yeroc @yeroc@qoto.org

Browsers should refuse to respect paste-disabling. This is not something that any user wants.

"Documents released under Alberta Freedom of Information laws confirm the United Conservative government was talking with the coal industry for years about relaxing a policy that protected the Rocky Mountains from open-pit mines.

The documents also show the province was talking about opening those landscapes to more development generally for at least seven months before letting the public in on its plans."

https://www.cbc.ca/news/canada/calgary/judge-alberta-coal-documents-1.7175487

#alberta #ableg #canada #cdnpoli #coal #foi

I think we're focused on the wrong thing when we look at what tech works for a company like Amazon or Facebook or Netflix.

We should be looking at what tech works when you *don't* have a small army of staff engineers optimizing it. I want to know what I can scale *without* paying someone a half million dollar salary to do it.

There should be more case studies on things that don't have a billion-dollar company propping them up, humming along quietly on a cheap-ass VPS somewhere.

OK, readers. You suddenly need to understand research funding in Canada. (Thanks to Danielle Smith for legislation that would give the Alberta government a veto over federal funding for research.)

Not to worry, Lisa Young has got your back. #abpoli

https://thetyee.ca/Opinion/2024/04/15/Alberta-Wants-Block-Federal-Dollars-Some-Scientists/?utm_source=mastodon&utm_medium=social&utm_campaign=editorial

Here's a fun AI story: a security researcher noticed that large companies' AI-authored source-code repeatedly referenced a nonexistent library (an AI "hallucination"), so he created a (defanged) malicious library with that name and uploaded it, and thousands of developers automatically downloaded and incorporated it as they compiled the code:

https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

1/

Does your public library use on Overdrive/Libby for ebooks or audiobooks? ⚠️

In the US and Canada, the answer is probably yes. And you might want to speak to your library staff and commission about it.

Libby is now owned by a private equity firm & making sketchy changes: https://buttondown.email/ninelives/archive/the-coming-enshittification-of-public-libraries/

The latest development is that their overbroad privacy policy allows them to sell your borrowing history to advertisers: https://infosec.exchange/@longobord/112243098104196246

Thank you @karawynn and @longobord!

#Privacy #Libraries

Totality was incredible! Here's my composite (and after a bunch of people have asked, I have a digital copy for personal use for sale here: https://redshirtjeff.com/listing/total-solar-eclipse-2024-image (downloadable image is slightly tweaked for more pleasing layout!)

Randall Munroe of XKCD Comic is a mad, semi-evil genius.

https://xkcd.com/2916

Fediverse moderator observation: disagreeing with or disliking someone’s bad takes does not (necessarily) make them a fascist or a nazi. Some people are just regular assholes our shitheads and being hyperbolic doesn’t really help. The terms nazi and fascist are so overused here as to have lost most of their meaning.

Also, please please please, strive to be kind. I know it’s hard and kindness can’t be unlimited. There are a lot of assholes and shitheads in this world, and treating someone badly has likely never changed their mind nor ever will.

Thank you for attending my talk.

fun fact! the numbers in coin cell part numbers are dimensions. a CR2025 is 20mm diameter and 2.5mm thick!

I've been writing serverside SQLite applications for several years now and I still picked things up from this article, which is extremely good. https://kerkour.com/sqlite-for-servers

This is the best timeline I've seen so far on what we know about the Xz backdoor. Some good info here for researchers: https://boehs.org/node/everything-i-know-about-the-xz-backdoor

🤯 The level of sophistication of the XZ attack is very impressive! I tried to make sense of the analysis in a single page (which was quite complicated)!

I hope it helps to make sense of the information out there. Please treat the information "as is" while the analysis progresses! 🧐 #infosec #xz

Justin Ling's third dispatch from Kyiv offers insight that is too often ignored:

"The right word, I think, is frustrated. Frustrated that they have wound up here, frustrated that there are no good options ahead, frustrated that their allies have grown bored of supporting their struggle, frustrated that huge swaths of the country lay in ruin, frustrated that imperialism is on the march and all the flowery promises about democracy and freedom have meant so very little."
https://www.bugeyedandshameless.com/p/from-the-kyiv-jellyfish-museum

"The thing about Facebook is that the people who work there just do this shit", the ongoing series.

"By 2013, Netflix had begun entering into a series of “Facebook Extended API” agreements, including a so-called “Inbox API” agreement that allowed Netflix programmatic access to Facebook’s users' private message inboxes [...]"

https://arstechnica.com/gadgets/2024/03/netflix-ad-spend-led-to-facebook-dm-access-end-of-facebook-streaming-biz-lawsuit/

Canada's annual greenhouse gas emissions, by jurisdiction: 1990 to 2021

#canada #cdnpoli #climate #climatechange #alberta #saskatchewan #manitoba #ontario #newbrunswick #novascotia #pei #newfoundland #ableg #skpoli #mbpoli #onpoli #nbpoli #nspoli #peipoli #nfldpoli

Look, I went over the Snowden documents as a journalist, but I never saw anything that shocked me quite like this story of Meta buying a VPN company for "security" but then spying on users of competitive apps by decrypting the traffic.

This is a real SSL added and removed here :) moment.

Seriously, like wow: https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/

Court document: https://storage.courtlistener.com/recap/gov.uscourts.cand.369872/gov.uscourts.cand.369872.735.0.pdf

It should be fair to post screenshots like this for companies that tout “the fastest frontends” on their home page—especially notable that this is *not* a temporary regression. It’s been like this for a long time—why is no one talking about it?

#JDK22 contains the final version of the Foreign Function & Memory API (#JEP454). Being a modern successor to #JNI, it allows cool stuff like building Java wrappers arounds C libraries.

We did just that and are proud to announce the first production-ready version of #jFUSE, allowing you to develop #FUSE filesystems in #Java. It is module-ready, multi-platform, thoroughly tested by @Cryptomator and thanks to the FFM API requires no further dependencies.

https://github.com/cryptomator/jfuse

In true Apple fashion, the company quietly posted an update to its developer site yesterday vaguely hinting that its M-Series CPUs leak cryptographic keys, as I reported the same day. The update went on to advise developers to invoke a defense that has gone completely undocumented until now on Apple's site, and isn't even available for M1 and M2 CPUs. Apple also acknowledged that the defense, known as DIT or data-independent timing, will "slow down your code."

Apple's paranoia and lack of transparency hurts end users and makes the company look bad.

https://developer.apple.com/documentation/xcode/writing-arm64-code-for-apple-platforms#Enable-DIT-for-constant-time-cryptographic-operations