fatboy

internetarchive, 6 days ago to random

Why is The Wayback Machine so important for preserving our digital culture? According to new analysis from Pew Research Center:
❌ 38% of webpages that existed in 2013 are no longer accessible
❌ 23% of news webpages contain at least one broken link
🔗 https://www.pewresearch.org/data-labs/2024/05/17/when-online-content-disappears/

thomasfuchs, 1 month ago to random

People, always: Mozilla, please just make a web browser

Mozilla, 2014: here’s a phone!
Mozilla, 2018: all in on VR!
Mozilla, 2022: let’s do crypto!
Mozilla, 2024: hurrah AI!

theropologist, 1 month ago to random

I was reading up on the xz backdoor and found a pretty good rundown on it here:

https://thenewstack.io/linux-xz-backdoor-damage-could-be-greater-than-feared/

A couple of thoughts on this. First, the scary thing about this on the surface was that the malicious code was intentionally introduced by a trusted contributer who had worked on the project for over two years. This was a supply chain attack, but also a bit of social engineering of the OSS community. Prior to this new contributer showing up out of the blue, xz had been languishing somewhat under a single maintainer who appeared to be less and less able to keep up with it. In short, he was looking for someone to pass it on to and Jia Tan seemed like the perfect candidate—apparently by design. So when we say he was a trusted contributer, we really only mean that he gained the trust of the original maintainer. You con the right person and show you are helpful and competent for a few years and you are handed the keys to the kingdom. And since the kingdom is a boring compression utility that most people don't think about, there's not as much scrutiny on it as you might think, or more accurately, hope.

But wait, you might say, isn't the whole point of open source that you have many eyes on the actual source code so that malicious code and vulnerabilities are discovered essentially through crowd sourcing? Yes! That is indeed a huge advantage of OSS. And if the actual code that was in the repo for everyone to see was actually being used by the package managers of major Linux distros, this would have never been a problem. Which brings me to point number two, which is far scarier to me. Apparently most distros prefer using manually built upstream tarballs over pulling git sources directly. Including boring old stable Debian, where the malicious code was first detected. To be clear this was in Debian sid, and the malicious code never made it to a stable release, but then again it was only found out because a software engineer at Microsoft decided to investigate why an ssh login was taking 500ms too long. Which is way too close for comfort in my book.

So why is this so shocking? Well, the malicious code never made it into the git repo where all of those crowdsourced eyeballs would have had a chance to catch it. Instead it was embedded in a build script in the upstream tarball that nobody was looking at. Instead of trusting the collective wisdom of the open source community, distros installing via this tarball were trusting only the person who signed the tarball. In this case Jia Tan, and that trust was extended only because the original maintainer trusted him and allowed him to create and sign the tarballs. So basically, because one person was conned, the entire infrastructure of the Internet was put at risk. To me, that's what we should really be worrying about.

Time and again, technology has promised to eliminate the need for personal trust. Mechanisms are created so that everything is in the open and can be verified, but those mechanisms only work as long as people understand them, and are paying attention, and the problem is that's a lot of work, so we fall back on ad-hoc systems of personal trust, which are a lot easier for our primate minds to understand. They feel more real than something as abstract as the collective wisdom of the open source community.

Or, to take another recent example, people want to get into crypto but they don't want to have to learn about blockchains and public and private keys so they trust conmen like SBF to do it for them because they saw a slick commercial with Larry David in it. Once again we use personal trust as a shortcut to gain access to the shiny new object that is only shiny and new because it's supposed to eliminate the need for that trust in the first place.

This is not to say that person-to-person trust is not valuable. As the admin of a small Mastodon instance I rely on building and maintaining that trust with my users. However, meditating that trust through technology doesn't make it easier or more secure, it just makes it harder in a different way. By the way I'm including systems of government and finance in the broad definition of "technology" here. If we develop systems to replace personal trust we need to understand that they are not a solution in and of themselves. The systems themselves must be maintained and understood, and we need to keep in mind that our brains are poorly suited to innately understanding the abstractions they produce. In short, technology doesn't obviate our need to think critically—it in fact makes it all the more critical for us to do so.

freemo, 1 month ago to random

In the USA I'm going to start asking mechinists and mechanics "Do you use the royal feet or scientific meters?"... maybe that will finally get people offended enough to switch to metric :)

ferds, 2 months ago to firefox

Mozilla? Wtf?! Please improve your ad blocking on iOS. You are using one adblock filter and that is Brave’s Social list? #firefox

ferds, 2 months ago to random

Why Hold Music Is So Annoying, According to an Expert
https://www.mentalfloss.com/posts/why-hold-music-is-annoying

pezmico, 2 months ago to random

Quick reminder that the "Cost of Living Crisis" is a euphemism for the Untaxed Wealth and Excessive Corporate Profit Crisis.

CommonMugwort, 2 months ago to random

Your occasional reminder that not everyone lives in the United States.

bizzacore, 2 months ago to random

It hasn't always been there, but it certainly has been a slow, steady descent.

As the days go by, I yearn more and more for a simpler time on this very internet.

https://fosstodon.org/@flowchainsenseifoss/112031447925301382

treefit, 3 months ago to random

Help testing the upcoming #deltachat_desktop v1.43.X release: https://support.delta.chat/t/help-testing-the-upcoming-v1-43-x-release/2940

Release Highlights

❤️ Send emoji reactions for messages
🔄 New Account Switcher sidebar with notification management
🔔 Get notified for all your accounts
⚙️ Improved settings dialog
✨ A whole bunch of refactorings, improvements and bugfixes

#deltachat

nlowell, 3 months ago to random

A new day. A new chance to succeed.

My brain is on tumble dry lately. Shiny, delicate ideas rolling around in there, flashing past the window so fast it's hard to see any of them clearly.

It's not a bad thing.

After a long period of slumber, perhaps I'm waking up again.

Learning something new has me looking at old things with fresh eyes. Invigorating old skills with the delight of a beginner's mind.

I hope you can find something new and delightful in your life #today

Gargron, 3 months ago to random

There is an ongoing spam attack on the fediverse for the last couple of days. It's more widespread than before, as attackers are targeting smaller servers to create accounts. Before, usually only mastodon.social was targeted and our team could take care of it. For server administrators out there: If you don't need open registrations, switch over to approval mode. If you do, blocking disposable e-mail providers is a massive stopgap to the problem. Mastodon also supports hCaptcha.

TPushic, 3 months ago to Rabbits

#bunny

fdroidorg, 3 months ago to random

Hi @protonvpn We already have Proton VPN on F-Droid. And our users are looking forward to getting more Proton apps on F-Droid. Do you also want that?

Both Drive ( https://gitlab.com/fdroid/fdroiddata/-/merge_requests/12721 ) and Pass (https://gitlab.com/fdroid/fdroiddata/-/merge_requests/13312 ) are waiting for your help to be finalized.

ownlife, 3 months ago to animals

Just follow #DogsOfMastodon and you're all set.

ferds, 3 months ago to random

Nice!

Billionaires Hate Him: How One Thrash Metal Drummer Cost Elon Musk $56 Billion
https://www.metalsucks.net/2024/02/02/billionaires-hate-him-how-one-thrash-metal-drummer-cost-elon-musk-56-billion/

FLOX_advocate, 3 months ago to random

FLOSS hiring thread for February 2024

Are you hiring? Especially for remote work?

Tells us what region(s) of world, type of work, link to opening, etc.

Are you looking for a job?

10s of thousands of layoffs last year, also already this year just in January

Let's help people find good jobs

• @fossjobs

• @osjobhub

• @infosec_jobs

• https://www.WeWorkRemotely.com/

• https://www.keyvalues.com/ - allows pairing values to companies

#FediResources #GetFediHired #FLOSScareer #FLOSSjobs

bert_hubert, 3 months ago to random

Microsoft is trying to get all email users, including governments, to migrate to their cloud-based solutions. This makes their email cloud THE prime target for nation-state/state sponsored hackers. Yet Microsoft appears to be leaving gaping security holes in the setup of their email services: https://arstechnica.com/security/2024/01/in-major-gaffe-hacked-microsoft-test-account-was-assigned-admin-privileges/

ferds, 3 months ago to random

Are you Scottish?
This is hilarious 😂

video/mp4

gerrymcgovern, 3 months ago to random

Rapid groundwater depletion is widespread around the world, according to 2024 study of 170,000 wells located in over 40 countries. Rates of decline have accelerated in recent decades, with levels falling by 20 inches or more yearly in some locations.
https://theconversation.com/humans-are-depleting-groundwater-worldwide-but-there-are-ways-to-replenish-it-220816

Humanity’s groundwater pumping has altered Earth’s tilt
https://www.science.org/content/article/humanity-s-groundwater-pumping-has-altered-earth-s-tilt

The UN is predicting a 40% shortfall in freshwater resources by 2030.
https://www.cnbc.com/2021/10/31/why-water-is-the-next-net-zero-environmental-target.html

saili, 3 months ago to apple

Apple is not your friend. The company that used the governments to become a monopoly, is now crying because the government told them to allow iPhone users to install applications from other sources.

We live in a world where we need government regulations to allow us to run whatever code we want on our computers.

Oh and stop calling it 'side loading'. It's just called 'installing software'. 😪

#DMA #Apple #IOS

petergleick, 3 months ago to random

Tip of the Day!

Here is a reminder to everyone [rightly] pissed at the incredibly high cost of peer-reviewed journal articles behind paywalls:

If you send an email to the lead/corresponding author (whose contact is almost always provided in the article, or easily found with google) and ask for a copy of the article, the author will almost universally be delighted to send a copy [legally] to you, free.

We authors LOVE it when someone asks for a copy of our articles!!!

ami_angelwings, 4 months ago to Sports

does #sports Fedi exist? if you consider yourself a sports fan, please like this post. I want to know how big sports fedi is.

Boosts welcome!

also if you want to, reply with what sports you like

#nhl #nfl #nba #mlb #football #soccer #baseball #hockey #basketball #tennis #cricket #footy #cfl #afl #ufc #mma #nrl #ncaa #golf

wirepair, 4 months ago to random

Friendly reminder if you answer LinkedIn “ask the expert” nonsense, not only are you giving free labor, your answers are mostly being used for training AI models with RLHF

ferds, 4 months ago to random

Dr Evil vs Jeff Bezos

video/mp4