Mastodon Feed: Posts

Boosted by jwz:
lcamtuf@infosec.exchange ("lcamtuf :verified: :verified: :verified:") wrote:

The coreutils Rust rewrite story is pretty funny.

Coreutils are tools like rm, mv, mkdir, etc. Unlike binutils, this isn't a fertile ground for memory safety bugs. But, the rewrite was completed, and in the spirit of progress, Canonical decided to switch.

But do you know what coreutils are a fertile ground for? Race conditions around file creation, deletion, permission setting, and so on. The original code accounted for decades of hard-learned lessons in that space. The Rust rewrite did not:

https://seclists.org/oss-sec/2026/q2/332

PS. I'm not dunking on Rust. It's just that... starting over from scratch has its hidden costs.

Gargron ("Eugen Rochko") wrote:

I think there may be some confusion--I've specified half chest width, which is what's listed on the supplier data sheet. This is the distance from one seam to the other horizontally. A full circumference would be double that number.

Boosted by jwz:
pluralistic@mamot.fr ("Cory Doctorow") wrote:

https://us.macmillan.com/books/9781250481719/unauthorizedbread/

First Second will publish the middle-grades graphic novel adaptation of my novella "Unauthorized Bread" on Apr 20, 2027. The adaptation - by JR Doyle and Blue Deliquanti - is *fantastic*.

You can read the original novella here:

https://arstechnica.com/gaming/2020/01/unauthorized-bread-a-near-future-tale-of-refugees-and-sinister-iot-appliances/

Boosted by jwz:
spellingmistakescostlives@mastodon.ie ("Spelling Mistakes Cost Lives") wrote:

Honest Labour billboard in Lewisham

Boosted by jwz:
SeanCasten ("Sean Casten") wrote:

Not even here for a month and already made Profiles in Sycophancy, Chapter 25. They grow up so fast. (Clay Fuller is the guy who replaced Marjorie Taylor Greene.) https://www.congress.gov/bill/119th-congress/house-bill/8594?hl=HR+8594&s=1&r=1

Boosted by jwz:
ComicContext@mstdn.social ("Comics Outta Context") wrote:

Boosted by jwz:
tante@tldr.nettime.org wrote:

"The basic strategy of all addictive technologies is very simple. They make you feel extra capable, they addict you, then they make you feel inadequate without them."

(Original title: How to smoke)

https://buttondown.com/monteiro/archive/how-to-smoke/

jwz wrote:

@db If you're leasing, I'd say it more of a smart apartment

Boosted by jwz:
johnrogers.bsky.social@bsky.brid.gy ("John Rogers") wrote:

As soon as the first generation not brain-damaged by leaded gasoline got the chance to vote, they elected a black president. And by God, if we have to inflict a new wave of mass cognitive damage to stop that from happening again, WE SHALL!

RE: https://bsky.app/profile/did:plc:pt47oe625rv5cnrkgvntwbiq/post/3mkzvaafqdk2s

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
sambowne@infosec.exchange ("Sam Bowne :donor:") wrote:

Utah first state to hold websites liable for users who mask their location with VPNs — law goes into effect, designed to prevent bypassing age checks | Tom's Hardware https://www.tomshardware.com/software/vpn/utah-becomes-first-us-state-to-target-vpn-use-with-age-verification-law

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
newsguyusa@flipboard.social ("Steve Herman") wrote:

A federal judge has ordered the release of a government contractor charged with forwarding classified information to a Washington Post reporter. https://www.politico.com/news/2026/05/04/contractor-classified-information-case-release-00905138

Boosted by jwz:
gildilinie@beige.party ("Gildilinie Gremlin 🏳️‍⚧️") wrote:

its like if a hundred million people went to the carnival and got scammed by a fortune teller doing cold reading. except it was just one of those coin operated animatronic fortune tellers

Boosted by cstanhope@social.coop ("Your weary 'net denizen"):
nathanolsenart@mastodon.art ("Nathan Olsen") wrote:

A long time ago in a comic strip far, far away…

#sundaecomics #starwars #MayThe4th #maythe4thbewithyou #webcomics

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

RE: https://toot.cafe/@baldur/116517473443533667

A thousand times this. The kneejerk anti-Chinese everything is such a pain because it means we fail to learn lessons that are well known and fail to do things that work easily.

Doesn't mean it's not also a regime with some real strong authoritarianism, with some real problems.

Boosted by cstanhope@social.coop ("Your weary 'net denizen"):
grickle@mstdn.social ("Grickle") wrote:

May the fourth be with you or whatever. #grickledoodle #millenials #milleniumfalcon #starwars #maythefourthbewithyou #cartoon #birds #art #funny #humor

baldur@toot.cafe ("Baldur Bjarnason") wrote:

Because social media is the way it is (*sighs*): pointing out something that China does right is not an endorsement of how China is run in other ways. Much like if I pointed out something that works in the US, that would not mean I'm endorsing ICE.

😑

Boosted by cstanhope@social.coop ("Your weary 'net denizen"):
redoak@social.coop ("Red Oak") wrote:

ok so, if you're in Long Beach tonight, you could go see my brothers play 90s country songs with pastiche Star Wars lyrics, alongside a burlesque show

https://www.bandsintown.com/e/1038259192-garth-vader-at-harvelle's-long-beach

jsonstein@masto.deoan.org ("Jeff Sonstein") wrote:

if you are surprised, then I would like to talk with you about this nice bridge I happen to know is for sale:

“Korean ship on fire in strait, Iran hits UAE oil port after Trump says Navy will help ships cross” - https://www.reuters.com/world/asia-pacific/trump-says-us-help-ships-stranded-strait-hormuz-tanker-hit-by-projectiles-2026-05-04/

Boosted by dysfun@treehouse.systems ("gaytabase"):
acarsdrama@live.acarsdrama.com ("ACARS Drama") wrote:

Air to Ground Message:

YEAH I GUESS A KID PUKED ON A CAT AND ITS A MESS BACK THERE. YOU CANT MAKE THIS STUFF UP

Area: Louisville, KY, USA
A: #a236c6ce84d
F: #ffb6c6aa8cf

#acars #vdlm2

Boosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
RuthMalan ("Ruth — of systems & design") wrote:

Maturana quoted in “a Systems Literacy Manifesto (for Designers)” By Hugh Dubberly (2014)

Source: https://presentations.dubberly.com/system%5Fliteracy%5F2.pdf

Boosted by aredridel@kolektiva.social ("Mx. Aria Stewart"):
elizayer ("Elizabeth Ayer") wrote:

Reminder: de-skilling as a trend in software engineering was already in progress well before LLMs.

Toxic productivity culture, people meeting badly-designed internal reward metrics, hopping jobs and never seeing the consequences of bad choices, plummeting quality, short-termism.

Sure LLMs add fuel to this fire, but I’m not at all convinced they’re causal.

If anything, their popularity seems more a consequence of the culture than cause.

aredridel@kolektiva.social ("Mx. Aria Stewart") wrote:

Once more into the octocanyon go I

fromjason ("fromjason.xyz ❤️ 💻 ✍️ 🥐 🇵🇷") wrote:

Made myself a bowl of bran flakes with a banana, chia seed, and a dash of proton powder. Then doused it in off-brand fake syrup.

You know what they say. You can take the boy out of Florida.

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
hrbrmstr ("hrbrmstr 🇺🇦 🇬🇱 🇨🇦") wrote:

The root cause chain is damning. No file type restrictions on inbound support chat attachments. No automated EDR coverage reconciliation against the identity provider. Okta FastPass let the compromised device satisfy MFA on its own. The initialization codes — functionally equivalent to the certificates themselves — were visible in every proxied support session because the support portal was never threat-modeled as an attack surface. "Privileged access" stopped at the HSM boundary. (3/5)

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
hrbrmstr ("hrbrmstr 🇺🇦 🇬🇱 🇨🇦") wrote:

DigiCert — a certificate authority, the entity you're trusting to anchor your entire chain of trust — got compromised because a support analyst opened a .scr file from a chat session. In 2026. CrowdStrike was misconfigured on one endpoint and completely absent on another. Nobody noticed the second compromise for 10 days. The attacker grabbed EV code signing initialization codes and walked out with 60 certificates. Zhong Stealer, signed and shipped. (2/5)

Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
hrbrmstr ("hrbrmstr 🇺🇦 🇬🇱 🇨🇦") wrote:

Cow-orker @mle shared this ~2-week-old DigCert incident report today (i blame my Q1 $WORK chaos for me missing it): https://bugzilla.mozilla.org/show%5Fbug.cgi?id=2033170… (1/5)

Gargron ("Eugen Rochko") wrote:

Hoodie, unisex cut, continued.

Gargron ("Eugen Rochko") wrote:

Hoodie, unisex cut. The measurements in parantheses are the half chest width, the total length, and sleeve length, in that order. There will be a second poll for sizes XL-3XL in response to this one.

baldur@toot.cafe ("Baldur Bjarnason") wrote:

RE: https://mastodon.social/@glynmoody/116516850762889346

“Chinese courts rule AI replacement is not legal grounds for firing workers as global tech layoffs hit 78,000”

https://thenextweb.com/news/china-court-ai-layoffs-illegal-labor-law

Remember a while back when surveys showed that people in China were a lot less anxious about "AI" than those in the west?

Boosted by baldur@toot.cafe ("Baldur Bjarnason"):
glynmoody ("Glyn Moody") wrote:

#China has decided that firing a worker because an #AI can do their job is illegal. No Western country has done the same. - https://thenextweb.com/news/china-court-ai-layoffs-illegal-labor-law