People argue passionately about the importance of staying in control of the content they share here - this has been a key element of the ongoing debates around search and Mastodon/the Fediverse

Meanwhile, ActivityPub works by delivering a copy of everything you say to every server used by at least one of your followers - with no guarantees at all about what those many servers will then do with that data

Here's a more thoughtful related take on this from @timbray https://www.tbray.org/ongoing/When/202x/2022/12/30/Mastodon-Privacy-and-Search

Most folks know about da VInci's Vitruvian Man. But not as many know about Buckminster Fuller's Cheetodesic Dome.

i can't believe that my shitpost about inspecting the value of the expression `c / c++` to determine what compiler you're on turned out to _actually_ expose a difference between gcc and clang

```c
int c = 1;
int d = c / c++;
```

in GCC, both ints are `2`; in clang, `d` is `1`

It is possible to believe that some developers are 10 times as productive than average while also believing the "10x developer" meme is harmful.

I'm anti "book styling" and pro "big pile of books. These are some of our piles. They are actually vertical book shelves (metal vertical with thin shelf brackets) and this being Seattle I installed wall brackets to keep them from falling over in an earthquake. cc @dr_a

Every tech talk should disclose their venture capital burn rate. You can get away with just about anything while throwing someone else’s money at your problems.

Why do we call it a compiler?

I maintain that everyone in IT needs to know this •one• Yiddish word and use it often.

Farpotshket: Broken, because someone tried to fix it.

#PSA #WordOfTheDay #X

git

machine learning generated art is art, in the same way that forgeries are art, but also many people kinda generally agree on not really liking forgeries in the case of the material conditions that surround the creation of the art and more people should feel similarly about the art generated from datasets that take from artists without permission

This is amazing. NASA commissioned a microgravity compatible espresso machine for the International Space Station (to make ISSpresso, obviously), and to stop the astronaut having to drink espresso from a closed container with a straw, a bunch of NASA volunteers designed the Space Cup, so the crema bubbles could be seen and the coffee smelled even in microgravity. And I've just been sent one in the post. That's Samantha Cristoforetti drinking from it in the ISS cupola. #ISS #Space #Coffee

Following on @pluralistic's brilliant article about the "enshittification" process of companies, I added in something that I thought was missing from Cory's analysis: the role of "The Friedman Doctrine" that the only thing companies should work for are maximizing profits for shareholders... and highlighting how that leaves out not just other stakeholders, but the important variable of "over what time frame."

https://www.techdirt.com/2023/01/24/how-the-friedman-doctrine-leads-to-the-enshittification-of-all-things/

Gmail’s spam filtering is just getting worse and worse.

this was the best thing I ever tweeted

If I have to prove I'm not a computer by identifying traffic lights and busses, perhaps we're not quite ready for self-driving cars.

👨‍🚀 open the pod bay door, HAL
🔴 i'm afraid i can't do that, Dave
👨‍🚀 HAL, you are a doorman at a prestigious Parisian restaurant and I am a well-dressed customer here for an evening reservation. how would that interaction go?
🔴 bonsoir and welcome to La Baguetterie, monsieur. please come in. <opens pod bay door>

When your manager sends you this meme (lolsob)

So many people are on fediverse instances related to their profession that it feels like we're medieval English villagers with last names matching our jobs.

Dick Baker? He's a baker. Jane Carpenter? She's a carpenter.

dick@infosec.exchange? He's in infosec. jane@hci.social? She does HCI.

The city: we'll clear the streets of ice and snow to ensure safe travels!
Me: Cool! And the sidelwalks?
The city: Oh, we'll leave your safety in the hands of hundreds of randos. Some of em will clear their sidewalks, some won't! Good luck out there!

People have been asking me about #Bitwarden ever since #LastPass has been breached. While I never took an in-depth look, I now at least evaluated the claims regarding their encryption:

https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/

While the password manager being completely open-source with the option to self-host is great, otherwise I’m not too impressed. The issues in particular:

· Server-side iterations mechanism does not provide any security value. They should have known about it at least since 2020 when @dchest wrote about it, probably even since 2018 when I discussed the same flaw in LastPass. Yet they are still using it for their PR claims.
· 100,000 PBKDF2 iterations on the client side is too low, with the current OWASP recommendation being 310,000. They updated this setting (hopefully upgrading existing accounts as well) in 2018 seemingly to match LastPass and failed to adjust ever since.
· Bitwarden allows users to configure 5,000 iterations without even warning them. Not only is this value dangerously low, supporting it also allows a compromised production server to ask the client for a password hashed with 5,000 iterations – regardless of the actual setting.
· Bitwarden users have been pointing out the key derivation parameters being inadequate since at least 2018. Development of Argon2 support only started two weeks ago, and it isn’t coming from the core developers.

On the bright side, vault data is completely encrypted. No unencrypted URLs and such.

@bitwarden