@unlambda@hachyderm.io
@unlambda@hachyderm.io avatar

unlambda

@unlambda@hachyderm.io

Working on eVTOLs at Beta Technologies. Python, C, Rust.

Too many hobbies, but right now spending the most of my time learning to fly.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

unlambda, to random
@unlambda@hachyderm.io avatar

That was amazing.

The sun completely eclipsed by the moon. Solar flares are visible, including a prominent one at about 6:30 which was visible to the naked eye when viewing the eclipse.

ai6yr, (edited ) to earthquake

M4.7 earthquake in... New Jersey? (Update: since updated to M4.8) https://earthquake.usgs.gov/earthquakes/map/?extent=39.01492,-76.65161&extent=42.17562,-69.87305&listOnlyShown=true

unlambda,
@unlambda@hachyderm.io avatar

@ai6yr I didn't notice it, unfortunately. But I live right by main st, and large trucks and snow plows shake my house all the time, so I may have felt it and just not registered it.

But at work, where they have instrumented a wing with strain gauges for stress testing, the earthquake apparently shows up in the data from the strain gauges; amazing how sensitive those can be.

And one of my coworkers working from home on a 4th floor mentioned enough swaying that it knocked a few things over.

ai6yr, to random

My sense of smell has gotten a lot better in the last few years (don't ask me why, but probably NOT working in an office). That said, taking a walk around the neighborhood you know how the dogs must feel.

"Ah, Amazon driver with too much cologne passed here an hour ago. PU!"

"Hmm, looks like that teenager girl with way too much perfume walked this way"

"Oh, the neighbors took a shower about 10 minutes ago"

"A baby with a dirty diaper in a stroller passed this way 30 minutes ago... Don't the parents know?!"

unlambda,
@unlambda@hachyderm.io avatar

@ai6yr I recall a science fiction story a while back, in which someone unleashed a virus that turned off the part of our brain that suppresses smells; it turns out that we have very powerful sense of smell, but our brain suppresses many of them to avoid overwhelming us (this part is true, and there have been people who had particular kinds of brain damage which enhanced their sense of smell to a remarkable degree).

unlambda,
@unlambda@hachyderm.io avatar

@ai6yr In the story this caused civilization to collapse, because no one could stand to be around so many other people, and no one could stand the noxious fumes of burning hydrocarbons or various industrial processes.

didgebaba, to random
@didgebaba@c.im avatar

“Last year, I had a life-changing experience at 90 years old. I went to space, after decades of playing an iconic science-fiction character who was exploring the universe. I thought I would experience a deep connection with the immensity around us, a deep call for endless exploration.
"I was absolutely wrong. The strongest feeling, that dominated everything else by far, was the deepest grief that I had ever experienced.
"I understood, in the clearest possible way, that we were living on a tiny oasis of life, surrounded by an immensity of death. I didn’t see infinite possibilities of worlds to explore, adventures to have, or living creatures to connect with. I saw the deepest darkness I could have ever imagined, contrasting so starkly with the welcoming warmth of our nurturing home planet.
"This was an immensely powerful awakening for me. It filled me with sadness. I realized that we had spent decades, if not centuries, being obsessed with looking away, with looking outside. I did my share in popularizing the idea that space was the final frontier. But I had to get to space to understand that Earth is and will stay our only home. And that we have been ravaging it, relentlessly, making it uninhabitable."
-- William Shatner, actor

unlambda,
@unlambda@hachyderm.io avatar

@Natanox @mral @trechnex @didgebaba https://www.youtube.com/watch?v=9GQoHIBDogU

He was clearly trying to express something profound about the experience, and Jeff Bezos is just like "Imma let you finish, but here's a fountain of champagne" and a bunch of other people in the background are cheering and spraying champagne.

unlambda,
@unlambda@hachyderm.io avatar

@Natanox @mral @trechnex @didgebaba Yeah, it's absolutely astounding how out of touch everyone involved other than Shatner is.

And I can't believe I'm saying this! It's William Shatner! He's probably the cast member I'd expect to be least thoughtful and introspective about this, and yet here we are, billionaires dousing him in champagne while he tries to express the profundity of the moment.

jgoerzen, to security
@jgoerzen@floss.social avatar

I am getting tired of reading about the issue as if it is all about issues within . It is much bigger than that, and those takes conflate the problem with the solution.

So I wrote "The xz issue isn't about Open Source" here: https://changelog.complete.org/archives/10642-the-xz-issue-isnt-about-open-source

unlambda,
@unlambda@hachyderm.io avatar

@jgoerzen It's amazing how extensive the Microsoft/SolarWinds/VMWare attack was (note that this was a multi-vendor supply chain attack): https://en.wikipedia.org/wiki/2020_United_States_federal_government_data_breach

Also, absolutely absurd that SolarWinds tried to blame this on things like an 'intern [...] using an insecure password ("solarwinds123") on their update server'; how was an intern ever allowed to do such a thing, an intern should be getting proper guidance and security review, not solely responsible for setting up an update server.

whitequark, to random
@whitequark@mastodon.social avatar

i really dislike mypy

its main utility seems to be producing busywork and making your code worse with annotations

i don't expect i'll be ever using mypy in any of my projects

unlambda,
@unlambda@hachyderm.io avatar

@whitequark I find mypy useful for ensuring the consistency of my type annotations. There's a little bit of busywork if you're first introducing it in a codebase that has existed for a while without it, but it isn't a huge amount.

And yes, it works with assert isinstance(x, ty), the vast majority of my type annotations are on function signatures or just assert x (in a lot of cases where x: ty | None but you know it can't be None), assert isinstance(x, ty), or if isinstance(x, ty)`

unlambda,
@unlambda@hachyderm.io avatar

@whitequark But I do consider mypy to be optional in codebases that I work on, and make liberal use of # type: ignore when there would be too much effort to make mypy happy. I just like having something double check my work to make sure I wasn't completely missing that I said this function could accept something of type x | y but then I passed it into something that just takes type x.

unlambda,
@unlambda@hachyderm.io avatar

@whitequark I guess I kind of like the Rust style "you have to declare types in interfaces, and can use inference in bodies"

It also heavily depends on the code base. When I say "liberal use", I really just mean that I'm not afraid to use it; I don't bend over backwards to make the types fully consistent if it's way more work than necessary (usually because I'm using some library that declares overly-restrictive types when it actually happily accepts something more general).

unlambda,
@unlambda@hachyderm.io avatar

@whitequark It was a little hard for me to get over the "but that means that the types are wrong" mentality.

Like the saying goes about models, mypy types are wrong, but still can be useful

unlambda,
@unlambda@hachyderm.io avatar

@whitequark I use them as documentation with a bit of automation to help make sure I'm not missing anything.

Yeah, they can't be used to enforce invariants; you need isinstance or the like for that.

But I've just found that the "documentation checked for consistency" is helpful enough to a be benefit.

unlambda,
@unlambda@hachyderm.io avatar

@whitequark Yeah, I do find them difficult to read in docs; Python doc tools are not well set up for dealing with type annotations. When I mention use for docs, I generally mean when reading the code or using tooling that understands types for autocomplete, etc.

glyph, to random
@glyph@mastodon.social avatar

I think I am going to do a test stream today, somewhere between 2:30PM and 3PM -0700. I have had this thought many times before but perhaps letting it escape my brain in this way will make it actually happen. Where will it be? Good question. That will be a decision I make between now and an hour from now

unlambda,
@unlambda@hachyderm.io avatar

@matt @glyph huh, that does bring up a good question of what it would take to do an accessible screencast... Could a screen reader be set up to just narrate what's going on as a separate audio channel?

unlambda,
@unlambda@hachyderm.io avatar

@matt @glyph Yeah, I was afraid that might be the case. That seems like a much bigger lift than just adding an extra audio stream.

elliots, to random
@elliots@sfba.social avatar

The real life trolley problem is whether your mayor will flip a switch to save dozens of pedestrians per year, at the cost of sacrificing car driver time & convenience.

unlambda,
@unlambda@hachyderm.io avatar

@Andres4NY @elliots Zero in seven years for a city of 60,000 isn't bad: https://apnews.com/article/hoboken-zero-traffic-deaths-daylighting-pedestrian-safety-007dec67706c1c09129da1436a3d9762

hisham_hm, to random
@hisham_hm@mastodon.social avatar

Yet another vulnerability that I'm not affected by because the software in my Gobo box is too old: happily running xz 5.2.x there.

Thinking of Ivan Illich and considering a variation on Wirth's Law. If by any chance new versions add more bugs faster than they fix old bugs (and ever-growing issue trackers are definitely a thing...), then perhaps older software might be more stable than newer software and, if you don't need new features, then upgrading may not be always the right answer?

unlambda,
@unlambda@hachyderm.io avatar

@mcc @hisham_hm It didn't make it to a stable branch in Fedora, I don't think; it made it to rawhide (Fedora 41, their development branch), and "branched" (their testing/stabilization branch for their next release, Fedora 40), but not their stable branch. Similar to Debian

unlambda,
@unlambda@hachyderm.io avatar

@mcc @hisham_hm Yeah, took me a little while to parse through it too, but you can go here and see that 40 is under "upcoming releases": https://docs.fedoraproject.org/en-US/releases/f40/

unlambda,
@unlambda@hachyderm.io avatar

@mcc @hisham_hm Fedora bumps release numbers as soon as they branch, since their packages all have release numbers baked into the package names.

matt, to random

So, while the xz backdoor disaster has us thinking about how we interact with maintainers of open-source dependencies, I thought I'd ask for advice on resolving a dilemma I'm facing with AccessKit (https://github.com/AccessKit/accesskit). I want to add this dependency: https://crates.io/crates/immutable-chunkmap Like xz (before the long attack began), immutable-chunkmap is a one-person project; he's doing it in his spare time. But, at the risk of sounding entitled, there are things I want fixed before I depend on it. 1/?

unlambda,
@unlambda@hachyderm.io avatar

@matt You could send the contributions upstream, but vendor/fork it for now while you wait for them to be accepted or discussed. That's what I usually do when I have changes that need to be made to a dependency; I would rather not maintain a vendored/forked copy indefinitely, so I send patches upstream, but I vendor or fork it until they're accepted, at which point I can move back to depending on it (or not, if they're not accepted).

unlambda,
@unlambda@hachyderm.io avatar

@matt I don't think it's a dick move, with proper attribution.

It might be worth checking with upstream if they'd accept a PR to put everything that requires unsafe behind a feature flag (if it really is some optional functionality that could be separated out).

I do notice their readme says "written using only safe rust" which indicates that they find this desirable, even if the library doesn't actually match that any more.

dalias, to random
@dalias@hachyderm.io avatar

LOL https://github.com/tukaani-project/xz/commit/4323bc3e0c1e1d20

unlambda,
@unlambda@hachyderm.io avatar

@isaac @dalias Got archived before it was disabled: https://web.archive.org/web/20240330001502/https://github.com/tukaani-project/xz/commit/4323bc3e0c1e1d2037d5e670a3bf6633e8a3031e

glyph, to random
@glyph@mastodon.social avatar

Since this top-line detail is not getting mentioned in a lot of the Discourse: the backdoored versions of / are 5.6.0 and 5.6.1. If you've got one of those installed look for an update from your platform provider ASAP.

Personally I can confirm that Homebrew will do the correct downgrade for you (to 5.4.6) if you 'brew upgrade'; I don't have any other vulnerable hosts so I don't have details for what other platforms needed / have patches right now.

unlambda,
@unlambda@hachyderm.io avatar

@glyph The disturbing part is that the author who introduced the backdoor has been maintaining this package for a couple of years.

At the moment, it looks like most of the previous activity was cover to make these updates look legitimate, but there's a chance there could be other malicious commits in older versions as well.

matt, to random

This backdoor in the xz package, part of the base system in many Linux distros, is alarming. https://www.openwall.com/lists/oss-security/2024/03/29/4

unlambda,
@unlambda@hachyderm.io avatar

@matt @glyph uh... you've used proprietary software, right? as bad as the problems with open source software are, I've found proprietary software to be even worse, on average

liztai, to random
@liztai@hachyderm.io avatar

Heard about the Baltimore bridge collapse. I was hoping there would be no casualties but it doesn't look like that's likely 😰

https://youtu.be/YVdVpd-pqcM?si=PXnkeu6vM31ul1io

unlambda,
@unlambda@hachyderm.io avatar

@liztai Thankfully happened at 1:30 AM. This would have been much worse if it had happened at rush hour or even mid-day.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • GTA5RPClips
  • DreamBathrooms
  • InstantRegret
  • magazineikmin
  • khanakhh
  • Youngstown
  • ngwrru68w68
  • slotface
  • everett
  • rosin
  • thenastyranch
  • kavyap
  • tacticalgear
  • megavids
  • cisconetworking
  • normalnudes
  • osvaldo12
  • ethstaker
  • mdbf
  • modclub
  • Durango
  • tester
  • provamag3
  • cubers
  • Leos
  • anitta
  • lostlight
  • All magazines
    •