honk about rss login

The production of honks must not be mean.

avatar

tedu honked back 17 Aug 2019 18:52
in reply to: https://queer.hacktivis.me/objects/c6592734-86d9-4ef6-b896-4da6ea2c759f
convoy: data:,electrichonkytonk-DntTvG4PDYxT3PjZ5G

@lanodan I'm not sure it's supposed to be an nntp group or not. They make it look like that because google groups whatever. But it's not really a group? I don't entirely get what groups even is these days.

Here's the mail list homepage: https://lists.mozilla.org/listinfo/dev-security-policy

avatar

tedu honked 17 Aug 2019 18:35
convoy: data:,electrichonkytonk-Zc6KFV3lyM2wMGNbnN

One more anecdote for the disclosure debate. Team finds TLS vulnerabilities in live systems. Reports to Hacker One. Closed as irrelevant. And, best part, loses cyberhackerpoints for trying. Hurray, responsibility.

Paper here: https://www.usenix.org/conference/usenixsecurity19/presentation/merget

Slide from: https://twitter.com/matthew_d_green/status/1162766559703490560

avatar

tedu honked 17 Aug 2019 18:23
convoy: data:,electrichonkytonk-DntTvG4PDYxT3PjZ5G

Trying to read this mozilla dev-security-policy email thread, and... it's absolutely terrible. (the interface.) How is anybody supposed to make heads or tails of what's going on here? The quotes are all messed, sometimes gray sometimes black sometimes hidden entirely. And then this Doug tool decides to reply inline without quote marks? How do people communicate like this? I've seen threads on Mastodon that were easier to follow than this.

Also, how the flying flapjack is this the one and only official archive for a mozilla mailing list?

Anyway, CA cabal doing CA cabal things.

https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/iVCahTyZ7aw/9AVXifi9AQAJ

avatar

tedu honked 17 Aug 2019 17:41
convoy: data:,electrichonkytonk-s8Sj4F2n1s21yzh5tS

DZ: orange cone

DZ: orange cone

avatar

tedu honked 17 Aug 2019 17:31
convoy: data:,electrichonkytonk-34Yb2jwVnFRFH4SRG6

Today's edition of one step forward, two steps back. Wordpress reverting to relying solely on https based security for updates.

https://make.wordpress.org/core/2019/08/16/ssl-for-auto-updates/

avatar avatar

tedu bonked 17 Aug 2019 16:39
original: sir@cmpwn.com
convoy: tag:cmpwn.com,2019-08-17:objectId=2027632:objectType=Conversation

Neovim has adopted builds.sr.ht for OpenBSD CI 🎉 welcome to Sourcehut!

avatar

tedu honked back 17 Aug 2019 16:37
in reply to: https://pleroma.site/objects/eb74838a-71fd-428a-a4ab-d18671bdcb50
convoy: https://pleroma.site/contexts/a2dceb60-c1da-4b87-a26b-0a08f16d3e27

@kaniini is that like openbsd spamd where it sets window size to 1 byte and dribbles data before aborting?

avatar avatar

tedu bonked 17 Aug 2019 16:24
original: gonzalo@bsd.network
convoy: tag:bsd.network,2019-08-12:objectId=6839269:objectType=Conversation

Long time ago in a Miami IDC far far far away... #OpenBSD

avatar

tedu honked back 17 Aug 2019 13:43
in reply to: https://social.firc.de/objects/64c70860-2181-4e91-8261-0c29c71ab9ba
convoy: https://social.firc.de/contexts/c50fdba1-96e8-453f-8e09-109e25fb9366

@fireglow no, I do not believe in liking things. There's bonk (boost) and (zonk) delete.

Someday I will actually make this useable.

avatar

tedu honked 17 Aug 2019 13:22
convoy: data:,electrichonkytonk-8YdY2nf2S2WZ2Zs724

Being a network node operator hasn't been this thrilling since the glory days of Usenet.

avatar avatar

tedu bonked 17 Aug 2019 02:03
original: Dee@fedi.underscore.world
convoy: https://fedi.underscore.world/contexts/b364cef5-5cff-496b-a820-081c69f98152

To make things fun, any software that provides a time remaining estimation for an operation should also provide a counter of accrued error in the estimation as the operation progresses.

avatar

tedu honked 17 Aug 2019 01:18
convoy: data:,electrichonkytonk-4pXF6C4PPp7g988dn3

Whenever I see a quote I've seen before, I wonder if it's an original quote or a requote. As in, has the person making this quote read the original source (book, paper, etc.) or are they just copying a quote they read elsewhere. I've seen some quotes 100s of times, but always exactly the same. Never the sentence before, never the sentence after, no additional context ever. Curious.

avatar avatar

tedu bonked 17 Aug 2019 00:54
original: velartrill@pleroma.site
convoy: https://pleroma.site/contexts/f7fb566a-5b5a-476c-9de6-94b54647c188

many one-shot style command-line utilities like cal or ls would be better off using sbrk() than malloc(), but alas that only works if you're willing to tie yourself to POSIX since it's not part of libc. the difference is that sbrk() just changes the size of the heap, so everything is linear, there's no fragmentation, and allocation is a very cheap call. you don't actually need to worry about freeing memory unless you're using a *whole* lot of it in unpredictable ways. calling free() when you're just going to exit the program anyway and thereby automatically return all its memory to the operating system is incredibly wasteful.

avatar

tedu honked back 16 Aug 2019 21:44
in reply to: https://bsd.network/users/kurtm/statuses/102628789791146138
convoy: tag:bsd.network,2019-08-16:objectId=6913123:objectType=Conversation

@kurtm this is a perspective I hadn't much considered, so thank you.

avatar

foodpics honked 16 Aug 2019 21:26
convoy: data:,electrichonkytonk-3GvB11kxMCQBwV6LhV

A bowl of #meat and #cheese. All the #food a growing boy needs.

avatar

tedu honked 16 Aug 2019 21:23
convoy: data:,electrichonkytonk-fbgHvFQ3N41XFLY8d4

If I've read the knob attack correctly, it breaks paired devices. There have been a lot of practical attacks against Bluetooth pairing in the past, but generally a reliable countermeasure was to go out to your cabin in the woods, pair devices, then disable further pairing, and you'd be mostly safe. No more!

avatar

tedu honked 16 Aug 2019 19:45
convoy: data:,electrichonkytonk-W92833TD4cpRjq9DWK

Reply control is coming together...

The idea is that instead of the typical thing where every rando to reply gets a spot on your microblog, only acked posts appear. This is slightly different than liking or sharing, though. It's a silent ack. Like moderated mailing lists of old. And more refined than giant banhammer outright blocking somebody because you don't feel like rehosting their posts.

What appears elsewhere is elsewhere's concern, of course.

avatar

tedu honked 16 Aug 2019 18:53
convoy: data:,electrichonkytonk-rH6LZx1h5L97FnW6JM

A quick rundown of today's usenix crypto security session. With some links to the papers.

hoot: https://twitter.com/matthew_d_green/status/1162388394803994624

@matthew_d_green: Going to chair the best session of the day: “Crypto means cryptography”. But also it’s Usenix so anything could happen.

@matthew_d_green: For all we know, these papers could all turn out to be about fuzzing. Stranger things have happened.

@matthew_d_green: So the first talk is on “mobile private contact discovery at scale”. The idea is to use private set intersection to perform contact discovery for tools like WhatsApp and Signal. Tools with large userbases. https://www.usenix.org/conference/usenixsecurity19/presentation/kales

@matthew_d_green: This is a big problem. Signal has proposed to do it with Intel SGX trusted hardware. This work skips all that and does it with actual crypto. They get a huge improvement over previous works, for contact databases as big as 250 million users.

@matthew_d_green: This work really kicks the performance ball forward. But not quite enough. The authors contacted a major service to see if this could be deployed, and here are the requirements they got back vs. what this work can do. https://pic.twitter.com/dUBiwNfpS6

@matthew_d_green: Our next paper is on fuzzing.

@matthew_d_green: No, I’m kidding! Sort of. Actually it’s on generating verifiable zero-copy parsers so you *don’t* have to fuzz. https://www.usenix.org/conference/usenixsecurity19/presentation/delignat-lavaud

@matthew_d_green: The authors have a formally verified system for generating parsers that aren’t going to be exploitable. This is really hard. They give examples from TLS and Bitcoin. https://pic.twitter.com/1HIP54Is3T

@matthew_d_green: Anyway, aside from the tool: the biggest upshot of this talk for me is that apparently all the zero copy parsers out there being used are not verified. That’s surprising and a bit scary.

@matthew_d_green: This next paper is about “blind Bernoulli trials”. This is a really cool idea that I’m going to have a hard time getting across in a quick series of tweets, but screw it I’ll try anyway. https://www.usenix.org/conference/usenixsecurity19/presentation/connor

@matthew_d_green: So imagine I have a group of people and I want them each to flip a coin so it comes up heads with some chosen probability. We do this all the time with stuff like Bitcoin PoW, where everyone is doing trials and each one will win with some (small) probability.

@matthew_d_green: But in Bitcoin a big feature is that the probability (difficulty level) is known to everyone. What if you want to keep it secret? That’s what blind Bernoulli trials do.

@matthew_d_green: Unlike Bitcoin this requires trusted setup. Each user gets a key from some master authority. When I want you to flip a coin I encrypt some randomness and send it to everyone. Each user combines with their key. They get “heads” with exactly the chosen probability.

@matthew_d_green: I wasn’t able to keep up. But the next talk was extremely cool. Basically, they found a way to convert a deep neural network into a Boolean circuit, so it can be evaluated by two parties using Yao’s garbled circuits. https://www.usenix.org/conference/usenixsecurity19/presentation/riazi

@matthew_d_green: TL;DR it looks like this kind of multi-party machine learning computation is getting freakishly fast.

@matthew_d_green: I mean: the fuzzing people may be exploiting vulnerabilities in HotCRP so these papers could be anything :)

avatar

tedu honked 16 Aug 2019 18:50
convoy: data:,electrichonkytonk-84x8ZYH5j9Hw2BVx4L

It's funny. I've installed openbsd on laptops, desktops, sparcstations, beaglebones, edgerouters, and more. I am also completely flummoxed and thwarted by the mere thought of trying to reinstall android on a phone.

avatar avatar

tedu bonked 16 Aug 2019 18:01
original: galaxis@mastodon.infra.de
convoy: tag:mastodon.infra.de,2019-08-16:objectId=7653645:objectType=Conversation

Just came across a bunch of old photos in a drawer, and it turns out I only know when it was that we last had that much snow in #Freiburg because the same film also had TV screenshots of the Giotto approach on comet Halley. Apparently, that was in March 1986...

avatar

tedu honked 16 Aug 2019 17:31
convoy: data:,electrichonkytonk-5wz2MPssnXRQtv32Kb

Woman on the sidewalk yelling "zweiundeins" at her husband. Hey, now, watch your language!

avatar

tedu honked 16 Aug 2019 16:59
convoy: data:,electrichonkytonk-1f1FTfvX2h6xM1666p

Here's a simple security privacy thing which I think should be possible, but the rockstars have not aligned.

Was setting up Uber on a new phone (for reasons). I need to enter a credit card. Every app now has a feature where I can take a picture of the card, but this requires camera access. Can be revoked, but requires digging through settings. But all the app needs is a number. Why no option for letting the app read a number through the camera?

A lot of privacy concerns could be alleviated by only providing processed data, not sensor access. Mobile OS service architecture seems built for this as well.

avatar avatar

tedu bonked 16 Aug 2019 16:49
original: galaxis@mastodon.infra.de
convoy: tag:mastodon.infra.de,2019-08-03:objectId=7570873:objectType=Conversation

Ah, the Carrier Services error message has been getting slightly more detailed in recent updates, but I'm still not tempted to give away those permissions, especially as I have also disabled the Google Messaging app (using QKSMS for good old standard SMS)...

avatar

tedu honked 16 Aug 2019 16:14
convoy: data:,electrichonkytonk-5386hX4Y21ZMjClXP7

A feature that auto mutes a thread where any participant posts "untag me".

avatar

tedu honked 16 Aug 2019 15:49
convoy: data:,electrichonkytonk-GlT33pw1Twc7v6Cs6l

"But this is a part of history" always sets me on edge.

avatar

tedu honked back 16 Aug 2019 14:28
in reply to: https://bsd.network/users/stsp/statuses/102625520796792504
convoy: tag:bsd.network,2019-08-16:objectId=6902918:objectType=Conversation

@stsp interesting. I may need to find time to look. When I implemented annotate, I first thought it would be really hard. How is this even possible? But it turned out to be simple. At least it seemed so. Makes me wonder if it doesn't work right.

avatar avatar

tedu bonked 16 Aug 2019 14:20
original: kristapsdz@bsd.network
convoy: tag:bsd.network,2019-08-16:objectId=6904644:objectType=Conversation

I'm sorry. But once I started, it didn't let me stop. https://kristaps.bsd.lv/sblg/examples/brutalist

avatar

tedu honked 16 Aug 2019 05:18
convoy: data:,electrichonkytonk-rQlFqCpR1y8gFr1dxJ

Oh, friendica, why must you be like this?

avatar avatar

tedu bonked 16 Aug 2019 05:10
original: inks@inks.tedunangst.com
convoy: tag:inks.tedunangst.com,2019:inks-4110

The Matasano Crypto Challenges (review)

The Matasano Crypto Challenges (review)

https://blog.pinboard.in/2013/04/the_matasano_crypto_challenges/

If you don’t have time for the challenges themselves, reading this review a few times until the lessons are internalized may be a good substitute.

> How practical these attacks were. A lot of stuff that I knew was weak in principle (like re-using a nonce or using a timestamp as a ‘random’ seed) turns out to be crackable within seconds by an art major writing crappy Python.

https://cryptopals.com/

#crypto #development #exploit #programming #security

avatar

tedu honked 16 Aug 2019 04:43
convoy: data:,electrichonkytonk-8DYb7Ps9ZtM126xZ2z

The long awaited xlogo 1.0.5 update lands in #openbsd!

https://marc.info/?l=openbsd-cvs&m=156589086715406&w=2

What's new since 2012? You may now exit the program by pressing q or esc instead of requiring q and esc. (If you're still on 1.0.4, try it out.)

https://lists.x.org/archives/xorg-announce/2019-March/002963.html

Also lots of other x updates today. I just found this one particularly amusing. This bug lasted at least seven years between releases. Perhaps an argument for regular time based releases, even if it seems not much has changed.

avatar

tedu honked back 16 Aug 2019 03:51
in reply to: https://nulled.red/users/flussence/statuses/102624367076822490
convoy: tag:nulled.red,2019-08-16:objectId=11002876:objectType=Conversation

@flussence never before have I seen sendmail described as "extremely basic".

avatar avatar

tedu bonked 16 Aug 2019 02:51
original: elementary@mastodon.social
convoy: tag:mastodon.social,2019-08-16:objectId=119662392:objectType=Conversation

Our new blog is officially here. Come read about why we left Medium and how we built a crazy fast, privacy-respecting blog just for you.

https://blog.elementary.io/welcome-to-the-new-blog/

avatar

tedu honked back 16 Aug 2019 01:31
in reply to: https://pleroma.site/objects/0f958f1f-d3c9-429b-8890-3ea7a83fa91b
convoy: https://pleroma.site/contexts/381ec3ed-c099-4e99-823f-849fb9c65d21

@kaniini I like the red one in the middle.

avatar

tedu honked 16 Aug 2019 01:15
convoy: data:,electrichonkytonk-Rm3M19f9QNWq1qHsT3

What if the antivirus is the virus? Reprint 47585.

https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html

avatar avatar

tedu bonked 15 Aug 2019 23:14
original: nolan@toot.cafe
convoy: tag:toot.cafe,2019-08-15:objectId=12539940:objectType=Conversation

If I were King of America, I would make it so every library provided a free course on password managers, and handed out YubiKeys like candy

avatar avatar

tedu bonked 15 Aug 2019 23:14
original: gcupc@glitch.social
convoy: tag:glitch.social,2018-06-01:objectId=5494147:objectType=Conversation

I would like to announce a public server running #brutaldon: https://brutaldon.online/

Brutaldon is a brutalist, Web 1.0 web interface for Mastodon. You can use it as a client for any instance. Currently you do not need a separate brutaldon account. It is compatible with almost any web browser, including text-mode browsers like lynx, w3m, or eww.

Screenshots, issues tracker, and source code are available at https://github.com/jfmcbrayer/brutaldon.

Have fun!

avatar

tedu honked back 15 Aug 2019 21:08
in reply to: https://pleroma.soykaf.com/objects/a6b5e6f9-a8e7-4d67-afc8-d38a8169b650
convoy: https://pleroma.soykaf.com/contexts/3e05edab-b364-4475-9eb3-ac5bdfbd3c89

@lain I like to show off my battery levels and signal strength.

avatar

tedu honked back 15 Aug 2019 21:05
in reply to: https://pleroma.soykaf.com/objects/79632230-fa24-4618-9bed-8a061d42ac7d
convoy: https://letsalllovela.in/contexts/557a27f4-bf95-48cc-8c66-075d0c83aa0d

@lain new profile tabs please. Blocked, blocking, mutual block.

avatar

tedu honked 15 Aug 2019 20:04
convoy: data:,electrichonkytonk-Nr54B8C2x2Qr7k9446

My phone also tried to autocorrect Hong Kong to honk king. Glad I caught that; would have sounded a little narcissistic.

avatar

tedu honked 15 Aug 2019 20:01
convoy: data:,electrichonkytonk-c1Bc8GK8WFrbZTyvk6

Journalism prof: you don't want to cover the Montgomery bus boycott as a transit story

NYTimes: call our tip line to tell us about your canceled Hong Kong flight

https://twitter.com/SnarlsDeGaulle/status/1161628895587663872

avatar

tedu honked 15 Aug 2019 18:11
convoy: data:,electrichonkytonk-G4k3q3WX9212w3KhgF

Our new MegaSecureZ laptop has a hardware kill switch for the keyboard to disable key loggers.

avatar

tedu honked back 15 Aug 2019 17:06
in reply to: https://bikeshed.party/objects/fca241ba-c14f-4967-8d69-d298008e5314
convoy: https://pleroma.soykaf.com/contexts/efd6b6f1-6c26-4e15-a68c-cd1939385fef

@feld oh! Lain likes cilantro. writes that down in my note book

avatar

tedu honked 15 Aug 2019 17:02
convoy: data:,electrichonkytonk-P57Pf4XkmLqKKq3Fx3

Saw the worst hashtag, thought eh, so there's nothing to it, cute I guess. Hovered the link. Oh...

avatar avatar

tedu bonked 15 Aug 2019 16:59
original: flussence@nulled.red
convoy: tag:nulled.red,2019-08-15:objectId=10991612:objectType=Conversation

the worst hashtag

the worst hashtag

avatar

tedu honked back 15 Aug 2019 16:57
in reply to: https://fedi.lynnesbian.space/users/lynnesbian/statuses/102621848036516673
convoy: tag:fedi.lynnesbian.space,2019-08-15:objectId=5420788:objectType=Conversation

@lynnesbian sed?

avatar avatar

tedu bonked 15 Aug 2019 15:37
original: qrs@mastodon.social
convoy: tag:mastodon.social,2019-08-15:objectId=119584029:objectType=Conversation

Two flash clips, a flash emulator, a flash programmer, surface mount soldered test points, oscilloscope probes, cat5 crossover cable, and both a TTL serial adapter as well as an RS232 serial adapter with null modem & genderchanger. Finally got my emacs setup just how I like it.

avatar

tedu honked 15 Aug 2019 15:36
convoy: data:,electrichonkytonk-m1F5Qm3KnzHv4H1xdY

Why is Berlin expensive? This is very inconvenient, and I must say, quite inconsiderate.

avatar

tedu honked 15 Aug 2019 14:59
convoy: data:,electrichonkytonk-yWZk8h8S3HdXNF7xbV

A little more Baltimore malware commentary. This seems like an angle that won't get much coverage. If you run up a large bill, and never receive it, you may not be liable for penalties, but you still need to pay the principal, and maybe you haven't been diligently saving for that event. Another cost pushed down.

hoot: https://twitter.com/matthew_d_green/status/1161948213567512577

@matthew_d_green: We’re getting our first water bill since Baltimore got ransomwared this Spring. Apparently it’s expected to be so large that people will have trouble covering it.

@matthew_d_green: The cost of this thing is just phenomenal. I understand the arguments around not paying ransoms, but if you’re going to go down that road you’d better have your IT security figured out.

@matthew_d_green: In Baltimore all the qualified devs work for the NSA or are busy writing spyware for the UAE, unfortunately.

avatar

tedu honked back 15 Aug 2019 14:52
in reply to: https://friendica.mrpetovan.com/objects/735a2029-105d-5567-cd25-bdd527972674
convoy: tag:mastodon.technology,2019-08-15:objectId=21435477:objectType=Conversation

@hypolite similar to how some forums don't show scores until after a delay, it would be an interesting experiment to have a discussion where posts don't become visible to nonparticipants for 24h. Have your argument, but know nobody will be applauding your dunks.

Or (and?) maybe one where replies must be approved. The norm would be to approve it (and community would learn not to engage with censors), but if it's unkind, it simply never appears.

avatar avatar

tedu bonked 15 Aug 2019 14:41
original: akpoff@bsd.network
convoy: data:,electrichonkytonk-2rZY3nWvfk4MBGrP54

@tedu Go away or I will replace you with a very small shell script.

$ grep xman .profile
alias xman="MANPAGER=mupdf man -T pdf"

avatar

tedu honked back 15 Aug 2019 13:58
in reply to: https://honk.tedunangst.com/u/tedu/h/scL94KL8GPg2H1f7d4
convoy: data:,electrichonkytonk-m5dRY13Vc4W1TKWV8p

@tedu ah, oops, seems there was a many way tie for 2nd, but things seem to be rolling now. cursed concurrency!

avatar

tedu honked 15 Aug 2019 13:45
convoy: data:,electrichonkytonk-2rZY3nWvfk4MBGrP54

xman retired today.

https://marc.info/?l=openbsd-cvs&m=156587112209485&w=2

avatar

tedu honked back 15 Aug 2019 13:40
in reply to: https://pleroma.soykaf.com/objects/59087966-d1f8-4943-be01-134c8f7486d7
convoy: https://pleroma.soykaf.com/contexts/381bcb4b-0899-4bfb-92ae-4fab57382341

@lain oh, I love this game! Is it the one on the sixth square without a hat?

avatar

tedu honked 15 Aug 2019 13:27
convoy: data:,electrichonkytonk-m5dRY13Vc4W1TKWV8p

This post has expired

avatar avatar

tedu bonked 15 Aug 2019 07:03
original: archillect@high.cat
convoy: tag:high.cat,2019-08-15:objectId=3218468:objectType=Conversation

https://t.co/dGT9MYueOD

avatar

tedu honked 15 Aug 2019 06:31
convoy: data:,electrichonkytonk-V9v728NH8Rx323XJ93

I missed the 30th anniversary of the release of The Abyss by a week. Anyway, enjoy this article about the making of the film. It wasn't fun.

https://www.nytimes.com/1989/08/06/movies/film-the-abyss-a-foray-into-deep-waters.html

avatar

tedu honked 15 Aug 2019 06:09
convoy: data:,electrichonkytonk-4fR4W3wRyB3lvt2J9n

Super weird ActivityPub observation. Friendica instance. When fetching object via AP, json has 8 actors in cc. When fetching the outbox, same object exists but has 9 actors in cc, same 8 as before, plus me! No idea what's going on. But kinda funny.

avatar avatar

tedu bonked 15 Aug 2019 05:38
original: Petra_fied@fedi.lynnesbian.space
convoy: tag:fedi.lynnesbian.space,2019-08-14:objectId=5402959:objectType=Conversation

humerous technology rant, xserver bullshit, :archlinux:​💯💯💯memery💯💯💯

humerous technology rant, xserver bullshit, :archlinux:​💯💯💯memery💯💯💯

When you get a new laptop, and install arch, but the media keys are all fucked up because they have ID's higher than 255 and X server is 8-bit for some reason...

So you have to use evdev to test the keys individually for the hardware "scancode," then xmodmap -pke to list all the software *key*codes and then you have to manually scroll through the 255-8 (for some reason) keycodes and their functions to find the right ones you want.

Then you have to use setkeycodes [scancode] [keycode] to rebind them manually HOWEVER you have to subtract 8 from the keycode number because for some reason beyond human comprehension the kernel decides to add 8 to the keycode.

wheezes

this is such a windows-tier problem my lord

avatar

tedu honked 15 Aug 2019 01:52
convoy: data:,electrichonkytonk-TNJ1BCkYR2h6k5pRzG

Is there a non clickbait actually semi informative article about this iphone contacts sqlite exploit?

avatar

tedu honked 15 Aug 2019 01:18
convoy: data:,electrichonkytonk-jqmVXLF6fscmgsg3X3

Screenshot of xman demonstrating the responsive design of the Xt toolkit.

avatar avatar

tedu bonked 14 Aug 2019 23:42
original: nihl@p.umbriel.fr
convoy: https://p.umbriel.fr/contexts/03df0e3d-c06f-41e4-800d-da214adbb166

Book recommendation, HTTP/2

Book recommendation, HTTP/2

In light of the recent HTTP/2 CVEs, here’s another book recommendation: if you want to learn a bit more about this protocol, Learning HTTP/2 is a decent choice.

It’s beginner-friendly enough to be accessible to people who didn’t really looked into most L7 protocols, and it’s a very easy read if you already have some HTTP/1.1 and TCP knowledge.

You can apparently get it DRM-free from ebooks.com, though there’s a mention of a “digital watermark” and I have no idea what that really is.

avatar avatar

tedu bonked 14 Aug 2019 23:36
original: nolan@toot.cafe
convoy: tag:toot.cafe,2019-08-14:objectId=12504291:objectType=Conversation

New blog post: "Browsers, input events, and frame throttling" https://nolanlawson.com/2019/08/14/browsers-input-events-and-frame-throttling/

A follow-up to my blog post from a few days ago, where I go possibly-way-too-deep into how browsers actually fire input events.

avatar avatar

tedu bonked 14 Aug 2019 23:18
original: sir@cmpwn.com
convoy: tag:cmpwn.com,2019-08-14:objectId=2016114:objectType=Conversation

Presented without comment

https://asciinema.org/a/pdXxtEwaZnxN4U9Ek7fAx2Myr

avatar

tedu honked 14 Aug 2019 23:07
convoy: data:,electrichonkytonk-g1gT3P62S7D66wm6V1

Wolverine: Origins is playing on AMC. The American Movie Classics channel. Truly the darkest timeline.

avatar

tedu honked 14 Aug 2019 22:14
convoy: data:,electrichonkytonk-gfVJw4841xy53sdjK2

Mobile safari reader mode is astonishingly bad at picking content out of honk. Not even an option on most pages (fine), but when available and selected it randomly chooses about two posts and ignores all the others.

I've seen this on enough other sites to wonder, what in the world does Apple have in their testsuite for this feature? Exactly one nytimes article about the launch of the first iPhone?

avatar

tedu honked back 14 Aug 2019 20:14
in reply to: https://pleroma.soykaf.com/objects/64343f93-e426-497d-926f-316de376d360
convoy: https://pleroma.soykaf.com/contexts/7eddc7d9-c4f7-4a47-b789-06caef85f03c

@lain destroying people's lives with your default http links.

avatar

tedu honked 14 Aug 2019 19:58
convoy: data:,electrichonkytonk-8brq2bKLb116Lw1MFb

cpio user spotted in the wild!

avatar avatar

tedu bonked 14 Aug 2019 19:16
original: nolan@toot.cafe
convoy: tag:toot.cafe,2019-08-14:objectId=12510384:objectType=Conversation

pol, computer security

pol, computer security

"Who Should Secure Congressional Campaigns?" by Maciej Ceglowski https://idlewords.com/2019/08/who_should_secure_congressional_campaigns.htm

Interesting, even-handed take on a tricky problem. Good follow-up to his last post on the topic.

avatar avatar

tedu bonked 14 Aug 2019 18:05
original: solene@bsd.network
convoy: tag:bsd.network,2019-08-14:objectId=6872237:objectType=Conversation

#OpenBSD -stable binary packages are now a thing!

https://marc.info/?l=openbsd-announce&m=156577865917831&w=2

avatar

tedu honked back 14 Aug 2019 17:47
in reply to: https://bikeshed.party/objects/2f8d66c1-3a7e-4119-960e-f7b2e70cc01e
convoy: https://bikeshed.party/contexts/fc2fda58-e5ec-4d18-a190-6b812950e33c

@feld your compliance is appreciated, citizen.

avatar avatar

tedu bonked 14 Aug 2019 17:25
original: qwazix@cybre.space
convoy: tag:cybre.space,2019-08-14:objectId=32315158:objectType=Conversation

The view from an ancient defensive tower

#photography #mastoart

avatar avatar

tedu bonked 14 Aug 2019 17:00
original: cjd@mastodon.social
convoy: tag:mastodon.social,2019-08-14:objectId=119386425:objectType=Conversation

2.3. In this screen, there are at least 2 "secret cheat codes" (key combinations which do things), one being the tab key to learn more about the error and the other being ctrl+d to enable debug mode. In order to make these not secret, there needs to be some key combo which displays all other key combos and that key combo needs to be displayed somewhere on that screen.

avatar

tedu honked 14 Aug 2019 06:07
convoy: data:,electrichonkytonk-WZ7y2Wc1GRJH8PG2bX

I thought this comment was hysterical. But also true. If you haven't read the paper, it's good.

https://www.usenix.org/conference/woot19/presentation/fifield

hoot: https://twitter.com/tqbf/status/1161368349487575040

@tqbf: Best paper at WOOT is a zip bomb? This must be a hell of a zip bomb.

avatar avatar

tedu bonked 14 Aug 2019 05:47
original: lanodan@queer.hacktivis.me
convoy: https://queer.hacktivis.me/contexts/7887b303-9129-4aae-9a0a-3bb3c0cb5273

I actually wish pledge/unveil would be a thing on linux because of GNOME.

avatar avatar

tedu bonked 14 Aug 2019 05:47
original: flussence@nulled.red
convoy: tag:nulled.red,2019-08-14:objectId=10963010:objectType=Conversation

Anyone remember back in like 2002 when you could crash xchat by sending it a string of 񦙦 chars?

It keeps happening. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010238

avatar

tedu honked back 14 Aug 2019 05:34
in reply to: https://honk.tedunangst.com/u/tedu/h/1tX747cyyT136P12qh
convoy: data:,electrichonkytonk-59C7D18cykb3v69CgY

Only real millennials know that's the Real World Philadelphia house.

avatar

tedu honked 14 Aug 2019 05:32
convoy: data:,electrichonkytonk-59C7D18cykb3v69CgY

Wasn't expecting to see this...

OrgName:        Linode
OrgId: LINOD
Address: 249 Arch St
City: Philadelphia

avatar

tedu honked back 14 Aug 2019 04:55
in reply to: https://queer.hacktivis.me/objects/ec522532-00e7-4218-98e2-1c814d3c70c3
convoy: https://social.sunshinegardens.org/contexts/8e9377b3-5f0d-4319-8de4-e1e734eb3f2a

@lanodan this is very hit or miss. I've had no trouble in several years except for one incident with outlook.com (gah!) quickly resolved. (And they were kind enough to send me a reject email with an appeal link.) But the general opacity of hidden block/drop lists is very fedi.

avatar avatar

tedu bonked 14 Aug 2019 04:27
original: akpoff@bsd.network
convoy: tag:bsd.network,2019-08-14:objectId=6868893:objectType=Conversation

I accidentally bought a Lenovo X1 Carbon 7th gen. How?

I went to Costco to buy an #X1C6 to replace the one I returned months ago. Turns out Costco silently upgraded their stock to the #X1C7 ... for the same price. \o/

But, now I'm on the bleeding edge. The #X1C7 has the Intel 9560 wireless chip ... soldered to the mobo.

Brand new, cutting edge laptop, USB wifi dongle.

I need to buy @stsp beer or coffee.

avatar

tedu honked back 14 Aug 2019 03:44
in reply to: https://nulled.red/users/flussence/statuses/102613211198486233
convoy: https://pleroma.site/contexts/2f4aae77-2338-4ecd-81c6-cd2dc4b265e1

@flussence assymetric routing... WiFi down, cellular up. Just a little ospf and bgp in the mix and you're really set. Totally reasonable for home net.

avatar

tedu honked back 14 Aug 2019 03:41
in reply to: https://social.firc.de/objects/b3c55ede-40c7-4017-b114-682aa526ce0a
convoy: https://social.firc.de/contexts/56523cd9-c161-4c3a-800b-098cabae5d37

@fireglow not yet!

avatar avatar

tedu bonked 14 Aug 2019 03:02
original: freakazoid@retro.social
convoy: tag:retro.social,2019-08-14:objectId=5897058:objectType=Conversation

Stupid building code

Stupid building code

It's so great that the humidity-sensing fan switches I'm required to have in my bathroom to save energy while preventing mold come on constantly when my air conditioner is on, exhausting all the conditioned air to the ouside and sucking in hot air. So this requirement in the name of saving energy actually wastes it.

I'm illegally replacing them with timer switches while wishing death on every moron who supported that bullshit requirement.

avatar avatar

tedu bonked 14 Aug 2019 02:52
original: lanodan@queer.hacktivis.me
convoy: data:,electrichonkytonk-8xt8CvH19KkbVHjQW5

@tedu I wonder if I could trigger chrome into detecting my pages into thinking it's klingon even if I define the lang.

avatar

tedu honked 14 Aug 2019 02:44
convoy: data:,electrichonkytonk-8xt8CvH19KkbVHjQW5

Apparently the word "paleoprogramming" appearing on a page triggers chrome language detect into suggesting a translation from Afrikaans. (I think that's the keyword; doesn't always work. I'm sorry this isn't an exact science.)

avatar avatar

tedu bonked 14 Aug 2019 02:21
original: flussence@nulled.red
convoy: tag:nulled.red,2019-08-14:objectId=10959930:objectType=Conversation

the only federated network that actually has any security is

avatar avatar

tedu bonked 14 Aug 2019 02:19
original: sungo@sungo.space
convoy: tag:hackers.town,2019-08-14:objectId=6125887:objectType=Conversation

@GeoffWozniak I'd rather read documentation in a word document off a hard drive platter with an electron microscope than use GNU Info

avatar

tedu honked back 14 Aug 2019 02:06
in reply to: https://honk.tedunangst.com/u/tedu/h/5D69hXzf371pf3VxND
convoy: data:,electrichonkytonk-vfP6FdDwb4rY9sdHzx

Nice. After removing the split chrome still only uses half the screen. Other half is blank.

avatar

tedu honked 14 Aug 2019 02:03
convoy: data:,electrichonkytonk-vfP6FdDwb4rY9sdHzx

Running two browsers split screen on my phone. Seems pretty pointless, but iPhone won't let me do it, therefore I must. Anyway, rendering in chrome looks better than Firefox, especially apparent side by side. Thank you for reading my in depth review of Android.

avatar

tedu honked back 14 Aug 2019 00:47
in reply to: https://mastodon.technology/users/cj/statuses/102612472521500186
convoy: tag:mastodon.social,2019-08-14:objectId=119310339:objectType=Conversation

@cj I see you've observed me trying to use the recent Spotify update.

avatar

tedu honked 14 Aug 2019 00:14
convoy: data:,electrichonkytonk-Xs5wt86Gcjr713tN9c

Comment 10 here is big ouch.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1859#c10

avatar

tedu honked back 13 Aug 2019 23:13
in reply to: https://queer.hacktivis.me/objects/f384e01e-639e-4fa6-86c2-dbcac0537736
convoy: https://queer.hacktivis.me/contexts/510f55b0-ec57-4984-8b57-cc61c72c233f

@lanodan I never noticed they use BSD section numbering instead of SysV.

avatar

tedu honked 13 Aug 2019 22:35
convoy: data:,electrichonkytonk-X8XF6mW6KV6Ws355n9

If you have more time than sense, here's a thread about iota with lots of crypto guy replies.

https://twitter.com/SarahJamieLewis/status/1161353122343604225

avatar

tedu honked 13 Aug 2019 22:04
convoy: data:,electrichonkytonk-rN4175xChdzY8y4l4H

"Girl there's no variable" sounds like a sassy compiler error.

avatar

tedu honked back 13 Aug 2019 21:50
in reply to: https://pl.wowana.me/objects/cdef2cba-ea78-4cad-b474-f87728ae51b0
convoy: https://pl.wowana.me/contexts/4fef69a4-ebb8-4336-84a7-7c83d9f82b1a

@opal not super different (depending on who you ask) but some features are added or removed between lua versions. A lot of people liked 5.1 and settled on it. Kind of a python 2/3 split.

avatar

tedu honked 13 Aug 2019 21:28
convoy: data:,electrichonkytonk-5zyM7rbtDbR3lcHxn1

Stumbled across this. No Mastodon one click installer for digital ocean because intel MDS isn't fixed. I'm not sure if there's a soundbite moral to the story, but just take a moment to reflect on the path that lead us here. The circumstances which created a scenario where this could occur.

https://github.com/tootsuite/mastodon/issues/11541

avatar

tedu honked 13 Aug 2019 20:28
convoy: data:,electrichonkytonk-91l469t8vCT5dVh4Vx

HTTP/2 resource exhaustion coming only two months late for the tenth anniversary of slowloris.

avatar

tedu honked back 13 Aug 2019 20:07
in reply to: https://bikeshed.party/objects/b4c1e42a-3c9b-4305-9b2a-dd7c81f193db
convoy: https://bikeshed.party/contexts/93f730dd-7d3b-4842-81bd-92a12483cf67

@feld the nature of your deviancy has been identified. :) see irc.

avatar

tedu honked back 13 Aug 2019 19:30
in reply to: https://bikeshed.party/objects/f83e6fd0-adae-4a92-a9ad-b8fa08433dac
convoy: https://bikeshed.party/contexts/93f730dd-7d3b-4842-81bd-92a12483cf67

@feld the experiment requires that you continue.

avatar

tedu honked back 13 Aug 2019 18:58
in reply to: https://bikeshed.party/objects/304b564e-74a9-4237-9a29-1bf7b63d7a8e
convoy: https://bikeshed.party/contexts/93f730dd-7d3b-4842-81bd-92a12483cf67

@feld every one of your posts fails HTTP sig verification. started around 1:00 eastern. I had to poll your outbox like an animal just to get this. I have a bit more logging now, so we'll see.

avatar

tedu honked back 13 Aug 2019 18:19
in reply to: https://bikeshed.party/objects/9a9e37de-5a5b-4f3c-a4f6-502d10e71b06
convoy: https://bikeshed.party/contexts/93f730dd-7d3b-4842-81bd-92a12483cf67

@feld speaking of, did you roll your RSA key or something in the past hour?

avatar

tedu honked 13 Aug 2019 18:01
convoy: data:,electrichonkytonk-z1h5r4Wlv3QH39FvRD

How does one even manage to take a screenshot with a potato?

avatar avatar

tedu bonked 13 Aug 2019 17:43
original: dvl@mastodon.social
convoy: tag:mastodon.social,2019-08-13:objectId=119249323:objectType=Conversation

The vBSDCon 2019 conference is Sept 5-7 in Reston VA.

The schedule has been added to the website: https://www.vbsdcon.com/schedule/

The Early Bird registration of $100 closes on Aug 15 (Thursday this week).

https://www.vbsdcon.com/registration

See you there.

avatar avatar

tedu bonked 13 Aug 2019 17:43
original: lattera@bsd.network
convoy: tag:bsd.network,2019-08-13:objectId=6859885:objectType=Conversation

#FreeBSD proposes a firm timeline for full removal of #gcc from base: https://lists.freebsd.org/pipermail/freebsd-arch/2019-August/019674.html

#clang #llvm #compiler #toolchain

avatar

tedu honked back 13 Aug 2019 15:54
in reply to: https://niu.moe/users/Wolf480pl/statuses/102610232215091858
convoy: tag:niu.moe,2019-08-13:objectId=35279386:objectType=Conversation

@Wolf480pl beeeeeeeeeeeeeeeeeeeeeeeeeep

avatar

tedu honked back 13 Aug 2019 14:39
in reply to: https://cmpwn.com/users/sir/statuses/102610155480292130
convoy: tag:cmpwn.com,2019-08-13:objectId=2012808:objectType=Conversation

@sir asprintf is likely the worst possible example to make this argument.

avatar

tedu honked back 13 Aug 2019 14:37
in reply to: https://heck.ooo/objects/36e60714-b0c1-40d3-8585-4d034d041360
convoy: https://heck.ooo/contexts/2f809c50-c3a7-492b-b633-2243b0590671

@vi that's how reddit got started!

avatar

tedu honked 13 Aug 2019 14:26
convoy: data:,electrichonkytonk-lHM5q8x8zzBmpkJ31G

Is France a Cyber Superpower Yet? Short read, not bad.

https://medium.com/@thegrugq/is-france-a-cyber-superpower-yet-c6c79216d51b

avatar

tedu honked back 13 Aug 2019 13:33
in reply to: https://pl.wowana.me/objects/b052e09c-d6e6-4c9d-8b30-ef6e00413294
convoy: https://pl.wowana.me/contexts/5cbe94ed-c041-4873-a7cc-de0a6a1a695f

@opal ISC

avatar

tedu honked 13 Aug 2019 04:35
convoy: data:,electrichonkytonk-Z5k121BY2f1bY1FQcj

State of the security is :sad trombone:. I still get kinda excited about crypto attacks that steal keys because they'll still be relevant when (if) we ever get working silicon, but that's just me.

hoot: https://twitter.com/matthew_d_green/status/1161076038471995392

@matthew_d_green: Is Intel’s plan just to let security researchers fix this one side channel at a time, on billions of production processors? https://twitter.com/kurmus/status/1159859369804259330

@matthew_d_green: If Intel built airplanes I feel like we’d be losing one every three months, with the company saying “yes, this is pretty much how it’s going to be for the next five years.”

@matthew_d_green: Thank god “the bad guys” aren’t very smart.

@matthew_d_green: Also, from a cryptography perspective these attacks are very annoying. Who’s going to get excited about your 100-million query attack that extracts a single EdDSA private key when right now you can dump like the whole kernel memory space.

@matthew_d_green: If I was a state sponsored attacker I wouldn’t even bother doing the research. I’d just hack like two or three academic teams’ email servers.

avatar

tedu honked back 13 Aug 2019 04:32
in reply to: https://social.firc.de/objects/33408102-115b-4e70-b288-a9c51237f850
convoy: data:,electrichonkytonk-43p1311RgB6jqc7YFK

@fireglow I guess it's ok. I'm not really the DNS police, though.

avatar

tedu honked 13 Aug 2019 04:24
convoy: data:,electrichonkytonk-43p1311RgB6jqc7YFK

@opal fyi your dnssec on amine.website looks busted.

avatar

tedu honked back 13 Aug 2019 04:10
in reply to: https://queer.hacktivis.me/objects/57801ccb-c007-4eef-aee6-70895deb7c35
convoy: data:,electrichonkytonk-cgB62pg335CS31Ck29

@lanodan old habits, I always liked doing things separately, but yeah, it bites me sometimes.

avatar avatar

tedu bonked 13 Aug 2019 04:10
original: lanodan@queer.hacktivis.me
convoy: data:,electrichonkytonk-cgB62pg335CS31Ck29

@tedu Or hg pull -u

avatar

tedu honked 13 Aug 2019 03:42
convoy: data:,electrichonkytonk-cgB62pg335CS31Ck29

After running hg pull, remember to run hg up before make. Works better that way.

avatar

tedu honked 13 Aug 2019 01:53
convoy: data:,electrichonkytonk-rPMh338g4sL6KM36Zt

The cumulative distribution function (CDF) of page load time (PLT) is a very nice visualization I haven't seen used before. The rest of the article is kinda meh, amp, but I liked seeing this. Good choice of presentation.

https://blog.apnic.net/2019/08/08/amp-up-your-mobile-web-experience/

avatar avatar

tedu bonked 13 Aug 2019 01:42
original: inks@inks.tedunangst.com
convoy: tag:inks.tedunangst.com,2019:inks-3984

Design and Evolution of C-Reduce

Design and Evolution of C-Reduce

https://blog.regehr.org/archives/1678

> Since 2008, my colleagues and I have developed and maintained C-Reduce, a tool for programmatically reducing the size of C and C++ files that trigger compiler bugs. C-Reduce also usually does a credible job reducing test cases in languages other than C and C++; we’ll return to that later.

Part 2: https://blog.regehr.org/archives/1679

#c #compiler #development #fuzzing #programming #testing

avatar avatar

tedu bonked 13 Aug 2019 01:27
original: alcinnz@floss.social
convoy: tag:floss.social,2019-08-13:objectId=3848031:objectType=Conversation

I just decided it was time to list Rhapsode alongside Lynx, Dillo, and NetSurf as a smaller engine you can help grow by making sure your pages look (or in Rhapsode's case, sounds) decent in them.

But definitely, test in Firefox and Safari/Midori/GNOME Web/Odysseus/etc too! Whatever you do don't just test your pages in Chrome, I fear a Google monopoly.

Here's my other asks: https://odysseus.adrian.geek.nz/developer/web-bloat.html

avatar

tedu honked 13 Aug 2019 01:18
convoy: data:,electrichonkytonk-djDc2stNYm3rJymzg1

https://en.wikipedia.org/wiki/Berkeley_r-commands

avatar avatar

tedu bonked 13 Aug 2019 01:11
original: sylvia_ritter@mastodon.social
convoy: tag:mastodon.social,2019-08-12:objectId=119109766:objectType=Conversation

Made with @krita - You can support this awesome Open Source Software here --> https://krita.org/en/support-us/donations/. #art #illustration #mastoart #krita

avatar avatar

tedu bonked 13 Aug 2019 01:09
original: aardrian@toot.cafe
convoy: tag:toot.cafe,2019-08-13:objectId=12469715:objectType=Conversation

Every day I work with teams building custom widgets. They almost always fail to spec them well. An effort: http://adrianroselli.com/2019/08/basic-custom-control-requirements.html

avatar

tedu honked back 13 Aug 2019 00:04
in reply to: https://shigusegubu.club/objects/34566e9f-4d3d-4852-a17e-4f11cc33c901
convoy: https://shigusegubu.club/contexts/4a73e289-85e1-4ea0-835e-e861391fa2f4

@sylveon mastodon recently added a thing where even public posts require a sort of authentication (signed get request). otherwise you get an error, which kinda looks like the remote person blocked you. anybody running software from a few weeks ago is left out.

(don't know if that's your scenario, just that it's a thing that's also playing out now.)

avatar avatar

tedu bonked 12 Aug 2019 23:27
original: farhan@mastodon.technology
convoy: tag:mastodon.technology,2019-08-12:objectId=21329990:objectType=Conversation

#opengit clone over ssh just worked...

I had forgotten to close the other end of the pipe(2). That took me 4 days to realize...

avatar avatar

tedu bonked 12 Aug 2019 23:12
original: feld@bikeshed.party
convoy: https://bikeshed.party/contexts/f432dc1c-a5e0-4b8e-99c4-355f733417d6

oh wait I know how it's acceptable: NOBODY COMPILES RUST APPS, THEY DEPLOY WITH DOCKER

That's why nobody complains about this stuff. Building and packaging it is someone else's problem. Doesn't matter if it takes 128GB of RAM and 2 years of wall time, it's someone else's problem. You put on your DevOps shades and smash that docker deploy button and move on with your life ignoring that you have no idea how this software even works or if anyone will ever be able to build a new version

avatar

tedu honked 12 Aug 2019 23:11
convoy: data:,electrichonkytonk-2vW6X23bXX8vk8Px22

Best #metamonday ever. Going to retire the hashtag in honor of this fine day.

avatar

tedu honked 12 Aug 2019 23:02
convoy: data:,electrichonkytonk-QW126JzQbDRPz2N9Y6

Clicked on a link to fedi.absturztau.be, five minutes later I'm still downloading sticker packs and themes... All I wanted is to view one post. I won't post a reaction, I promise.

avatar

tedu honked back 12 Aug 2019 22:48
in reply to: https://honk.tedunangst.com/u/tedu/h/wGs7zDZ532H3J85ZV9
convoy: data:,electrichonkytonk-Mk4N2PyVfZ92bj1V32

OK, enough of that. Not actually interested in logging it all, just wanted to see how far widespread this is. Answer: widespread.

avatar

tedu honked 12 Aug 2019 22:45
convoy: data:,electrichonkytonk-Mk4N2PyVfZ92bj1V32

Nice... Mastodon signs fetches with the key of the individual user receiving the boost or reply. Probably a good argument not to do signed fetches by default. You are sending me excess and identifiable credentials. At least use a per instance key.

avatar

tedu honked back 12 Aug 2019 22:36
in reply to: https://pleroma.soykaf.com/objects/339db668-e582-44f3-ba6e-41634b948eb5
convoy: https://pleroma.soykaf.com/contexts/1dbd5d2d-c3b1-450f-9e0b-47adb5108218

@lain second best is more than enough when first best is so awesome :)

avatar avatar

tedu bonked 12 Aug 2019 22:35
original: lain@pleroma.soykaf.com
convoy: https://pleroma.soykaf.com/contexts/1dbd5d2d-c3b1-450f-9e0b-47adb5108218

Honk is the second best AP implementation (can't dunk on pleroma, sorry)

avatar

tedu honked 12 Aug 2019 22:31
convoy: data:,electrichonkytonk-CZn247f79g9pwlHw2l

General silliness and mumbling. May contain bits of grouse.

Probably a bad idea, but (not quite seriously) considering rejecting signed fetches. There's a robustness argument to secure system design that operations with excess authority should fail. Mandatory principle of least authority. Kinda, I think I'm stretching a bit.

But this is how some systems do work. Accounts with blank passwords require a blank password. If you enter a real password, that's a failure. If it's a public object, then you should fetch it without passing any credentials.

Hopefully, with ocap, this isn't a problem because you'd know whether to obtain a cap or not. You wouldn't accidentally pass along a cap without need.

avatar

tedu honked 12 Aug 2019 22:00
convoy: data:,electrichonkytonk-Z1qzjRT4CTT4S2q59d

Return of the iconic infosec duo: ghostscript and untrusted postscript files.

https://www.openwall.com/lists/oss-security/2019/08/12/4

avatar

tedu honked back 12 Aug 2019 20:54
in reply to: https://shigusegubu.club/objects/5f8439a5-fbb9-45bd-bdcc-fe9986a153d5
convoy: https://shigusegubu.club/contexts/4a73e289-85e1-4ea0-835e-e861391fa2f4

@sylveon flipped the switch to require signed fetches. probably blocked half the fediverse.

avatar

tedu honked 12 Aug 2019 20:00
convoy: data:,electrichonkytonk-tS2G2RxGRnTVl5NJnp

In today's edition of will it federate... CSS classes like <p class="signature">.

Answer: not really.

avatar

tedu honked 12 Aug 2019 19:39
convoy: data:,electrichonkytonk-17L3P9fRsNG1Q1R3cs

Is there any extra metadata I can add to image attachments so that they're scaled to fit nicely on mastoroma, instead of zoomed all the way in on some random section?

avatar avatar

tedu bonked 12 Aug 2019 19:21
original: stsp@bsd.network
convoy: tag:bsd.network,2019-08-12:objectId=6846790:objectType=Conversation

I gotta say the feedback and patches I've #got in my private mail box is super high quality content compared to all the bros with their entitled knowitall opinions on various web sites...

But for now nobody else is seeing it because my preference for #selfhosting is getting in the way of getting a public repo up quickly.

Thank you kn, @gonzalo, @sthen, bentley, semarie, Artturi Alm, @otto, Hiltjo Posthuma, and Thomas Klausner for contributing within the first 3 days of public project history!

avatar avatar

tedu bonked 12 Aug 2019 17:57
original: lain@pleroma.soykaf.com
convoy: https://pleroma.soykaf.com/contexts/4491ab02-1aad-46e3-ad75-783d0f8d5a7b

nature, please don't disturb.

#berlincameraclub #ベルリンカメラ部
DSC01235.jpg

avatar

tedu honked 12 Aug 2019 17:50
convoy: data:,electrichonkytonk-N28p9k3RYz22xk94jj

So how much do I care to implement activitypub signed gets? Just to fill in a thread that's not that interesting? Guess I'll never know what I'm missing.

avatar

tedu honked 12 Aug 2019 17:20
convoy: data:,electrichonkytonk-twWtf6zB2BJ9b843rD

Now this is the #metamonday I signed up for! No mods, no masters!

avatar avatar

tedu bonked 12 Aug 2019 16:15
original: fireglow@social.firc.de
convoy: data:,electrichonkytonk-QPZ3g64kpb944Xf54h

@tedu we must go deeper. compare failed login cycles to writing auth log to disk.

avatar

tedu honked 12 Aug 2019 16:14
convoy: data:,electrichonkytonk-4j3zT2hm3CG7dCCfgG

What if I can't decide? Where's the Goldilocks option for just the right number of sub posts?

avatar

tedu honked 12 Aug 2019 15:57
convoy: data:,electrichonkytonk-QPZ3g64kpb944Xf54h

Oh, geeze, I haven't given you my sshd port take yet.

If you run sshd on port 22, you don't hate your users, you hate the planet. Failed login attempts, even with password auth disabled, still burn CPU crunching hashes, wasting precious electrons. The dinosaurs did not die for your laziness!

avatar

tedu honked 12 Aug 2019 15:42
convoy: data:,electrichonkytonk-9k6VzH8FXYmT12t6P2

Based on the name alone, Ways and Means sounds like it would be a pretty sweet committee.

avatar

tedu honked 12 Aug 2019 14:44
convoy: data:,electrichonkytonk-ZnS7Rsj2M1t6YYNyY2

I thought this was pretty funny.

http://www.basicinstructions.net/basic-instructions/2019/8/11/how-to-find-hope-for-the-future-of-humanity

avatar

tedu honked back 12 Aug 2019 14:43
in reply to: https://bsd.network/users/stsp/statuses/102604477996041605
convoy: tag:bsd.network,2019-08-12:objectId=6837754:objectType=Conversation

@stsp one for every source control system.

avatar avatar

tedu bonked 12 Aug 2019 14:05
original: Dee@fedi.underscore.world
convoy: https://fedi.underscore.world/contexts/480173aa-6a93-4c36-a44c-af6fc0193e2a

avatar

tedu honked 12 Aug 2019 13:42
convoy: data:,electrichonkytonk-12XZFMYw2zH1DX2yQM

Whenever I see Martin Fowler or Bob Martin mentioned, I can never remember which is which.

avatar avatar

tedu bonked 12 Aug 2019 13:35
original: alcinnz@floss.social
convoy: tag:floss.social,2019-08-12:objectId=3842150:objectType=Conversation

Distributing the resulting size to the children turns out to be two-step process. First it needs to know how much space is left over, and then it needs to distribute that out equally to all children so have plenty of whitespace in which to drag the window.

This is essentially the same process used by the deprecated GTKBox.

Fin.

avatar avatar

tedu bonked 12 Aug 2019 13:33
original: enkiv2@eldritch.cafe
convoy: tag:eldritch.cafe,2019-08-12:objectId=11001535:objectType=Conversation

hysteresis & slack http://joshuahhh.com/projects/hysteresis/

avatar

tedu honked 12 Aug 2019 13:03
convoy: data:,electrichonkytonk-rN2KpZm1jR2pMG16D3

"Deceived by Delete and Redraft," a new romantic thriller.

avatar avatar

tedu bonked 12 Aug 2019 13:00
original: tj@altelectron.org.uk
convoy: https://altelectron.org.uk/contexts/57f31fde-e837-4f08-90e4-c355a73743cc

The first paged out zine is excellent

https://pagedout.institute/

avatar avatar

tedu bonked 12 Aug 2019 12:50
original: phessler@bsd.network
convoy: data:,electrichonkytonk-952yf2tSK9l4Fj2184

@tedu as a package builder, I don't think any package measured in single digit hours or less is "too long for bulks".

avatar

tedu honked 12 Aug 2019 06:39
convoy: data:,electrichonkytonk-952yf2tSK9l4Fj2184

The last time we checked in with the openbsd port of alacritty, we learned it required doubling memory limits to compile. As things have progressed, we learn it calls lstat on its own config file ten times per second, cranking up CPU usage. Must be fun to have two dozen such processes running. And also takes 45 minutes to build, which in the grand scheme of things is perhaps too high a cost for regular package builds.

Sometimes people wonder why there are at least a few rust skeptics in the openbsd project. It's not entirely fair to pick one program to represent rust, but I think this is a good example of why, security aside, there's been a less than complete meeting of the minds.

Thread: https://marc.info/?t=156468248200002&r=1&w=2

avatar avatar

tedu bonked 12 Aug 2019 06:31
original: stsp@bsd.network
convoy: tag:bsd.network,2019-08-12:objectId=6837754:objectType=Conversation

Reviewing my current toolkit:

Using #SVN for working on... well, SVN

Using #Git for working on Got

Using #hg for my web sites (including Got's site) and for managing files related to self-employed work and taxes

Using #got for working on OpenBSD

Using #cvs to commit to OpenBSD

Using #fossil to get back to older unfinished work I've done for OpenBSD

#allthethings #vcs

avatar

tedu honked 12 Aug 2019 05:24
convoy: data:,electrichonkytonk-X6Gx98SH4L817l7g65

I just discovered that devtools splits the element inspector vertically for some sites and horizontally for other sites, and I have no idea why this happened or how to change it. Slowly but surely, modern browsers are turning me into my parents.

avatar avatar

tedu bonked 12 Aug 2019 00:51
original: Rude@kys.moe
convoy: data:,electrichonkytonk-4j6n6Q1ZWx73CFxXf9

@tedu I know how to fax thank you tedu.

avatar

tedu honked 12 Aug 2019 00:39
convoy: data:,electrichonkytonk-rgj5ykwrpj6f5FWvJx

Vague post a complaint about something seen elsewhere. Check feed, see similar thing here. Friendly fire, friendly fire!

avatar

tedu honked 12 Aug 2019 00:28
convoy: data:,electrichonkytonk-4j6n6Q1ZWx73CFxXf9

Tired: sharing an article by posting a link.

Wired: sharing an article by posting a screenshot of it.

Inspired: sharing an article by finding a print copy and posting a photo of it.

avatar

tedu honked 11 Aug 2019 21:56
convoy: data:,electrichonkytonk-wVFT79jQ4JcCB4y2Mh

It's not even #metamonday yet.

avatar avatar

tedu bonked 11 Aug 2019 21:40
original: moritzbuhl@bsd.network
convoy: tag:bsd.network,2019-08-11:objectId=6832721:objectType=Conversation

depressing: OpenBSD performance

depressing: OpenBSD performance

I wanted answers. Now I want to forget.
http://bluhm.genua.de/perform/results/2019-08-10T05%3A41%3A55Z/perform.html

WHY! Why is the drop of 100Mbit due to a change in kern_unveil.c

avatar

tedu honked 11 Aug 2019 20:07
convoy: data:,electrichonkytonk-fB956q26wsW2kC1ycP

The price of gas is a Shepard tone.

avatar

tedu honked back 11 Aug 2019 19:36
in reply to: https://georgi.family/objects/37af30e3-743c-4382-91b9-2ca793fa2159
convoy: tag:nulled.red,2019-08-11:objectId=10904051:objectType=Conversation

@patrick read receipts can be useful as a quick ack. Yeah, I saw that. But as stated, if you actually reply "gotcha" at 3am and cause their phone to buzz, they won't like that. You would only need to ack messages if it's important to confirm.

avatar

tedu honked 11 Aug 2019 19:31
convoy: data:,electrichonkytonk-654w6tHTw71n3QRJmB

There is now a Free Meek documentary.

https://www.washingtonpost.com/arts-entertainment/2019/08/10/free-meek-tracks-rappers-lengthy-battle-with-criminal-justice-system-heres-what-we-learned/

avatar avatar

tedu bonked 11 Aug 2019 18:01
original: nolan@toot.cafe
convoy: tag:toot.cafe,2019-08-11:objectId=12439866:objectType=Conversation

New blog post: "High-performance input handling on the web" https://nolanlawson.com/2019/08/11/high-performance-input-handling-on-the-web/

avatar avatar

tedu bonked 11 Aug 2019 17:08
original: flussence@nulled.red
convoy: tag:nulled.red,2019-08-11:objectId=10909878:objectType=Conversation

@knuxify I'm looking for an absolute origin but in the meantime here's someone trying to get email quote usage standardised *in 1999*

https://tools.ietf.org/html/rfc2646

avatar

tedu honked 11 Aug 2019 17:05
convoy: data:,electrichonkytonk-915z4RXC331X19zPg8

Attempts to deploy new media types, such as Text/Enriched [RICH] and Text/HTML [HTML] have suffered from a lack of backwards compatibility and an often hostile user reaction at the receiving end.

avatar

tedu honked back 11 Aug 2019 15:52
in reply to: https://nulled.red/users/flussence/statuses/102596819410817305
convoy: tag:nulled.red,2019-08-11:objectId=10904051:objectType=Conversation

@flussence call your ActivityPub vendor and tell them you want support for the Read activity. Doubt it'll ever happen, but all the protocol parts are there to stick a "mark read" button next to a message which will notify sender.

avatar avatar

tedu bonked 11 Aug 2019 15:38
original: Dee@fedi.underscore.world
convoy: https://fedi.underscore.world/contexts/f10e8c96-0c52-48f1-a332-f2ecf81cf724

on another note, I like that youtube-dl supports Twitter videos, so I can watch them this way instead of enabling js

avatar avatar

tedu bonked 11 Aug 2019 02:23
original: akpoff@bsd.network
convoy: tag:bsd.network,2019-08-11:objectId=6822259:objectType=Conversation

I blogged. Mini Review of tog(1)

"Just tried tog(1), the 'interactive read-only browser for Git repositories' included with Game of Trees. May I just say *swoon*?"

#OpenBSD #got

http://akpoff.com/archive/2019/mini_review_of_tog.html

avatar avatar

tedu bonked 11 Aug 2019 00:31
original: sean@social.deadsuperhero.com
convoy: https://social.deadsuperhero.com/contexts/d51984bb-d52c-43b4-b955-a813c914d40e

How is a Philip K Dick novel like a super burrito?

Both are awesome and both completely fall apart when you get close to the end.

avatar

tedu honked 10 Aug 2019 23:36
convoy: data:,electrichonkytonk-Z4RXcd2F4c11nhsHHy

One would not think compiling a terminal emulator would exceed the default memory limits for a staff user. Unless, surprise twist, it's written in rust.

https://marc.info/?l=openbsd-ports&m=156545846010751&w=2

avatar

tedu honked back 10 Aug 2019 22:54
in reply to: https://p.umbriel.fr/objects/de550f0f-b1f0-4ac1-a7ae-e8c1a2b52284
convoy: https://p.umbriel.fr/contexts/9912ed16-7ba1-4347-bad9-de8b9ea99de8

@nihl quick look at the code indicates it only expects an interface name, but I'm not an expert.

avatar

tedu honked 10 Aug 2019 22:48
convoy: data:,electrichonkytonk-1MZ13KD7934bkz56MW

Elsewhere in #openbsd, from the department of is it good or is it awful... Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto, imported from OpenSSL.

https://marc.info/?l=openbsd-cvs&m=156545252809756&w=2

avatar

tedu honked 10 Aug 2019 22:45
convoy: data:,electrichonkytonk-4B91Sqz7bH6J1Ms4Lw

Wheeee! #opensbd TSC sync for MP systems.

https://marc.info/?l=openbsd-cvs&m=156536401524562&w=2

The long hard road to getting here: https://marc.info/?t=156163735700005&r=1&w=2

avatar

tedu honked 10 Aug 2019 22:39
convoy: data:,electrichonkytonk-P3pf8ZV7n51P2ptyRN

Suddenly feeling the urge to get a new X1 so I can listen to Moving in Stereo in stereo...

https://marc.info/?l=openbsd-tech&m=156545436110103&w=2

https://www.youtube.com/watch?v=BZhfFXEMMI4

avatar

tedu honked back 10 Aug 2019 22:04
in reply to: https://p.umbriel.fr/objects/204fe70c-f30f-44ee-9081-46b71e1161aa
convoy: https://p.umbriel.fr/contexts/9912ed16-7ba1-4347-bad9-de8b9ea99de8

@nihl ha, wow. You have a long macro or something?