Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)T

thesmokingman

@ thesmokingman @programming.dev

Posts
1
Comments
1008
Joined
3 yr. ago

  • Serious Linux vulnerability affecting nearly every system. Patch your systems.

    Jump

  • The only guaranteed fix is in the kernel. You’ll want to check your distro for the CVE. The disclosers very happily bring up all the distros affected but do not seem to have reached out to any of them to also patch. The CVE itself is still waiting for NVD analysis beyond its base score.

    I’m not actively saying they did anything wrong but I am saying they’re blowing smoke about responsible disclosure.

  • Serious Linux vulnerability affecting nearly every system. Patch your systems.

    Jump

  • I think you’re displaying a very big gap between understanding risk assessment and understanding task completion. So far I have not seen anyone say they would not complete the task. I have seen people complete risk assessment. Risk assessment does not mean I will not do something, it just reflects the urgency with which I will do it. Most self-hosted users can safely apply basic risk assessment to see, while the impact may be high, the likelihood is low. Obviously the likelihood increases the more hands off you are with, say, unattended container updates for things that can escape containers or access the underlying system. Should most self-hosted users literally drop everything, rush home, and apply the patch? No, basic risk assessment does not merit that. Should everyone apply the patch? Yes.

  • California Will Soon Have More Than 300 Data Centers. Where Will They Get Their Water? - Inside Climate News

    Jump

  • The Resnicks will just lease the water rights they stole and create more paper water as Wonderful rebrands to an AI company. Average people will lose the little water they actually have access to again.

  • Remote Code Execution in Forgejo?

    Jump

  • Your comment said Forgejo has a disclosure process. The article says the author went with a carrot disclosure after reading the disclosure process and making a value judgement. Because your comment only mentioned Forgejo having a disclosure process, not an evaluation of the author’s evaluation of the disclosure process, it made you appear as if you had not read the article.

    In your response to me calling that out, you offer an analysis. The author is lazy for using carrot disclosure over the defined disclosure process. That’s a valid take. I’m not going to disagree with that.

  • Remote Code Execution in Forgejo?

    Jump

  • I don’t think you read the article.

  • Billie Eilish on how she's making touring less terrible for the planet

    Jump

  • This is greenwashing. I really dig the food drive that fed people; she could have done more by not touring at all on basically every other front.

  • Removed Deleted

    Permanently Deleted

    Jump

  • This is 100% AI generated. This isn’t the community for that.

  • The perfect successor to Lost has been hiding from me for years.There are too many streaming services, which makes it easy to miss shows like From.

    Jump

  • I watched Lost as it aired. I started watching From last year. It is exactly like Lost. Every episode some crazy fucking plot line spins up. Every episode gets a grab bag of horror mystery trope. Every season ends on a cliffhanger. Every season does absolutely nothing to resolve anything. The world building is pretty neat and keeps expanding with all sorts of crazy detail. By now there are so many open questions it will take several biblical length novels to actually explain anything. Like Lost, I expect it to end with a dog.

    Don’t fucking watch it if you want any closure. There will be none. It is Lost.

  • Removed Deleted

    Permanently Deleted

    Jump

  • The copyright symbol is way more compressed than the signature and the bed lines seem more compressed than the faces. It’s plausible this is AI.

  • What would you do?

    Jump

  • Forgive me, I’m not super versed on Dewey’s mathematics ideas. Quick skimming of some articles and papers seems to suggest he was very practical and wanted kids to tie into the real world. How does that differ from the pink side? Both, to me, seem the opposite of classical logic training.

  • Why Flatpak Won and Snap and AppImage Didn't. - Cameron Knauff

    Jump

  • Doesn’t Ubuntu still ship with Snap? I don’t think Flatpak trumps that yet. It’s hard to say one of the other formats won when Canonical (or Fedora derivatives in the case of Flatpak) still mainline something else.

  • Removed

    Schools are using drones to stop mass shootings

    Jump

  • I might find this mildly interesting if the technology had been deployed during an active shooting and prevented it. As it stands, this is just a shitty advertisement for a shitty product that doesn’t address real issues and hasn’t been tested. Used to be you could pay some shadow marketers on Reddit for this kind of organic astroturfing. Kinda surprising it made its way here for free.

  • the state is terrorism

    Jump

  • Terrorism means doing bad things to normal people for political or religious reasons. I can’t really figure out why you wouldn’t call the OKC bombing or the Tokyo subway sarin attack or the Rajneeshpuram salmonella attack or the Dawson’s Field hijackings or the Toronto van attack terrorism just because the Minneapolis ICE raids are also terrorism. I don’t see any concession of terminology here at fucking all and I’m really curious to see how you justify that. The Weather Underground were terrorists responding to the FBI’s terrorism (among others).

    Is your argument that since the DoJ doesn’t think white supremacists like the ones that almost blew up a community in Garden City are terrorists anymore that those fuckers aren’t terrorists anymore? Or is it that because I want to call ICE terrorists I’m not allowed to call the Madrid train bombers terrorists anymore?

    I truly do not understand this perspective.

  • TIL Jeffrey Epstein may have held powerful influence over the nation's largest sex offender database via his ties to Leon Black

    Jump

  • This is exactly like the whole Lifetouch story. It beggars belief.

    Rackspace is, and has been, ISO 27001 certified. Part of that means they can’t directly access customer data. You didn’t link any documents covering the contract that “requires” Rackspace hosting; my base assumption is they’re normal contracts that define hosting for regulatory purposes. None of the documents you’ve linked show Apollo had access to Rackspace infrastructure much less encrypted customer data on Rackspace doesn’t have keys for. The pedo employee had CSAM which does not provide Apollo access to Rackspace infrastructure much less encrypted customer data Rackspace doesn’t have keys for.

    Just like with Lifetouch, if you can show that somehow the equity owners Apollo had direct access to the infrastructure of their investments and somehow managed to either hide or justify it during multiple security audits spanning a decade and somehow got access to customer encryption keys, it’s a possibility. I’m not even using Occam’s razor here; there’s genuinely nothing to even consider hanging a hat on here.

    On the other hand, if Leon Black had direct access to the company running the database, all bets are off. Law enforcement shit gets to sidestep audit shit in dumb ways. But if that were the case, we wouldn’t need Rackspace as the incredibly tenuous connection because he would have had direct access.

  • I'm struggling to think of any online services for which I'd be willing to verify my identity or age

    Jump

  • Absolutely valid. In the context of identity verification, I trust ID.me more than random companies that do not have government contracts because government contracts come with security and compliance regulations that require regular audit and make the chances of breach less likely. In either case, it’s a private company and, as any security nut would have told you, when it gets sold all bets are off like 23andme. Even more importantly, in the US, any kind of ID verification is a terrible idea, government or private, because we have no data regulation or privacy constraints. I call out the US here because we have no GDPR equivalent (CCPA wouldn’t hold up to federal data). Even if ID verification were conducted by the government, it can still be used for gnarly shit like we saw with ICE and DOGE.

    On a sliding scale of evil, ID.me is the evil I know will currently fight to continue remaining the only evil which is the only solace I have in the US.

  • I'm struggling to think of any online services for which I'd be willing to verify my identity or age

    Jump

  • The theme of this post is “what things online would I be okay giving my government ID to.” The author did not mention government services in the article, so I brought those up and differentiated which government services I think are reasonable for ID verification. In the US, social security is basically a retirement fund and a huge target for scammers. I’m willing to verify there or for my taxes (although those should just be done for me; different argument). A data portal eg census data is not something I am willing to verify my ID for because it should be public. US trademarks, for example, now require ID verification for an account. An account gives expands some access on the website and allows the ability to file. If I file a trademark, I am fine with verifying my identity. If I make an account, I don’t need to verify my identity until I file.

    I didn’t mention picture sharing websites because I agree with the author’s stance.

  • I'm struggling to think of any online services for which I'd be willing to verify my identity or age

    Jump

  • In the US it is becoming common for federal services to require ID.me verification. I’ve never really had a problem with social security requiring ID verification. I do have a problem with data portals requiring it.

  • NBC Interview abruptly ends after New Yorker blames private equity and landlords for the city's issues

    Jump

  • You and I are in agreement; the user I responded to seemed to be implying otherwise.

    Edit: I think it’s a bit strong to say it’s “a literal white supremacist talking point.” Your average boomer is going to mistakenly associate it with Voltaire. I think folks that are some level below terminally online have seen one of the many pieces pointing out its origin. Away from the author, it could stand on its own merits which is why “kids with cancer” is a funny response to it. In the US, at least, I haven’t seen a lot of discussion from the white supremacists who run the government on this quote which further makes me question if it’s a literal talking point. Perhaps you are aware of groups that are actively pushing it? If not, it’s a bit more reasonable to say what the first response in this thread said. Be careful.

  • NBC Interview abruptly ends after New Yorker blames private equity and landlords for the city's issues

    Jump

  • Why does that preclude it from being in the zeitgeist?

  • LinkedinLunatics @sh.itjust.works
    thesmokingman @programming.dev

    Hiring a technical archivist to be a technical architect really sets everyone up for success