Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)I

ISO

@ ISO @lemmy.zip

Posts
1
Comments
61
Joined
9 mo. ago

  • Fuck Github, Microsoft has made it impossible to create an account without linking to hardware or phones

    Jump

  • You're missing the point. Every project has core team/developers. They (the passer-bys) are the most valuable by being the added value, the differentiators that close-source and the (neu) closed-platform open-source projects can't have.

    It is valid that a developer (or developers) of some projects may not want any kind of feedback, and just want to do their own thing. But the original "social coding" platform is not exactly the best fit for such projects.

  • Fuck Github, Microsoft has made it impossible to create an account without linking to hardware or phones

    Jump

  • That's a weird outlook. I would postulate that (pseudo-)anonymous passer-bys are collectively probably the most valuable contributors to open-source. That one random well-researched easily-reproducible obvious-in-hindsight issue or patch that makes you go wtf.

    Annoyance would come from people who would create a "community" construct in the first place, even if it didn't exist or was needed, just to be a busyworking "member" of. And those types often wouldn't mind identifying themselves, if not for everyone, for a host like GH.

    Recently, I've been frequenting an "anonymous" old platform or two which are nowhere near their peak, and have a very high ratio of pure drivel, just in hopes of running into the random anonymous passer-bys of old mentioned above. Passer-bys who would never come near the M$/AI ID-requiring enshitified GH of today. And what do you know! I've seen issues (mostly performance ones) show-cased related to a couple of tools I contribute to, that neither I nor the upstream developers knew about.

    Anyway, what I was actually hinting at is that online communication existed for a long time before ID-centric social media came into the scene. This even predates the web itself (newsgroups ...), and it wasn't exactly an unmanageable wild west. Most spaces in fact were much nicer than the ID-centric social media platforms of today.

  • Fuck Github, Microsoft has made it impossible to create an account without linking to hardware or phones

    Jump

  • What do you think the internet was like pre-Facebook?

  • Fuck Github, Microsoft has made it impossible to create an account without linking to hardware or phones

    Jump

  • Serious question, how old are you?

  • Making WebAssembly a first-class language on the Web – Mozilla Hacks - the Web developer blog

    Jump

  • Let's take Lemmy UIs as an example. In a world where this "RCE" is removed, all API calls and returned data would have to go through a "server client" first. I hope this won't take you long to ponder if that's an improvement or not 😉

    The web is indeed shit. But dumber web means more "clouding", or if it's not "clouding", and to borrow from your reductionist fatalism: Dumber web replaces a potential RCE with a definite MITM.

  • Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app

    Jump

  • f-droid represents a distro model with a trust model and certain requirements including build ones. Think of it as the Debian of Android.

    When f-droid support is mentioned, it's not a question of mere APK availability. All APKs after all are available if you know where to look. And it just happens that f-droid compatible 3rd party repositories already exist without the strict requirements (e.g. IzzyOnDroid).

    Beyond warring against any kind of third party build (don't let me get started on forks), Signal uses google services dependencies, so it's not just about the source of the binary APK. Note that whether these dependencies are hard, or "just!" a default, is not that relevant in my books (this is an active point of contention across many many apps).

    This insistent attempt at defending this blessed supposedly secure messenger seems infinitely weirder than what any fanperson of any other app can muster! I put imaginary hypotheticals that don't even understand the point of f-droid, like "it is perfectly capable of enshittification" into that bracket. The continuous attempt at painting a false binary of Signal and Telegram is even more pathetic.

  • Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app

    Jump

  • google-play requirement/lack of f-droid is an immediate disqualifier.Is that simpler for you to grok?I hope your failed attempt at red-herring is accidental, and stems from lacking the ability at basic logical understanding.

  • Signal Founder Moxie Marlinspike: Telegram is not private. There is nothing private about it. They've done a really amazing job of convincing the world that this is an encrypted messaging app

    Jump

  • At least Telegram was always available via f-droid. And good forks are also available, like the self-documentedly named Forkgram ;) Not to mention third party apps.

    Signal never was, and moxie is the primary reason why the supposed secure messenger failed what amounts to literally this first requirement. This is also the reason why people were looking for other options like Wire, which eventually did deliver f-droid support, but they took their time, and by the time they did, most of the early "hype" was already dead.

    I didn't care for anything moxie had to say since, as the stench was already too strong. Celebrating his contribution to "secure" messaging in WhatsApp later was the shit-smelling cherry on top. And anyway, the last time I checked, moxie is not even involved with Signal anymore, and it has been in the hands of board suit types, some with public questionable past, for a while.

  • crates.io: an update to the malicious crate notification policy

    Jump

  • Good move, removing some incentive from the security theater industry to exaggerate, or even manufacture, problems then "solving" them, while gaining some free ad space and "credibility" in the process, which is something I already pondered in a previous thread that had a bad smell.

  • Rust Coreutils 0.5 Released - Inching Toward Full GNU Compatibility

    Jump

  • They are certainly a member of the community.

    There is no "community". The GPL itself was explicitly created for the freedom(s) of the individual. The faux-"community" is just an attempt to create an "identity" in hopes of encouraging people to contribute, or at least advocate. And many projects don't even like being advocated for outside of potential contributor pools (a few hate any level of advocacy outright).

    Incidentally, liberally licensed software, on average, tend to value adoption at least as much as direct contribution, and thus would usually appreciate advocacy more.

    is a political decision

    Or a practical one, or ..

    Everything can be argued to have a political aspect to it. But what people (often non-contributors) have in mind ignores many relevant technical/practical aspects that may play a role.

    that empowers corporations

    Open-source license choice is practically near the bottom of an endless list of things that actually empower corporations. Most of the empowerment comes from the inherent nature of the system, which is something software licenses, GPL included, don't even pretend to try to fix.

    But that's not why I asked.

    Do you know how many liberally licensed essential packages are installed in your system right now, and can you name them? From my experience, most of the people who quibble about this don't and can't.

    * Not that it matters, but I personally use AGPL or MPLv2 for my own stuff.

  • Rust Coreutils 0.5 Released - Inching Toward Full GNU Compatibility

    Jump

  • Are you a (potential) contributor?

  • crates.io: Malicious crates evm-units and uniswap-utils

    Jump

  • I didn't. And I was specifically referring to the published "analysis".

    How do we know the supposedly malicious content (which hasn't provably affected a single person) a security company finds, didn't originate from that same company?

    • Crates NO ONE uses or ever used.
    • "with over 7,000 all-time downloads" immediately mentioned to make it sound like the above is not the case.
    • Our "AI" found a malicious base64 (wow, very fancy)!
    • Muh supply chain!
    • bla bla China bla bla

    It all sounds like a joke, and a lazily written one at that (Edit for fairness: the ctor part was a nice touch tbf).

    And this is not limited to this analysis, or this company, or the Rust ecosystem. The era of CVE logos and all that theater can become rather tiring, and AI slop took the silliness to a whole other level. Or as our friend Daniel puts it, it's a "Death by a thousand slops".

  • crates.io: Malicious crates evm-units and uniswap-utils

    Jump

  • Maybe it's a bug, but my false flag alarm bells are ringing loudly here. Although to be fair, they always do that whenever they get a whiff of anything from the modern security theater industry.

    Or maybe my mind is wrongly biased towards applying a "Problem - Reaction - Solution" reading to many "commercial" moves.

  • Rust For Linux Kernel Co-Maintainer Formally Steps Down

    Jump

  • Super-human claims require evidence. And asking for that evidence is not an insult.

  • Rust For Linux Kernel Co-Maintainer Formally Steps Down

    Jump

  • I think it's time for this instance to consider introducing a filter where users have to choose a language they know (any language), and then have to answer easy questions about it (in a specific way), before being able to post here.

    It can be limited to specific posts, to limit the false-negative filtering of genuine discourse.

    This should help with bots, or worse, actual humans who accepted being shaped into acting like ones. The line separating the two has become very thin anyway, given the prevalence of LLM use, both automatic AND manual.

  • Rust For Linux Kernel Co-Maintainer Formally Steps Down

    Jump

  • Can you point to relevant non-trivial public work of yours that has zero CVE's?

    The more you learn and know, the more you refrain from making such statements. This is universally applicable, and not limited to C or programming. And that's what makes your "story" suspect.

    Or maybe it's a reading comprehension issue.

    I used to write non-trivial C code myself btw.

  • Is the FOSS world in danger of a corporate takeover, thanks to pushover licenses?

    Jump

  • It is guaranteed those who talk about this have ZERO clue about the licenses of the software they directly use, or have been always installed on their systems.

  • How to Set-Up a Remote Desktop experience on Wayland with wlroots, pipewire, remote file access and everything encrypted with SSH; No root required

    Jump
    • SSH is bloat when you can have an efficient wireguard P2P connection.
    • Does waypipe support input (keyboard+mouse)? because if it doesn't, it's kind of useless. you might as well just use ffmpeg with kmsgrab (provided that the pixel format the compositor uses is supported).

    I have no intention of switching to wayland, but I did try wayvnc a couple of times. The first time it was very buggy. The second time it seemed to have improved. But I see now that it isn't actively developed anymore!

  • sudo-rs Affected By Multiple Security Vulnerabilities - Impacting Ubuntu 25.10

    Jump

  • Rust has features that are not directly related to memory safety, but introduce paradigmatic and ergonomic improvements that help writing correct logic more often. Features like sum types (powerful enums) and type classes (traits, how generics are implemented) quickly come to mind. Hygienic macros and procedural macros are also very powerful features.

    Sometimes the two aspects (language feature and memory safety) come together. For example, the Send and Sync traits is the part of the type system that contributes to implementing thread safety.

    So it's not all just about (im)mutability, lifetimes, and the borrow checker, the directly relevant safety features.

    Also, the tooling and the ecosystem are factors the value of which can not be understated.

  • Programming.dev Meta @programming.dev
    ISO @lemmy.zip

    How come this instance is often intermittently unreachable?