Show newer
Sven Slootweg (soft-deprecated) boosted
*
Sindarina, Edge Case Detective

Little roundup of the news around the ‘xz’ supply chain compromise that I have seen so far;

arstechnica.com/security/2024/

bleepingcomputer.com/news/secu

redhat.com/en/blog/urgent-secu

lists.debian.org/debian-securi

openwall.com/lists/oss-securit

cisa.gov/news-events/alerts/20

This is unlikely to impact people who run stable or LTS versions of Linux distributions, but if you are on Fedora 41 or Rawhide, for example, it's worth checking for updates.

Same goes for Debian testing, and unstable.

1+
Sven Slootweg (soft-deprecated)

the xz backdoor, distro vetting 

Not to beat a dead horse, but this situation is exactly why I can't take arguments of "you should always use distro repos, they have been vetted and are safe, and avoid public registries" very seriously

0
Sven Slootweg (soft-deprecated) boosted
Pierre Bourdon

xz-utils was backdoored by its upstream. Tracked as CVE-2024-3094 and thoroughly documented by vuln discoverer Andres Freund on oss-security@: openwall.com/lists/oss-securit

0
Sven Slootweg (soft-deprecated)

@robinsyl I normally use Organic Maps which has quite good bike routing (uses OSM data), but due to a corrupted microSD card and some Android nonsense I'm currently unable to get it working :(

0
Sven Slootweg (soft-deprecated)

Got routed over a footpath thrice and through a closed dike path once, also for some fucking reason it made me go *around* a perfectly serviceable street

Show thread
1
Sven Slootweg (soft-deprecated) boosted
Njion the Cofftea Dragon ☕

That wonderful feeling when the professor in one of your classes is wearing an antifa t-shirt 🥰

0
Sven Slootweg (soft-deprecated)

Had to use Google Maps today due to circumstances and yep, their bike routing is still fucking awful

1
Sven Slootweg (soft-deprecated) boosted
Aby--not fast, just furious

#activism #anarchism #FuckRacism #FuckWhiteness #FuckWhiteSupremacy

0
Sven Slootweg (soft-deprecated)

about "compromising on values to grow a movement" 

One of the most frequent bits of advice I hear towards radical activist groups, is that they shouldn't be so demanding of people, and they should compromise on their values to have a broader reach.

Let's talk about why that strategy doesn't really make sense, when you think about it.

Now, let's start with the goal of such a movement: it's, usually, to 'shift the frame' in public debate, to change what is considered morally acceptable by a general public. For that, you only usually need a relatively small group of people to start with (think hundreds or thousands).

The unspoken assumption in the advice is that if you don't compromise, then there will simply not be enough people who agree with you, to create that change. But that assumption is not actually true!

So if you have the choice between "sticking with your values and reaching like-minded people", and "compromising on values and reaching people who don't really agree", the former makes a lot more sense.

This then sets into motion a gradual shift of the public opinion, which will slowly grow the group of like-minded people - and with it, the group of people interested in getting involved. All without any compromise on values!

In short: we don't actually *need* to compromise on our values, to reach our goal. That would only be helpful to instantaneously have broad reach while getting little done - but that is the goal of marketing companies, not of activists.

"But it's important to get criticism from people who think differently, or it'll be an echo chamber!"

First off, "echo chambers" in that sense do not exist - they are right-wing rhetoric, not some sort of social-scientific concept. Really. Go look for the origins.

Secondly, the values we're talking about here are values like equality and basic human rights like agency. We generally don't really care about the opinions of people who do not share those values, like transphobes or racists.

"But you might miss out on valuable criticism that way!"

This hides another unspoken assumption - that racists, transphobes, etc. are somehow uniquely qualified to provide criticisms that *nobody else* who isn't a transphobe, racist etc. would come up with.

I would invite you to sit for a bit and think about what you're implying with that, and what that means for your own worldview.

0
Sven Slootweg (soft-deprecated)

Food brands should be legally required to disclose the manufacturers and suppliers for their products

0
Sven Slootweg (soft-deprecated) boosted
Covid Safe Furs

We are pleased to announce that we'll be conducting basic fit testing at our upcoming panels at @lasvegasfurcon and #GSFC2024! Come wearing your favorite mask, and we'll see if we can detect any leaks - right at the panel!

We'll be using a simplified version of a real quantitative fit test procedure where we test whether you can taste a bitter or sweet solution through your mask.

If you'd like to get a fit test but can't make the panel time, reach out and we can find an alternative time!

#LVFC2024

0
Sven Slootweg (soft-deprecated) boosted
proto ◇

new blog post! "A Brief Survey of Alternative Search Engines"

proto.garden/blog/search_engin

1+
Sven Slootweg (soft-deprecated) boosted
Dee :heart_nb:

you wouldn’t know her. she’s from a different nix store.

0
Sven Slootweg (soft-deprecated)

@ipg @Rairii@fedi.nano.lgbt @nano@fedi.nano.lgbt I feel like "malicious intent" is a very poor qualifier for this (it's vague, nominally subjective, hard to determine, ...) and "without consent" is much more appropriate.

0
Sven Slootweg (soft-deprecated)

I wonder what would happen if there were an easy-to-install automatically-synchronized blocklist of LLM scrapers that functioned on a webserver level

1+
Sven Slootweg (soft-deprecated) boosted
mei | fully hingeless architecture now in production
I don't know why Deutsche Bahn insists on sending you a physical card when you register for their loyalty program accumulate points scheme, but they do

and considering they don't charge for this, the magnetic strip on this thing outperforms literally everything on $/byte
0
Sven Slootweg (soft-deprecated) boosted
Autigirl Steph :neobot_flag_trans:

Have any other transfems noticed their startle reflex increasing since starting HRT? I feel like I used to never startle from anything, but now I'll jump at something like the doorbell ringing. /gen

#AskTransgender

0
Sven Slootweg (soft-deprecated)

Does anyone have a userscript or something for Mastodon, that lets me auto-CW any posts from specific accounts?

0
Sven Slootweg (soft-deprecated)

@eloy @noracodes (More generally, the perspective of a company is not going to be one of responsibility, like in your post, but one of entitlement or exploitation - which is why "supply chain" to them means "what do we get out of it", and not "what responsibilities do we have here")

0
Sven Slootweg (soft-deprecated)

@eloy @noracodes In commercial circles, "supply chain" is often taken to imply an obligation on the part of the supplier to continue providing services reliably, and I suspect that that's the rationale behind this post

1+
Show older
Pixietown

Small server part of the pixie.town infrastructure. Registration is closed.

Resources

Developers

What is Mastodon?

pixie.town

  • About
  • v3.5.19patch-2024-07-04

More…

v3.5.19patch-2024-07-04 · Privacy policy