Serra @serra@qoto.org

I want to pair with someone to try to understand how I can fix a few things on my site. Preferably with someone who knows more #11ty and #JS than I do. This might take an hour on a call. You don't have to turn video on.

In return, I'll curate a list of five recipes according to your food preferences. Or teach you something in photography or food!

So ...let's face it. A LOT of folks in tech circles are somewhat amazed a fully #blind person can even find the power button on a computer, let alone operate it professionally. I am such a person, and I'd like to bust that myth.
It's also true that many #hacking tools, platforms, courses etc. could use some help in the #accessibility department. It's a neverending vicious circle.
Enter my new twitch channel, IC_null. On this channel, I will be streaming #programming and #hacking content including THM, HTB and who knows what else, from the perspective of a #screenReader user.
What I need, is an audience. If this is something you reckon you or anybody you know might be interested in, drop the channel a follow or share this post. Gimme that #infoSec Mastodon sense of comradery and help me out to make this idea an actual thing :) https://twitch.tv/ic_null #tryHackMe #streamer #selfPromo

Remember the iPhone that still worked after it fell out of an Alaska Airlines plane at 16,000 feet?

I couldn’t shake figuring out how it survived. So I launched some iPhone 14s and Galaxy S23es into the sky to find out.

🆕 COLUMN AND VIDEO: https://www.wsj.com/tech/personal-tech/why-an-iphone-can-survive-a-drop-from-a-plane-but-not-from-your-kitchen-counter-57453ca9?st=9uqa298hbwakydm&reflink=desktopwebshare_permalink

Exciting update about our sculpture at MIT, a robin has built a nest in it! And it's having babies!

Actually, let me use this as an example of how everything has gone wrong with web development in the last decade or so.

Dan Abramov is a very brilliant guy who is part of the Facebook's React team. He has been the most important name in the team working on React for years. And now, they are pushing for changes in React that would make it consume streams of data that updates the UI before the entire data request is completed, instead of just requesting the data and then 'painting' it once they get the reply for that request.

This is nuts. This is a micro optimization. 95% of the users won't ever notice, and those who do (people using extremely bad connections) would be much better if the site wasn't using React at all. At the same time, I'm sure half of the websites in the World who currently uses react will jump to implement this, making their code way more complex, brittle, sucking their productivity down, and in the long term, being worse for the users. Just for absolutely not even a short-term gain at all in their products.



Then why these kind of things keep happening? Because Facebook is too big. And somehow they ended being the ones in control of the most popular web-app framework used by most of the sites nowadays.



The state of the current Javascript ecosystem is what happens when you get companies with hundreds, thousands of engineers, to build sites that 15 years ago would have been built by 1/10th of that number of people. What you get is a lot of people working on a product that's actually mature already, and whose job end being going after that extra 1%, that last micro optimization that could make your site better in a very narrow set of cases. And they don't care about the complexity, because they are part of an engineering organization with literally thousands of hands to throw at any problem. Setting up your code bundler now takes hundreds of lines of code that need constant maintenance to achieve just a 5% improvement over gzipped plain JavaScript? No big deal, they have 6 people working full time on that. React switching to a different programming paradigm each two versions? Nice, now the 900 devs working in the web version has something to do for a few months.

But then small to medium teams adopt these tools. And suddenly you have a 5, 20, 50 devs team having to do the same work the Facebook web team does. Without any of the problems Facebook has to solve.

What's worse: a big share of the current JavaScript ecosystem exists just to solve problems introduced by the previous iterations. Think about it from a user perspective: does the web work any better, does Netflix, Facebook, twitter, tumblr, etc load faster, perform better than they did ten years ago? On the contrary, most of us have more powerful computers, phones. We have significantly faster internet connections. But sites are, at best, as fast as they used to ten years ago. In most cases they are even slower.

And from the engineer perspective it's not better: web development is significantly harder, more complex, slower nowadays that what it was ten years ago. Things that were trivial are now complex. Things that were complex still are. Product-wise, we are not doing anything more complex than what we were doing in early to mid 10s. But somehow now everything is harder, involves more code, everything is now orders of magnitude more complex. And it's not even making the web a better experience.

We made this mess. We made the web worse for everyone. We made our jobs harder for ourselves. It's so stupid.

RE: https://goblin.band/notes/9qyaoxpilruusopk

My brain when I hear "Anderson plug"

📬 You've got mail! Germany's national postal service (Deutsche Post/DHL) has switched to OpenStreetMap for their public facing websites, https://deutschepost.de, https://dhl.de. 🎉🥳🎊🎁

#SwitchToOpenStreetMap #OpenStreetMap #OSM

@elly recently live streamed #linux kernel bring-up for the MediaTek MT8186 SOC (used in some Chromebooks supported by #postmarketOS).

The video title suggests there might be a part 2 🤞

https://www.youtube.com/watch?v=BZGmSaOBZY8

Brits ask “A penny for your thoughts?” and Americans respond with “Just my two cents”. At current exchange rates ($1.00 = £0.80) this means Brits are receiving 1.6p of American thoughts for just 1p. In this paper we propose an alternative asset pricing model for the marketplace of ideas, considering—

Then I threw the lines into Photoshop, applied the bucket tool, and ... good enough!

if I have a commit ID in git, does anyone know if there's a single git command that will tell me which tag(s)/branch(es)/remote-tracking branch(es) that commit corresponds to?

it's not:
- git describe
- git branch --contains

the only thing I can find is `git show --no-patch --format='%d' COMMIT_ID` but that's kind of a mouthful, and also it's formatted in kind of a weird way

Hey! Let's talk about #SSH and #security!

If you've ever looked at SSH server logs you know what I'm about to say: Any SSH server connected to the public Internet is getting bombarded by constant attempts to log in. Not just a few of them. A *lot* of them. Sometimes even dozens per second. And this problem is not going away; it is, in fact, getting worse. And attackers' behavior is changing.

The graph attached to this post shows the number of attempted SSH logins per day to one of @cloudlab s clusters over a four-year period. It peaks at about 3.4 million login attempts per day.

This is part of a study we did on our production system, using logs of more than 640 million login attempts, covering more than 1,500 hosts on our side and observing more than 840 thousand incoming IP addresses.

A paper presenting our analysis and a new, highly effective means to block SSH brute force attacks ("Where The Wild Things Are: Brute-Force SSH Attacks In The Wild And How To Stop Them") will be presented next week at #NSDI24 by @sachindhke . The full paper is at https://www.flux.utah.edu/paper/singh-nsdi24

Let's dive in. 🧵

Last year, the @sovtechfund fund invited us, the Sequoia PGP Project, to join their new Bug Resilience Program.

Today, I'm pleased to announce that we are publicly launching our bug bounty program with rewards of up to €10,000 for novel, security-relevant issues in Sequoia applications, libraries, or specifications. #pgp

https://sequoia-pgp.org/blog/2024/04/10/202404-bug-bounty/

Fresh results from another guaranteed basic income pilot. This time from Seattle's King County where 102 people got $500/mo for 10 months.

Employment nearly doubled from 37% to 66%

Average income from jobs went up by $410/mo

Retirement plans nearly tripled

Percent with any savings of those with kids went from 0% to 42%

Percent with any savings of those without kids went from 24% to 35%

Participants also reported gains in health and well-being
https://www.seakingwdc.org/latest-news/gbi-report

At Sovereign Tech Fund, we're following the #xz incident closely and listening to the many voices in the #FOSS maintainer community.

What's clear to us is that the xz incident shows the need for structural change:

https://www.sovereigntechfund.de/news/xz-structural-change