Shamar @Shamar@qoto.org
Joined May 2019
@scianvalscian@mastodon.uno
Potresti.
Ma la soluzione più semplice, se usi keepass, è disporre di un device dedicato offline.
@mario @devol @informapirata @jhansen @ziriuz84
@scianvalscian@mastodon.uno
Mai facilitare la vita di un potenziale attaccante futuro diffondendo informazioni sugli strumenti informatici che utilizzi.
Certamente #devol è più affidabile di qualsiasi servizio a pagamento, anche solo per una questione di credibilità nel lungo periodo.
Devol è un progetto giovane e politicamente ambizioso.
Ma tutto il software è bacato.
Dunque sebbene ritenga di potermi fidare di devol per diversi servizi (criptpad, etherpad, peertube etc...) non affiderei a nessuno le mie password (ancorché criptate)
Non sono dati come gli altri.
Io uso un password manager, ma le password stanno semplicemente offline.
@devol @scianvalscian@mastodon.uno @informapirata
Devol ⁂ :devol:
Mai caricare un elenco di password, ancorché cifrate, su un server di estranei.
In Italy we used to have a law that imposed to banks to provide 1/13 of their profits to indipendent centers that used such money for no-profit organizations.
The thing worked very well until such centers were not turned into political affiliation tools. Then they became a mess (and while I'm not much informed right now, I'd guess the law was abolished).
It was 20 years ago or so, btw.
The approach was great because the contribution was mandatory and was not given to a government agency or so, but to independent organizations that had a single, quite specific goal: maximize the outcomes for the no-profit organizations.
Such approach could work for free software too: companies should give the money but NOT have any say on their use. Intermediate organizations should account on how they improved the security, the quality or the innovation of the whole ecosystem.
Nevermind, I'm too tired.
Didn't realize the 2 was referring to the log4j version.
Dynamic linking is what made #log4shell possible in the first place.
But... what's log4j2?
Shamar
boosted
Since this account is blocked by @downey (admin of floss.social) on the basis of sexual harrassment and misogyny, and also he has suspended my other account (@azad_on_com@floss.social) for its connection with me I wanted to invite all those who understand English to find a single case of such posts in entire my account.
Are we giving bullies the power to maniplulate administration and rule fediverse? Is this the way we want to build a new way of social media administration?
Shamar
boosted
@downey
After blocking Azadon account, I got more suspicious that he himself has some involvement in what is happeneing. And yes! He is one of those cancel culture people who made the open letter against #rms. I was on the opposite camp.
The interesting fact is a Cancel Culture advocate has cut me for "criticism of those promoting diversity, equity, and inclusion"!
Really?
This is the relation I have in mind: to build a complex software you need complex tools.
Given the computing power of modern hardware we shouldn't need them, but we need them because each software is grown too complex.
How many mainstream software did you try to read and understand completely in a month?
I do not mean "enough to hack them" but enough to predict where a bug is by looking at it at occurring at runtime.
Exactly.
The complexity of a software should be measured by the average time a person need to completely read and understand it.
A simple software can take a day or a week. A very complex one, a month.
Everything above, is broken beyond repair.
Yes, we need to rethink almost everything from scratch.
Shamar
boosted
Carola Rackete è stata prosciolta. Non fu “favoreggiamento dell’immigrazione clandestina” ma “dovere di salvataggio” https://www.gayburg.com/2021/12/carola-rackete-e-stata-prosciolta-non.html
Yes, I am.
Not much on #Jehanne, but on deciding what computing should be (and thus what Jehanne aims to become).
Yeah, complex software exists.
But it should not.
So now make is useful because of #WirthsLaw... but it should not. 😉
As for a simpler make, maybe: but it's not that complex. It's just that I'm not sure it's needed anymore.
In fact, most of times I build a single program or library in jehanne and it takes few seconds.
The kernel is the slowest component (except of gcc/binutils, obviously), but mostly because to create the initrd, it starts a previously compiled kernel in qemu and copy the required binaries as served by a 9P2000 local fs.
Iow, not something you would optimize with make.
Obviously 10 or even 20 files are not too many but I'm quite surprised it take your machine minutes to compile them.
I think my point is that if you can percieve the difference between compiling with a makefile that check timestamps and all, and compiling with a script that don't give a shit and build everything, your project is too complex and should be split into smaller pieces.
Needing makefiles on today hardware is a huge smell.
Joined May 2019
