The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor.
The AI zeitgeist is rooted in white men being so worried that they are on the verge of having to trust the expertise of people who aren’t just like them that they would rather get their information from a wrong robot./blockquote>
Fuck yeah I feel some smugness about that, theydies and gentlethems and glitterkittens! Nobody pays me to be a business consultant, but sometimes I do it anyway, for the sheer pleasure of being right on the internet. If you squint and hold your eyes correctly while you look at this situation, Zuckerberg personallylost thirty billion dollars of net worth in one day for not being an ErosBlog reader. And ErosBlog is totally free! So, you know, fuck that guy. Fuck him in particular.
I've long thought about how seemingly subtle changes in UX of online applications can have dramatically different impacts on the social dynamics of the community that surrounds them. This is a great read on that: Every Game Has the Community It Deserves
Liebreich: The Unbearable Lightness of Hydrogen. Good reiteration of something you already know: the "hydrogen economy" is greenwashing bullshit from the existing natural gas and petroleum producers, and makes zero sense, because of physics.
How to create a secure random password with JavaScript. Probably stuff you know, about modulo bias and using decent sources of randomness and so forth (although at least one of my little one-off (non-JS) scripts that manages one of my personal sites has random number collisions far more often than I think it should for reasons I've never bothered to fix because it's just an annoyance, but...), but it's in one place.
I tried Arc Search, the new mobile app from the Browser Company. Its central insight is that almost every mobile browsing session starts with a web search; rather than giving you the usual list of results, it prioritizes building a web page for you that contains all the information you asked for.
In a new announcement, Ring to now require warrants to share your video with law enforcement
This week, we are also sunsetting the Request for Assistance (RFA) tool. Public safety agencies like fire and police departments can still use the Neighbors app to share helpful safety tips, updates, and community events. They will no longer be able to use the RFA tool to request and receive video in the app.
As I was copy-and-pasting to re-toot a Mastodon post on to my blog, I had a huge moment of... I appreciate that there are a few folks I interact with on Flutterby. I do occasionally use it as long-term memory, although with the decay of the web I'm not sure how much value that has any more.
I've got a few bugs in my CMS that I've been threatening to fix for years, but maybe the social web's time is over and it's time to just do something else with the domain names.
Right now, users seem keen at using the current set of LLMs, throwing some curl code at them and then passing on the output as a security vulnerability report. What makes it a little harder to detect is of course that users copy and paste and include their own language as well. The entire thing is not exactly what the AI said, but the report is nonetheless crap.
A cold-blooded project is like the baby painted turtle. You can freeze it for a year and then pick it back up right where you left off.
A cold-blooded project uses boring technology. The build and test scripts don’t depend on external services that might change, break, or disappear entirely. It uses vendored dependencies.
Of the programming languages I use, Perl seems to be the best at this. C is okay. C++ less so (wait, that library interface changed again?). JavaScript and Python seem to be awful.
Maestro is a monolithic kernel, supporting only the x86 (in 32 bits) architecture for now.
At the time of writing, 135 out of 437 Linux system calls (roughly 31%) are more or less implemented. The project has 48 800 lines of code across 615 files (all repositories combined, counted using the cloc command).
Matt Thomas] wanted to answer the question of whether 3D printed structures can be food-safe or even medical-safe, since there is an awful lot of opinion out there but not a lot of actual science about the subject. As a mechanical engineer who dabbles in medical technical matters, he designed as series of tests using a wide range of nasty-sounding pathogens, to find once and for all what works and what does not.
Results from various testing methods used in hospitals and FDA approved microbial surface testing, indicate that 3D printed parts of PLA/PLA+ (Polylactic Acid), and PETG (Polyethylene terephthalate glycol) can be cleaned to safe levels using warm water (120 °F), and non-concentrated dish soap. Examination and verification of cleanliness were completed via Petri dish preparations, and protein residue testing. It was found that Colony Forming Units (CFU) and Plaque Forming Units (PFU) had been reduced by 90%. Experimental results indicate that using 2g of baking soda, when used with soapy water, eliminates biofilms by chemical and physical action, neutralizes acidic bacteria, and removes mucus. It is recommended (not required) and tested by surgical technicians, that a 2-minute room temperature bleach water soak (200ppm), after washing and rinsing should be done to ensure pathogens are at safe levels. Acetic acid from vinegar was tested as well via petri dish for CFU reduction and can effectively eradicate biofilms due to the ability to penetrate the biofilm matrix and the cell membrane. Acetic acid is not recommended for disinfecting, only for biofilm reduction. It is noted to the reader that sanitation in this context refers to the method of bringing a surface or object to safe levels of cleanliness for food or medical preparation and storage. Furthermore, mass spectrometry readings indicate that no contamination from heavy metals, or other toxins are present in PLA+, and PETG before and after printing. Lastly, filaments made from a pull-trusion method from recycled soda or water bottles has been tested and found to be safe.. When using 3D-printed items for liquids, it is highly recommended to coat the 3D-printed parts in resin.</bockquote>
I've recently been diving back into the C++ code which generates some of my other web sites, and am tearing my hair out (yes, I'm bald) trying to get code which compiles on Linux running on the Mac as well. Which is frustrating, especially when I'm trying to figure out which incantations are necessary to get Boost compiling property on gcc vs clang, let alone other library issues (Hello GNU libcgipp...).
In fact, the right-wing Institute for Family Studies lurks throughout the editorial, along with its senior fellow Brad Wilcox, who was involved in discredited anti-same-sex marriage research that was influential in that political battle a decade ago. Together, the Post references or links to them three separate times in its editorial. (The IFS argument about marriage happiness is flawed too, by the way.)
Yeah. Young women: don't. While I'm very grateful to those who have tolerated some of my views over time, we should definitely not be encouraging anyone, let alone young women, to compromise with some of that shit.
When we enter into business with a company whose boss takes delight in the mass layoffs of tech workers because it disempowers those who might speak out against their company keeping a list of non-Anglophone names that some members of the team find hilarious, we have a decent sense of who we’re dealing with.
For example, one pitch in particular was for a product which promised to remove the need for me to write SQL in exchange for being able to set up all my dependencies from a drag-and-drop editor, with the sales pitch consisting of "You can get rid of thousands of lines of all that SQL you hate!" - no I can't, fucko, because your application is still connecting to Postgres so it's just writing the SQL for me with another layer of licensed abstraction on top of it. Why would I pay to have more abstractions designed for you to sell software to multiple clients, you blue-suited dementor? Eight times out of ten, I want to pay you to remove them from my codebase.
The attack was last Tuesday, November 7. According to AlphV, they did not encrypt any files, but did exfiltrate files. MeridianLink was aware of it the day it happened. According to AlphV, no security upgrades were made following the discovery, but “once we added them to the blog, they have patched the way used to get in,” DataBreaches was told.
The fundamental flaw with pitching CoPilot as a massive productivity boost is that its goal is to make it faster and easier to generate code.
As a programmer, you don't want to generate code. You want to solve problems; the less code involved the better. I don't want tools that will generate repetitive code, I want less repetition.
While my managers are very happy, they quietly suggest it may be unwise to roll out the changes to all the computers (I only did a few to be safe) because it would oversaturate the department to hear about us all day. And invite unwelcome questions. The subtext is that if we do this all slowly enough, it might seem like it took a lot of effort instead of just clicking buttons that I said had to be clicked almost a year ago.
Terence Eden's blog: EBCDIC is incompatible with GDPR. Bank customer complained that their name wasn't being spelled with the appropriate diacritical/accent marks. GDPR says that "The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her."
Bank says "we can't, because EBCDIC technology stack". The Court of Appeal of Brussels says "tough".
I've long been of the "own your own data" mindset, as is obvious from this blog that's been going for two and a half decades, and I've long thought that a distributed P2P sort of system that didn't depend on the DNS system for identity, and didn't require explicit hosting, would be a good thing. Decades of link rot have me thinking about archives, the centralization of social media has me thinking about how much of my conversations are guided in directions that "drive engagement" and sell to advertisers.
The growing Fediverse and Mastodon phenomenon are re-surfacing a lot of the issues involved with distributed social media, and the cryptocurrency fad displayed a lot of the problems P2P stuff, but security and safety are filtering higher to the list.
“These contracts offer innovative ways to build applications and processes,” Tal wrote along with his Guardio colleague Oleg Zaytsev. “Due to the publicly accessible and unchangeable nature of the blockchain, code can be hosted ‘on-chain’ without the ability for a takedown.”
With God as my witness, the next son of a bitch to mention Agile is going to get hurled into the ground so hard that I'm going to publish a seismology paper in Nature with the data.
Today, we share -with the community at large- our policy to not work with Moglen or SFLC. We have chosen to speak publicly on this matter because we feel we have an obligation to warn volunteers and activists in software freedom that this pattern of reported behavior exists. Of course, everyone should read the publicly available source materials and make their own decisions regarding these matters. While we loathe to publicly speak of these unfortunate events, the decades of ongoing reports of abusive behavior & and the risk that behavior creates for unknowing members of the Free Software community ultimately requires that we no longer remain quiet on this issue.
Checkmarx reports that the malware used in this campaign goes a step further from typical info-stealing operations, engaging in app data manipulation to perform a more decisive blow.
This does make me wonder how much climate impact Electron (React, etc.) have. I bet it’s a bigger number than the AI usage we’ve been hearing about, but probably still measured in hundredths of a percent of, say, fast food burger consumption:
Back when the Internet was much younger than it is now, Johannes Ernst published a mechanism for allowing someone to use a website to log into another website, called LID. Much like "log in with Google or Facebook" is today. I saw it, thought it was a good idea, and implemented it for my blog. Shortly afterwards, Brad Fitzpatrick at Six Apart implemented something similar for LiveJournal, and discussions about creating standards started happening.
I was part of these discussions, and remember asking for a single feature to support a single use case, one that I thought was the most immediate and obvious use case. The conversation wheeled into places I didn't care about, that I thought were way overly complex and byzantine, but I thought "there's no way that my one feature won't make it into the spec".
So I tuned out. Ended up writing some authentication software for a portion of the spec that had been finalized, published that, got a whole lot of "but that's not how it should work!" feedback, said "well, that's what the spec so far says, and y'all are part of that process, so..."
Anyway, the short(!) version is that by the time the OpenID spec came out, it didn't have my one feature, the one thing that would have made the use case of "use this identity to comment on a blog" super easy. Had a *whole* lot of other complexity though.
So I think about this a lot as one of the failures of my career, of not wading through all of the social bullshit and maneuvering, and of failing to get my feature in, and how that lack of a feature led to slowed adoption and to my mind the failure of OpenID to create the sort of meaningful change I thought it should have.
And I think a lot about the mechanisms and processes by which the successful products and standards of my career have occurred.
I had lunch yesterday with someone who has way more experience in local politics than I do. Who's been in the trenches for years, in multiple places, with some pretty challenging projects. The discussion was great, and went on for a long time, and it's bringing up a lot of questions for me.
Measure U has given Petaluma a brief respite, but sales taxes are a crappy way to fund a city, and the city is cash-flow negative without it. There are a number of reasons for this, probably more complexity than I understand.
The core one is the basic issue with American sprawl: lots of people bought into the racist auto-oriented suburb development pattern propaganda, and as a result we have a lot of geometry that's impractical to navigate without an automobile, with all of the costs of infrastructure per resident that stems from that.
A contributing factor is Prop 13. Beyond screwing individual ownership and young people, it specifies how funds get split between cities, counties, and schools in a way that if a city was doing fairly well at the time it was passed, the city got a smaller proportion of the property taxes relative to those other two. Petaluma was doing *great*. It doesn't get much of the property taxes these days.
The culture of Petaluma is also one of activism and consensus. I've often commented that if you've got 3 Petalumans interested in a cause, you've probably got 4 non-profits. Many of these efforts are successful. The moratorium on new gas stations is something that I didn't think was practical, and yet it happened.
Projects here get studied to death. Getting change enacted takes decades, and wears people the fuck out. Charlene and I are currently involved in Mountain View Ave safety improvements, and as we knock on doors and go up and down the street we hear "oh, yeah, I've been asking for [X] for 30 years, and we've only gotten an increased speed limit. But good luck on your efforts."
There was a recent Grand Jury report over how the city has structured its Planning Department for outsourcing, the conclusion of which was that the city has created an incentive for the Planning Commission to create too much opportunity for public comment and feedback, to bill the developers for endless public meetings.
And Petaluma lately does not have a good record on development. Before we got here, the city got screwed by a bunch of car lots in a deal so complex nobody knows what actually happened. We have two big-box developments that got watered way down by consensus, created a lot of traffic and haven't brought the promised revenue,. One large residential development that was supposed to be mixed-use with a walkable retail core has been watered down to a hotel in a sea of single-family homes in with an exit from the area that crosses a railroad track, but somehow we're gonna build a bridge that dumps some huge number of cars into this residential area.
Petaluma does have a fantastic asset: Back in the day of the automobile, a very popular mayor proposed bulldozing a bunch of downtown in order to widen the main drag, there was pushback, and eventually some city assistance in restoring the iron fronts to the downtown buildings created a quaint downtown district. The sidewalks aren't as wide as they once were, but it's there. And even more recently, during my time here, the main drag was reconfigured from two lanes each direction to one lane, which makes it more pleasant to walk downtown.
And right before we moved to town, downtown was expanded with a movie theater, some more retail, a parking garage, and a little bit of residential. And is configured in a way that does provide some more public gathering and foot traffic spaces, the sorts of spaces that build community, where you might walk and run into people you know.
Of course there's also still a lot of downtown that's a remnant of the old days: many buildings that were there in the early '60s were demolished or burned down, and redeveloped into large parking lots with one story buildings. A lot of banks.
Back to the lunch conversation: There's a vacant lot in between old downtown and new downtown. Used to be a gas station. I believe that the first hotel proposal on this site went before the Planning Commission in 2008, and that developer is a local who was pitching his idea for several years prior. It's been around for a while. Meanwhile, the lot has been vacant. Various aspects of the city jerked the developer around for a long time, some wrangling over parking aspects that weren't openly documented. The developer finally said (as developers often do), fuck it, I'm gonna sell to someone who has the assets to fight this project through.
That developer came back and said "yeah, I can't make it work unless it goes up a story", and started writing checks to the outsourced (remember that Grand Jury report that suggests too much public engagement) city Planning Department to write up a proposal for a Zoning Overlay that would create an incentive, in the form of height, for that lot, and some of the other ugly asphalt and one story buildings, to be developed.
The Planning Department folks aren't political, they saw a catalyst for change and brought forward a proposal. And *all* of the ugly came out.
So the conversation was about the processes of building city plans for an area. How to do public consensus building. How the Central Petaluma Specific Plan was developed. And as I went to sleep with all of this in my head, I started wrapping back to that OpenID discussion.
Because it's great to have a goal of public consensus, but that also privileges the people who have time and resources to spend endless meetings going back and forth. It's great for everyone to feel included, but after a while the people who actually do stuff go off and start doing stuff in the places they can do stuff.
And how in the end what we end up with may not be great.
Anyway, Charlene and I are going to sit down and read the Central Petaluma Specific Plan closely, because that's a plan that covers the Theater District, which I believe has a far too low residential to retail ratio but generally feels like an okay direction, and Riverfront, which I see as a massive failure for the city, and a bunch of vacant lots with proposals that aren't inspiring.
But I'm also interested in learning more about municipal decision-making processes in cities that work. Because I like the story of the big consensus building process, but does it give us a city with character? A livable city? Or does it give us a city in which it takes decades to improve livability, and bland out the culture such that it really doesn't matter if you get a Round Table or a Pieology?
What creates a culture in a city? If you create more retail, does that really drive the price of retail up as everybody wants to open a wine bar, or does the higher supply mean that nobody wants to rent in the old buildings that still don't have good fire suppression systems and other modern amenities, and lead to a downtown slum?
I mean, I realize that this is a complex system, that the macroeconomic effects of creating a vibrant city mean that housing and retail interact in ways that simple supply and demand don't apply in obvious ways.
But I find myself looking at a mess, with a bunch of different narratives of what's wrong, how to fix it, how different portions of the residents of the city get served, and how various former residents get driven out, and am trying to see what kinds of processes will actually build the kind of city I aspire to live in.
And whether I was right, in my earlier years, to just treat a place to live as a commodity to be bought, and be prepared to pick up my roots and go find a place on what I see as a saner path, or if I ask my neighbors to give up substantial portions of their leisure time to try to set this city on a stronger path.
None of the videos on my channel included sex or nudity. I avoided posting links to any adult sites in the video descriptions, linking to Patreon and mxblake.com instead. Since the talky trailers were my most viewed videos, and opportunities to promote adult content are few and far between, I thought that keeping them up with an age-restriction label in place was a risk worth taking, and that by giving up the opportunity to monetise the channel I was reducing it to an acceptable level. The gamble didn't pay off.
Connectivity provided by highertech.net
, awesome
bandwidth, well away from fault lines and other potential for natural
disasters, reliable, and run by cool people.
![[Wiki]](/adbanners/lookingglass.png){kind=small}
the repetition, not do more of it.