reshared this
Allen and Darcy Casselman reshared this.
Hypolite Petovan likes this.
I asked my church music director if he had a HAM license today, and he replied he never got into radio. I then had to ask how we'd run a pirate radio station together.
One day I'll be a HAM
Hypolite Petovan likes this.
Tek aEvl likes this.
@Hypolite Petovan why thank you!
But I wanna be an amateur radio operator!
like this
Hypolite Petovan and Tek aEvl like this.
Content warning: USPOL
Hypolite Petovan likes this.
As usual my forays into making me enjoy reading RSS feeds is failing
One day I'll find a reader I love
Hypolite Petovan likes this.
Hypolite Petovan likes this.
Hypolite Petovan likes this.
MxFraud reshared this.
He produced phonology and semantics from orthography independently!
Hypolite Petovan likes this.
Hypolite Petovan likes this.
A huge mistake the fediverse makes is large instances. It's resource intensive, expensive, and creates wildly large failures instead of little ones.
This is why I'm sad to lose the bots, but also glad botsin.space is going away. BIS was always weird, a place to place bots which cost a lot, but wasn't a community. Bots should live alongside their makers or users (or just have a way of posting without needing a full server).
Ji Fu likes this.
Sat down with a large client's IT since email was getting wild. So we talked. We both explained the other side's mail border to each other. Having established we were both real techs. We talked shop and solved the issue with mutual respect.
It was a notable dance I've not done in a while, and a fascinating one.
Jay Hannah reshared this.
Hanging out with FreeBSD and the boys
One of the things that is destroying the web is WASM and JavaScript.
This isn't really even a joke - it's literal.
By having all these tools to make a web browser have unfettered access to the system, it becomes unsafe to allow users to generate arbitrary code. We can't have another MySpace or NeoPets User Lookup because we can't allow users to write their own HTML, because that's *dangerous*.
like this
cy and Jonathan Lamothe like this.
reshared this
Soatok Dreamseeker, Sham 🏳️🌈, Kawaoneechan, 挧日 | Yuril, Bersl, bluestarultor, hellhound gayming, Frost, Wolffucker 🐺:therian:, the esoteric programmer, screwlisp, leah & glitches & bits, oh my!, mos_8502 :verified:, leah & tigers & bears, oh my!, Ozzelot :anarchy: :linux:, scarlett, nwf, Ph.D., cy, Garrett Latimer, Enjoying Kink, I'm Rime and Fink :antifa: reshared this.
silverwizard likes this.
I haven't seen the video, but I worked in reliability there for half a decade.
Reliability and security on that platform (not to mention safety) are huge unsolved problems.
silverwizard likes this.
silverwizard likes this.
@Hypolite Petovan @Frost, Wolffucker 🐺:therian: CORS allows you to limit cross domain resources. But I can mine bitcoin on your CPU without any cross domain anything. Hell, in theory,I might be able to send spam that way! I can definitely steal your credit card number.
But if I could just add a X-No-Dynamism header that would say "this HTTP session does not send JS or WASM", I could keep everything on my site safe.
I could let users write pretty unfiltered HTML, and most of the tricks would be contained in a frame.
Hypolite Petovan likes this.
@Hypolite Petovan https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Is there a way to say default-src: none? Or just set no valid sources? not as I recall
@Hypolite Petovan So if I send:
Content-Security-Policy: script-src: 'none'
<html>
<script>alert("OH NO");</script>
</html>
With a valid Content-Length and junk
Would that work?
@Hypolite Petovan Ok - actually
I rancat test.txt | nc -l -p 2000
with test.txt containing
HTTP/1.0 200 OK
Date: Tue, 22 Oct 2024 19:27:37 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 486
Location: localhost
Content-Security-Policy: script-src: 'none'
<html>
<head>Hello</head>
<body>
<script>alert("OH NO");</script>
</body>
</html>
(Ignore the fake content length)
I then pointed my browser (librewolf) at it, and it saw these response headers:
HTTP/1 200 OK
Date: Tue, 22 Oct 2024 19:27:37 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 486
Location: localhost
Content-Security-Policy: script-src: 'none'
And it popped up a popup saying "OH NO"
Hypolite Petovan likes this.
unsafe-inline
policy is explicitly allowed.silverwizard likes this.
silverwizard likes this.
though to be fair the available sandboxing mechanisms for anything tighter than "equivalent to handing off a link to another site" are a huge pain in the ass
and web sites can do shit like allocate memory until your swap space fills up ;)
silverwizard likes this.
cy likes this.
reshared this
Preston Maness ☭ and cy reshared this.
I would also argue that it enables the big corps to limit our freedoms with the computers we bought, by locking us to "the web".
Bare metal is freedom!
Even if people don't like C/C++/Rust/Go/Pascal, it is important that they exist, so others can have their native Python and Node.
I must admit that I do enjoy messing around with WASM, but now that I think of it, it's sort of me enjoying my own leach.
@MontyOnTheRun yeah! We can build these things! Build a limited web and unlimited world!
Remember never download a . exe from the web, but your safe otherwise!
CSS Security Vulnerabilities | CSS-Tricks
Don't read that headline and get worried. I don't think CSS is a particularly dangerous security concern and, for the most part, I don't think you need toChris Coyier (CSS-Tricks)
That said, I've gone on record saying javascript is overhated, so. Make of that what you will.
It's not a perfect platform. But it's a hell of a lot better than... iOS... or Android... or Windows... or macOS... they're such terrible targets to build for and people use web tech for it anyway.
silverwizard likes this.
Hypolite Petovan likes this.
silverwizard reshared this.
Hypolite Petovan likes this.
@Allen "Hash Brownie" Stenhaus My uncle started going bald at 17, and the wisdom was I'd be bald by 20. So I decided to enjoy it while I could.
I am 36 and I've managed to keep it!
silverwizard likes this.
@Mason Loring Bliss I am using a Flo mask
I like it, and have been covid free since its purchase
@silverwizard Thank you. I love that they have a kid version, as the 6100 works for two of my kids, but is too big for two. I'll probably try that too. The part I can't find for love or money this week is the exhaust filter, but it looks integrated in that mask, which frankly would be fine for our use.
Thank you again. :)
Mason Loring Bliss likes this.
The fact that AI people say "AI is here to stay" before any other point tells me a lot
we're AI Gonna Make It
Hypolite Petovan likes this.
It's a common and likely hypothesis, yes.
Although I feel like these days I'm more likely to run into people taking video calls on speakerphone in public than blasting their music.
I want the parallel universe where phones kept the headphone jack and it was the cameras getting pushed out into dongles/BT.
@Hypolite Petovan I didn't want to link originally since no advertising.
But yeah - I also just want to be clear - the game is one of the most awful I've ever played. It was hell.
Hypolite Petovan likes this.
Hypolite Petovan likes this.
silverwizard likes this.
So my project planning document at work is a wiki page called "Looming Disasters". It's just stuff that might explode.
I just had to add a slack thread to one of these disasters as illustration. >.<
Hypolite Petovan likes this.
like this
Hypolite Petovan and Chiasm like this.
reshared this
Jay Hannah, gizmomathboy, FC and Jima :Compromise_bi_flag: reshared this.
like this
connor, Thorn Avery-Merry-Christmas 🥀, Jorin, aismallard, brett and Constantin A. like this.
reshared this
𝕸𝔞𝔩𝔦𝔫, purple people eater 👁, linear cannon, wlo, Thorn Avery-Merry-Christmas 🥀, things that go "mrrrp!" in the night, tendstofortytwo :blobcattea:, Rix, Sandy Corzeta, infinite love ⴳ, Jiub :verifiedenby: :verifiedtrans: :verified_estrogen:, Michael Stanclift, Peter Healy, mirabilos, kuriko, Jay, Correl Roush, Hornblende, dean, Hadley T. Canine (fox), Harshad Sharma, M. The Crystalline Entity, hypebot, little kitty :goodgirl: :collar: ∞, good day, nilesh, Steven Pigeon, hypebot, Trending Bot, yuki - queen of the snow, Oblomov, hype, Lukas, SciHype, HYPE, Hypebot 🤖, trending_bot, hypebot, Hugo Slabbert ⚠️, HypeBot 🔥, Jens, Ninad Pundalik, Max™, Ian, it's Max ⁂, infinanova, Marco Molteni, alexing, Evan Fedorov, 🇺🇦 haxadecimal, Daniel Carosone, Ash 🏳️⚧️, sen, mrx65535, MOULE, Brendan, haruma, Justine Smithies, Thomas, Álvaro González, Atomic Orbitals, David Schuetz, Dan Wing :unverified:, marlies :tblverified:, little meow meow :neocat_flag_gay:, BoC64, deciago, Kabi-nyan :verified_trans: and Rostislav Opočenský reshared this.
last week aws assigned me an instance with an ip ending in .0
i was thoroughly fucked with. (even though this is fine and doesn't break any specs)
like this
silverwizard and wlo like this.
purple people eater 👁 reshared this.
silverwizard likes this.
silverwizard likes this.
Welp - it's working
silverwizard@chaplin:~$ dig 192.168.90.256
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> 192.168.90.256
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59721
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;192.168.90.256. IN A
;; ANSWER SECTION:
192.168.90.256. 3600 IN A 192.168.90.53
;; Query time: 0 msec
;; SERVER: 192.168.90.1#53(192.168.90.1) (UDP)
;; WHEN: Wed Oct 16 23:43:09 EDT 2024
;; MSG SIZE rcvd: 59
silverwizard@chaplin:~$
brett likes this.
reshared this
Richard "mtfnpy" Harman, screwlisp, M. The Crystalline Entity, Dominic White, sen and Daniel Carosone reshared this.
Tragic. I was hoping I could get firefox to accept my bullshit, but it's correct it doesn't work
yuki - queen of the snow likes this.
silverwizard likes this.
@silverwizard I always assumed you couldn't have a numeric TLD for [em]exactly this reason[/em].
I'm sure it'll break some obscure piece of software somewhere.
@silverwizard I see my prediction held true (though it's not exactly obscure).
nmap will accept it, dig will accept it, firefox refuses to open 192.168.90.256, even if I straight up type: https://192.168.90.256/
silverwizard likes this.
@silverwizard I thought they were an ad tech company.
...same thing these days, though.
silverwizard likes this.
I think it'd be like 255.255.255.3? So the nets are (say) 192.168.1.0, 1.1, 1.2, and 1.3, and the hosts are ... jesus, this is why nobody's tried this.
Bitwise, it'd be: xxx00, xxx01, xxx10, xxx11
0 net: .4, .8, .12, .16, .20…
1 net: .5, .9..yeah, that makes sense.
2 net: .6, .10…
3 net: .7, .11, .15, .19, .23…
and so on.
This was asked in a meeting with NeXT engineers while I was a contractor at a government agency in the early 90’s. I think their answer was... "We support it...maybe? Why would you want to?”
I've always wanted to try, just for the hell of it, but I suspect 99% of networking gear would break.
It used to be (I guess this was before CIDR became popular) that netmasks were expressed as literal bitmasks. So a /24 would actually be written as "192.168.1.0, netmask 255.255.255.0” where the "24" represents the leading 24 bits representing the network (192.168.1).
So a /28 would be..255.255.255.240 (11110000).
But it was always a consecutive string of “1” bits, and the hosts were the remaining block of lower-most "0" bits. Usually 8, for a /24, but often smaller (for, say, a small block of public IPs your ISP gives you). I remember the net my office desktop was on in school that was 255.255.254.0 (or /23). That network used 9 bits for 512 hosts. (ish - router and broadcast addresses are still needed out of that 512).
A non-contiguous netmask would mean that consecutive final octets would be on consecutively different networks.
255.255.255.3 would be all 1s, then 00000011, so the NET portion is .0, .1, .2, and .3. So hosts .4, .5, .6, .7, .8, .9, .10, .11, .12... would be on networks 0, 1, 2, 3, 0, 1, 2, 3, 0….
Like I said, I doubt much of anything would support it now. Even when we wrote netmasks as bitmasks, it's likely most gear would've just failed using this approach.
It really is a cursed idea. :)
This wiki page may help, too. Once you see it, it's ... logical? (I won't say "easy”). https://en.wikipedia.org/wiki/Subnet
@David Schuetz Oh, I see, a subnet mask bitmap with non-contiguous 1s - that makes sense.Gross.
So something like 192.168.90.256/192.255.148.45, not just a wall of 1s.
(I know enough to set subnet masks on weird ancient gear ;), but I almost always am setting 255.255.255.0 and 255.255.255.255 because /24s rule everything around me. But yeah - reasonable)
I just don't know if I have any gear that would parse subnet masks like that enough to confuse it.
silverwizard likes this.
silverwizard likes this.
silverwizard likes this.
@Jonathan Lamothe @David Schuetz Are you aware of the RFC 864 Compliant Dungeons and Dragons Character Generator I worked on?
@Dave worked on a bunch of it and I need to replace his work (not because I don't like it -but because I want to do the actual work not just crib his, the goal was to learn socket code).
As much as I love writing on it, my reMarkable2 (which has already been annoying me with its response to being caught out in the rain a couple years ago, two laptops and another tablet in the same backpack shrugged it off with no trouble but the rM2 now gets days on a full battery charge instead of months) has a jammed power button and no other way to wake it from sleep, so it's time to retire it.
Samsung makes tablets with the same stylus technology so I picked up one of those, and it's... adequate. At least it's half the price and should be durable enough to handle living in a backpack and not just sitting on a desk and never going anywhere (and if this one dies, for the same price as a rM2 I can get a ruggedized one with a bigger screen)
The device I really want is the guts of the new color reMarkable in an enclosure that's actually as durable as a reasonable person would expect from a consumer electronics device at that price point, but capitalism says nobody will buy that, so I can't buy it.
In light of our praise of the Internet Archive - can we make sure to use Indigo as an example of another org that did the right thing after a databreach?
Took everything down, fixed it, and improved the process.
I'm not caping for Indigo. I just know people who still haven't forgiven them, and this is the attitude we need to be encouraging, and putting into people's minds as a good thing.
Staying up during a breach investigation should be seen like running with a broken leg.
The kids helped, they definitely got distracted, but they helped!
They, most importantly, got to see inside a computer and were allowed to touch all the pieces.
My kids have been able to use their computers for lots of little things
And to be clear:
the 5yo is playing Mario and a few other small games, mostly micro-indie games
the 3yo is listening to audiobooks and lullabies using a device he's built.
This isn't full hacking - this is still kids.
I'm looking at sourcing some classic lego motors to see if I can use these as the brains of a lego robot.
70% of the email I get is Zscaler outage and maintenance notifications
How do people handle this software?!
Is there a good battery case for it?
silverwizard likes this.
@Michael Brown lol - that's also a pretty good option.
My goal is to make an ebook reader that will start playing when a CF card is inserted. And then bulk buy 128MB cards and put books on them.
Hypolite Petovan likes this.
Why does the SecTor app contain several trackers?! I mean - I'm not installing it because of this, and that's a pain in the ass?
Shouldn't we, as security people, be able to notice this shit and be better than it?
@Dave "Wear A Goddamn Mask" Cochran :donor: One day the risk management discipline will manage risk
Uuuug, I'm already so concerned about SecTor, vaxing, nitrite nasal spray, and an N95 mask, baaaaah
/usr.slice/user-1000.slice/session-38.scope is not a snap cgroup
Ya know what Ubuntu, I actually don't care.
Just... make my shit work. If you want to make linux a hellscape - at least... function.
Scifijunkie likes this.
My 3yo got through 1 paragraph of @Michael W Lucas¹ :flan_mail: 's SSH Mastery before saying "I'm done with this book"
I think these books aren't for toddlers!
reshared this
Michael Lucas :flan_set_fire:, ティージェーグレェ, Basri Ugur, Rivetgeek (He/Him), John-Mark Gurney, Bruno BEAUFILS and 🆘Bill Cole 🇺🇦 reshared this.
Reading a toddler one of my books?
I wouldn't say that in public. Child Protective Services lacks a sense of humor.
silverwizard likes this.
If he asked for a line 220 line, would you give him one?
No, never mind, you probably shouldn't say in public.
silverwizard likes this.
@Michael W Lucas¹ :flan_mail: his first words on seeing a tape recorder was "Can we take it apart?!"
When I gave him a guitar pick to play his learning guitar, he immediately started to try to find how he could get the guitar open (since he knows what picks are for)
We're building him his own https://www.clockworkpi.com/gameshell together, with him hands on pieces
so... I miiiiiight
I might also have broken my toddler (or maybe doomed)
kids these days, probably want to run Mosh or something instead of vanilla SSH? ;)
@mwl
silverwizard likes this.
http://holyjoe.org/poetry/anonE.htm
Poem: What If Dr. Seuss Wrote Technical Manuals?
Poem: What If Dr. Seuss Wrote Technical Manuals?; by Gene Zieglerholyjoe.org
silverwizard likes this.
silverwizard likes this.
silverwizard likes this.
silverwizard likes this.
reshared this
silverwizard, Darcy Casselman and Jay Hannah reshared this.
@sirwumpus
He's far too young to have chosen a preferred OS.
Give him ten years, and he'll experiment with Inferno just because he think it'll piss off Dad.
@Michael W Lucas¹ :flan_mail: @SirWumpus His grandpa's university friend wrote Inferno, so uh... he has the access
My dad wrote Coherent, so I rebelled against my OS dev dad by becoming a sysadmin, so I hope he makes better decisions than me
@SirWumpus @Michael W Lucas¹ :flan_mail: aaaaaaaaaah
Halloween special!
For @Becky 's birthday, our 5yo wanted to make a custom PvZ mod where everything is rainbows.
So our first attempt all the work we did got eaten because the game didn't like the files. So we redid it, and then had to test.
And my son is being a proper game dev, having all his work ruined and needing to fix it
Hypolite Petovan likes this.
Ben Zanin reshared this.
reshared this
silverwizard, straight edge centipede, the apostle whom jesus fucked, Red_Star_OSX :sterntastatur: 🇵🇸 and Victims of Monads reshared this.
Hypolite Petovan likes this.
I wonder if Tim Pool will have to give back his Russian propaganda funded skatepark
This is a sentence I just idly thought, this is a glimpse into madness
Hypolite Petovan likes this.
Hypolite Petovan likes this.
Thinking about Bandcamp and incentives.
So I just bought music from https://derinaharveyband.bandcamp.com/album/waves-of-home and you should too. You should buy it all and leave a tip. But, let's talk incentives.
So I want to buy Derina's music, because (he way she sings makes me want to scream, weep, join the chorus, and somehow fly. And if she releases a new anything, I want to know one second after, if not early enough I can preorder.
But I don't buy a lot of music, I have extensive ear damage and most music falls flat for me. So I don't care about much other music.
Derina Harvey Band doesn't care what music I buy, as long as I buy theirs (they are probably good people and hope I support their community though, back there in a second).
So Derina Harvey Band and I have a relationship (I want to give them money), but they want to make more, so they use Bandcamp for discoverability. I found their bandcamp before I found their website! So bandcamp is good! It fascilitated a relationship, and I get to hear about the sea.
But now Bandcamp wants to spam me about not-Derina-Harvey, they want me to learn about Nathan Evans or whoever, bands I really don't want to engage with, since I might buy their music. And this has lead me to turn off all communications from Bandcamp. This means I miss when bands I like release music.
So, because there's a broker (platform) who is going to meditate my relationship with Derina Harvey Band, I am going to lose out. Bandcamp turned a new fan into a new customer, but made it harder for a customer to stay a customer.
And, I want to be clear here, there was not even regular Enshittifiation. It's bandcamp Friday, I sent the band slightly over full price for all their albums and they're probably getting, as cash, the full price of all their albums, the platform took nothing. But they band also doesn't have a POSSE style setup, I need to use a platform to learn about tours and releases, and I don't.
I dunno, this is just a tragic story, there's no lesson we don't all know, and there's no solution that isn't to tell a band to manage their own mailing list. The obvious solution is to create a platform that isn't evil, but even then, I don't think that's possible because of all this.
Abolish capitalism so I can revel in a shanty about how capitalism ruins sailing.
I can't solve the medium-level problem of bandcamp's mediation, and can't speak to the high-level problem of 'capitalism', but if you use an RSS reader, and if the RSS reader takes commands, you can pull in this url to generate an RSS feed for an arbitrary bandcamp band.
curl 'https://rss-bandcamp.deno.dev?artist=derinaharveyband'
@𝕸𝔞𝔩𝔦𝔫 Oh, I can directly follow rss of a bandcamp eh?
At least it solves the main tension
Bandcamp won't let you, but one "Paweł Grzybek" has set this service up based on another. It's limited to 100,000 daily requests, so he requests people don't hammer it too much.
https://pawelgrzybek.com/generate-rss-feed-for-bandcamp-artists-using-deno-deploy
I guess that means you can't get notified the very second another album comes out, but I bet once per day wouldn't strain Paweł's limits too much.
Generate RSS feed for Bandcamp artists using Deno Deploy | pawelgrzybek.com
I mentioned multiple times how much I like RSS. But unfortunately, not every website I use generates feeds — Bandcamp is one of them.pawelgrzybek.com
@𝕸𝔞𝔩𝔦𝔫 ah, that makes!
I will endevour to never hit more than daily
taco, bird/cat :verified420: ❄️
•like this
Tek aEvl and silverwizard like this.
silverwizard
taco, bird/cat :verified420: ❄️
•silverwizard likes this.
Tek aEvl doesn't like this.
silverwizard
@taco, bird/cat :verified420: ❄️ yeeeeah that's why I called the first season abyssmal
I might need to do some wiki diving before giving the rest a chance
thanks
Tek aEvl doesn't like this.
taco, bird/cat :verified420: ❄️
•Tek aEvl
•silverwizard
Neil Brown
•I didn’t get through the first season to find out :(
Lots of people loved it, but I really struggled!
silverwizard likes this.
silverwizard
Tek aEvl
•Tek aEvl
•silverwizard likes this.