Posts by Seirdy@pleroma.envs.net
(DIR) Post #APwOjFk5VTnulsFpFA by Seirdy@pleroma.envs.net
2022-11-24T19:01:14.807844Z
0 likes, 0 repeats
Update 2022-11-24: five months since Firefox 102 became the latest ESR, over two months since Firefox 91 ESR reached end-of-life, the latest stable Tor Browser desktop release (11.5.8) is still based on Firefox 91 ESR. Five CVEs fixes from v102 were backported a while ago, and another 13 were backported this week; the situation is worse on Android. It’s reasonable to assume that v91 has issues of its own that won’t be addressed. Until the v102-based 12.x hits stable: if you don’t use “safest”, you might want to re-consider that with this information in mind.
(DIR) Post #APwOjHPxHIt7y0qm8n by Seirdy@pleroma.envs.net
2022-11-24T19:04:09.901673Z
0 likes, 0 repeats
If your priority is censorship resistance rather than anonymity, maybe the Tor Browser isn’t making the tradeoffs you want.I hate to say this, but…if your priority isn’t anonymity, maybe Brave’s Tor support would be safer. Ugh, I need a shower after recommending Brave.
(DIR) Post #APwo4FeXX3vjQeljNo by Seirdy@pleroma.envs.net
2022-11-25T01:58:18.578762Z
1 likes, 2 repeats
@lanodan @cwebber @drazisil I wanna make a WebSub suite called “Sbubby” and make the subscriber, publisher, and hub called “subsub”, “pubpub”, and “hubhub” respectively.Then the README will say “The Sbubby hubhub PubPubHubbub hub receives messages from a PubSubHubbub pub like Sbubby pubpub” and the First Amendment says I can write that without going to jail.
(DIR) Post #APwsZBry34SmUM3eK0 by Seirdy@pleroma.envs.net
2022-11-25T01:04:31.430374Z
0 likes, 1 repeats
security-bros be like:on one hand, meeting family is a good opportunity for key signingon the other hand, having a family is attack surface
(DIR) Post #AQ6YjFNlmrb6mF3BSq by Seirdy@pleroma.envs.net
2022-11-15T18:42:14.074329Z
0 likes, 2 repeats
I’d like to request some more accessibility related feedback for my post, “Best practices for inclusive textual websites”. Specifically from neurodivergent people, especially from people with ADHD, dyscalculia, dyslexia, and sensitivity to overstimulation. What makes websites annoying to you? You don’t need to read the article to give feedback; I’m all ears.If you do want to give it a read but find it too long, feel free to skip ahead to the “What contrast algorithms don’t cover: over-saturation” section to see what I already have on the topic: I cover the complex overlap between contrast algorithms, over-saturated colors, emergency colors (yellow, red), dark themes, halation, and over-stimulation.A topic I hope to cover soon is reduced-motion and vestibular disorders.Boosts welcome. #accessibility
(DIR) Post #AQ7GBy3Hb23xSFPQZs by Seirdy@pleroma.envs.net
2022-11-30T01:36:04.023159Z
1 likes, 0 repeats
@Gankra musl has a rather secure malloc design inspired by hardened_malloc and openbsd malloc. it makes some obvious compromises to balance size, simplicity, and perf against security but it is one of the good ones.I do not know details of malloc design; this is all second-hand information.musl also has MUCH better support for static linking; by proxy it has better support for security features like CFI.While glibc generally has good performance, musl is noticeably faster regarding startup time. Way less overhead, especially when you factor in improved static linking.C style guides can be a bit controversial but I think most would agree that GNU’s style is really, uh, bad compared to musl’s.musl has less support for legacy charsets. I believe it lacks support for certain locales, but I am not certain.musl is less popular. Complex programs like browsers need to be patched for it and rebuilt. Few are willing to do that work since browsers are hard to keep up with and hard to compile; highly-patched distro packages often remove exploit mitigations or fall behind, while official builds are glibc-only. This hurts the adoption of musl distros, which makes them less desirable to target, creating a feedback loop. The fact that Systemd is hard to patch for musl makes this more difficult.
(DIR) Post #AQHtQzToPQCa1IZVRI by Seirdy@pleroma.envs.net
2022-11-30T03:05:17.768853Z
1 likes, 0 repeats
cute boys need to rise up against the neurotypical boys
(DIR) Post #AQRyFTz7boSUVR9DiS by Seirdy@pleroma.envs.net
2022-12-09T21:48:55.230609Z
2 likes, 2 repeats
New #blog post: The limited utility of the phrase “GNU/Linux”Every now and then a fossbro tries to incorrect my terminology and insist I say “GNU/Linux” instead of “Linux”. I wrote this to save myself some time. Instead of engaging with the fossbro, I can just paste this link and wrap up the conversation while they read.Excerpt:“A specter is haunting the Linux community. Where lies productive discourse about operating systems, there also lies a danger. For the longer such discourse lasts, the greater the risk that the discourse shall be interrupted by The Interjection: an abomination brandished by a raging fossbro determined to contribute absolutely nothing to the discussion. The standard fossbro interjection begins:‘I’d just like to interject for a moment. What you’re referring to as Linux, is in fact, GNU/Linux, or as I’ve recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.’Sensible retorts, such as “Nobody asked you”, “Please leave us alone”, and “Sir, this is a Wendy’s” are useless defenses. Nay, the greatest weapon against misguided pedantry is pedantry itself.Let’s talk about why not to use the term “GNU/Linux”.
(DIR) Post #AQVp7WKcsT6WVrAsOu by Seirdy@pleroma.envs.net
2022-12-11T22:46:25.727616Z
0 likes, 0 repeats
@tamer @FranckLeroy “You are attacking Bitcoin constantly, trying to look factual and technical, when you are obviously biased, opposed to Bitcoin out of political reasons.”I’d argue that political criticism is the most valid criticism in this case. Almost all cryptocurrency is inherently exploitative by design, thanks to the pyramid-scheme-shaped incentive structure in blockchain that demands investment for return and increases value by adding new investors who see decreasing returns. Proof-of-resource-use (such as PoW) inherently demands increased consumption, and thus inherently requires more resources to sustain.These are issues with major political dimensions, which respond to a purported solution to a rather political problem (currency). Discussions of currency that are devoid of politics are generally less to discussions about their desirability.
(DIR) Post #AQVp7X4i77y2omjgES by Seirdy@pleroma.envs.net
2022-12-11T22:59:27.786082Z
0 likes, 0 repeats
@tamer @FranckLeroy Moreover, arguments along the lines of “if you don’t like cryptocurrency/capitalism, then don’t use it” (ref) convey that you clearly haven’t read (or are simply ignoring) the arguments made against these systems:Capitalism does not have an “opt-out” button, so people forced to participate in it have every right to oppose it.Increases in resource use come with externalities, impacting people who don’t participate. These people therefore have every right to oppose a system that, by design, relies on such externalities.People with genuine ethical opposition to something generally feel the need to oppose it rather than let it go, as informed neutrality is merely an enabler for the status quo.
(DIR) Post #AQWiGC4h3a5tlvs2iG by Seirdy@pleroma.envs.net
2022-12-12T06:31:37.582435Z
0 likes, 0 repeats
@elsandosgrande @lxo Just wrote about this over at https://seirdy.one/posts/2022/12/09/limited-utility-gnu-linux/In that post I argue that GNU versus non-GNU Linux isn’t a meaningful line to draw in the sand, since such a line separates similar distributions and groups very different ones.
(DIR) Post #AQXPRg2gH59jvfeRhw by Seirdy@pleroma.envs.net
2022-12-12T17:37:22.228517Z
0 likes, 0 repeats
@makeworld Sorry.RE: https://merveilles.town/users/makeworld/statuses/109501827710948564
(DIR) Post #AQXPRhgQAoXT1DFhI0 by Seirdy@pleroma.envs.net
2022-12-12T17:39:45.007245Z
0 likes, 0 repeats
@makeworld for real, though: Akkoma, Glitch-Social, and Misskey have support. This has been a thing for a while.
(DIR) Post #AQZk4F7mfsKj8ecpAu by Seirdy@pleroma.envs.net
2022-12-13T20:34:26.662776Z
1 likes, 0 repeats
Today is the only day in the year when it’s acceptable to use a date format that violates ISO-8601, RFC 3339, and the HTML Living Standard.What will you do with this power?
(DIR) Post #AQbVCuVhZpdGoZPJjc by Seirdy@pleroma.envs.net
2022-12-13T03:59:45.242973Z
1 likes, 0 repeats
Remember, you don’t have to be a boy to be a catboy
(DIR) Post #AQqM2dEext4e7prJOy by Seirdy@pleroma.envs.net
2022-12-21T18:26:33.412540Z
0 likes, 0 repeats
I just want verified boot and hardware attestation that I fully control, so I have some indication that my full disk encryption is actually working.Why doesn’t this exist on the desktop? All security features below Ring-0 seem designed to protect vendors from users when they could do such a good job protecting users.(that was a rhetorical question, I know exactly why it doesn’t exist. 💰)
(DIR) Post #AQqk0jZgp4gQ6gK78q by Seirdy@pleroma.envs.net
2022-12-22T01:37:03.012331Z
1 likes, 0 repeats
My download speeds are currently 50-80 kbps. I am going to murder whoever thinks a page with more than 500kb of render-blocking resources is acceptable.Thank you for writing good alt text because I am not going to spend five minutes per image waiting for the download to finish.
(DIR) Post #AR2t0mvnZdPg09HhHk by Seirdy@pleroma.envs.net
2022-12-27T22:09:52.719716Z
1 likes, 3 repeats
I’m gonna be without internet for a while tomorrow solink some cool sysadmin deep-dive articles for me to download, to keep me busy.
(DIR) Post #ARNNyzJxWR8LwvpXpg by Seirdy@pleroma.envs.net
2023-01-06T18:57:51.275395Z
0 likes, 1 repeats
A couple months ago, I reached out to some admins requesting a FediBlock for plma.plus.st; at the time, it was federating with and hosting bad actors who were behind a targeted harassment campaign against a friend of mine. Since then, the situation has evolved:Bad actors have been identified and removed from the instanceFriendly relations between the admin of plma.plus.st and the aforementioned friend have been restoredplma.plus.st has begun to de-federate from several bad instances (despite backlash!)Plus.st has drafted a new TOS and begun enforcing it@itzzenxx has agreed to respect the decisions of other instances regarding moderation of plma.plus.stNow, makeovers don’t happen overnight. The re-vamp of Plus.st’s fedi instance is a process. However, @itzzenxx has demonstrated a willingness to learn and improve her instance that I seldom see in other instances.I’d like to ask the instances I contacted to give Plus.st a second look and revise their level of moderation (suspend, followers-only, quarantine, federated-timeline-removal, none) given the changes made on the instance. You may wish to preserve its current level of moderation. You may wish to reduce it. The decision is yours; I’m just providing new information.There’s more work to be done; it’s a process. Every week, I’m seeing plma.plus.st suspend more instances it used to be very close to. After a month of gradual improvement: I think it’s time that that some good instances re-federating with plus.st might catalyze positive change: for example, zen can receive reports and get feedback from people on other instances.That being said, I also understand that “there’s more work to be done” also means that the situation isn’t ideal yet. Don’t feel pressured to re-federate if you feel unsafe doing so. All I’m asking is that you give the instance a second look in light of changes.This is the first time I’ve felt comfortable making this kind of FediBlock retraction, because this isn’t the sort of change I’m used to seeing at all.#FediBlock
(DIR) Post #ARO0S9TedWb66ZhNpo by Seirdy@pleroma.envs.net
2023-01-04T23:06:47.349094Z
0 likes, 0 repeats
@alasaarela This isn’t Silicon Valley. We’re not trying to “innovate” or “scale” or “go mainstream”. We’re avoiding that culture. Granted, most of us aren’t opposed to the idea of going mainstream, but we’re not chasing that goal for its own end.The kind of growth I’m interested in is being welcoming to new marginalized users (e.g. those from BIPoC, neurodiverse, and queer communities). Venture capital, however, chases growth for a return on investment; this isn’t guaranteed to be in alignment with the extant community’s goals, and will likely come in conflict with time. The history of every “successful” VC-backed social media platform to date (Reddit, Twitter, Facebook, TikTok, etc) says as much.The protocols are open; you’re free to do what you will. I only ask that you loudly announce all instances run by people subscribing to your vision whenever you find them, so we can contain the spread.POSSE note from https://seirdy.one/notes/2023/01/04/against-chasing-growth/