pasties

@pasties@infosec.exchange

InfoSec Tool Builder, Rust advocate, Linux lover. Connoisseur of temporary tattoos. He/Him

Yeah I don't think I'll ever post anything here I wouldn't want #searchable. Use your own discretion, but I assume I'm public anyway.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

flipsideza, (edited ) to rust
@flipsideza@fosstodon.org avatar

This might be a crazy question but in can I get it to print out the type of a variable? Still wrapping my head around all these types.

for example I think I have a string (used x.to_string()) but when I want to split it I have to create a new var which is a Vec<&str>. I guess a string cant store an array, so that makes sense to me

pasties,

@flipsideza I usually rely on an editor plugin to expose this information inline but there is type reflection you can make use of:

https://doc.rust-lang.org/std/any/fn.type_name_of_val.html

It also usually is displayed in debug printed output as well if you want to use println style debugging (The dbg! macro will do this and give you line info as long as you're ok with a verbose pretty print. Just pass your value by reference as dbg! takes ownership of whatever is passed to it).

jerry, to random

I continue to be squeezed by both sides of the threads situation. I am operating on the premise that people who think I’m a terrible person and this is a terrible instance for allowing any interaction with threads have left and/or blocked, those remaining seem to want to either have nothing to do with threads at all and are mainly concerned with their data, and those who want to seamlessly interact with threads. I have threads limited/silenced on Infosec.exchange, but that isn’t seamless, and it’s also not fully blocking. So, here’s my proposal:
I remove the limit from threads, and run a job to domain block threads for each account. Any account who chooses can undo the block (or ask me to do it) and then they can seamlessly interact with threads, and those who want nothing to do with them get their way.

Thoughts?

pasties,

@jerry I'm madly impressed by how you're handling it. I have no interest personally in the threads interactions, but I'm also not against it until it actually proves troublesome.

I like the community here on Mastodon and treasure the infosec.exchange community. I think you're a hero for navigating this storm and managing this instance and trust in your judgement, but that sounds like a reasoned and balanced plan.

podkaynelives, to Steamdeck

I literally had a game open on my while reading this in bed.

"Do you remember when we were kids, and how much fun it used to be to spend the whole afternoon in some game world?” “Of course,” Sadie said. “Sometimes, I would be in so much pain. The only thing that kept me from wanting to die was the fact that I could leave my body and be in a body that worked perfectly for a while—better than perfectly, actually—with a set of problems that were not my own.” “You couldn’t land at the top of a pole, but Mario could.”
“Exactly. I could save the princess, even when I could barely get out of bed."

  • Tomorrow, and Tomorrow, and Tomorrow by Gabrielle Zevin



pasties,

@podkaynelives Such a good book. All the emotions and character development

major, to ArtificialIntelligence
@major@social.lol avatar

I'm getting the same feeling about AI/ML lately that I had with blockchain a few years ago. Is my brain making the wrong connections here? 🧠

pasties,

@major I'd say mixed. There are a lot of the same crypto grifters building thin useless veils and calling them cutting edge... Blockchains have had some practical use but it's practically non-existent.

These LLMs are clearly useful on their own as tools even if you have to fact check them. The utility is incredible if you work with data, need translations, or for education.

For the first class, data people are going to be wary of sending that data to a third party that is incentivised to steal it. These people will likely run local open source models and there is much less room for a product there.

The second one is already present everywhere for free, look at Google translate. That has been using this new hot architecture for years before OpenAI even existed, people just didn't realize it's capabilities.

The last one is a space I'm watching but have no hand in. Personalized tutoring for students I think could massively improve our education system. We should be paying our teachers more, have more of them and spend more just investing in our kids future but this is a low cost option for extra help and guidance once things are a bit more mature.

kurtseifried, to random

Digital ID is probably not a bad idea long term but making the root certificate system more insecure is probably a bad idea. Find out more with @joshbressers on the https://opensourcesecurity.io/2023/11/19/episode-402-the-eus-eidas-regulation-is-a-terrible-idea/ tldr: forcing everyone to trust governments and bypassing basic security requirements is bad, mmmkay?

pasties,

@kurtseifried @joshbressers Was listening to the podcast this morning and wanted to call out one correction.

Validating client credentials doesn't require a root certificate in the browser. Client certificate authorities ONLY need to be present on the server. The browser doesn't need to know anything about the validity of the identity.

The whole root cert requirement is completely non-sensical.

pasties,

@kurtseifried @joshbressers Yeah on the server side you'll need a valid certificate like the rest of the web.

The cost of paying for even the unnecessary EV certificates, and the staff costs of once a year manually changing certificates seem very insufficient justification for this root CA.

That cost isn't necessary anymore thanks to Let's Encrypt, but I can understand why a government agency may want a certificate that changes less frequently.

pasties,

@kurtseifried @joshbressers I could also be misunderstanding, but on the server side are you aware of any special requirements that aren't provided by existing CA infrastructure for services that consume these identities?

As far as I'm aware they're not doing anything special for mutual authentication.

pasties,

@QuatermassTools @joshbressers @kurtseifried Part of the TLS handshake is saying "I require client authentication, here are the CA subjects I accept." The client needs to match a local chain against the requests from the server.

Browsers (at least Firefox and Chrome) before sending any authentication confirm with the user that they should do so and allow the user to select among the available identities if multiple match.

Almost always the case in mutual authentication like this, the choice of identity is clear, and the server has already been authenticated as part of the global CA system.

pasties,

@QuatermassTools @joshbressers @kurtseifried The only extra burden in authentication here is similar to WebAuthN. A single prompt requesting user confirmation.

GossiTheDog, to random
@GossiTheDog@cyberplace.social avatar

deleted_by_author

    •
    pasties, (edited )

    @GossiTheDog I haven't read what the actual proposal is, but the only condition I can see that making even remote sense is for a production currently in progress and only to cover the currently contracted work with that actor.

    The main character dying once the filming of a movie (presumably their contract includes payment for the movie, which in the lack of the actor outstanding payments and royalties should still go to the estate). No marketing material, sequels, spin-offs, next seasons.

    That is very narrowly scoped and the actor is still being "paid". Anything beyond that is just absurd.

    rasterweb, to 3DPrinting
    @rasterweb@mastodon.social avatar

    Whew! I think I've been working on this family of controllers for most of the year. (Well, on and off, with long breaks in-between.) Honestly I'm glad I didn't launch these earlier because the new printer has just upped the quality so much.

    These are USB HID or USB MIDI controllers... I redesigned devices I've been building since 2020 based on over two years of lessons learned. (And a chip shortage thrown in for fun!)

    Four custom USB controllers.

    pasties,

    @rasterweb Neat! You mentioned USB but I don't see any ports on them. Are they wireless with an adapter?

    filtoid, to rust
    @filtoid@hostux.social avatar

    I have hit a problem in while trying to create a WASM front end (Yew) and connecting it to a server (Tonic). I'm trying to use tonic-web-wasm-client to do gRPC calls between that front end and the back.

    The problem I have is the library insists that nothing is returned but it shows up in the browser network tab (although Firefox doesn't believe there's a payload, other browsers do). The server is definitely being hit and accepts the request and responds as expected.

    pasties,

    @filtoid I haven't looked to be sure but my money is on a CORS issue. Pay close attention in the network tab, is it a HEAD request that is succeeding and then just nothing? A lot of servers don't log HEAD requests so they can be pretty invisible.

    giuseppebilotta, to random
    @giuseppebilotta@fediscience.org avatar

    New laptop is here. Running a full disk backup to transplant my system with minimal effort

    pasties,

    @giuseppebilotta Huh I've had weird problems on Lenovos before but usually the inputs are rock solid, and usually displays are also rock solid (I know unrelated) as long as you're using an Intel variant... What model are you working with?

    pasties,

    @giuseppebilotta that is a rarer variant of Lenovo... I think that was the version I worked with before maybe a different generation... But I didn't have input issues. I did have a display issue where the screen was solid white or solid white after returning from the screen saver. I figured that one out but the input I don't have any tips for unfortunately

    koz, to 3DPrinting
    @koz@chaos.social avatar

    I was looking at https://github.com/SnakeOilXY/SnakeOil-XY, and I saw it has two motion system options:

    • CoreXY
    • Hybrid CoreXY

    I looked up what hybrid CoreXY was, and I'm not sure what its merits and drawbacks are relative regular CoreXY. Could someone fill me in?

    @3dprinting

    pasties,

    @Stark9837 @fleaz @koz @3dprinting The math is more complex but not hard. The movements are also a bit counterintuitive at first. I've tended to get higher quality prints at similar speeds to other printers.

    popey, to linux
    @popey@ubuntu.social avatar

    Some thoughts about buying and selling apps on the desktop.

    https://popey.com/blog/2023/09/there-is-still-no-linux-app-store/

    pasties, (edited )

    @popey I generally agree with your post, but not for the core premise. I agree open source apps can be sold, there isn't a good "store" for proprietary apps paid for or not, and there probably should be...

    Linux isn't a single opinionated platform like Apple which I think are table stakes for this. I would say that the Windows store isn't exactly successful but it is running and available. So opinionated alone isn't sufficient.

    In all cases of any store they ship, pre-installed, and by a company you would trust handling your credit card number. The flatpak and snap stores are not even close to trustworthy. I wouldn't give them a visa gift card.

    You need trust, authority, and an opinionated platform all of which I'd argue are missing from the Linux ecosystem. You're almost by design on your own. I think the result of this is that there can't be a successful app store while this remains true.

    You called out it's almost exclusively proprietary software getting downloaded from these stores... It's because they're not allowed or welcome in the standard repositories for Linux distributions. They HAVE to go somewhere else. If you want to compare against unpaid open source software downloads as a comparison, Linux does have a "store" for those... Their respective package repositories. You can either include those downloads or not, but the comparison of relative proprietary downloads is inaccurate if you omit them.

    Last note, there is actually a regularly downloaded proprietary closed source app store commonly used on Linux and you even mentioned it. Steam. It's not the audience exactly it's designed for but there is a "Software" category with proprietary Linux utility software for sale on Steam.

    pasties,

    @popey When I mean proprietary, I do mean anything that is effectively a non-free open source license. I specify that because for free open source apps there is nothing stopping someone from packaging your app and putting it into the standard repositories effectively competing with yourself.

    I can see an argument for providing support only to people that have purchased it through the store... That gets into a whole other world of business problems. The only people that will be purchasing your 50p app are going to be the ones that need support. How much is your time worth? Is it 50p an hour? The economics generally don't make sense.

    pasties,

    @popey As for canonical sure there are some people in the Linux community willing to give them money. People who know they're behind Ubuntu and have been supporting it and nurturing it for a long time.

    You however keep talking not about Linux power users in the community. Your arguments are for the common Joe. Canonical is not a household name. It is not in that trusted category of businesses "normal" people recognize.

    Wyatt, (edited ) to foss
    @Wyatt@fosstodon.org avatar

    What's your terminal emulator of choice? Foot and st didn't make the list but should be included.

    Please give this a boost if you could.

    pasties,

    @Wyatt I keep switching back and forth between Cinnamon and KDE and just stick with the stock terminal. The only thing I feel I'm really missing is full graphics support which has kind of limited use for me.

    Usually I just want to customize the color palette and default font. Clone my dotfiles and I'm good to go.

    jerry, to random

    I wonder how long it will be until we start seeing targeted/personalized ads that use deepfakes of people in your social network…

    pasties,

    @jerry Ugh that possibility hurts me deeply

    jpm, to random
    @jpm@aus.social avatar

    Ugh fine, I’ll try doing this embedded firmware in Rust. Let’s see how badly this goes…

    pasties,

    @jpm I'm on my phone so I don't have the best ability to search, but I have some recommendations for you to look for. There are a bunch of hardware abstraction later crates and peripheral driver crates already out there such as this one:

    https://github.com/stm32-rs/stm32-rs

    There are also board support packages and I think there is one for the blue pill already as I looked into it before. Quickly found this page which looks pretty solid but I just skimmed it:

    https://gregwoods.co.uk/microcontroller/embedded/rust/stm32/bluepill/how-to-learn-embedded-rust-on-the-stm32f103-blue-pill/

    And lastly this is probably massively overkill, but you might want to take a look at the hubris and humility projects from oxide computing. Real world, really cool and flexible projects that really bring some Rust super powers to the embedded world with so very little overhead.

    Good luck on your project!

    pasties,

    @jpm To support a project structure with the different boards and peripherals? Best guess off the top of my head is to use a workspace with sub-crates.

    It does look like hubris has a pretty good organization structure along those lines (https://github.com/oxidecomputer/hubris). I have only wished and hoped to dabble that deeply into the Rust embedded world but haven't had time yet hahah

    pasties,

    @jpm Cool 😎 hope you post more about your project in the future haha

    jerry, to random

    Is anyone having issues with notifications not showing up in their mastodon notifications until refreshing the web browser?

    pasties,

    @jerry I've been more generally having notification issues on Android since this month's security update. Mostly noticed it in Signal, Tusky, and Chess.

    Not sure if useful but maybe another data point.

    deweyritten, to Spotify

    UGH Google Podcasts is going away 🙄 Im not switching to YouTube music... anyone using for your podcast listening?

    for me, i think its time to dredge up my old Pocketcasts... sigh.

    pasties,

    @deweyritten I end up listening to most of my podcasts on Spotify but honestly I prefer using an RSS reader with an embedded audio player. I just haven't had a decent one of those in a hot minute...

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • khanakhh
  • DreamBathrooms
  • everett
  • magazineikmin
  • osvaldo12
  • InstantRegret
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • thenastyranch
  • kavyap
  • tacticalgear
  • Leos
  • cisconetworking
  • Durango
  • GTA5RPClips
  • ethstaker
  • provamag3
  • ngwrru68w68
  • normalnudes
  • cubers
  • tester
  • modclub
  • megavids
  • anitta
  • lostlight
  • All magazines
    •