Show newer

So, why are so many executives and investors overlooking this very basic reality that code produced is code which must be maintained, and that an acceleration of code produced thanks to gen AI means ~more risk~, not just more $$$?

I have friends who are Principal Engineers asking themselves this very question right now.

And in response, I point us to the classic Upton Sinclair quote:
“It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

Show thread

" we analyse data from the European Banking Authority to show that existing financial accounting frameworks might inadvertently be creating disincentives for investments in low-carbon assets. We find that differences in the provision coverage ratio indicate that banks must account for nearly double the loan loss provisions for lending to low-carbon sectors as compared with high-carbon sectors" nature.com/articles/s41558-024

If you see a long German or Swedish word, first of all, don't panic. It's more scared of you than you are of it. Secondly, take a closer look and you'll see it's actually just three normal words in a trenchcoat, huddling together to deter predators (French and English).

This is a semi-solid aluminum 3D printing! Unfortunately, according to Ric Fulop (CEO and co-founder of Desktop metal), it can't be commercialized because the temperature control is very difficult and, when it fails, is very problematic. Nevertheless, it's an impressive demonstration.

Source: twitter.com/ricfulop/status/17

#3dprinting #metal #aluminum #extrusion #desktop_metal

The answer to the Q. 'Why is the UK facing water shortages despite record rainfall?' is essentially, we do too little to harvest & retain water, seeming happy to let it flow back to the sea...

As always in the UK it comes down to a lack of investment in infrastructure. And that is merely another reflection of the corrosive short-termism of our political class.

So, our problem with water is just exemplary of the omnicrisis into which the country has fallen.

#water
theguardian.com/environment/20

The reason why #Threads and #Mastodon are incompatible is that Mastodon is a community, and Threads is a market. That's it.

It's not big Fed vs small Fedi. It's not platforms vs protocols.

It's communities vs markets.

Communities are supportive and markets are extractive. Communities answer to those who must live with decisions made. Markets answer to money.

And wouldn't you know it, those contrasting forces influence people's behaviors, goals, and motivations for engaging with others.

On a more positive note:

While this is a sad day for Open Source Software, I also feel a lot of pride for the community.

Please look with which grit and transparency this was analyzed. Usually such analyses take years.

Compare this to last year how everyone had to pry every detail out of Microsofts nose when they lost the skeleton key for their cloud.

Show thread

I combined two of my #3dprinted seven segment displays with a geneva drive mechanism, so now they can count from 0 to 59! #3dprinting

The problem with Test-Driven Development is that you have to think about what you want the code to do before you write it. And that ruins the surprise.

DC polarity reversal cable is a handy friend! 🔌⚡🔄

Once in a while we find products that have center NEGATIVE DC power jacks and they really make us mad because who keeps around both positive and negative polarity versions of every voltage? now, hopefully USB PD adafruit.com/product/5807 will solve this long term, but till then this 2.1mm DC flipper flopper adapter will connect in to out and out to in and voila - your standard center-positive is now center-negative. or vice versa! how handy

The abusive behavior that was being used to manipulate Lasse Collin into bringing on more maintainers for #xz went unnoticed because abusive behavior in Open Source Communities is so pervasive. In context, we can clearly see it was part of an orchestrated operation. Out of context, it looks like just another asshole complaining about stuff they have no right to complain about. robmensching.com/blog/posts/20

I think a LOT of people are missing the fact that we got LUCKY with this malicious backdoor.

The backdoor was created by an Insider Threat - by a developer / maintainer of various linux packages. The backdoor was apparently pushed back on March 8th (I believe) and MADE IT PAST all QA checks.

Let me state that again. Any quality assurance, security checks, etc., failed to catch this.

This was so far upstream, it had already gotten into the major Linux distributions. It made it into Debian pre-release, Fedora rolling, OpenSUSE rolling, Kali rolling, etc.

This is an example of Supply Chain Security that CISOs love to talk and freak out about. This is an example of an Insider Threat that is the boogey man of corporate infosec.

A couple more weeks, and it would have been in many major distributions without any of us knowing about it.

The ONLY reason we know about it is because @AndresFreundTec got curious about login issues and some benchmarking checks that had nothing to do with security and ran the issue down and stumbled upon a nasty mess that was trying to remain hidden.

It was luck.

That's it. We got lucky this time.

So this begs the question. Did the malicious insider backdoor anything else? Are they working with anyone else who might have access to other upstream packages? If the QA checks failed to find this specific backdoor by this specific malicious actor, what other intentional backdoors have they missed?

And before anyone goes and blames Linux (as a platform or as a concept), if this had happened (if it HAS happened!!!) in Windows, Apple, iOS, etc.... we would not (or will not) know about it. It was only because all these systems are open source that Andres was able to go back and look through the code himself.

Massive props and kudos and all the thank yours to Andres, those who helped him, to all the Linux teams jumping on this to fix it, and to all the folks on high alert just before this Easter weekend.

I imagine (hope) that once this gets cleaned up, there will be many fruitful discussions around why this passed all checks and what can be changed to prevent it from happening again.

(I also hope they run down any and all packages this person had the signing key for....)

#infosec #hacking #cve #cve20243094 #linux #FOSS

Here's how to make green #transit even greener. Put the tram tracks on a carpet of grass or sedum. 2 kms of track creates 1.5 football fields' worth of green space, reducing air pollution and urban heat island effect.

A tram-on-the-lawn thread: 🚋🌱🧵

1/ Milan #Milano

Until recently, it's been hard to detect invisible to the naked eye #methane leaks. But a number of satellites have been launched to detect methane leaks from space. US & EU recently announced rules require companies to improve monitoring & repair of leaks buff.ly/495pRwV

Shutdown reminder!

With just 2 weeks left until the Nintendo Network shutdown, we'd like to take this time to remind everyone that we are accepting network packet dumps for all games, for both the Wii U and 3DS! These packet dumps give us a glimpse into how the games operated when the official servers were still online. While technically possible to do without these dumps, having reference material like this will make the job of making replacement servers FAR easier once these servers go offline!

This is ESPECIALLY true for more obscure/less popular games, and games which have custom additions to them. Having network dumps for smaller games is just as, if not more, important than the bigger ones as we'd likely have much less reference material for them! We know everyone is excited to help get the big names going, but we can't forget the little guys either!

That being said, we appreciate ALL users who help us with this crowd sourcing! We have gotten a LOT of amazing data from everyone so far, all of which will definitely help us moving forward.

For those interested in contributing network packet dumps, see our guide on our website here pretendo.network/docs/network-. This page also includes a section listing some games we consider "high priority", though these are NOT the only games we still need data for.

For those curious about our current network dump stats, so far we have:

99 HokakuCafe dumps (specifically Wii U)
528 HokakuCTR dumps (specifically 3DS)
15 general WireShark dumps (applies to both consoles)
65 general proxy dumps (applies to both consoles)

NOTE: These numbers come from the number of network packet dumps submitted through the Bandwidth upload command, and may not represent the real total number of dumps submitted.

"What the Germans will say again and again, and here I say the Germans with some confidence, because this is a consensus which goes, which spans most of the political spectrum, is that peace is the important thing. But PEACE is not what happened to Germany. DEFEAT is what happened to Germany. But you won't find Germans arguing that imperial powers have to be defeated. What you find them arguing is that peace is a good thing. So there's no reflection on empire."

3/3.

Show thread

Attention customers,
Due to engineering works, the 5v rail will now be operated by a rail replacement bus service until further notice.
We apologize for the inconvenience

The best software tester I’ve ever know once said to me, “Whenever I start at a new place, I find out which teams hate each other. Where their systems interface with each other is the first place I look for bugs — because they’re not talking to each other.”

Software projects stand and fall on the relationships between the humans who create them. (A corollary to Conway’s Law.)

4/

Show thread
Show older
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.