Pinned post
Parienve

@sabbatical
Your search engine skills are transferrable to DuckDuckGo, Mojeek, Yep, or SearxNG.
@kmeisthax @pluralistic

1
Pinned post
Parienve

PSA, VSCode / VSCodium C# opt-out telemetry 

The v2.0 update to the C# extension silently installed a dependency, the .NET Runtime Install Tool extension, that has enabled by default.

pushed the update to users in early August, and it reached / users a month later.

There is no indication that the dependency respects the `telemetry.enableTelemetry` setting. You can opt out:

"dotnetAcquisitionExtension.enableTelemetry": false

But personally, I've chosen to uninstall the Ionide, C#, and .NET Runtime Install Tool extensions.

Opt-out is not consent.

0
Pinned post
Parienve

Linux distro recommendations 

@urusan The problem with Manjaro is that they hold back packages, which get out of sync with the AUR, leading to the dreaded "partial upgrades". I suspect this is what happened to you.

Distros like Garuda Linux and EndeavourOS avoid this problem by using up-to-date Arch packages. Garuda is more opinionated, including things like having Timeshift configured out-of-the-box to do a system snapshot whenever you update.

If you don't mind older packages, Linux Mint (my daily driver for the past several years) is a reliable choice. You get the practical benefits of an Ubuntu LTS system without the B.S. from Canonical. If you want a non-LTS release cadence, maybe try Pop!_OS.

I've also heard good things about Fedora and openSUSE, but missing packages have kept me away for now.

Finally, there are two Debian derivatives I'll suggest looking at: Parrot (Home Edition) and MX Linux. Both of them are based on Debian Stable but with additional backports.

0
Pinned post
Parienve

@solidsanek
Studio Ghibli vibes

0
Pinned post
Parienve

@pho4cexa @neauoire The verbs "develop" and "envelop" come from Old French words meaning "unwrap" and "wrap", respectively.

This implies that an "envelope" is just a "wrapper" but Frenchier, and that a "developer" is a "wrapper-opener".

0
Parienve boosted
Electronic Frontier Foundation

From skincare to dating apps, age verification bills are creeping into unexpected places, and the privacy risks are growing. eff.org/deeplinks/2025/03/firs

0
Parienve boosted
aeva

microsoft study finds that generative ai atrophies your critical thinking skills microsoft.com/en-us/research/u

1+
Parienve boosted
Cassandrich

Cursed: the evil "Allow websites to perform privacy-preserving ad measurement" exists in Firefox mobile not just desktop, but the UI to disable it is not present on mobile.

If you're using mainline mobile Firefox that blocks access to about:config, you need to use the roundabout way to get to it:

chrome://geckoview/content/config.xhtml

Then find dom.private-attribution.submission.enabled and change it to false.

1+
Parienve boosted
Teknique is my middle name

Here's a Google ad impersonating the brew.sh website but linking to a malware site.

Remember, it is always 100% morally and ethically OK to use ad blockers.

Screenshot of a social media post. It says: "Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a CURL command to malware. The URL for this site is one letter different than the official site." It shows a screenshot of a sponsored ad showing what looks like a link to “www.brew.sh”, the real Homebrew website. However, the actual link is to “brewe.sh”, a fake site.
1+
Parienve boosted
David Chisnall (*Now with 50% more sarcasm!*)

It’s been a week since I turned off Copilot. Unsurprisingly, I am thinking a bit more as I write (prose and code) and seem to be achieving more. This is totally subjective and probably not trustworthy.

Surprisingly, I am enjoying programming much more. I hadn’t realised quite how much joy having a whiny little idiot trying to be ‘helpful’ in my editor sapped from the process.

David Chisnall (*Now with 50% more sarcasm!*) (@david_chisnall@infosec.exchange)

I finally turned off GitHub Copilot yesterday. I’ve been using it for about a year on the ‘free for open-source maintainers’ tier. I was skeptical but didn’t want to dismiss it without a fair trial. It has cost me more time than it has saved. It lets me type faster, which has been useful when writing tests where I’m testing a variety of permutations of an API to check error handling for all of the conditions. I can recall three places where it has introduced bugs that took me more time to to debug than the total time saving: The first was something that initially impressed me. I pasted the prose description of how to communicate with an Ethernet MAC into a comment and then wrote some method prototypes. It autocompleted the bodies. All very plausible looking. Only it managed to flip a bit in the MDIO read and write register commands. MDIO is basically a multiplexing system. You have two device registers exposed, one sets the command (read or write a specific internal register) and the other is the value. It got the read and write the wrong way around, so when I thought I was writing a value, I was actually reading. When I thought I was reading, I was actually seeing the value in the last register I thought I had written. It took two of us over a day to debug this. The fix was simple, but the bug was in the middle of correct-looking code. If I’d manually transcribed the command from the data sheet, I would not have got this wrong because I’d have triple checked it. Another case it had inverted the condition in an if statement inside an error-handling path. The error handling was a rare case and was asymmetric. Hitting the if case when you wanted the else case was okay but the converse was not. Lots of debugging. I learned from this to read the generated code more carefully, but that increased cognitive load and eliminated most of the benefit. Typing code is not the bottleneck and if I have to think about what I want and then read carefully to check it really is what I want, I am slower. Most recently, I was writing a simple binary search and insertion-deletion operations for a sorted array. I assumed that this was something that had hundreds of examples in the training data and so would be fine. It had all sorts of corner-case bugs. I eventually gave up fixing them and rewrote the code from scratch. Last week I did some work on a remote machine where I hadn’t set up Copilot and I felt much more productive. Autocomplete was either correct or not present, so I was spending more time thinking about what to write. I don’t entirely trust this kind of subjective judgement, but it was a data point. Around the same time I wrote some code without clangd set up and that *really* hurt. It turns out I really rely on AST-aware completion to explore APIs. I had to look up more things in the documentation. Copilot was never good for this because it would just bullshit APIs, so something showing up in autocomplete didn’t mean it was real. This would be improved by using a feedback system to require autocomplete outputs to type check, but then they would take much longer to create (probably at least a 10x increase in LLM compute time) and wouldn’t complete fragments, so I don’t see a good path to being able to do this without tight coupling to the LSP server and possibly not even then. Yesterday I was writing bits of the CHERIoT Programmers’ Guide and it kept autocompleting text in a different writing style, some of which was obviously plagiarised (when I’m describing precisely how to implement a specific, and not very common, lock type with a futex and the autocomplete is a paragraph of text with a lot of detail, I’m confident you don’t have more than one or two examples of that in the training set). It was distracting and annoying. I wrote much faster after turning it off. So, after giving it a fair try, I have concluded that it is both a net decrease in productivity and probably an increase in legal liability. Discussions I am not interested in having: - You are holding it wrong. Using Copilot with this magic config setting / prompt tweak makes it better. At its absolute best, it was a small productivity increase, if it needs more effort to use, that will be offset. - This other LLM is *much* better. I don’t care. The costs of the bullshitting far outweighed the benefits when it worked, to be better it would have to *not bullshit*, and that’s not something LLMs can do. - It’s great for boilerplate! No. APIs that require every user to write the same code *are broken*. Fix them, don’t fill the world with more code using them that will need fixing when the APIs change. - Don’t use LLMs for autocomplete, use them for dialogues about the code. Tried that. It’s worse than a rubber duck, which at least knows to stay silent when it doesn’t know what it’s talking about. The one place Copilot was vaguely useful was hinting at missing abstractions (if it can autocomplete big chunks then my APIs required too much boilerplate and needed better abstractions). The place I thought it might be useful was spotting inconsistent API names and parameter orders but it was actually very bad at this (presumably because of the way it tokenises identifiers?). With a load of examples with consistent names, it would suggest things that didn't match the convention. After using three APIs that all passed the same parameters in the same order, it would suggest flipping the order for the fourth. #GitHubCopilot #CHERIoT

Infosec Exchange
1
Parienve boosted
*
🇺🇦 Myke :emacs: :clojure:

A small check: would you or somebody you know be interested in a #clojure based #programing course and #mentorship? I’m thinking about pivoting into #teaching more, and would like to understand if there is demand.

Please boost 🙏

0
Parienve boosted
Adrianna Tan

FTC announces 'click to cancel' rules after 16 000 public comments. It will "require sellers to make it as easy for consumers to cancel their enrollment as it was to sign up."

ftc.gov/news-events/news/press

#FTC

1+
Parienve boosted
Tony Arcieri 🌹🦀

Pretty much all versions of bcrypt are vulnerable to second preimage attacks because they truncate the input to the first 72 bytes, meaning the hashes for messages longer than that will collide.

This resulted in a login bypass against Okta.

theverge.com/2024/11/1/2428587

1+
Parienve boosted
Katie Steckles

No, that's not how that works

Screenshot of a form field that says "Phone (optional)" which is highlighted red with the text "Enter a phone number" because somehow it is not optional apparently
1+
Parienve boosted
@𝚆𝚘𝚛𝙼𝙿𝟹:~$: :t_blink:

Just got an email from #LinkedIn, personally I think that LinkedIn has become a cesspool, but it’s still useful to connect with recruiters when job searching. Anyway, heads up, unless you’re in Europe, they’re using your data to train their #AI.

#TOS #DataProtection #DataPrivacy #Tech

Updates to the User Agreement, which are effective on November 20, 2024, include more details on content recommendation and content moderation practices, new provisions relating to the generative AI features we offer, and license updates designed to help creators expand their brand beyond LinkedIn. As our product evolves to leverage generative AI, we have given you more information in our Privacy Policy by adding language on how we use the information you share with us to develop the products and services of LinkedIn and its affiliates, including by training AI models used for content generation (“generative AI”) and through security and safety measures. At this time, we are not enabling training for generative AI on member data from the European Economic Area, Switzerland, and the United Kingdom. For those outside these regions, we’ve proactively made available an opt-out setting for any members who choose not to make this information available for this purpose.
1+
Parienve boosted
Chris Shiflett

There’s nothing quite like tight kerning to make a design look dean and modem.

1+
Parienve boosted
Harald Grunsky
GIF
1+
Parienve boosted
Guy Dupont

💫DID YOU KNOW💫
that if you move a mouse cursor fast enough, you can get persistence of vision and, say...
*run a game of Pong inside your mouse's firmware*
🕹️🕹️🕹️🕹️🕹️🕹️🕹️🕹️🕹️

1+
Parienve boosted
pikuma.com

Demo from Fish Disk 501 showing an example of a painter's algorithm code to render a fractal terrain on the Amiga 4000.

GIF
1
Parienve boosted
Craig Nicol

@slothrop I love the fact that he starts with "the first ad on the internet had a click through of 44%" and didn't mention

1) it was not a personalised ad
2) it didn't track individual users
3) it was relevant to the content of the page
4) it wasn't misinformation
5) it wasn't malware
6) it didn't download a shitton of JavaScript
7) it didn't link to content-farm garbage

I wouldn't be running an ad blocker if those things were still true.

1
Parienve boosted
alcinnz

I wonder: Does anyone want to write their own browser engine? In your choice of language/framework?

Because I'm happy to mentor! I've found some tricks in my own attempts.

Since I see plenty of thirst for more options...

1+
Parienve boosted
Bela Lugosi's Bed

Make a normal distribution.

5,398 people · Closed
1+
Parienve boosted
Dgar

To teach kids about democracy, I let them vote on dinner.

They picked pizza.

So I made bangers and mash because they don’t live in a swing state.

1+
Parienve boosted
RalfMaximus

@LoganFive

"We have helpfully activated notifications for you with this update. To turn notifications off, simply open Settings, then Preferences, then Options. Scroll down to the Customizations section, unlock Developer Mode, then turn on 'Remind me Later' after choosing an interval between 1 and 3 weeks"

1
Parienve boosted
myrmepropagandist

After some conversations with friends NOT on the fediverse I've arrived at calling it "independent social media."

This is better than "open source" or other titles, it better conveys the central difference.

1+
Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.

Trending now

0 people talking
0
0 people talking
0
0 people talking
0

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy