Sylvain Miermont @miermont@qoto.org

The best software tester I’ve ever know once said to me, “Whenever I start at a new place, I find out which teams hate each other. Where their systems interface with each other is the first place I look for bugs — because they’re not talking to each other.”

Software projects stand and fall on the relationships between the humans who create them. (A corollary to Conway’s Law.)

4/

Damn you, Grand Est

I have a TER Grand Est reduction card

BUT if my trip *crosses the border into Luxembourg* - WHERE PUBLIC TRANSPORT IS FREE, my reduction card does not apply *to the whole trip* 🤬 (Bettembourg is the first stop in Luxembourg)

So
Metz-Bettembourg - €9,50 (full price)

Metz-Thionville - €4,10 (reduced price)
Thionville-Bettembourg - €3,90 (full price)

So €8,00 total

#CrossBorderRail total fail

“But AI is cheap!”

It’s not, it has horrendous hardware, server housing and water and power requirements; it’s just that VCs are financing it now so you get in on the hype and later they will charge you rent and it will cost you way more—with inferior results—than, you know, hiring the writers and artists it’s stealing from, but those will be gone by then.

We need a word for real-life enshittification caused by online culture. Like being unable to find an organisation’s info because they’ve Instagram but no website. Or panicked people being sent a videolink to download to their phone when they ring for an ambulance. Or being excluded from residents' association news if you're not on Facebook. Or having cash payment refused. Or staff in the business you’re physically standing in telling you to find the answer to your question on their website.

"Marking the Web’s 35th Birthday: An Open Letter" by #timbernerslee

Worth reading, and taking action to build a better internet. We need it.

Many of we strivers will be gathering at https://dwebcamp.org Aug 7-11. hopefully with Sir Tim.

Tim's article:

https://medium.com/@timberners_lee/marking-the-webs-35th-birthday-an-open-letter-ebb410cc7d42

I've seen things… things you people wouldn't believe *describes the things that I have seen* Okay. Judging from your reactions, you people are in fact perfectly capable of believing the things that I have seen

India has officially outlawed nine types of #UX #DarkPatterns, including saying "Hurry, only X amount left;" adding "processing fees;" adding dire language to opt-out buttons ("No, I'd rather not protect my purchase"); forcing people to agree to a EULA; forcing people to call a phone number to unsubscribe; using confusing opt-out language ("No, don't unsubscribe me"); blending ads into editorial content; and forcing people to click "remind me later" every day. https://bootcamp.uxdesign.cc/dark-patterns-are-now-illegal-in-india-6b3c35c5ce50

Major blow to CEN/CENLEC but also to DIN and other EU standardisation organisations via ECJ Decision. Oxygen for developers!
ECJ:
-----
failing to recognise that the requested harmonised standards cannot be protected by copyright since they are part of the EU law and the rule of law requires free access to the law;
-----
All European Norms must be free

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:62021CN0588

The basics of infosec - such as meaningful asset inventories, privilege reduction and separation, or solid access control - are *not* actually basics. They're not something you start with and then are done with. They're unsolved problems in computer security. Companies mess this up not because they're careless and incompetent, but because these are hard problems at a scale.

Yes, it's easy on my Linux laptop. It's not easy when you have 10,000 employees. It only takes one person who, for the sake of expediency, puts a bootleg AWS instance on a corporate credit card and does some "prototyping" there. It only takes one person who does something creative with SSH tunnels to be able to "work from home". It only takes one person who installs a sketchy browser extension or goes rogue.

At a scale, stuff like that happens *every day*, and even if your world-class tooling and education efforts get you to 95%, there's still that 5% that every organization is bound to miss. And 5% is enough. Heck, 1% is enough.

The most successful security programs I've seen are not built around having perfect defenses. They're built around the assumption that you're gonna get compromised - and you need to detect it, respond to it, and contain it real fast.

Communications of the ACM (CACM) is now a fully Open Access publication. This means that more than six decades of CACM’s renowned research articles, seminal papers, technical reports, commentaries, real-world practice, and news articles are now open to everyone, regardless of whether they are members of ACM or subscribe to the ACM Digital Library. https://cacm.acm.org/news/cacm-is-now-open-access-2/

Every time I see people talking about France's short haul flight ban as an example to follow, I sigh

The *idea* is fine

The implementation in France is *intentionally, deliberately dire* - but few know that

Sorry @hart @Maristya

Explained more here, in terms of what Spain could learn - but same for what other countries might do the same:
https://jonworth.eu/if-spain-wants-to-introduce-a-short-haul-flight-ban-heres-how-to-avoid-the-traps-of-frances-ban/

i think the EU should pass legislation that enforces standards based 2factor auth (like totp/hotp) for banks, health insurance etc. it is absolutely unacceptable that people are _forced_ to buy android/ios smartphones to use critical services

MiniPlay, The Minitel Game Cartridge! https://blog.tindie.com/2024/02/miniplay-the-minitel-game-cartridge/

Eugenics really gets everywhere: "Dick-Read advocated natural childbirth for the purpose of eugenics: He believed the “over-civilized” women of Britain’s upper classes—the most genetically desirable—were not breeding enough because of a pathological fear of pain during labor"

The Dubious Feminism of the Natural Childbirth Movement

https://www.thenation.com/article/culture/yarrow-birth-control-pregnancy/

I took my first post-season Bixi ride in #Montreal. Normally the service stops Nov. 15, but this year there’s a pilot project to keep the bikeshare going year-round. (Downtown only.). Note the studded tires for handling ice and snow. We’re going to need them—snow coming tonight!

A new paper, "global warming in the pipeline", is out, and the first 20 min of the video is a summary of the paper by the lead author.
https://www.youtube.com/watch?v=NXDWpBlPCY8&t=110s

tldw:
* on a 12 month average, we'll hit 1.5C early next year.
* 2.0C is basically baked-in for 2040, with scenarios to stay under 2.0C looking implausible
* post 2020, sulfur emissions (which have short-term localized cooling effect) dropped by >90%, causing a doubling in solar absorption focused in the global North
#climatechange

Car harm: A global review of automobility's harm to people and the environment https://doi-org.inee.bib.cnrs.fr/10.1016/j.jtrangeo.2024.103817

Remember the new @mozilla CEO whose first action was to post a link to her Linkedin profile?

Some said I was harsh that we should let her the benefit of doubt.

So here are the first true actions: firing 60 people working on useless products to focus the company on its true mission.

The useless products?
- Relay (privacy, protection against spam)
- VPN (privacy)
- Mozilla.social (Mastodon)
- Monitor (privacy)

True mission to focus:
- AI (???)

You can’t made that up

https://techcrunch.com/2024/02/13/mozilla-downsizes-as-it-refocuses-on-firefox-and-ai-read-the-memo/