yeroc @yeroc@qoto.org

In my hands is my first iPod. Steve Jobs is smiling at me. Everybody at the Apple Store is smiling.

I take off my Apple Vision. I am back in the retirement home. Nobody has visited me for 12 years. I put it back on.

I hold my iPod. Everybody in the Apple Store is smiling.

@technicat the original Mac UI devs noticed and solved so many problems in *1986* that more recent Web 2.0+ frontend devs just ignore -- like this one, *drag delay* -- solving the problem that when the user moves their cursor towards an item on a popup menu, the mouse may drift outside the lines momentarily *en route*, so you should make sure not to close the menu prematurely; these days lots of popup menus instantly pop closed if you stray outside their bounds #UI #UX

Yikes. Postman recently pivoted to store all of your session data (including authentication tokens etc.) in their Cloud Service, which you can fully browse and explore in their online tool.

Their security page makes it clear that they have not considered the Okta-style risks associated with this change. If your company has any devs using Postman for production testing, I would strongly recommend Insomnia: https://insomnia.rest/, and then consider any credentials stored in Postman history to be at risk and should be rotated.

There’s a big difference between listening and waiting to speak.

TIL tilde (~) as "home" in unix and web directories:

On Unix-like operating systems (including AIX, BSD, Linux and macOS), tilde normally indicates the current user's home directory. [...] This convention derives from the Lear-Siegler ADM-3A terminal in common use during the 1970s, which happened to have the tilde symbol and the word "Home" (for moving the cursor to the upper left) on the same key.

https://en.wikipedia.org/wiki/Tilde#Directories_and_URLs

pic: the ADM-3A
picture of a ADM-3A terminal, w…

Broadcom continues to burn VMware to the ground for the insurance money.

Not kidding about SLIM landing on its head... here is picture! This was taken by LEV-2 (SORA-Q) that adorbs transformer robot carried by SLIM that looks like a ball and then springs open to roll wild across the lunar surface and take photos as the mood takes it.

Clearly, it found this pretty funny and it autonomously selected this shot to send back to Earth.

There's a press release here that HQ can't be bothered to post the English.

https://www.jaxa.jp/press/2024/01/20240125-4_j.html

Here's today's press release for JAXA's SLIM lunar landing!

TL;DR:

Pinpoint site identification was crazily successful.

We were lowering into position, detecting boulders like a champ.

THEN ONE OF THE ENGINES DROPPED OFF.

(I kid you not)

(we don't know why yet)

(maybe space pirates)

But we still soft-landed on 1 engine.

(TAKE THAT SPACE PIRATES!)

but on our head.

Strangely, might not be a big deal once the Sun moves round to the other side of the spacecraft.

https://global.jaxa.jp/press/2024/01/20240125-1_e.html

RIP, legend. “German music producer Frank Farian — founder of the disco band Boney M — has died at the age of 82.”

https://www.bbc.com/news/entertainment-arts-68065904

@realhackhistory No links to any sources like always. I want to believe this, I truly do, but there is no reason why someone wouldn't just post something to paint Twitter in a bad picture. F12 is a thing and isn't hard to use.

It seems to be real after looking it up (the post is gone but the account is suspended), but please people, post sources! And the 77 others who boosted this, I hope you all validated this? You did, right? Right??

"Thesaurus" is okay, but "synonymicon" is cooler.

And if some smartass ever says, "what's another word for 'thesaurus' now you have an answer

Long-time Microsoft employees explain changes in Windows:
https://news.ycombinator.com/item?id=30019307

Designers were handed full control over UX. Engineers who fought for usability over a slick-looking interface burned out and left after repeatedly being overruled.

The New York Times are using the Ruffle WASM Flash emulator to get all of their archived Flash data visualizations to work again, this is so great to see https://flowingdata.com/2024/01/10/nyt-flash-based-visualizations-work-again/

This is an article that took a lot of strength to write and I might take it down again. But I felt like it is an article that is very necessary right now. https://bastianallgeier.com/notes/grandpa

Microsoft says a Russian state-sponsored hacking group known as Midnight Blizzard/Nobelium used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of

"Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself."

https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/

Password spraying is low-tech and pervasive. The good news is, you can password spray your own users just like the bad guys can, and then tighten things up.

So how do you make water at the South Pole?

It might seem simple since there are seven million cubic miles of frozen freshwater all around us, but the reality is a bit more interesting.

German law is making security research a risky business.

Current news: A court found a developer guilty of “hacking.” His crime: he was tasked with looking into a software that produced way too many log messages. And he discovered that this software was making a MySQL connection to the vendor’s database server.

When he checked that MySQL connection, he realized that the database contained data belonging to not merely his client but all of the vendor’s customers. So he immediately informed the vendor – and while they fixed this vulnerability they also pressed charges.

There was apparently considerable discussion as to whether hardcoding database credentials in the application (visible as plain text, not even decompiling required) is sufficient protection to justify hacking charges. But the court ruling says: yes, there was a password, so there is a protection mechanism which was circumvented, and that’s hacking.

I very much hope that there will be a next instance ruling overturning this decision again. But it’s exactly as people feared: no matter how flawed the supposed “protection,” its mere existence turns security research into criminal hacking under the German law. This has a chilling effect on legitimate research, allowing companies to get away with inadequate security and in the end endangering users.

Source: https://www.heise.de/news/Warum-ein-Sicherheitsforscher-im-Fall-Modern-Solution-verurteilt-wurde-9601392.html

"Go to an old cemetery. See all the baby graves from before the 1950s & 60s? After that, hardly any. That's when people started vaccinating their children against deadly childhood diseases. If you're unsure what to do to protect your kids, the answer is literally written in stone." — Michael Okuda

Without vaccines, many transmissible diseases were once an early death sentence. People are so quick to forget how fortunate we are to have access to them.

Post Canada's #OnlineNewsAct and Meta's ban on Canadian news content, sharing journalism on social media has been tough to say the least.

And yet The Tyee has seen much growth here on #Mastodon.

We want to see how far we can go. If you enjoy coming across Tyee stories on your Mastodon feeds, share our profile with your friends, or repost this toot, to help us get to 6,000 followers. 🐘🌟🗞

Diesel enginemaker agrees to nearly $2 billion in fines with feds and California

More than 600,000 Ram trucks have Cummins engines with software defeat devices.

https://arstechnica.com/cars/2024/01/diesel-enginemaker-agrees-to-nearly-2-billion-in-fines-with-feds-and-california/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social