So now that is in the Fediverse, that makes two platforms that use the domain name as the username (BridgyFed being the other). Tumblr will probably follow suit with this pattern (but more because WordPress did it, since it's owned by the same company).

I have a suggestion for Fediverse platforms (servers and clients) that display/consume @user@server handles: give @domain@domain handles some special treatment!

  • Look them up when presented with only a username which contains a dot (i.e. @evanp.me would trigger a lookup for @evanp.me@evanp.me)
  • Show just @user when presented with an exact duplicate (with some variation allowed, mostly punycodes and casing, in which case you'd use the variant in the username field). So @falloutboy.tumblr.com@falloutboy.tumblr.com would be shown as @falloutboy.tumblr.com.
acb, to random
@acb@mastodon.social avatar

This is thoughtful design: Muji apparently released a flashlight that works with any combination of 2 AA and 2 AAA batteries, only more dimly with fewer batteries.

blake,

@acb I've always assumed that things that "require" X many batteries of X type are depending on all batteries to complete the circuit, not to mention the specific voltages of certain types of batteries. If that is true there's probably a way around it and that's probably what they did -- it's probably more components though and therefore more costly (although, to be fair, it's probably pennies on the dollar per hundred units or whatever).

ShaMyouiMo, (edited ) to mastodon
@ShaMyouiMo@kpop.social avatar

How do guys go about quoting posts if you do?

blake,

@ShaMyouiMo
As an actual quote boost. I mention Mastodon users I quote since they don't get notifications from quotes like Firefish/Misskey (and Pleroma/Akkoma?) users do.

blake, to random

My other server, firefish.social, is becoming increasingly painful... it is guaranteed to "error" every time I post, and it also takes forever to load any posts. Now, it will actually error sometimes when posting, and give a different error if it succeeds. I also get zero feedback on the success of certain actions, like boosting, favoriting, and reacting. I have no idea what's going on there and I suspect neither does Kainoa. So I'm looking for another server to house that account, where I post about climate, personal life stuff, and US/NC politics (and trans rights!).

I'm trying out @blake but the/an admin there is immediately making me uncomfortable right off the bat with provocative, argumentative comments (doesn't matter if they're right or wrong, the point is it's far from the kind of thing I want to see or engage with). The server is also not very well federated. So maybe another Firefish server... there aren't a lot on joinfirefish.org. I'd consider hosting my own if it wasn't so goddamn expensive, and getting it well federated is pretty much impossible on a single user instance (the Fedibuzz relay doesn't work, and regular relays don't include servers I want to hear from!).

rolle, (edited ) to bluesky
@rolle@mementomori.social avatar

Just noticed Bluesky doesn't ACTUALLY add the alt text in the img itself. This is a big mistake and makes the service very inaccessible.

The text is actually in the very last part of the DOM (Document Object Model) tree... and is triggered via click. So, if the screen reader doesn't support JavaScript same way than for the seeing people, descriptive text is nowhere to be found. Even when it is, it can't be accessed easily.

#Bluesky #Accessibility #WebDev

blake,

@rolle
They can all be divs if they have aria-role set up right. I'm almost certain they don't though. Ugh.

lzg, to random
@lzg@mastodon.social avatar

deleted_by_author

    •
    blake,

    @lzg I must be the weird one with five things turned on excited about it 😂

    strypey, to random
    @strypey@mastodon.nzoss.nz avatar

    Kia ora @blake, I saw your introduction in the fediverse matrix space, where you mention the idea of an AP chat platform. Are you familiar with @dansup's work on one of these?

    https://wedistribute.org/2023/08/sup-by-pixelfed-is-coming/

    blake,

    @strypey @dansup He's given zero technical details. It looks to me like a centralized platform that you log into with an existing Fedi account. My approach is different, and I'm planning on a different set of features too.

    If they work together, well the more the merrier :)

    evan, (edited ) to random
    @evan@cosocial.ca avatar

    One of the funny things about ActivityPub is that we originally had a charter to develop a social API, with an option to make a social federation protocol.

    The ActivityPub federation protocol has been very successful. The entire API is only implemented in a few projects, which I think is a mistake, but I hope to see improve over time.

    Some people think the parts of the API not needed for federation drag down the spec, without realising that the protocol wouldn't exist without the API.

    blake,

    @evan I'd argue that in cases like Mastodon's, letting people create things Mastodon doesn't know how to work with seems like something it wouldn't want to do. I think the approach would be to just apply the artificial limits -- that's what I plan to do (mostly, don't let users create other "users", and don't do public delivery).

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • osvaldo12
  • mdbf
  • Youngstown
  • cisconetworking
  • slotface
  • rosin
  • thenastyranch
  • ngwrru68w68
  • khanakhh
  • megavids
  • ethstaker
  • tacticalgear
  • modclub
  • cubers
  • Leos
  • everett
  • GTA5RPClips
  • Durango
  • anitta
  • normalnudes
  • provamag3
  • tester
  • lostlight
  • All magazines
    •