Shamar @Shamar@qoto.org
Joined May 2019
Why? What's wrong with feeds? Or you are talking of RSS specifically (and not Atom, for example)?
So you mean it wasn't a phishing attempt?
If so, I guess they wrote a bot to annoy every programmer on github or something... because someone from #Facebook mailed ME too.
And I mean... me.
One who hate #JS whole heartly and think #React is a #DoS against all of us to distract from their business model and make us forget #CambridgeAnalytica.
A bot from #Google wouldn't have wasted such bandwidth... but from Facebook... they are just spammers on steroids.
@dredmorbius @rysiek@mastodon.technology
Shamar
boosted
The Assange trial thread is on Twitter, but it's worth following: https://nitter.unixfox.eu/SMaurizi/status/1453279886165020678#m ♻ @SMaurizi: 23. it really keeps me awake at night how in the last 11 years we journalists,activists,intellectuals haven't been able to stop this upside down world in which courageous whistleblowers and publishers go to prison while war criminals and torturers sleep peacefully in their beds
La complessità di un browser non la ordina il dottore.
Un browser (o un sistema operativo o..) non è un fenomeno naturale come la gravità, che possiamo studiare, ma dobbiamo accettare come è.
È un artefatto umano.
Esistono browser che un programmatore può studiare e comprendere completamente in una settimana o un mese¹.
Ma software come #Chrome o #Firefox sono intenzionalmente progettati per vanificare le 4 libertà.
NON È VERO che puoi pagare qualcuno per studiarlo se non ti fidi di Google (che controlla entrambi, Mozilla è solo la loro PR geek-friendly).
NON puoi.
NON hai i fondi necessari.
E anche se hai le competenza (io le ho), non avrai mai il tempo (a meno di essere assunto per 2 o 3 anni da terzi per farlo, ma è estremamente improbabile)
Di fatto dunque i browser ed i sistemi operativi mainstream sono indistinguibili da software proprietari per la stragrande maggioranza delle persone.
Perché non PUOI scegliere di fidarti: sei COSTRETTO a fidarti.
E di chi?
Di Google. 🤦♂️
Che controlla (insieme a #Microsoft, #Amazon, #Cloudflare, #Facebook...) gli standard che regolano il web.
Una backdoor poi è del tutto indistinguibile da una vulnerabilità, soprattutto quando il software in questione esegue automaticamente codice arbitrario inviato da terze parti che possono personalizzarlo targettizzando un singolo utente.
Come fanno i browser mainstream, appunto.
Insomma, attenzione all'open washing: la situazione è molto peggiore di quanto sembri proprio perché le persone non hanno il coraggio o gli strumenti tecnici e critici per guardare in faccia la realtà.
____
¹ https://www.netsurf-browser.org/
@miriamgreco@mastodon.uno @informapirata
Di fatto, da Hearthbleed in poi, tutti sanno che il mito (neoliberista) dei "mille occhi che scovano tutti i bug" è una favola della buona notte.
#Chromium è open source e ogni anno ha più vulnerabilità annuali i livello 9+ che tutta l'offerta di #Microsoft.
Non cambia una fava se sono vulnerabilità introdotte scientemente o meno, sono backdoor in attesa di essere exploitate.
Il fatto che il software sia open source è condizione necessaria ma NON sufficiente affinché serva i cittadini: deve essere semplice, anche a costo di non essere facile.
Altrimenti le 4 libert๠si riducono a privilegi elitari.
____
¹ e nota: solo per i liberisti la libertà si riduce alla possibilità di scegliere fra le offerte disponibili. Per questo fingonobdi avercela con i monopoli: rendono evidente l'idiozia di questa riduzione.
In una società democratica esiste anche la libertà di creare, di esplorare, etc...
@miriamgreco@mastodon.uno @informapirata
#QUIC also means no intermediate proxy. Nobody ever consider what this means in term of user #privacy vs large cdn and cloud providers?
We could have faster web contents (beware, not faster web apps or streamings, just web contents) with something as simple as cryptographically signed tar.gz containing website chunks (such as css+images+html):
- fast (RTT becomes totally irrelevant)
- fully cacheable
- authenticated (no MitM)
It would not be encrypted (and thus not good to send your credit card or transfer sensible data or contents) BUT it would make centrally spying on all people way more difficult.
Instead Google invented QUIC.
No way to cache contents and to ensure their authenticity without connecting to the TLS servers.
Well done, engineers, well done!
And yes, IETF QUIC is different from Google QUIC: it doesn't serve only the needs of #google but those of #Facebook, and #Cloudflare and friends.
You wrote that this "is a real concern", but I don't think you stressed enough what a huge issue geopolitical this is: it should be enough to ban QUIC traffic outside the #USA.
Shamar
boosted
18 anni precari: schiavitù accademica interna ed esterna - per ricercatori, pagati con (poco) denaro pubblico che dovrebbero essere liberi perché al servizio del sapere e non di aziende private e degli ordinari in carriera. E come d'uso gli ordinari in carriera si adegueranno: better to reign in Hell than to serve in Heaven. Ecco la riforma del reclutamento in discussione al Senato: https://www.roars.it/online/il-nuovo-dl-reclutamento-al-peggio-non-ce-mai-fine/
Nessuno ti vieta di crearti un'istanza per spammer, se ritieni.
Verrà probabilmente bloccata da tutti, ma tanto... i tuoi clienti mica lo sanno! 🤣
@miriamgreco@mastodon.uno @paolo
"semplice≠facile"
Vedo che mi copi le battute eh...
BRAVO continua!
@miriamgreco@mastodon.uno @informapirata@poliverso.org @paolo
Shamar
boosted
@miriamgreco
Il fediverso oggi è composto da persone come me e da tanti che tirano fuori di tasca loro i soldi per affittare dei server.
Questo è sostenibile per alcuni finquando i volumi ed i costi non diventano troppo elevati poi devono fare delle scelte.
Durante un incontro con la commissione europea sul finanziamento dei progetti Open Source ho proposto di iniziare a far spostare obbligatoriamente una percentuale dei budget delle licenze proprio all'Open Source. @Shamar @informapirata
Shamar
boosted
@lattera How did the attacker gain knowledge of the tools used? They asked. At a conference, during Q&A of a talk about infrastructure. A perfectly valid, good question. They then just needed to know if it was a vulnerable version. So they asked about distros too, how up-to-date one should stay. LTS or Stable or roll your own?
Shamar
boosted
@lattera The way that attack worked was that the attacker gained knowledge of what tools are used to view the logs, found a vulnerability in some of those tools. So they engineered messages that would trigger the bug when processed, and exploit the vulnerability in the tool, and compromise _that_ system. They chained that into other attacks, and eventually gained shell access to the computer. They could attack other systems from there.
(cont...)
Shamar
boosted
Shamar
boosted
Is your school forcing you to use Zoom, Skype, or other proprietary videoconferencing software to learn or teach? That's a violation of your educational rights. Support #FreeSoftware https://fsf.org
Shamar
boosted
Remember the early 2010s, way back when Microsoft didn't use polite euphemisms like "Active Protection Service"
https://www.ghacks.net/2011/06/02/disabling-microsoft-spynet-in-windows7/
Shamar
boosted
🇳🇱
Interesting fact of the day: The term "patching" software originates from the fact that you would literally patch holes in early hole punch input in order to fix an issue. Attached is a picture with such patches on it from the Harvard Mark I computer.
Shamar
boosted
– Our goal is >4 IPC (average) with >97% branch prediction and lots of cache, deep out-of-order pipelines and speculative execution for managing cache and branch miss latency
– General long term goal is a high end server class CPU, 5GHz+, multithreaded, 100+ instructions in flight at any one time
that reads like:
"I'm not sure we need to apply any learning from Spectre & Meltdown, we really just want a big CPU like Intel has, that goes vroom. but being GPL, it won't be controlled by Intel. It can instead be controlled by all other big corps."
Hi, @neauoire I'm writing an essay where I analyze the various kind of data and software among them.
I argue that every single software out there is in fact a virtual machine that execute programs.
Take a jpeg viewer: it executes JPEG files to draw pixel on a raster screen.
That's something that derives from #Dijkstra definition of computers (see EWD898) and universal turing machines.
What if Uxn was in fact the building block of a new agevof computing?
Imagine composing little indipendent machines that communicate over a simple protocol...
____
Also what was wrong with simplicity on lobsters, now?
Shamar
boosted
I was whining about people on hn and lobsters being mean to the projects I loved yesterday, and it sparked some good conversations.
I went over my entire website and eradicated the use of words like "simply" and "easy". Removed things with retro-computing connotations, tried to limit the metaphors with mentions of old or small scale technologies.
Also added a few notes on decisions that advised its design.
Well, that's a good question.
I cannot think of anything like that.
We have harse debate, "polemica" which is a totally destructive mode of arguing is developed to artistic levels and so are invectives ("invettiva") where you attack someone you hate (or pretend to) with all the argument you can think of.
But the point is that you always have at least one message to convey, to the other side and/or to the bystenders.
Shitposting does not.
Thats why it's not done with malice (except when done as a form of marketing that, I would say, is specific of the fediverse): it's like leaving your waste in a park because you don't care or you find it funny.
I can't think of anything like that in Italian literature.
I guess we have shitposter here now, but they are mostly fictional shitposter.
Because you know, after decades of USA influence, Italians follow american fashion and all.
We ARE a US colony, right now.
And yet shitposting still sound like a pointless waste of people time, cpu cycles and bandwidth.
That's why I felt @izaya was right about you being unable to understand shitposting because you are European.
Joined May 2019
