@uncanny_static@chaos.social
@uncanny_static@chaos.social avatar

uncanny_static

@uncanny_static@chaos.social

math | code | make | music | love | repeat

This profile is from a federated server and may be incomplete. Browse more on the original instance.

uncanny_static, to random
@uncanny_static@chaos.social avatar

Going home now. Exhausted, but super sad that the GPN is over.

uncanny_static,
@uncanny_static@chaos.social avatar

This has been my first chaos event. I had expected a bunch of interesting and nerdy stuff, but I was not expecting to meet so many queer folks and such a colorful event. So wholesome vibes everywhere. โค๏ธ๐Ÿงก๐Ÿ’›๐Ÿ’š๐Ÿ’™๐Ÿ’œ

uncanny_static,
@uncanny_static@chaos.social avatar

I would say that the quiet hackcenter was a big success. It was filled most of the time. So I guess even neurotypical folks enjoy a quiet space to retreat for a while. I wish, more events would offer those.

uncanny_static,
@uncanny_static@chaos.social avatar

@ljrk โค๏ธ

uncanny_static,
@uncanny_static@chaos.social avatar

@ljrk Here too. For a train that was announced to have an "exceptionally high demand" it is surprisingly empty. Like, only half the seats taken.

uncanny_static, to random
@uncanny_static@chaos.social avatar

My shirt for the day. โค๏ธ

grueproof, to random
@grueproof@fosstodon.org avatar

If you canโ€™t get to it without an app or account, itโ€™s not a podcast.

uncanny_static,
@uncanny_static@chaos.social avatar

@grueproof Yes! ๐Ÿ‘ And on top of that: if it does not have an RSS feed, it is not a podcast. ๐Ÿ™ƒ

PixelPerfectEngine, to gamedev
@PixelPerfectEngine@peoplemaking.games avatar

Can someone help me in middleware development?

How do I stop my own windows (the one with the giant X) from looking like they're out from the early 2010's? I really want to throw out SDL from my engine ASAP.

uncanny_static,
@uncanny_static@chaos.social avatar

@PixelPerfectEngine What do you mean? What is the issue?

scy, to random
@scy@chaos.social avatar

What's the first music video you remember seeing?

For me, it's Eurythmics' "Here Comes the Rain Again", must've been something like 1988.

uncanny_static,
@uncanny_static@chaos.social avatar

@scy Well... Must have been some sort of Euro Dance on Viva. People dancing in front of 90s flashing backgrounds. The first one that really stuck with me, tough, was Linkin Park's "In the End".

jacqueline, to random
@jacqueline@chaos.social avatar

is there any easy way on mastodon to find out if i've already asked someone about something in a dm?

uncanny_static,
@uncanny_static@chaos.social avatar

@jacqueline Ask them and if they complain that you have already asked that question you probably did. ๐Ÿ˜‰

uncanny_static,
@uncanny_static@chaos.social avatar

@jacqueline ๐Ÿ˜‚ ๐Ÿคทโ€โ™€๏ธ

uncanny_static, to openSUSE
@uncanny_static@chaos.social avatar

Unfortunately, openSUSE Tumbleweed already includes version 5.6.1 of liblzma. Hence, if you are using Tumbleweed, your system might already be affected.
https://www.openwall.com/lists/oss-security/2024/03/29/4
#openSUSE #Linux #liblzma #lzma #xz #ssh #infosec

uncanny_static,
@uncanny_static@chaos.social avatar

OpenSSH in openSUSE also seems to be patched to link to libsystemd, thus linking to liblzma. Hence, Tumbleweed should be affected. ๐Ÿ˜”

scy, to random
@scy@chaos.social avatar

Eek. Apparently liblzma (part of the xz package) has a backdoor in versions 5.6.0 and 5.6.1, causing SSH to be compromised.

https://www.openwall.com/lists/oss-security/2024/03/29/4

This might even have been done on purpose by the upstream devs.

Developing story, please take with a grain of salt.

The 5.6 versions are somewhat recent, depending on how bleeding edge your distro is you might not be affected.

#liblzma #xz #lzma #backdoor #ITsecurity #OpenSSH #SSH

uncanny_static,
@uncanny_static@chaos.social avatar

@scy Sorry, I am not buying this argument. Instead of using the official systemd library, developers should default to implementing their own version of a systemd-specific lowlevel socket protocol?

uncanny_static,
@uncanny_static@chaos.social avatar

@scy But why do you expect people to know that? The page you linked lists a bunch of C functions at the top. And people should know that they should ignore those and rather lookup the protocol and implement it themselves?

uncanny_static,
@uncanny_static@chaos.social avatar

@scy I am not saying that this attack has been solely enabled by systemd. Far from that.

However, I think it was a contributing factor. When you are interfacing with another piece of software the standard approach is to look for the official libraries and use them, if they exist. In this case, however, this drastically increased the attack surface. 1/3

uncanny_static,
@uncanny_static@chaos.social avatar

@scy Developers, in general, are not systemd experts and I do not think that they should be expected to know the inner workings of a systemd-specific protocol, even if it is that simple. Using the official library that implements such a basic functionality should not create a large attack surface. 2/3

uncanny_static,
@uncanny_static@chaos.social avatar

@scy IMHO, one of the lessons to be learned here is that such a functionality should be provided by a library that is as simple and small as possible, and not expect people to implement the functionality themselves despite there being officially supported libraries for that. That is just not how people work and "roll your own" is usually considered bad practice. 3/3

jacqueline, (edited ) to random
@jacqueline@chaos.social avatar

did you ever go to lan parties?

uncanny_static,
@uncanny_static@chaos.social avatar

@jacqueline Carrying CRTs around was such a pain. There was always someone who had to reinstall their system... but yeah was on quite a few.

luis_in_brief, to random
@luis_in_brief@social.coop avatar

๐Ÿ”ฅ itโ€™s a core mistake of the movement that OSI (and maybe Creative Commons, though it is differently situated) emphasized licensing so disproportionately over community in the early 2000s.
https://hachyderm.io/@mattdm/112134152636307431

uncanny_static,
@uncanny_static@chaos.social avatar

@luis_in_brief Regarding free (libre) software, the license was always just a tool to ensure the freedom of the users. My take on this is that the internet (especially SAAS) changed how we consume software and the free software movement never really caught up. There is the AGPL, but it is still possible to create vendor/hoster lock-in with AGPL software.

uncanny_static,
@uncanny_static@chaos.social avatar

@luis_in_brief That was a very interesting read. After using free software almost exclusively for years, I recently bought a piece of (kinda expensive) software, and even though it is not free software, it gives me the freedom to do creative work that would be difficult for me to do without it. I do not like the vendor lock-in that comes with it, but the alternative would be not doing what I love.

ambergrey, to random
@ambergrey@mastodon.social avatar

If you were only bringing one synth keyboard with you on stage to perform, what would you bring up there? Iโ€™m asking because I have a vision of me, my guitar, and a stage synth I could stand near and use on and off. It would have to also carry some nice analog piano sounds at times. Not sure if itโ€™s possible to do unless itโ€™s a midi controller with laptop. But itโ€™d be so cool if it was a standalone analog unit. The simplicity appeals. :blobcatcoffee: #GearSquad

uncanny_static,
@uncanny_static@chaos.social avatar

@ambergrey Uh... So if it had to be a Synth I own, it would be my trusty microKorg. (Does not do piano sounds, though.) If I had the cash (and storage space), I would reach for a Roland Phantom or Yamaha Montage (or the chaper Yamaha MODX).

tomw, to random
@tomw@mastodon.social avatar

The trouble with "enshittification", apart from the misuse of the word everywhere, is that platforms don't start off "good/useful" and then "enshittify". They start off as skinner boxes that give out rewards and end up as skinner boxes that have stopped giving out rewards. It is very silly to believe that the skinner box in its initial state is benevolent.

uncanny_static,
@uncanny_static@chaos.social avatar

@tomw I feel like, you are right, when talking about social media, but I think there are platforms that actually start out as useful and become worse and worse. Amazon, e.g., used to be really useful. (It kinda is still useful, but trying to find a good product there is a mess.) I would not say, delivering a book that I ordered is "giving out rewards".

scy, to random
@scy@chaos.social avatar

I absolutely did not expect this, but I guess I'll be singing in the track I'm currently working on ๐Ÿ˜ณ

uncanny_static,
@uncanny_static@chaos.social avatar

@scy Go for it! ๐Ÿ”ฅ

18+ scy, to random German
@scy@chaos.social avatar

Mir geht der inflationรคre Gebrauch von ML-generierten Bildern in Toots, die nichts anderes tun als den Toot zu dekorieren, zunehmend auf die Nerven.

Es frisst Bandbreite, Storage, Platz in der Timeline, und ach ja, scheiรŸt auf die Rechte von sowieso massiv unterbezahlten Kรผnstler*innen.

รœberlege, solche Leute in Zukunft zu muten und frage mich, ob nicht sogar ne Policy angebracht wรคre, dass "KI"-Bilder als solche kenntlich gemacht werden mรผssen.

uncanny_static,
@uncanny_static@chaos.social avatar

@scy
Ich finde diese AI-Bilderschwรคmme auch nervig. Ich habe jetzt aber auch schon mehrfach gesehen, wie Kรผnstlern unberechtigterweise die Nutzung von AI unterstellt wurde. Solche Policies ziehen auch immer Leute an, die dann Polizei spielen. Frage mich, ob das dann nicht mehr schadet als nutzt.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • โ€ข
  • JUstTest
  • kavyap
  • DreamBathrooms
  • cisconetworking
  • khanakhh
  • mdbf
  • magazineikmin
  • modclub
  • InstantRegret
  • rosin
  • Youngstown
  • slotface
  • Durango
  • tacticalgear
  • megavids
  • ngwrru68w68
  • everett
  • tester
  • cubers
  • normalnudes
  • thenastyranch
  • osvaldo12
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •