On one hand I think it's naïve to expect that all medicine and disability care can be as straightforward as diy hrt but also I think there's definitely something to be sought out there with the kind of independence it affords us
uspol and election meta
Serious question: do you *need* to follow the elections in the US?
Don't get me wrong, you should do your part and do what you can to prevent a disastrous outcome. But you also need to recognize where "what you can do" ends, and where the doomscrolling loop begins.
We all know how bad things could end up being after this election, we're all aware. Reading up more on analyses and predictions is unlikely to improve our understanding, and even less likely to result in a concrete action that we can take against it - at least, one we didn't already think of.
Maybe it's better to just... detach from it, if you are not actively working on it already, let the chips fall where they may, and instead put your energy into building a sustainable society going forward, with or without the systems currently in place.
There are a lot more productive things you can do with your time and energy, than worrying more about something you already know is bad. And for a lot of those possibilities, it just doesn't really matter what the outcome of this election is.
✏️ Mark your calendars! In just two weeks, I’ll be offering a free Krita workshop (in French) at Capitole du Libre 2024. This session will be a perfect blend of exploring Krita’s features and sharing valuable drawing tips. I can’t wait to see you there and create together! 🎨
More info: https://cfp.capitoledulibre.org/cdl-2024/talk/KLHKLR/
CW-boost: election manipulation
okta vulnerability, grumbling about security (2)
I will give Okta a tiny bit of credit for having used a cryptographic hash for their cache, which is something that many people get wrong. But that doesn't really help you if you then use the *wrong* cryptographic hash...
okta vulnerability, grumbling about security
Another year, another critical vulnerability in Okta's infrastructure - an authentication bypass for users with long usernames, this time.
They ran up against bcrypt's input limit. You know, exactly the kind of footgun that causes people to recommend "don't try to roll your own authentication, outsource it to experts". Like... Okta. Who used bcrypt. And did it wrong.
I would really like for people to stop recommending external authentication providers. It's not actually *that* hard to implement authentication correctly for the vast majority of cases, if you take some time to read up on how to do it. Outsourcing isn't the answer here.
I find myself wishing on a daily basis that I had built @bitfolk database as postgres from the start instead of MySQL (now MariaDB).
Don't be like me. If your new thing needs a relational DB, Just Use Postgres.
Just after posting this I lost 3 hours of my life to MariaDB's unhinged and cursed "utf8 charset/collation isn't really utf8" nonsense.
It's 1214 days since I filed a React Native bug because an external keyboard user on Android cannot get focus into a text input field so can't fill in forms. No-one cares. Except people with access needs, of course. https://github.com/facebook/react-native/issues/31820
Tyre mobility kit (spare tyre substitute) says to read the manual for instructions. We check the manual. Not under Tyre. Not under Puncture. Not under Tyre Mobility Kit. Not under Flat.
It's under I. For 'If'. Of course.
LB (https://phpc.social/@elazar/113402568468392900)
Please, as an absolute minimum to participate in society,
*Mask if you know you're sick*
Absolute. Bare. Minimum.
Opinie: Wrang dat postcovidcentra ME-patiënten weren https://www.volkskrant.nl/columns-opinie/opinie-wrang-dat-postcovidcentra-me-patienten-weren~b9b34816/
Trans people! I want to hear your coming-out stories (both to yourself and to others) that didn't fit the usual stereotypes and expectations. I want to hear about wrong assumptions that hurt you and made you repress even more.
Figuring out one's gender identity outside of the "wanted to be a girl in early childhood" and the "cross-dressing realization at Halloween" stories can be pretty lonely. So let's light some lights for our baby queers together
Technical debt collector and general hype-hater. Early 30s, non-binary, ND, poly, relationship anarchist, generally queer.
- No alt text (request) = no boost.
- Boosts OK for all boostable posts.
- DMs are open.
- Flirting welcome, but be explicit if you want something out of it!
- The devil doesn't need an advocate; no combative arguing in my mentions.
Sometimes horny on main (behind CW), very much into kink (bondage, freeuse, CNC, and other stuff), and believe it or not, very much a submissive bottom :p
My spoons are limited, so I may not always have the energy to respond to messages.
Strong views about abolishing oppression, hierarchy, agency, and self-governance - but I also trust people by default and give them room to grow, unless they give me reason not to. That all also applies to technology and how it's built.