Mastodon Feed
Gargron ("Eugen Rochko") wrote:
Today is my birthday! I'm 32, but I feel so much older. I wonder why... :mastodon:
Mastodon FeedMastodon FeedReblogged by kornel ("Kornel"):
The Cringeocracy.
I knew one day I'd have to watch powerful men burn the world down -- I just didn't expect them to be such losers. I knew that one day we might have to watch as capitalism and greed and bigotry led to a world where powerful men,...
https://jwz.org/b/ykgf
Attachments:
Mastodon FeedReblogged by cstanhope@social.coop ("Your friendly 'net denizen"):
signal9@hackers.town ("signal9 :hackers_town:") wrote:
I have said, and I've printed a sticker in case you don't hear me say it:
Defend Dangerous Computing
I don't know if I've ever said why.
VS Code + Github hold a monopoly on the software development process like hasn't been seen since before the days of GNU. (You can @ me about GNU later, that's not the point right now.) Developers have been lured to this end by very nice to use tools, that are "free." These tools are both owned by Microsoft who can integrate them together as tightly as anything. The average, I would guess, developer experience is completely tied up in VS Code and Github.
Many of us don't use either, we can get back to that point later.
Now that we're all settled in to the default MS workflow, let's introduce a couple more technologies that seem obvious for security: Trusted Computing, SBOM and Software Identification.
There is a movement to secure the open source supply chain. I'm intimately familiar, and have been working in that space for a few years now. There are others more involved and smarter than me, look them up. A large open source software ecosystem has a broad attack surface, and this is making some people nervous. With something greater than 80% of enterprise software comprising of open source components, there are those in the security community who are nervous about the potential for malicious code to be introduced somewhere within this vast, porous field. In order to answer to this threat, new elements of control are being explored. Most of these seem benign on their own.
Having a bill of materials for a piece of software is fine. Having a reasonable assurance that the software you are running is the software that you think you are running is fine. Signing packages, libraries, SBOMs and various attestations is also fine, probably even good.
VS Code and Github are already starting work to make providing signed SBOM and attestations seamless for developers. Additional work being proposed by CISA aims to make it easier to identify software packages, and Microsoft will no doubt provide free, robust tools to make this simple for developers as well. No doubt, these tools will integrate seamlessly between Code and Github with little to no effort. We have an open source code ecosystem we can trust.
Did somebody say Trust? Let's add Trusted Computing. Without getting way into implementation specifics, Trusted Computing (and it's ilk) are designed to ensure that only the software that the hardware manufacturer deems "safe" may be run. Combined with secure software identification, SBOMs and trusted certificates, Trusted Computing we have an impenetrable fortress within which approved software may be safely run. Right?
"Safe" is not necessarily determined by the user of the system, but by the manufacturer, by regulators, by law. With a hegemony in place to ensure that software is identified, signed and approved, and hardware will only run approved software, this is looking pretty sweet for the monopolists - all with the blessing of regulators to give real teeth to any punishment for violation. CFAA gets even more powerful, no?
By willingly leaning into the VS Code + Github monopoly, developers are cutting a clear path to domination in exchange for "free", convenient tooling. These same folks might say of Alphabet or Meta, "If you're not paying, you're the product." Why would this be any different for corporate development tools?
This story gets even spookier when you add browser monopoly, cloud monopoly, what have you. If you don't like the word "monopoly", try "monoculture" and see if that makes you feel any better.
So, I say fuck safe (I work in cybersecurity, the irony is not lost on me), give me Dangerous Computing. Give me keen tools that I control that, yes, I might be able to cut myself on. Give me weapons, or get out of my why while I build my own.
DEFEND DANGEROUS COMPUTING
Mastodon FeedReblogged by kornel ("Kornel"):
SmudgeTheInsultCat@mas.to ("Smudge The Insult Cat 🐀") wrote:
Attachments:
Mastodon FeedReblogged by kornel ("Kornel"):
michaelcoyote ("Dreaming of dad jazz.") wrote:
Attachments:
Mastodon FeedReblogged by slightlyoff@toot.cafe ("Alex Russell"):
@slightlyoff Realizing that performance is accessibility is what made me understand why it's underfunded.
Mastodon Feedreiver ("@reiver ⊼ (Charles) :batman:") wrote:
"Internet may be just a passing fad as millions give up on it." (December 5th, 2000)
#ComputingHistory #Internet #VintageComputing #VintagePessimism #WorldWideWeb #Year2000
Attachments:
Mastodon FeedMastodon FeedNew filter in progress
Attachments:
Mastodon FeedReblogged by cstanhope@social.coop ("Your friendly 'net denizen"):
Tealfuleyes@mastodon.art ("Tealful Eyes") wrote:
Not a high enough character limit for this one...
Attachments:
Mastodon Feeddavepagurek@genart.social ("Dave Pagurek") wrote:
#genuary 19: inspired by op art https://openprocessing.org/sketch/2515954
Attachments:
Mastodon FeedComicContext@mstdn.social ("Comics Outta Context") wrote:
Attachments:
Mastodon FeedInternetEh@dads.cool ("Sid🇵🇸") wrote:
Like, history is funny. The Nazis probably could have had satellites and early ICBMs except Hitler wanted to focus on an expedition to find Santa Claus and make Hellboy real instead, so those scientists had to wait until after the war to do anything
Mastodon FeedInternetEh@dads.cool ("Sid🇵🇸") wrote:
People are saying "space travel is too important to mankind to be trusted to people who do Nazi salutes" and I am once again fervently pleading with you people to pick up a nonfiction book
Mastodon Feedmusing_sys@social.fringesec.ca ("musing_sys🇨🇦") wrote:
Attachments:
Mastodon Feedmathowie@xoxo.zone ("Matthew Haughey") wrote:
I wrote up some ideas on how to protect your mental health during another four years of a clown presidency. https://a.wholelottanothing.org/protecting-your-mental-health-during-a-clown-presidents-second-term/
Mastodon Feedmattblaze@federate.social ("Matt Blaze") wrote:
Doing lots of blocking of the "you're just figuring this out now?" crowd at the moment.
Mastodon Feedtimbray@cosocial.ca ("Tim Bray") wrote:
This is the best thing anyone has turned up in response to my “is 4K really beneficial?” post. Would *really* like to hear confirmation (or otherwise) from an Apple insider who knows what’s really actually going on.
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
And let's just take a quick moment to examine the usual response of *"React can be fast enough!"*
Yes, good craftspeople don't blame their tools. They also don't bring shit tools to the job site.
What's being proposed concretely is the high-cost, low-confidence path based on little more than reckons. This is a demand that you to spend *more* to get *less*. And that's the optimistic version!
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
And I don't know how to say this any more directly than this: any frontend engineer who brings React or Angular on premises (without an honest bakeoff & guardrails), in 2025, is *de facto* bad at their job.
Mastodon Feedfromjason ("fromjason.xyz ❤️ 💻") wrote:
NBC apparently edits out Elon Musk’s Nazi salute when publishing his “full” inauguration speech.
well this is fucked: i was just looking on youtube for a version of the musk nazi salute and came across this version from nbc chicago that edited it out.[image or embed]— Marisa Kabas ([@marisakabas.bsky.social](http://marisakabas.bsky.social)) Jan 21, 2025 at 12:20 AM https://bsky.app/profile/did:plc:ejihld4sywvvqwe67cdkn4jq/post/3lga47cjgjc2e?ref_src=embed
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
Software cultures that indulge in ignorance of constraints facilitate magical thinking, which eventually erodes the foundations out from underneath even conservatively-constructed experiences if left unchecked.
This is bad for users, but also business. A great shame of frontend's lost decade is that we lost the ability to adapt because so much of the community was high on frameworkism.
Mastodon FeedReblogged by slightlyoff@toot.cafe ("Alex Russell"):
corbet@social.kernel.org ("Jonathan Corbet") wrote:
Should you be wondering why @LWN #LWN is occasionally sluggish... since the new year, the DDOS onslaughts from AI-scraper bots has picked up considerably. Only a small fraction of our traffic is serving actual human readers at this point. At times, some bot decides to hit us from hundreds of IP addresses at once, clogging the works. They don't identify themselves as bots, and robots.txt is the only thing they *don't* read off the site.
This is beyond unsustainable. We are going to have to put time into deploying some sort of active defenses just to keep the site online. I think I'd even rather be writing about accounting systems than dealing with this crap. And it's not just us, of course; this behavior is going to wreck the net even more than it's already wrecked.
Happy new year :)
Mastodon Feedslightlyoff@toot.cafe ("Alex Russell") wrote:
The correct response to realizing computers are fast is not to make your software slow, because:
a.) you won't benefit as much as you hope
b.) if you break pro-user norms, so will every other site/app/library, and your thing will feel slow even if it's "fine" in isolation
c.) HW bounty is not evenly distributed, so your product becomes less usable non-linearly below some resource floorPretending constraints don't exist is not engineering, it's bullshitting.
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
knittingknots2@mstdn.social ("Sue Stone") wrote:
""In that familiar old incompetence I haven't missed, Trump's executive order defines sex as what a person is at CONCEPTION. Fetal sex doesn't begin to differentiate until about 7 weeks into gestation. Which means Donald used the highest office in the land to declare all Americans legally female."
"Just realized that this EO outlaws men. At conception, all embryos are female. Which, to be honest, might not be such a bad thing," said legal analyst Jay Reding. "
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
blamellors@mstdn.party ("Blamellors ✔️✔️💙") wrote:
Trump just rescinded an Executive Order 14087 issued 10/14/2022 by President Biden to lower prescription drug costs for people in Medicare and Medicaid.
The poor and sick said Jesus. not Orange Jesus MAGA. He said here you go big Pharma . #phama #MAGA #Trump
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
avandeursen@mastodon.acm.org ("Arie van Deursen 🟥") wrote:
RIP Gert Florijn (1960-2025), bridge builder between industry and academia in software engineering, and a friendly, wise, yet stern advisor to government and industry.
Together with Eelco Visser he was the initiator and industrial co-funder of the PhD project in which Eelco Dolstra developed the now widely used #Nix and @nixos_org -- a level of impact few of us have achieved.
In 2023 he joined #AcICT: It was a privilege to work with him.
https://www.adviescollegeicttoetsing.nl/onderwerpen/gert-florijn
Mastodon FeedReblogged by jsonstein@masto.deoan.org ("Jeff Sonstein"):
Natasha_Jay@tech.lgbt ("Natasha Jay 🇪🇺") wrote:
A timeline cleanser. I think many of us need one today ...
Attachments:
Mastodon Feedjsonstein@masto.deoan.org ("Jeff Sonstein") wrote:
the cancer is in his lymph nodes, and Oscar appears to have little time left 💦
Mastodon Feedfromjason ("fromjason.xyz ❤️ 💻") wrote:
Why would people use #Signal over #WhatsApp?
Idk, some people have integrity?