icing

jpmens, 1 month ago to random

deleted_by_author

icing, 1 month ago to random

Lets Encrypt will change cert chains soon. If you pin intermediates or root certs, you need to adapt.

Note that LE plans to expire intermediates every year, going forward. Because it is the only way to make this work.

People are very good at adapting to constant change, but will fight tooth and nail to ignore something several years in the future.

https://letsencrypt.org/2024/04/12/changes-to-issuance-chains.html

icing, 1 month ago to random

pro tip: if you fix a bug for a customer, always slightly change the log output.

We are human and sometimes your fix did not make it to the deployment that still shows the error.

Avoids stunning confusions on both sides.😌

icing, 1 month ago to random

It's better to solve the merge conflicts later than never to have coded at all!

Seraphyn, 1 month ago to opensource German

Heute ist die Migration von IDO zu IcinigaDB endlich durch.

Eine Menge an Daten ;)

#adminlife #iciniga #opensource

icing, 1 month ago to random

Public transport used to work before everyone got cars, sure, but we need cars now since public transport is shoddy.

It‘s the well-known „We need to fix so many bugs, we don‘t have time to write tests!“ situation.

xahteiwi, 1 month ago to random

Just saw doing "minor chores" classified as "procrastination".

Time for a reality check.

If, for example, you live in a house with kids and you push off "minor" chores, you'll be living in major chaos in a jiffy. That's not procrastination, that's essential life management. It's fixing things when they show up, not when they blow up.

icing, 1 month ago to random

Fact: nobody cares about your „unit“ tests when the overall function of your software does not work.

You can „unitize“ your project all you want - to people using it, the whole thing is only one unit in their work.

Unit tests are economic for core components used in many places or at the very bottom of your architecture. Those are very few.

Unit tests are wasteful if they need several mockup-thingies to run (which probably only reflect the hidden assumptions already coded into the unit)..

xahteiwi, 1 month ago to random

Why can you like always like tell the difference if like someone like has their American accent from like having grown up in the like U.S., or like is just a person who like learned to like speak English with like an American accent it's like a total mystery.

icing, 1 month ago to random

A HTTP-WG discussion about what to remove from HTTP/2.

https://github.com/httpwg/admin/issues/56

icing, 1 month ago to random

New AI models are increasingly costly to run. How much? The linked chart shows a steady rise on a logarithmic scale. Costs explode exponentially to make results a bit better.

This can not continue.

https://semaphore.substack.com/p/the-cost-of-reasoning-in-raw-intelligence (via @simon)

icing, 1 month ago to random

Google: „We think about giving you AI only when you pay for it (because otherwise even we go broke).“

Users: „You mean, I don‘t give you money and you don‘t give me AI? Sounds like a win-win!‘

https://arstechnica.com/ai/2024/04/google-might-make-users-pay-for-ai-features-in-search-results/

icing, 1 month ago to random

HTTP/2 DoS attack. Description and CVEs of affected servers, Apache httpd among them.

You need Apache httpd 2.4.59 or mod_h2 v2.0.27.

https://www.kb.cert.org/vuls/id/421644

timbray, 1 month ago to random

I think the #xz incident is teaching us that our infrastructure is dangerously fragile in the face of well-organized/funded attackers. The response isn’t “try harder” or “donate to your OSS project”, it needs to be institutional, professional, and at scale.

So, here’s my proposal, called “OSQI”, aimed at starting a how-to discussion: https://www.tbray.org/ongoing/When/202x/2024/04/01/OSQI

icing, 1 month ago to random

Monday: „Do not write your own parser, use libblabla instead!“
Tuesday: „Remove dependencies, write your own sd_notify()!“

It‘s not easy, being a developer. 💁🏻‍♂️

icing, 1 month ago to random

Shouldn‘t your code just kill the process when something goes wrong? Who needs error handling in production?

And when a process crashes, is it really a good idea that the OS keeps on running?

Maybe Windows95 was right all this time!
https://hachyderm.io/@Mara/112190702399730436

b0rk, 1 month ago to random

making crochet cacti https://jvns.ca/blog/2024/04/01/making-crochet-cacti/

icing, 1 month ago to random

The same thing as with log4j happens now. Every project is asked to report if it has a dependency on xz.🙈

icing, 1 month ago to random

„Oh, I write software!“
„Me too!“
„Can we share?“
„We should share it with everyone!“
„That is so great!“
„For free! Everyone should be free!“
„For free!“

…

„It‘s a joke what these FOSS guys are doing!“
„In-ad-e-qu-ate!“
„We have trillion dollar businesses built on this stuff. What were these guys thinking?“
„Irresponsible!“
„Maybe if we make them feel guilty….?“
„Worth a try!“

icing, 1 month ago to random

You know there are laws in several countries that can force writing of backdoors under gag orders, right?

What other than FOSS can help against those? The xz detection is a success story. 👊🏻

icing, 1 month ago to random

When you despair bc a mistake of yours made it into release, consider:

We fuck up our planet despite knowing better for 40+ years. We let amputeed children starve in Gaza. We let people die in Ukraine bc convenience. We are about to elect a criminal, fraudster, rapist again as president.

Don‘t be so hard on yourself.💁🏻‍♂️

icing, 1 month ago to random

So, the xz desaster was caught by German efficiency? Do I get this right?😌