yeroc @yeroc@qoto.org

Two years later, this story remains as wild as ever:

'Fixer says former Alberta justice minister hired him to get reporter's phone logs'

🔗 : https://www.cbc.ca/news/canada/calgary/denis-alberta-justice-minister-former-fixer-phone-logs-reporter-1.6415532

#alberta #ableg #cdnpoli #canada #journalism #journalists #law

Did you know there are 7 main types of plastic? Some (1,2,4) are recyclable ♻️ None of biodegradable :(

Part of a larger infographic looking at the plastic crisis https://geni.us/IIBplastics

The diagram attached to this post about CORS https://jub0bs.com/posts/2023-02-08-fearless-cors/ just helped something click for me that I'd previously missed

The OPTIONS request for CORS has request headers Origin, Access-Control-Request-Method, Access-Control-Request-Headers - which directly correspond to the returned response header names Access-Control-Allow-Origin, Access-Control-Allow-Methods and Access-Control-Allow-Headers!

Somehow I'd never made that connection between those header names before

The details behind the PuTTY private key disclosure vulnerability are super interesting.

Because Windows didn't have a secure number generation API in 1999, they used a "clever trick" that incorporates the hash of your private key as a random number during some parts of the authentication flow.

In one SSH algorithm, that "clever trick" has a bug that can be abused by the server to recover your private key.

Windows has had a secure random number generator since Windows XP (2001). Rather than move to that, however, they decided to use a more advanced version of their "clever trick". Not the choice I would have made.

https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

Now this is #datascience. Which is the best Mario Kart Deluxe kart combo out of 703,560 possible customisations?

https://www.mayerowitz.io/blog/mario-meets-pareto

offf, this story about how Google made google search into a pile of seagull shit hits me hard:

https://www.wheresyoured.at/the-men-who-killed-google/

Around the time of this story, I was living through a similar situation in my work life (on a much smaller scope, of course, WordPress.com first, Tumblr later).

Back in 2019, working on WordPress, I started finding myself, almost weekly, arguing against people who wanted to take the product we were working at and made it worse if that mean they could squeeze 0.1% more revenue from it

The 0.1% figure is not even a random number: I remember this speciffic A/B test on WordPress.com that was declared a success and shipped to 100% of the users because it increased the free-to-paid conversion by 0.1%. Soon after it was released, I found out that as a side effect, it increased the churn of free users by 20 something %,so I called for an urgent rollback and removal of the change. So I was promptly explained that we didn't care about free-users churn, because finance had calculated the average long-term value of the free users to be something like $2 per year, and the increase in conversion was bigger than what we could get from them.

Everything became about growth hacking. Everything became thinly-veiled dark patterns. In our private dev slack channels, we joked that since it was impossible to make it smaller or less conspicuous, the next thing the growth team was going to ask us to do was to make the 'free plan' button flee away from the mouse pointer when the user tried to click it. We kept making our product worse, we kept consciously crippling the cheaper versions so we could force people to move to the more expensive options.

Back then I was the lead of one of the two dev divisions working on WordPress.com, so my job was mainly to discuss what we were going to be doing, when and how. And I was getting drained by a constant state of fight against a constant wave of shit they wanted us to build. So much than by the end of 2020, the CEO quietly told me to follow the growth team plans and shut up or step down.

So I requested to move to tumblr, because I thought the pastures were greener over there. But it was all the same: Adding login walls to what we were pretending to be "the last bastion of the free internet", cramping in embarrasingly obvious money-making schemes disguised as features, and making them silently opt-out instead of opt-in so the less people the possible would deactivate them, having to fend off the pressure from the CEO to make everything algorithmic timelines because, you know, tiktok makes a lot of money and why aren't we, etc etc.

I found myself in a place where building something good that people enjoy using was no longer a priority, but tricking people into generating more money for the company was. And when I looked around me, I could see that happening everywhere else, not only in my company. Experiencing the start of the enshittification years from inside wasn't easy.

And, as in the article, the people who decided to turn the shit-metter up to 200%, have a name, in every case. And these people, no matter if they are called Sundar and Prabhakar or Matt and Mark, are destroying the internet. These people are milllionaires, or billionaries, and are destroying our shared, common spaces to squeeze some extra cash from us.

That's why the fediverse and its principles are important. Because that's how we take back internet from their dirty hands. That's how we make internet resilient against them. That's how we build the commons.

🆕 blog! “Software I Miss from Earlier Versions of Android”

My love of Android waxes and wanes according to how much the software feels like it is fighting me. On a good day, I can flash the OS and install whatever apps I want. On a bad day, I can't remove bloatware and I'm forbidden from changing the internals. I started using the latest Google […]

👀 Read more: https://shkspr.mobi/blog/2024/04/software-i-miss-from-earlier-versions-of-android/
⸻
#android

Browsers should refuse to respect paste-disabling. This is not something that any user wants.

"Documents released under Alberta Freedom of Information laws confirm the United Conservative government was talking with the coal industry for years about relaxing a policy that protected the Rocky Mountains from open-pit mines.

The documents also show the province was talking about opening those landscapes to more development generally for at least seven months before letting the public in on its plans."

https://www.cbc.ca/news/canada/calgary/judge-alberta-coal-documents-1.7175487

#alberta #ableg #canada #cdnpoli #coal #foi

I think we're focused on the wrong thing when we look at what tech works for a company like Amazon or Facebook or Netflix.

We should be looking at what tech works when you *don't* have a small army of staff engineers optimizing it. I want to know what I can scale *without* paying someone a half million dollar salary to do it.

There should be more case studies on things that don't have a billion-dollar company propping them up, humming along quietly on a cheap-ass VPS somewhere.

OK, readers. You suddenly need to understand research funding in Canada. (Thanks to Danielle Smith for legislation that would give the Alberta government a veto over federal funding for research.)

Not to worry, Lisa Young has got your back. #abpoli

https://thetyee.ca/Opinion/2024/04/15/Alberta-Wants-Block-Federal-Dollars-Some-Scientists/?utm_source=mastodon&utm_medium=social&utm_campaign=editorial

Here's a fun AI story: a security researcher noticed that large companies' AI-authored source-code repeatedly referenced a nonexistent library (an AI "hallucination"), so he created a (defanged) malicious library with that name and uploaded it, and thousands of developers automatically downloaded and incorporated it as they compiled the code:

https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/

1/

Does your public library use on Overdrive/Libby for ebooks or audiobooks? ⚠️

In the US and Canada, the answer is probably yes. And you might want to speak to your library staff and commission about it.

Libby is now owned by a private equity firm & making sketchy changes: https://buttondown.email/ninelives/archive/the-coming-enshittification-of-public-libraries/

The latest development is that their overbroad privacy policy allows them to sell your borrowing history to advertisers: https://infosec.exchange/@longobord/112243098104196246

Thank you @karawynn and @longobord!

#Privacy #Libraries

Totality was incredible! Here's my composite (and after a bunch of people have asked, I have a digital copy for personal use for sale here: https://redshirtjeff.com/listing/total-solar-eclipse-2024-image (downloadable image is slightly tweaked for more pleasing layout!)

Randall Munroe of XKCD Comic is a mad, semi-evil genius.

https://xkcd.com/2916

Fediverse moderator observation: disagreeing with or disliking someone’s bad takes does not (necessarily) make them a fascist or a nazi. Some people are just regular assholes our shitheads and being hyperbolic doesn’t really help. The terms nazi and fascist are so overused here as to have lost most of their meaning.

Also, please please please, strive to be kind. I know it’s hard and kindness can’t be unlimited. There are a lot of assholes and shitheads in this world, and treating someone badly has likely never changed their mind nor ever will.

Thank you for attending my talk.

fun fact! the numbers in coin cell part numbers are dimensions. a CR2025 is 20mm diameter and 2.5mm thick!

I've been writing serverside SQLite applications for several years now and I still picked things up from this article, which is extremely good. https://kerkour.com/sqlite-for-servers

This is the best timeline I've seen so far on what we know about the Xz backdoor. Some good info here for researchers: https://boehs.org/node/everything-i-know-about-the-xz-backdoor