@muvlon@hachyderm.io avatar

muvlon

@muvlon@hachyderm.io

Linux enjoyer
Nazi hackers fuck off
he/him

This profile is from a federated server and may be incomplete. Browse more on the original instance.

muvlon, to random
@muvlon@hachyderm.io avatar

Need to add mains electricity to your Lego builds? Wago 221-2411 connectors are conveniently both 1 pin tall and wide!

fasterthanlime, to random
@fasterthanlime@hachyderm.io avatar

today I'm chasing down a bug in a fork of a fork of act used in forgejo actions and it seems to fail to execute something in a running docker container because.. "invalid Host header"?

the plot thickens.

muvlon,
@muvlon@hachyderm.io avatar

@fasterthanlime If it makes you feel any better, this broken docker version also shipped in NixOS stable and broke a bunch of people.

CI didn't catch it because the bug only happens when you try to pull an image from the network and the NixOS tests for docker specifically go out of their way to avoid that so they can run airgapped. 🙃

muvlon,
@muvlon@hachyderm.io avatar

@fasterthanlime The second-order effect of this kind of thing is even worse: It makes people afraid to apply security patches. This was, after all, a fix for a CVE and also backported to older Go versions.

gsuberland, to random
@gsuberland@chaos.social avatar

Bored and a bit too tired to carry on playing Dyson Sphere Program, so ask me anything. Electronics, lighting, lasers, colourimetry, Windows internals, security, whatever.

muvlon,
@muvlon@hachyderm.io avatar

@gsuberland If two black holes of very different mass orbit each other, can the gravity get so extreme that the L4 and L5 Lagrange points get their own event horizons?

aeva, to random
@aeva@mastodon.gamedev.place avatar

if I were a physicist I would simply not become death the destroyer of worlds

muvlon,
@muvlon@hachyderm.io avatar

@aeva Nuclear Bombs are tech and therefore neutral, entirely removed from politics and ethics. You must build them!

nota, to random
@nota@chaos.social avatar

If only there was some sort of convenient unit for this 🫣

muvlon,
@muvlon@hachyderm.io avatar

@gsuberland @nota Yes, it's that, but also the new ratings are just pretty hardcore. I guess they got tired of having consumers tell the difference between A+++ and A++++ so they scaled the whole thing down and now almost nobody gets an A (which is cool).

aeva, (edited ) to random
@aeva@mastodon.gamedev.place avatar

when was the last time you've seen an advertisement

muvlon,
@muvlon@hachyderm.io avatar

@aeva How the hell does anybody go weeks or even months without seeing an ad? Sure I don't have a TV and I use adblockers but like, how do you go to any store? They're covered in ads!

kwf, to random
@kwf@social.afront.org avatar

It's still wild to me that modern switch ASICs don't even have a specific defined core voltage for the ASIC.

Each piece of silicon is binned off the line and fused to indicate whether to bump the core voltage up or down a little bit for this specific chip.

With the core voltage down around 0.8V, this also means that the power supply for the ASIC logic core usually needs to provide something on the order of 150 AMPS to the ASIC.

muvlon,
@muvlon@hachyderm.io avatar

@kwf Besides the power supply, how do they even move 150A through the ASIC?

TechConnectify, to random
@TechConnectify@mas.to avatar

So, I just made some fudge from a recipe that says to chill it once poured into a greased pan.

Given feedback on the fridge video... do y'all just never ever do that in Europe? Because, yeah, the little red fridge would not handle that well at all but I got a lot of folks being like "well, duh, you just don't put warm things in the fridge, everybody knows that" in the comments.

We don't know that because - get this - our fridges can usually just handle it!

muvlon,
@muvlon@hachyderm.io avatar

@TechConnectify Unless you need to chill the thing down pretty fast, it feels like a waste of energy to use the fridge. You could also just wait, no?

BahnAnsagen, to random German
@BahnAnsagen@social.tchncs.de avatar

"Aufgrund von Personalmangel kann die Kontrolle der Fahrkarten derzeit leider nicht mehr sichergestellt werden. Alle Fahrgäste, die über keinen gültigen Fahrausweis verfügen, bitte am nächsten Bahnhof aussteigen!" (@ani_katz)

muvlon,
@muvlon@hachyderm.io avatar

@BahnAnsagen Hello zis is German computer virus. Due to Fachkräftemangel and poor technology in my country unfortunately I am not able to harm your computer. Please be so kind to delete one of your important files and then forward me to other users.

aeva, to random
@aeva@mastodon.gamedev.place avatar

I've got this theory recently that the settings of most games can be categorized as either "good place were bad things sometimes happen" or "bad place where bad things happen".

muvlon,
@muvlon@hachyderm.io avatar

@aeva Oh yeah? Explain Seal World.

https://store.steampowered.com/app/1684410/Seal_World/

muvlon,
@muvlon@hachyderm.io avatar

@aeva It's a good place (seal world full of cute seals) where good things happen (seals hang out and have fun).

dalias, to random
@dalias@hachyderm.io avatar

So there's an RCE in acme.sh and a rogue CA abusing it. Because they use eval, of course. 🤦

muvlon,
@muvlon@hachyderm.io avatar

@dalias Come use our ACME client, it's just 1 huge bash file, wow so simple uwu

dalias, to random
@dalias@hachyderm.io avatar

Wow, compilers are still BAD.

When writing d=0x1010101*(unsigned char)c; and assigning d, d>>8, etc. to successive bytes of a buffer, both GCC and LLVM, when they fail in store-merging, will still do the multiply then extract bytes from the result to write 🤦 rather than just storing c four times.

muvlon,
@muvlon@hachyderm.io avatar

@dalias I wonder if memset with a small, constant size will more reliably get inlined/unrolled.

muvlon,
@muvlon@hachyderm.io avatar

@dalias Oh, right, you're writing a libc, so you're writing memset. Duh. :blobfoxgoogly:

gsuberland, to random
@gsuberland@chaos.social avatar

writing a battery safety document and I really wish it was easier to describe the delineation between lithium ion (Li-ion) and LiPo

muvlon,
@muvlon@hachyderm.io avatar

@gsuberland @panegyr Huh? Are you confusing Li-ion for LiFePo4? Because Li-ion is definitely 3.7V. It's the same chemistry as LiPo, just using a different kind of electrolyte.

muvlon,
@muvlon@hachyderm.io avatar

@gsuberland @panegyr Hmm, I guess you could lump in LiFePO4 with Li-Ion, but for safety purposes it's not really comparable, right? LiFePO4 is way safer than what is commonly called Li-Ion (NMC), the latter being only very marginally safer than LiPo.

muvlon,
@muvlon@hachyderm.io avatar

@gsuberland @panegyr Ah, I see. Gotta say I don't know too much about disposal w.r.t. Li-Ion vs. LiPo. Can you share that document once it's done?

qyliss, to random
@qyliss@chaos.social avatar

Working on NixOS modules is burnout fuel for me, because we don't have a good way to manage state migrations. Modules either accumulate ad-hoc shell code to migrate old state from arbitrarily old Nixpkgs versions, or problems that would require state migrations just don't get fixed.

It's a huge difference to pkgs/, where there's zero state to worry about. We can aggressively refactor, and mistakes that weren't caught in review don't matter — they can just be fixed later.

muvlon,
@muvlon@hachyderm.io avatar

@qyliss Yes, I feel this a lot. It's exactly the same kind of nasty state management problems that you get when writing ansible, and just as tiring.

muvlon,
@muvlon@hachyderm.io avatar

@sandro @qyliss I struggled with a lot of state management surrounding ACME.

Also, this general problem is currently holding up https://github.com/NixOS/nixpkgs/pull/164235

muvlon,
@muvlon@hachyderm.io avatar

@sandro @qyliss I'm not saying there's necessarily a better solution than scripts. Just that this is painful and dangerous and NixOS doesn't solve it any better than classic distros.

What I do think we could do is keep writing scripts but, to quote roberth, TDD the shit out of them: https://github.com/NixOS/nixpkgs/issues/206467#issuecomment-1506704972

fasterthanlime, to random
@fasterthanlime@hachyderm.io avatar

Ok can we make /.well-known/pronouns a thing because jfc

muvlon,
@muvlon@hachyderm.io avatar

@fasterthanlime
. 600 IN PRNS he/him

jonty, to random
@jonty@chaos.social avatar

Someone FOI'd a video about arming and disarming backpack nukes from Sandia Labs and I can't get over the timer label that reads "DO NOT TURN ABOVE 27 HOURS".

What happens if you set the nuke to detonate in 28 hours. WHAT HAPPENS.

https://twitter.com/arawnsley/status/1664090317950181377

video/mp4

muvlon,
@muvlon@hachyderm.io avatar

@jonty Ah yes, the "Administrative Controls" level in the Hierarchy of Hazard Controls. Perfectly adequate for checks notes nuclear bombs.

lcamtuf, to random

Ten years later, I'm still unreasonably proud of this finding that came and went with little fanfare, but caused a fair amount of fun on the browser and server side:

https://seclists.org/fulldisclosure/2013/Nov/83

muvlon,
@muvlon@hachyderm.io avatar

@lcamtuf Damn, I looked at that Ghostscript bug which is 10 another years older than your disclosure and all of a sudden there's @raph in the comments.

Some people really have been programming for a while huh.

fasterthanlime, to random
@fasterthanlime@hachyderm.io avatar

nix "soon" os

muvlon,
@muvlon@hachyderm.io avatar

@fasterthanlime You could consider using agenix (https://github.com/ryantm/agenix) to do secrets instead. Its approach is deployment-tool-agnostic, just uses the NixOS module system. You could even use it with nixos-rebuild if you wanted to.

We started using it at work because we wanted to be able to switch deployment tools (and eventually did, from morph to colmena), but I've grown to like that style of secret management better in general.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • kavyap
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • ngwrru68w68
  • cubers
  • thenastyranch
  • Youngstown
  • rosin
  • slotface
  • cisconetworking
  • mdbf
  • ethstaker
  • JUstTest
  • Durango
  • khanakhh
  • GTA5RPClips
  • anitta
  • osvaldo12
  • everett
  • normalnudes
  • tester
  • tacticalgear
  • provamag3
  • modclub
  • Leos
  • lostlight
  • All magazines
    •