honk honcho. i do what i can.
@lanodan I'm not sure it's supposed to be an nntp group or not. They make it look like that because google groups whatever. But it's not really a group? I don't entirely get what groups even is these days.
Here's the mail list homepage: https://lists.mozilla.org/listinfo/dev-security-policy
One more anecdote for the disclosure debate. Team finds TLS vulnerabilities in live systems. Reports to Hacker One. Closed as irrelevant. And, best part, loses cyberhackerpoints for trying. Hurray, responsibility.
Paper here: https://www.usenix.org/conference/usenixsecurity19/presentation/merget
Slide from: https://twitter.com/matthew_d_green/status/1162766559703490560
Trying to read this mozilla dev-security-policy email thread, and... it's absolutely terrible. (the interface.) How is anybody supposed to make heads or tails of what's going on here? The quotes are all messed, sometimes gray sometimes black sometimes hidden entirely. And then this Doug tool decides to reply inline without quote marks? How do people communicate like this? I've seen threads on Mastodon that were easier to follow than this.
Also, how the flying flapjack is this the one and only official archive for a mozilla mailing list?
Anyway, CA cabal doing CA cabal things.
DZ: orange cone
DZ: orange cone
Today's edition of one step forward, two steps back. Wordpress reverting to relying solely on https based security for updates.
Neovim has adopted builds.sr.ht for OpenBSD CI 🎉 welcome to Sourcehut!
@kaniini is that like openbsd spamd where it sets window size to 1 byte and dribbles data before aborting?
Long time ago in a Miami IDC far far far away... #OpenBSD
@fireglow no, I do not believe in liking things. There's bonk (boost) and (zonk) delete.
Someday I will actually make this useable.
Being a network node operator hasn't been this thrilling since the glory days of Usenet.
To make things fun, any software that provides a time remaining estimation for an operation should also provide a counter of accrued error in the estimation as the operation progresses.
Whenever I see a quote I've seen before, I wonder if it's an original quote or a requote. As in, has the person making this quote read the original source (book, paper, etc.) or are they just copying a quote they read elsewhere. I've seen some quotes 100s of times, but always exactly the same. Never the sentence before, never the sentence after, no additional context ever. Curious.
many one-shot style command-line utilities like cal or ls would be better off using sbrk() than malloc(), but alas that only works if you're willing to tie yourself to POSIX since it's not part of libc. the difference is that sbrk() just changes the size of the heap, so everything is linear, there's no fragmentation, and allocation is a very cheap call. you don't actually need to worry about freeing memory unless you're using a *whole* lot of it in unpredictable ways. calling free() when you're just going to exit the program anyway and thereby automatically return all its memory to the operating system is incredibly wasteful.
@kurtm this is a perspective I hadn't much considered, so thank you.
If I've read the knob attack correctly, it breaks paired devices. There have been a lot of practical attacks against Bluetooth pairing in the past, but generally a reliable countermeasure was to go out to your cabin in the woods, pair devices, then disable further pairing, and you'd be mostly safe. No more!
Reply control is coming together...
The idea is that instead of the typical thing where every rando to reply gets a spot on your microblog, only acked posts appear. This is slightly different than liking or sharing, though. It's a silent ack. Like moderated mailing lists of old. And more refined than giant banhammer outright blocking somebody because you don't feel like rehosting their posts.
What appears elsewhere is elsewhere's concern, of course.
A quick rundown of today's usenix crypto security session. With some links to the papers.
@matthew_d_green: Going to chair the best session of the day: “Crypto means cryptography”. But also it’s Usenix so anything could happen.
@matthew_d_green: For all we know, these papers could all turn out to be about fuzzing. Stranger things have happened.
@matthew_d_green: So the first talk is on “mobile private contact discovery at scale”. The idea is to use private set intersection to perform contact discovery for tools like WhatsApp and Signal. Tools with large userbases. https://www.usenix.org/conference/usenixsecurity19/presentation/kales
@matthew_d_green: This is a big problem. Signal has proposed to do it with Intel SGX trusted hardware. This work skips all that and does it with actual crypto. They get a huge improvement over previous works, for contact databases as big as 250 million users.
@matthew_d_green: This work really kicks the performance ball forward. But not quite enough. The authors contacted a major service to see if this could be deployed, and here are the requirements they got back vs. what this work can do. https://pic.twitter.com/dUBiwNfpS6
@matthew_d_green: Our next paper is on fuzzing.
@matthew_d_green: No, I’m kidding! Sort of. Actually it’s on generating verifiable zero-copy parsers so you *don’t* have to fuzz. https://www.usenix.org/conference/usenixsecurity19/presentation/delignat-lavaud
@matthew_d_green: The authors have a formally verified system for generating parsers that aren’t going to be exploitable. This is really hard. They give examples from TLS and Bitcoin. https://pic.twitter.com/1HIP54Is3T
@matthew_d_green: Anyway, aside from the tool: the biggest upshot of this talk for me is that apparently all the zero copy parsers out there being used are not verified. That’s surprising and a bit scary.
@matthew_d_green: This next paper is about “blind Bernoulli trials”. This is a really cool idea that I’m going to have a hard time getting across in a quick series of tweets, but screw it I’ll try anyway. https://www.usenix.org/conference/usenixsecurity19/presentation/connor
@matthew_d_green: So imagine I have a group of people and I want them each to flip a coin so it comes up heads with some chosen probability. We do this all the time with stuff like Bitcoin PoW, where everyone is doing trials and each one will win with some (small) probability.
@matthew_d_green: But in Bitcoin a big feature is that the probability (difficulty level) is known to everyone. What if you want to keep it secret? That’s what blind Bernoulli trials do.
@matthew_d_green: Unlike Bitcoin this requires trusted setup. Each user gets a key from some master authority. When I want you to flip a coin I encrypt some randomness and send it to everyone. Each user combines with their key. They get “heads” with exactly the chosen probability.
@matthew_d_green: I wasn’t able to keep up. But the next talk was extremely cool. Basically, they found a way to convert a deep neural network into a Boolean circuit, so it can be evaluated by two parties using Yao’s garbled circuits. https://www.usenix.org/conference/usenixsecurity19/presentation/riazi
@matthew_d_green: TL;DR it looks like this kind of multi-party machine learning computation is getting freakishly fast.
@matthew_d_green: I mean: the fuzzing people may be exploiting vulnerabilities in HotCRP so these papers could be anything :)
It's funny. I've installed openbsd on laptops, desktops, sparcstations, beaglebones, edgerouters, and more. I am also completely flummoxed and thwarted by the mere thought of trying to reinstall android on a phone.
Just came across a bunch of old photos in a drawer, and it turns out I only know when it was that we last had that much snow in #Freiburg because the same film also had TV screenshots of the Giotto approach on comet Halley. Apparently, that was in March 1986...
Woman on the sidewalk yelling "zweiundeins" at her husband. Hey, now, watch your language!
Here's a simple security privacy thing which I think should be possible, but the rockstars have not aligned.
Was setting up Uber on a new phone (for reasons). I need to enter a credit card. Every app now has a feature where I can take a picture of the card, but this requires camera access. Can be revoked, but requires digging through settings. But all the app needs is a number. Why no option for letting the app read a number through the camera?
A lot of privacy concerns could be alleviated by only providing processed data, not sensor access. Mobile OS service architecture seems built for this as well.
Ah, the Carrier Services error message has been getting slightly more detailed in recent updates, but I'm still not tempted to give away those permissions, especially as I have also disabled the Google Messaging app (using QKSMS for good old standard SMS)...
A feature that auto mutes a thread where any participant posts "untag me".
"But this is a part of history" always sets me on edge.
@stsp interesting. I may need to find time to look. When I implemented annotate, I first thought it would be really hard. How is this even possible? But it turned out to be simple. At least it seemed so. Makes me wonder if it doesn't work right.
I'm sorry. But once I started, it didn't let me stop. https://kristaps.bsd.lv/sblg/examples/brutalist
Oh, friendica, why must you be like this?
The Matasano Crypto Challenges (review)
The Matasano Crypto Challenges (review)
If you don’t have time for the challenges themselves, reading this review a few times until the lessons are internalized may be a good substitute.
> How practical these attacks were. A lot of stuff that I knew was weak in principle (like re-using a nonce or using a timestamp as a ‘random’ seed) turns out to be crackable within seconds by an art major writing crappy Python.
#crypto #development #exploit #programming #security
The long awaited xlogo 1.0.5 update lands in #openbsd!
What's new since 2012? You may now exit the program by pressing
esc instead of requiring
esc. (If you're still on 1.0.4, try it out.)
Also lots of other x updates today. I just found this one particularly amusing. This bug lasted at least seven years between releases. Perhaps an argument for regular time based releases, even if it seems not much has changed.
@flussence never before have I seen sendmail described as "extremely basic".
Our new blog is officially here. Come read about why we left Medium and how we built a crazy fast, privacy-respecting blog just for you.
@kaniini I like the red one in the middle.
What if the antivirus is the virus? Reprint 47585.
If I were King of America, I would make it so every library provided a free course on password managers, and handed out YubiKeys like candy
I would like to announce a public server running #brutaldon: https://brutaldon.online/
Brutaldon is a brutalist, Web 1.0 web interface for Mastodon. You can use it as a client for any instance. Currently you do not need a separate brutaldon account. It is compatible with almost any web browser, including text-mode browsers like lynx, w3m, or eww.
Screenshots, issues tracker, and source code are available at https://github.com/jfmcbrayer/brutaldon.
@lain I like to show off my battery levels and signal strength.
@lain new profile tabs please. Blocked, blocking, mutual block.
My phone also tried to autocorrect Hong Kong to honk king. Glad I caught that; would have sounded a little narcissistic.
Journalism prof: you don't want to cover the Montgomery bus boycott as a transit story
NYTimes: call our tip line to tell us about your canceled Hong Kong flight
Our new MegaSecureZ laptop has a hardware kill switch for the keyboard to disable key loggers.
@feld oh! Lain likes cilantro. writes that down in my note book
Saw the worst hashtag, thought eh, so there's nothing to it, cute I guess. Hovered the link. Oh...
the worst hashtag
the worst hashtag
Two flash clips, a flash emulator, a flash programmer, surface mount soldered test points, oscilloscope probes, cat5 crossover cable, and both a TTL serial adapter as well as an RS232 serial adapter with null modem & genderchanger. Finally got my emacs setup just how I like it.
Why is Berlin expensive? This is very inconvenient, and I must say, quite inconsiderate.
A little more Baltimore malware commentary. This seems like an angle that won't get much coverage. If you run up a large bill, and never receive it, you may not be liable for penalties, but you still need to pay the principal, and maybe you haven't been diligently saving for that event. Another cost pushed down.
@matthew_d_green: We’re getting our first water bill since Baltimore got ransomwared this Spring. Apparently it’s expected to be so large that people will have trouble covering it.
@matthew_d_green: The cost of this thing is just phenomenal. I understand the arguments around not paying ransoms, but if you’re going to go down that road you’d better have your IT security figured out.
@matthew_d_green: In Baltimore all the qualified devs work for the NSA or are busy writing spyware for the UAE, unfortunately.
@hypolite similar to how some forums don't show scores until after a delay, it would be an interesting experiment to have a discussion where posts don't become visible to nonparticipants for 24h. Have your argument, but know nobody will be applauding your dunks.
Or (and?) maybe one where replies must be approved. The norm would be to approve it (and community would learn not to engage with censors), but if it's unkind, it simply never appears.
@tedu Go away or I will replace you with a very small shell script.
$ grep xman .profile
alias xman="MANPAGER=mupdf man -T pdf"
@tedu ah, oops, seems there was a many way tie for 2nd, but things seem to be rolling now. cursed concurrency!
xman retired today.
@lain oh, I love this game! Is it the one on the sixth square without a hat?
This post has expired
I missed the 30th anniversary of the release of The Abyss by a week. Anyway, enjoy this article about the making of the film. It wasn't fun.
Super weird ActivityPub observation. Friendica instance. When fetching object via AP, json has 8 actors in cc. When fetching the outbox, same object exists but has 9 actors in cc, same 8 as before, plus me! No idea what's going on. But kinda funny.
humerous technology rant, xserver bullshit, :archlinux:💯💯💯memery💯💯💯
humerous technology rant, xserver bullshit, :archlinux:💯💯💯memery💯💯💯
When you get a new laptop, and install arch, but the media keys are all fucked up because they have ID's higher than 255 and X server is 8-bit for some reason...
So you have to use
evdev to test the keys individually for the hardware "scancode," then
xmodmap -pke to list all the software *key*codes and then you have to manually scroll through the 255-8 (for some reason) keycodes and their functions to find the right ones you want.
Then you have to use
setkeycodes [scancode] [keycode] to rebind them manually HOWEVER you have to subtract 8 from the keycode number because for some reason beyond human comprehension the kernel decides to add 8 to the keycode.
this is such a windows-tier problem my lord
Is there a non clickbait actually semi informative article about this iphone contacts sqlite exploit?
Screenshot of xman demonstrating the responsive design of the Xt toolkit.
Book recommendation, HTTP/2
Book recommendation, HTTP/2
In light of the recent HTTP/2 CVEs, here’s another book recommendation: if you want to learn a bit more about this protocol, Learning HTTP/2 is a decent choice.
It’s beginner-friendly enough to be accessible to people who didn’t really looked into most L7 protocols, and it’s a very easy read if you already have some HTTP/1.1 and TCP knowledge.
You can apparently get it DRM-free from ebooks.com, though there’s a mention of a “digital watermark” and I have no idea what that really is.
New blog post: "Browsers, input events, and frame throttling" https://nolanlawson.com/2019/08/14/browsers-input-events-and-frame-throttling/
A follow-up to my blog post from a few days ago, where I go possibly-way-too-deep into how browsers actually fire input events.
Presented without comment
Wolverine: Origins is playing on AMC. The American Movie Classics channel. Truly the darkest timeline.
Mobile safari reader mode is astonishingly bad at picking content out of honk. Not even an option on most pages (fine), but when available and selected it randomly chooses about two posts and ignores all the others.
I've seen this on enough other sites to wonder, what in the world does Apple have in their testsuite for this feature? Exactly one nytimes article about the launch of the first iPhone?
@lain destroying people's lives with your default http links.
cpio user spotted in the wild!
pol, computer security
pol, computer security
"Who Should Secure Congressional Campaigns?" by Maciej Ceglowski https://idlewords.com/2019/08/who_should_secure_congressional_campaigns.htm
Interesting, even-handed take on a tricky problem. Good follow-up to his last post on the topic.
#OpenBSD -stable binary packages are now a thing!
@feld your compliance is appreciated, citizen.
The view from an ancient defensive tower
2.3. In this screen, there are at least 2 "secret cheat codes" (key combinations which do things), one being the tab key to learn more about the error and the other being ctrl+d to enable debug mode. In order to make these not secret, there needs to be some key combo which displays all other key combos and that key combo needs to be displayed somewhere on that screen.
I thought this comment was hysterical. But also true. If you haven't read the paper, it's good.
@tqbf: Best paper at WOOT is a zip bomb? This must be a hell of a zip bomb.
I actually wish pledge/unveil would be a thing on linux because of GNOME.
Anyone remember back in like 2002 when you could crash xchat by sending it a string of chars?
It keeps happening. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010238
Only real millennials know that's the Real World Philadelphia house.
Wasn't expecting to see this...
Address: 249 Arch St
@lanodan this is very hit or miss. I've had no trouble in several years except for one incident with outlook.com (gah!) quickly resolved. (And they were kind enough to send me a reject email with an appeal link.) But the general opacity of hidden block/drop lists is very fedi.
I accidentally bought a Lenovo X1 Carbon 7th gen. How?
I went to Costco to buy an #X1C6 to replace the one I returned months ago. Turns out Costco silently upgraded their stock to the #X1C7 ... for the same price. \o/
But, now I'm on the bleeding edge. The #X1C7 has the Intel 9560 wireless chip ... soldered to the mobo.
Brand new, cutting edge laptop, USB wifi dongle.
I need to buy @stsp beer or coffee.
@flussence assymetric routing... WiFi down, cellular up. Just a little ospf and bgp in the mix and you're really set. Totally reasonable for home net.
@fireglow not yet!
Stupid building code
Stupid building code
It's so great that the humidity-sensing fan switches I'm required to have in my bathroom to save energy while preventing mold come on constantly when my air conditioner is on, exhausting all the conditioned air to the ouside and sucking in hot air. So this requirement in the name of saving energy actually wastes it.
I'm illegally replacing them with timer switches while wishing death on every moron who supported that bullshit requirement.
@tedu I wonder if I could trigger chrome into detecting my pages into thinking it's klingon even if I define the lang.
Apparently the word "paleoprogramming" appearing on a page triggers chrome language detect into suggesting a translation from Afrikaans. (I think that's the keyword; doesn't always work. I'm sorry this isn't an exact science.)
the only federated network that actually has any security is
@GeoffWozniak I'd rather read documentation in a word document off a hard drive platter with an electron microscope than use GNU Info
Nice. After removing the split chrome still only uses half the screen. Other half is blank.
Running two browsers split screen on my phone. Seems pretty pointless, but iPhone won't let me do it, therefore I must. Anyway, rendering in chrome looks better than Firefox, especially apparent side by side. Thank you for reading my in depth review of Android.
@cj I see you've observed me trying to use the recent Spotify update.
Comment 10 here is big ouch.
@lanodan I never noticed they use BSD section numbering instead of SysV.
If you have more time than sense, here's a thread about iota with lots of crypto guy replies.
"Girl there's no variable" sounds like a sassy compiler error.
@opal not super different (depending on who you ask) but some features are added or removed between lua versions. A lot of people liked 5.1 and settled on it. Kind of a python 2/3 split.
Stumbled across this. No Mastodon one click installer for digital ocean because intel MDS isn't fixed. I'm not sure if there's a soundbite moral to the story, but just take a moment to reflect on the path that lead us here. The circumstances which created a scenario where this could occur.
HTTP/2 resource exhaustion coming only two months late for the tenth anniversary of slowloris.
@feld the nature of your deviancy has been identified. :) see irc.
@feld the experiment requires that you continue.
@feld every one of your posts fails HTTP sig verification. started around 1:00 eastern. I had to poll your outbox like an animal just to get this. I have a bit more logging now, so we'll see.
@feld speaking of, did you roll your RSA key or something in the past hour?
How does one even manage to take a screenshot with a potato?
The vBSDCon 2019 conference is Sept 5-7 in Reston VA.
The schedule has been added to the website: https://www.vbsdcon.com/schedule/
The Early Bird registration of $100 closes on Aug 15 (Thursday this week).
See you there.
#FreeBSD proposes a firm timeline for full removal of #gcc from base: https://lists.freebsd.org/pipermail/freebsd-arch/2019-August/019674.html
#clang #llvm #compiler #toolchain
@sir asprintf is likely the worst possible example to make this argument.
@vi that's how reddit got started!
Is France a Cyber Superpower Yet? Short read, not bad.
State of the security is :sad trombone:. I still get kinda excited about crypto attacks that steal keys because they'll still be relevant when (if) we ever get working silicon, but that's just me.
@matthew_d_green: Is Intel’s plan just to let security researchers fix this one side channel at a time, on billions of production processors? https://twitter.com/kurmus/status/1159859369804259330
@matthew_d_green: If Intel built airplanes I feel like we’d be losing one every three months, with the company saying “yes, this is pretty much how it’s going to be for the next five years.”
@matthew_d_green: Thank god “the bad guys” aren’t very smart.
@matthew_d_green: Also, from a cryptography perspective these attacks are very annoying. Who’s going to get excited about your 100-million query attack that extracts a single EdDSA private key when right now you can dump like the whole kernel memory space.
@matthew_d_green: If I was a state sponsored attacker I wouldn’t even bother doing the research. I’d just hack like two or three academic teams’ email servers.
@fireglow I guess it's ok. I'm not really the DNS police, though.
@opal fyi your dnssec on amine.website looks busted.
@lanodan old habits, I always liked doing things separately, but yeah, it bites me sometimes.
@tedu Or hg pull -u
After running hg pull, remember to run hg up before make. Works better that way.
The cumulative distribution function (CDF) of page load time (PLT) is a very nice visualization I haven't seen used before. The rest of the article is kinda meh, amp, but I liked seeing this. Good choice of presentation.
Design and Evolution of C-Reduce
Design and Evolution of C-Reduce
> Since 2008, my colleagues and I have developed and maintained C-Reduce, a tool for programmatically reducing the size of C and C++ files that trigger compiler bugs. C-Reduce also usually does a credible job reducing test cases in languages other than C and C++; we’ll return to that later.
Part 2: https://blog.regehr.org/archives/1679
#c #compiler #development #fuzzing #programming #testing
I just decided it was time to list Rhapsode alongside Lynx, Dillo, and NetSurf as a smaller engine you can help grow by making sure your pages look (or in Rhapsode's case, sounds) decent in them.
But definitely, test in Firefox and Safari/Midori/GNOME Web/Odysseus/etc too! Whatever you do don't just test your pages in Chrome, I fear a Google monopoly.
Here's my other asks: https://odysseus.adrian.geek.nz/developer/web-bloat.html
Made with @krita - You can support this awesome Open Source Software here --> https://krita.org/en/support-us/donations/. #art #illustration #mastoart #krita
Every day I work with teams building custom widgets. They almost always fail to spec them well. An effort: http://adrianroselli.com/2019/08/basic-custom-control-requirements.html
@sylveon mastodon recently added a thing where even public posts require a sort of authentication (signed get request). otherwise you get an error, which kinda looks like the remote person blocked you. anybody running software from a few weeks ago is left out.
(don't know if that's your scenario, just that it's a thing that's also playing out now.)
#opengit clone over ssh just worked...
I had forgotten to close the other end of the pipe(2). That took me 4 days to realize...
oh wait I know how it's acceptable: NOBODY COMPILES RUST APPS, THEY DEPLOY WITH DOCKER
That's why nobody complains about this stuff. Building and packaging it is someone else's problem. Doesn't matter if it takes 128GB of RAM and 2 years of wall time, it's someone else's problem. You put on your DevOps shades and smash that docker deploy button and move on with your life ignoring that you have no idea how this software even works or if anyone will ever be able to build a new version
Best #metamonday ever. Going to retire the hashtag in honor of this fine day.
Clicked on a link to fedi.absturztau.be, five minutes later I'm still downloading sticker packs and themes... All I wanted is to view one post. I won't post a reaction, I promise.
OK, enough of that. Not actually interested in logging it all, just wanted to see how far widespread this is. Answer: widespread.
Nice... Mastodon signs fetches with the key of the individual user receiving the boost or reply. Probably a good argument not to do signed fetches by default. You are sending me excess and identifiable credentials. At least use a per instance key.
@lain second best is more than enough when first best is so awesome :)
Honk is the second best AP implementation (can't dunk on pleroma, sorry)
General silliness and mumbling. May contain bits of grouse.
Probably a bad idea, but (not quite seriously) considering rejecting signed fetches. There's a robustness argument to secure system design that operations with excess authority should fail. Mandatory principle of least authority. Kinda, I think I'm stretching a bit.
But this is how some systems do work. Accounts with blank passwords require a blank password. If you enter a real password, that's a failure. If it's a public object, then you should fetch it without passing any credentials.
Hopefully, with ocap, this isn't a problem because you'd know whether to obtain a cap or not. You wouldn't accidentally pass along a cap without need.
Return of the iconic infosec duo: ghostscript and untrusted postscript files.
@sylveon flipped the switch to require signed fetches. probably blocked half the fediverse.
In today's edition of will it federate... CSS classes like
Answer: not really.
Is there any extra metadata I can add to image attachments so that they're scaled to fit nicely on mastoroma, instead of zoomed all the way in on some random section?
I gotta say the feedback and patches I've #got in my private mail box is super high quality content compared to all the bros with their entitled knowitall opinions on various web sites...
But for now nobody else is seeing it because my preference for #selfhosting is getting in the way of getting a public repo up quickly.
Thank you kn, @gonzalo, @sthen, bentley, semarie, Artturi Alm, @otto, Hiltjo Posthuma, and Thomas Klausner for contributing within the first 3 days of public project history!
nature, please don't disturb.
So how much do I care to implement activitypub signed gets? Just to fill in a thread that's not that interesting? Guess I'll never know what I'm missing.
Now this is the #metamonday I signed up for! No mods, no masters!
@tedu we must go deeper. compare failed login cycles to writing auth log to disk.
What if I can't decide? Where's the Goldilocks option for just the right number of sub posts?
Oh, geeze, I haven't given you my sshd port take yet.
If you run sshd on port 22, you don't hate your users, you hate the planet. Failed login attempts, even with password auth disabled, still burn CPU crunching hashes, wasting precious electrons. The dinosaurs did not die for your laziness!
Based on the name alone, Ways and Means sounds like it would be a pretty sweet committee.
I thought this was pretty funny.
@stsp one for every source control system.
Whenever I see Martin Fowler or Bob Martin mentioned, I can never remember which is which.
Distributing the resulting size to the children turns out to be two-step process. First it needs to know how much space is left over, and then it needs to distribute that out equally to all children so have plenty of whitespace in which to drag the window.
This is essentially the same process used by the deprecated GTKBox.
hysteresis & slack http://joshuahhh.com/projects/hysteresis/
"Deceived by Delete and Redraft," a new romantic thriller.
The first paged out zine is excellent
@tedu as a package builder, I don't think any package measured in single digit hours or less is "too long for bulks".
The last time we checked in with the openbsd port of alacritty, we learned it required doubling memory limits to compile. As things have progressed, we learn it calls
lstat on its own config file ten times per second, cranking up CPU usage. Must be fun to have two dozen such processes running. And also takes 45 minutes to build, which in the grand scheme of things is perhaps too high a cost for regular package builds.
Sometimes people wonder why there are at least a few rust skeptics in the openbsd project. It's not entirely fair to pick one program to represent rust, but I think this is a good example of why, security aside, there's been a less than complete meeting of the minds.
Reviewing my current toolkit:
Using #SVN for working on... well, SVN
Using #Git for working on Got
Using #hg for my web sites (including Got's site) and for managing files related to self-employed work and taxes
Using #got for working on OpenBSD
Using #cvs to commit to OpenBSD
Using #fossil to get back to older unfinished work I've done for OpenBSD
I just discovered that devtools splits the element inspector vertically for some sites and horizontally for other sites, and I have no idea why this happened or how to change it. Slowly but surely, modern browsers are turning me into my parents.
@tedu I know how to fax thank you tedu.
Vague post a complaint about something seen elsewhere. Check feed, see similar thing here. Friendly fire, friendly fire!
Tired: sharing an article by posting a link.
Wired: sharing an article by posting a screenshot of it.
Inspired: sharing an article by finding a print copy and posting a photo of it.
It's not even #metamonday yet.
depressing: OpenBSD performance
depressing: OpenBSD performance
I wanted answers. Now I want to forget.
WHY! Why is the drop of 100Mbit due to a change in kern_unveil.c
The price of gas is a Shepard tone.
@patrick read receipts can be useful as a quick ack. Yeah, I saw that. But as stated, if you actually reply "gotcha" at 3am and cause their phone to buzz, they won't like that. You would only need to ack messages if it's important to confirm.
There is now a Free Meek documentary.
New blog post: "High-performance input handling on the web" https://nolanlawson.com/2019/08/11/high-performance-input-handling-on-the-web/
@knuxify I'm looking for an absolute origin but in the meantime here's someone trying to get email quote usage standardised *in 1999*
Attempts to deploy new media types, such as Text/Enriched [RICH] and Text/HTML [HTML] have suffered from a lack of backwards compatibility and an often hostile user reaction at the receiving end.
@flussence call your ActivityPub vendor and tell them you want support for the Read activity. Doubt it'll ever happen, but all the protocol parts are there to stick a "mark read" button next to a message which will notify sender.
on another note, I like that youtube-dl supports Twitter videos, so I can watch them this way instead of enabling js
I blogged. Mini Review of tog(1)
"Just tried tog(1), the 'interactive read-only browser for Git repositories' included with Game of Trees. May I just say *swoon*?"
How is a Philip K Dick novel like a super burrito?
Both are awesome and both completely fall apart when you get close to the end.
One would not think compiling a terminal emulator would exceed the default memory limits for a staff user. Unless, surprise twist, it's written in rust.
@nihl quick look at the code indicates it only expects an interface name, but I'm not an expert.
Elsewhere in #openbsd, from the department of is it good or is it awful... Work towards supporting Cryptographic Message Syntax (CMS) in libcrypto, imported from OpenSSL.
Wheeee! #opensbd TSC sync for MP systems.
The long hard road to getting here: https://marc.info/?t=156163735700005&r=1&w=2
Suddenly feeling the urge to get a new X1 so I can listen to Moving in Stereo in stereo...
@nihl ha, wow. You have a long macro or something?