Skip to main content

Soatok Dreamseeker reshared this.


One of the things that is destroying the web is WASM and JavaScript.

This isn't really even a joke - it's literal.

By having all these tools to make a web browser have unfettered access to the system, it becomes unsafe to allow users to generate arbitrary code. We can't have another MySpace or NeoPets User Lookup because we can't allow users to write their own HTML, because that's *dangerous*.


RootWyrm 🇺🇦 reshared this.


So my project planning document at work is a wiki page called "Looming Disasters". It's just stuff that might explode.

I just had to add a slack thread to one of these disasters as illustration. >.<



HomeAssistant is too much power for a dad to have. Every day before I go downstairs to work - I toggle all the kids lights off and grumble about them not turning off the lights.
in reply to silverwizard

@silverwizard French has an expression for this: “It’s not Versailles here!” after the eponymous Renaissance castle counting 2,300 rooms.


Played the second mystery of the game Suspects, and the writing was so abyssmal I quit. It was so bad I looked at the author in order to scream, and it's literally the fucks who sued the internet archive. I'm livid.
in reply to Hypolite Petovan

@Hypolite Petovan I didn't want to link originally since no advertising.

But yeah - I also just want to be clear - the game is one of the most awful I've ever played. It was hell.


silverwizard reshared this.


I’ve been out of the CISO world for 3.5 months now, and that’s given me a lot of perspective. I’ve had a chance to reflect on what I’ve learned over 30 years in IT and spoke to a bunch of people recently.

I can summarize what organizations need to do to better secure their data, prevent ransomware and whatnot:

Stop fucking around.

I think that will be the title of my book.

in reply to Merry Jerry 🎄🎅🕎⛄️❄️

Looking at all the advanced threat detection systems which scrape the 'dark net' for leaks while employees just use their home laptops for stuff is like watching YouTube videos about advanced cardio for three hours a day while drinking coke.
in reply to Merry Jerry 🎄🎅🕎⛄️❄️

Please have a chapter on data governance strategy.

"Pick your data. Pick ... pick less data. Put some back. That's too many datas."


silverwizard reshared this.


#rescueTransRescue financial update!

So far, the exhibit has raised a bit over $500 through sales 🎉

reshared this

in reply to lee :Fire_Trans:

This is thanks, in LARGE part, to the generosity of our wonderful artists. Artists have been extremely generous in setting low commission fees - in many cases opting only to be paid for shipping.
in reply to lee :Fire_Trans: Russ Sharek reshared this.

It is also thanks to generous buyers who opt to pay extra! We've had a few really lovely folks there 🥰

Field Replaceable Unit reshared this.


The problem with being a sysadmin and a dad is I accidentally say to my 5yo "All minutes are 60 seconds except for the 61 second minutes"

silverwizard reshared this.


Is your natural carbon sink continually growing its biomass, each year containing more biomass than the year before? Then it's an actual carbon sink. If it's at equilibrium it's a carbon store.

That's also important! Don't cut it down, for the love of our biome, but don't pretend like you can keep burning old trees you pumped out of the ground just because you have a pile of fresh trees just standing around.

If we want to fix our carbon balance we need to first of all stop digging and pumping more carbon out of the ground, because eventually that will all end up in our air. But we also need to start putting it back in the ground where it came from, or putting it somewhere else where it won't go into the atmosphere for a long time, preferably for centuries or even millennia.

reshared this

in reply to clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛

theguardian.com/environment/20…

"As human emissions rose, the amount absorbed by nature increased too: higher carbon dioxide can mean plants grow faster, storing more carbon. But this balance is beginning to shift, driven by rising heat."

"Only one major tropical rainforest – the Congo basin – remains a strong carbon sink that removes more than it releases into the atmosphere."

in reply to clacke: exhausted pixie dream boy 🇸🇪🇭🇰💙💛

There are forests and soils and mycelial networks that drive more carbon into the soil, there are solutions like biochar for taking wood and plowing it into the soil, allowing a new tree to grow in that tree's place, there are algea and plankton in the ocean that actually make carbon fall to the ocean floor (the article above just taught me that), there are people working on mechanical and chemical ways of removing carbon from the air.

All of these sinks together cannot compete with how much we are still, *increasingly*, pumping and digging out of the ground.

That has to stop, that's step zero, and then all of these ways of reducing existing carbon can be our way to get back to 20th century climate, maybe some time in the 22nd century. But that's currently a fantasy, as we're not even stopping the escalation of burning 300-million-year-old trees and other plants.

(I had to look it up, trees showed up 370 Mya, so they're in there) 😅


silverwizard reshared this.


I used to think of it as technical support for family and friends, and now I realize it's really more like I'm volunteer technical support team for big corp. I wonder how many anonymous technical support dopes like me there are. 🤔

reshared this

in reply to Your friendly 'net denizen

Between individuals like myself and whole communities of people helping each other out there in various ways, I suspect that's a large part of what allows the modern complex tech stack to actually continue to exist. If corps actually had to bear the entire burden of technical support for their products, could they continue to exist in their current form?
in reply to Your friendly 'net denizen

My job is technical support for a small company, but I often end up doing technical support for big companies too. Because when the problem is in between our servers and the servers of a big company (like with email deliverability, DNS config, etc) guess who is easier to reach? Guess who actually cares about getting it into a working state?

So I too, am a tech support dope 🤷

in reply to Jesse

@kingannoy That's a good point. Now that you mention it, I've been in that role in other places as well. I just didn't recognize it as such. But you're absolutely right about it.
in reply to Your friendly 'net denizen

Yes, because they don't care about your friends and family. Once a company reaches a certain market cap, it becomes business to business, not business to customer. As long as IT departments keep buying their products, you're nothing but statistical noise on their balance sheets.


In light of our praise of the Internet Archive - can we make sure to use Indigo as an example of another org that did the right thing after a databreach?

Took everything down, fixed it, and improved the process.

in reply to silverwizard

I'm not caping for Indigo. I just know people who still haven't forgiven them, and this is the attitude we need to be encouraging, and putting into people's minds as a good thing.

Staying up during a breach investigation should be seen like running with a broken leg.


silverwizard reshared this.


As much as I've been inconvenienced by the Internet Archive being offline this long, I'm proud of them for making up their minds to just keep it down for as long as it takes to make sure everything's fixed and safe before exposing it again. I hope everyone involved is putting in reasonable hours and getting enough sleep.
in reply to Pierre Bourdon

@delroth the fact that most of the site has not yet come back online suggests to me they are/have been fully aware there are still hatches like this to batten down

silverwizard reshared this.


Build small, simple, inspectable programs.

Build them this way so others can understand them; so Future You can fix them, even when you're tired, when the duties of life rest heavily on your aching shoulders, when it would be easier to let the breakage lie.

Build simple things because fulfilling duty and taking responsibility is more important than automation.

reshared this


𝕸𝔞𝔩𝔦𝔫 reshared this.


Creating a 256 TLD in my home and placing a server at 192.168.90.256 just to piss of house guests
in reply to David Schuetz

@David Schuetz hmmmm, how do you represent that, you could probably do it wth redirect rules or clever folder structure
in reply to silverwizard

I think it'd be like 255.255.255.3? So the nets are (say) 192.168.1.0, 1.1, 1.2, and 1.3, and the hosts are ... jesus, this is why nobody's tried this.

Bitwise, it'd be: xxx00, xxx01, xxx10, xxx11

0 net: .4, .8, .12, .16, .20…
1 net: .5, .9..yeah, that makes sense.
2 net: .6, .10…
3 net: .7, .11, .15, .19, .23…

and so on.

This was asked in a meeting with NeXT engineers while I was a contractor at a government agency in the early 90’s. I think their answer was... "We support it...maybe? Why would you want to?”

I've always wanted to try, just for the hell of it, but I suspect 99% of networking gear would break.

in reply to David Schuetz

@David Schuetz I have managed to be mostly self taught, and get into the game after CIDR notation, so I completely never learned actual subnet masks, so I don't fully understand the issue you're even seeing.
in reply to silverwizard

It used to be (I guess this was before CIDR became popular) that netmasks were expressed as literal bitmasks. So a /24 would actually be written as "192.168.1.0, netmask 255.255.255.0” where the "24" represents the leading 24 bits representing the network (192.168.1).

So a /28 would be..255.255.255.240 (11110000).

But it was always a consecutive string of “1” bits, and the hosts were the remaining block of lower-most "0" bits. Usually 8, for a /24, but often smaller (for, say, a small block of public IPs your ISP gives you). I remember the net my office desktop was on in school that was 255.255.254.0 (or /23). That network used 9 bits for 512 hosts. (ish - router and broadcast addresses are still needed out of that 512).

A non-contiguous netmask would mean that consecutive final octets would be on consecutively different networks.

255.255.255.3 would be all 1s, then 00000011, so the NET portion is .0, .1, .2, and .3. So hosts .4, .5, .6, .7, .8, .9, .10, .11, .12... would be on networks 0, 1, 2, 3, 0, 1, 2, 3, 0….

Like I said, I doubt much of anything would support it now. Even when we wrote netmasks as bitmasks, it's likely most gear would've just failed using this approach.

It really is a cursed idea. :)

This wiki page may help, too. Once you see it, it's ... logical? (I won't say "easy”). en.wikipedia.org/wiki/Subnet

in reply to David Schuetz

@David Schuetz Oh, I see, a subnet mask bitmap with non-contiguous 1s - that makes sense.Gross.

So something like 192.168.90.256/192.255.148.45, not just a wall of 1s.

(I know enough to set subnet masks on weird ancient gear ;), but I almost always am setting 255.255.255.0 and 255.255.255.255 because /24s rule everything around me. But yeah - reasonable)

I just don't know if I have any gear that would parse subnet masks like that enough to confuse it.

in reply to Jonathan Lamothe

@Jonathan Lamothe @David Schuetz Are you aware of the RFC 864 Compliant Dungeons and Dragons Character Generator I worked on?

@Dave worked on a bunch of it and I need to replace his work (not because I don't like it -but because I want to do the actual work not just crib his, the goal was to learn socket code).

in reply to silverwizard

@Richard "mtfnpy" Harman non-mobile firefox fails instantly.
Tragic. I was hoping I could get firefox to accept my bullshit, but it's correct it doesn't work

silverwizard reshared this.


Send me your Southern Ontario Urbanist accounts on Mastodon and the Fediverse! I wanna use this more than Bluesky.

Boosting would be nice. 😄

#AskFedi #BikeTooter #Urbanism #Transportation #CarFree #Guelph #Kitchener #Waterloo #Ottawa #CycleKW #Cycling #ActiveTransport #GCAT

reshared this

in reply to Guelph On Two Wheels

I am trying out BS now and like it
Can you tell me what you dislike about BS ?

thanks !!

in reply to OddOpinions5 Mark Connolly 🍻 🚴🏼‍♀️ (he, him, his) reshared this.

@failedLyndonLaRouchite Bluesky is another Silicon Valley for-profit startup which is nominally better but still relies on "trust me bro, big tech can be nice THIS time."

Bsky ditched the ActivityPub protocol to create a protocol they control. Despite claiming to be decentralised, bsky is still highly centralised and federates with itself, refusing to federate with the many existing fediverse sites.

Mastodon is a truly decentralizrd nonprofit that federates widely and uses open standards.


RootWyrm 🇺🇦 reshared this.


Why does the SecTor app contain several trackers?! I mean - I'm not installing it because of this, and that's a pain in the ass?

Shouldn't we, as security people, be able to notice this shit and be better than it?

in reply to silverwizard

points at the number of security folks who went to in-person cons without even the most rudimentary PPE during covid upswings


When creating a clock display - never forget the sleep in your code >.<


70% of the email I get is Zscaler outage and maintenance notifications

How do people handle this software?!


silverwizard reshared this.


Unix command for answering yes/no questions

Did you know that Unix-like operating systems come with a utility that you can use to answer yes/no questions rather than turning to an LLM?

$ echo "Should I use an LLM for my next project?" | yes no

:flan_evil:


silverwizard reshared this.


"AI will only get better from here" sounds like a strong argument, but think about software you use every day and ask yourself if it's "only getting better".

reshared this


in reply to silverwizard

The kids helped, they definitely got distracted, but they helped!

They, most importantly, got to see inside a computer and were allowed to touch all the pieces.

My kids have been able to use their computers for lots of little things

in reply to silverwizard

And to be clear:
the 5yo is playing Mario and a few other small games, mostly micro-indie games
the 3yo is listening to audiobooks and lullabies using a device he's built.

This isn't full hacking - this is still kids.

I'm looking at sourcing some classic lego motors to see if I can use these as the brains of a lego robot.



I am looking for a computer, that can be thrown in a backpack, and has a battery. Ideally no screen or keyboard inbuilt.
in reply to silverwizard

depending on what you're doing, the other hackish suggestion I have is to hit up Build-a-Bear for those record-a-message modules they sell for their stuffies
in reply to Michael Brown

@Michael Brown lol - that's also a pretty good option.

My goal is to make an ebook reader that will start playing when a CF card is inserted. And then bulk buy 128MB cards and put books on them.


silverwizard reshared this.


i feel like the thing that's missing from all the online voting discourse is that the core part of your base doesn't just vote, they *move their communities* by doing all the annoying door-knocker volunteer shit that gets other people voting

and they can't do that very well if they're eating shit

because you need enthusiasm to do all that volunteer shit

and you need enthusiasm to *sell* the candidate, it's the bedrock of doing outreach with any semblance of sincerity

silverwizard reshared this.

in reply to Alex P. 👹

these frustrated, beleaguered, constantly-smeared people can force themselves to vote but that's not where the bar is!

you will lose thousands and thousands of other votes they bring in if that's where you set the bar!


silverwizard reshared this.


Juniors, here's why it's always better to raise your mistakes early and get help: You're very unlikely to be fired over a mistake you owned up to.

Me helping you fix your mistake is cheap.
Recruiting your replacement costs more.

But recovering from a cover-up is REALLY costly.

reshared this

in reply to Matt Linton

Growing up, my dad would say "If you're going to fuck up, fuck up quickly so you've got time to unfuck it." It stuck with me and it really does apply to so many positions.
in reply to cR0w

@cR0w “bad news does not get better with time” is what got pounded into my head
@cR0w
in reply to Tindra

@TindrasGrove @cR0w Apparently "If you must eat crow, eat it while it is still young and tender" is some sort of saying in US legal circles.
in reply to cR0w

@cR0w @TindrasGrove I am just relating saying from the US legal community, I do not eat corvids, they're cool.
in reply to Matt Linton

way way back in the day on a school trip, I thought a soap dispenser at the facility were visited was a "pull handle out for soap" model.

It was a push handle in to release soap model.

I ripped that box clean off the wall.

The people in charge were pleased I reported the accidental destruction rather than doing the pretend it wasn't you cowardly ostrich approach and made it a teaching moment for the rest of the class.

Good times.


silverwizard reshared this.


Something looks suspicious about the IA attack, and I suspect the goal is to change sentiment about *something*, probably the Internet Archive, but it's not clear what, and it may be more than one thing. It seems like someone probably paid a hacking agency to do this, very possibly a publishing house upset about copyright claims, and I say that especially because:

- "See you on Have I Been Pwned", but really, this is one of the least dramatic things to end up on HIBP of all time: it's names and email addresses sure, but all the passwords are properly hashed and there isn't much else. So why gloat about it?
- There seems to be an attempt to lower public impression of IA in terms of talking about its tech "held up with sticks". It is old tech, so maybe, but why the focus on that?
- If you analyze the HN thread about it for comments in terms of when posted, there were a bunch of sockpuppet accounts created almost immediately after the post was made, seemingly to add comments: news.ycombinator.com/user?id=N… news.ycombinator.com/user?id=h… news.ycombinator.com/user?id=1… news.ycombinator.com/user?id=M…
- An allegedly pro-palestinean militant hacking group is claiming responsibility, but their rationale doesn't make sense: they say it's because the IA is an American company, and the US is helping Israel. But why the IA *specifically*? This seems like a false flag operation either to draw attention away from the real perpetrators, or possibly to try to turn technically inclined people against pro-palestinean activists x.com/sn_darkmeta/status/18441…

The IA *is* engaged with several fights with publishers and people who have beef on copyright grounds. It's entirely possible one of them hired a nation-state affiliated hacking group (of which there are quite a few) that had a side beef, or that group is trying to throw the public off its tracks, but regardless, sock puppets like this typically appear after a hacking attack when there's a paid organization.

Regardless, nobody else is keeping the internet's history alive, and yes, the IA has made some mistakes sometimes, but I stand behind them and wish their staff strength in dealing with this time.

in reply to Christine Lemmer-Webber

I'm old enough to remember 9/11: the first 20, 30 media-chaotic minutes after the second plane hit, before the narrative settled on Bin Laden, there was all kinda loose talk about the Popular Front for the Liberation of Palestine, which I would have really enjoyed that laugh if I wasn't watching burning people jumping outta buildings
in reply to James Endres Howell

I'm also old enough to remember after a bunch of right-wing white men blew up the Federal Building in Oklahoma City, all the pundits for DAYS looked right into the cameras tawmbout OBVIOUSLY ALL THE HALLMARKS OF MIDDLE EASTERN MUSLIM TERROR ERMAGHERD



/usr.slice/user-1000.slice/session-38.scope is not a snap cgroup

Ya know what Ubuntu, I actually don't care.

Just... make my shit work. If you want to make linux a hellscape - at least... function.


silverwizard reshared this.


To the dumbasses that are like "please don't share our site on mastodon" my $4/month VPS can handle all the requests from my 1.6 thousand followers without even going up in CPU usage at all.

Optimize your godawful website.

reshared this

in reply to Julia

Years ago the overhead of my Wordpress blog from the fediverse surge when posting links is what had me ditch it for static site generators Jekyll and then later Hugo. At the time people were giving suggestions on how to reduce the loading problem but for a static blog site there was nothing I wasn’t getting and the overhead and attack surface was way less. I never looked back, which turned out to be even more fortuitous with recent events in that community.

silverwizard reshared this.


It is extremely unfair that I, a private citizen, cannot simply pay a one-time fee to the government and claim a block of IPv6 addresses for life.
This entry was edited (1 month ago)

reshared this

in reply to mos_8502

I'm switching ISPs tomorrow. in addition to my one static v4 address, apparently I'm getting a /56, or 2^72 v6 addresses, which seems... excessive! I would take 2^10 addresses I actually own over that
in reply to kaimac

@kaimac It's 256 /64s, which is the only measurement of IPv6 addresses most people should ever worry about.

All the ^ notations and strings of digits are meaningless when you're supposed to allocate 2^64 (18,446,744,073,709,551,616) of them at a time.

256 networks. Kind of a lot, but the next nibble boundary down only gives you 16 networks, which is fine for anyone who rolls with defaults, but is a little weak for even moderate tech hobbyists.

in reply to mos_8502

@arrjay Unfortunately, personal subnets aren't a sustainable model for the default-free zone routing table.

I do agree that there should be something along the lines of community networks fulfilling effectively that role, though.

@rj

silverwizard reshared this.


I guess the rest of my professional career is just going to consist of the following half-dozen-odd interactions:
1. Taking off my spectacles, pinching the bridge of my nose then asking "What is the problem you are actually trying to solve?".
2. Peering over my spectacles and asking "…and at the time, did anyone express any concerns about that course of action?".
3. Taking long drag from my cigarette and intoning the ancient proverb "The root cause is that our processes are not robust enough to prevent a person from making this mistake." before being told "Amy please not right now.".
4. Riffling my notes and beginning the explanation to the auditor or committee with "So, you see, what had happened was…".
5. Making direct eye contact with an engineer through a webcam and asking first how long that will take and then whether the plan is missing any steps.

reshared this

in reply to bit101

Thinking of investing in some smart glasses to improve efficiency through automation. But they have yet to invent a pair which passive-aggressively polish themselves while I work out the most tactful way to put my reply.

silverwizard reshared this.


If you came from #BlackTwitter i wanna follow you. Tryna find my people. I need more Black humor, culture, opinions, and experiences on my TL. I need more Black folx on ny TL. I miss us.

If that's not you, that's totally fine too. Gimme a repost and help me with my search?

If you never liked Twitter in the first place, sit this post out.

Searching across #BlackMastodon #blackFedi and shit, nahmean?

reshared this


in reply to SirWumpus

@sirwumpus
He's far too young to have chosen a preferred OS.

Give him ten years, and he'll experiment with Inferno just because he think it'll piss off Dad.

in reply to Michael Lucas

@Michael W Lucas¹ :flan_mail: @SirWumpus His grandpa's university friend wrote Inferno, so uh... he has the access

My dad wrote Coherent, so I rebelled against my OS dev dad by becoming a sysadmin, so I hope he makes better decisions than me

This entry was edited (1 month ago)

Allen reshared this.


The greedflation crisis is so bad, getting the fanciest cheese I can at the specialty cheese store is *cheaper* than buying brie at the grocery store



I wonder if Tim Pool will have to give back his Russian propaganda funded skatepark

This is a sentence I just idly thought, this is a glimpse into madness



Phlogging the paper tape

If you don't know, my SSG supports RSS, Web, and Gopher, all on obscuritus.ca

This entry was edited (1 month ago)


Thinking about Bandcamp and incentives.

So I just bought music from derinaharveyband.bandcamp.com/… and you should too. You should buy it all and leave a tip. But, let's talk incentives.

So I want to buy Derina's music, because (he way she sings makes me want to scream, weep, join the chorus, and somehow fly. And if she releases a new anything, I want to know one second after, if not early enough I can preorder.

But I don't buy a lot of music, I have extensive ear damage and most music falls flat for me. So I don't care about much other music.

Derina Harvey Band doesn't care what music I buy, as long as I buy theirs (they are probably good people and hope I support their community though, back there in a second).

So Derina Harvey Band and I have a relationship (I want to give them money), but they want to make more, so they use Bandcamp for discoverability. I found their bandcamp before I found their website! So bandcamp is good! It fascilitated a relationship, and I get to hear about the sea.

But now Bandcamp wants to spam me about not-Derina-Harvey, they want me to learn about Nathan Evans or whoever, bands I really don't want to engage with, since I might buy their music. And this has lead me to turn off all communications from Bandcamp. This means I miss when bands I like release music.

So, because there's a broker (platform) who is going to meditate my relationship with Derina Harvey Band, I am going to lose out. Bandcamp turned a new fan into a new customer, but made it harder for a customer to stay a customer.

And, I want to be clear here, there was not even regular Enshittifiation. It's bandcamp Friday, I sent the band slightly over full price for all their albums and they're probably getting, as cash, the full price of all their albums, the platform took nothing. But they band also doesn't have a POSSE style setup, I need to use a platform to learn about tours and releases, and I don't.

I dunno, this is just a tragic story, there's no lesson we don't all know, and there's no solution that isn't to tell a band to manage their own mailing list. The obvious solution is to create a platform that isn't evil, but even then, I don't think that's possible because of all this.

Abolish capitalism so I can revel in a shanty about how capitalism ruins sailing.

in reply to silverwizard

Bandcamp won't let you, but one "Paweł Grzybek" has set this service up based on another. It's limited to 100,000 daily requests, so he requests people don't hammer it too much.

pawelgrzybek.com/generate-rss-…

I guess that means you can't get notified the very second another album comes out, but I bet once per day wouldn't strain Paweł's limits too much.


silverwizard reshared this.


Kitchener City Hall security recently beat the shit out of a disabled senior. Why? Because she was making chalk art in support of queer/trans folks in the civic square. fightbackkw.wordpress.com/2024… @waterlooregion #violence #ElderAbuse

reshared this


silverwizard reshared this.


Mozilla is really committed to metaphorically piloting their cheap homemade submersible with a gaming controller.

reshared this



in reply to evacide

Reading the Wikipedia page on 23andMe is an eye opener.