technomancy

technomancy, 12 days ago to random EN

hearing about the new mastodon board makes me real glad I started running my own gotosocial server: https://blog.joinmastodon.org/2024/04/mastodon-forms-new-u.s.-non-profit/ [the board features the co-founder of twitter, a blockchain bro, and most of them don't actually have a mastodon account]

I don't want to abandon my old masto account, but I'm making a concerted effort to shift more and more things over to this one

it's imperative that the fediverse is more than just mastodon

technomancy, 18 days ago to random EN

I've been working on a basic little bot coded up for replying to ActivityPub posts: https://git.sr.ht/~technomancy/pengbot/tree/fedi/item/fedi/inbox.fnl

I've got the webfinger and profile bits loaded; that part's actually pretty straightforward, and gotosocial and masto both can recognize @pengbot (but the icon breaks in masto for some reason)

but getting the HTTP signatures? god what a slog

if anything's not perfect it's just like "you got it wrong", no description of why or how to fix it; super frustrating

if anyone familiar with HTTP signatures could take a look and spot what I'm doing wrong, that'd be awesome; I would really love to get this working and have a tiny framework to set up automated interactive fedi posts

technomancy, 22 days ago to random EN

one thing that I appreciate in #fennel is the ability to learn from the history of lisps

#clojure made a big splash and gathered criticism from the Old Guard of lispers by using parens a lot more sparingly than Common Lisp or Scheme; for example let bindings are done inside square brackets instead of a double-layer of parens:

(let [x 1 y 2] ...)

vs

(let ((x 1) (y 2)) ...)

apart from just being tidier, this had the benefit of greater consistency: in Clojure, when you saw an open paren, it usually meant a call to a function or macro, instead of ... some other structure in the language

however, Clojure still had plenty of exceptions to this; I think last I counted there were 7 or 8 distinct things an open paren could mean

in Fennel, we decided that wasn't what we wanted; parens always mean a call to a function/macro ... or in a binding context it could mean binding multiple values:

(local (ok val) (pcall my-function x y z))

but could we do better?

technomancy, 1 month ago to random EN

so, anybody read any good jia tan fanfics?

#xz

technomancy, 1 month ago to random

uh, so ... has anybody checked in on the gzip maintainer? just to see if he's, y'know, feeling ok?

technomancy, 1 month ago to random EN

guix and nix people, go ahead and take your victory lap; yall earned it

technomancy, 1 month ago to random EN

hindsight is 20/20 obviously but this latest xz attack is a perfect illustration of why it's a bad idea to base distro packaging off tarballs when the repository (often with signed tags) is just right there

https://www.openwall.com/lists/oss-security/2024/03/29/4

I've been learning more about Debian packaging for Fennel, and most of it makes sense, but as far as I can tell there's a lot of tooling that's just continuing to stick with tarballs for reasons of historical inertia even tho it complicates things unnecessarily and introduces potential for attacks like this

hopefully this can help get people moving in the direction of better packaging flows that don't put the tarball front-and-center

technomancy, 2 months ago to random EN

I was curious about the security record of Lua's primary implementation and read thru all 17 of the published CVEs it's got (yes, I know CVEs aren't really a great system and the severity of reports is often wildly exaggerated)

the main surprise was how half of the serious vulnerabilities were in the new generational garbage collector they added in 5.4 (apparently there's a good reason it's off by default)

the only other critical one was triggered when parsing untrusted code (which is a feature most languages don't even have)

of the remainder, they're all either just simple crash-the-VM flaws, or bugs in the debug and error handling functionality

https://www.opencve.io/cve?vendor=lua&cvss=&search=

technomancy, 2 months ago to random

FINALLY

https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf

now when someone tells me to use a program written in C I can tell them that Joe Biden told me not to

technomancy, 2 months ago to random EN

do you think the Ogg Vorbis project maintains a Changel Ogg?

technomancy, 3 months ago to emacs EN

if you're ever in an IRC channel with one of those bots that bridges to another network, you probably know how annoying it is to see names pop up "under" the bot, so they don't get treated like real IRC users with coloring, nick completion, or the good old indispensable /ignore command

well, I got tired of that and hacked my client to start treating them just like real users:

http://p.hagelb.org/erc-bridge-nicks.el.html

(this requires ERC, the main #emacs client but I'm sure you could port it to one of the others without much trouble)

technomancy, 3 months ago to random EN

I wrote up my thoughts on the #clojure style guide

https://gist.github.com/technomancy/1e29d5a61ef8a61252257e8842ff5acc

mostly I agree with it, but it gets a few things wrong and leaves out a few things

technomancy, 3 months ago to emacs EN

in 2007 I sent my first contribution to #emacs (really my first contribution to any software with more than a handful of users) which allowed you to do tab completion for the ssh command in eshell based on the contents of your known_hosts file: https://lists.gnu.org/archive/html/emacs-devel/2007-12/msg00275.html

SSH had recently added a change which hashed the hostnames and IP addresses in known_hosts, which makes it useless as a source for tab completion, so my code included instructions about how to turn that off... but I always felt a bit weird telling people to turn off a security measure

(if your machine is compromised, your known_hosts file provides attackers with a juicy list of where to look next now that they have your private key)

today I found out that the hashing of ipv4 hosts provides little to no additional protection, because it can be brute-forced trivially since the address space is so small https://joshua.hu/ssh-snake-ssh-network-traversal-discover-ssh-private-keys-network-graph

technomancy, 3 months ago to random EN

hm; semaphore hasn't had a commit in 2 years

not saying you shouldn't use it, but it doesn't seem like "the maintained fork of pinafore" is an accurate description any more

technomancy, 4 months ago to random

adding "20 years of experience training machine learning models" to my resume to reflect how much time I've spent clicking the "spam" and "not spam" buttons in various mail clients

technomancy, 4 months ago to random EN

https://conf.fennel-lang.org/2023 this is happening tomorrow! come on by and watch some demos of neat things people have built

technomancy, 4 months ago to random

"your computer is so old, it doesn't have a UART, it has a THOUART"

technomancy, 4 months ago to random

I've been reading the "Evolution of Lisp" 1993 paper from the History of Programming Languages II, and it's long, but there are some really wild stories in here

https://doc.lagout.org/programmation/Lisp/Lisp%20Mess/Gabriel%20%26%20Steele%20-%20The%20Evolution%20of%20Lisp.pdf

first of all just the bewildering variety of dialects out there; before everyone was online and sharing, each company or university had their own weird custom language built up

and there were some big companies doing lisp; Texas Instruments sold their own hardware lisp machines, HP, DEC, and IBM all had their own dialects targeting their platforms; everyone had invested a LOT in their own incompatible one-off dialects, creating a large amount of resistance towards standardization

[...]