@lispi314@udongein.xyz
@lispi314@udongein.xyz avatar

lispi314

@lispi314@udongein.xyz

Hi, I'm Lispi, Lisp (Technomancer) Wizard (to eventually be).

You might know me from @lispi314

I like Free Software, #Emacs and resilient computing a lot.

I also like anime girls, animes with cute girls doing cute things and artwork with them too. Cute stories are good too.

Some Pins:

Software and Assumed Privilege, common problems: https://mastodon.top/@lispi314/111253066257920146

Writing Privacy-preserving software & services 101: https://mastodon.top/@lispi314/110849018589421824

#Kopimism #FreeSoftware #CommonLisp

This profile is from a federated server and may be incomplete. Browse more on the original instance.

whitequark, to random
@whitequark@mastodon.social avatar

reverse-engineering the software for my wireless headset when suddenly, jumpscared by lisp?

lispi314,
@lispi314@udongein.xyz avatar

@foone @whitequark It is interesting, though I wonder why not just use an embedded Scheme.

18+ puppygirlhornypost, to random
@puppygirlhornypost@transfem.social avatar

you know, I don't feel bad for anyone caught in the self driving car shenanigans. The smart people will use it to get metrics for a variety of sensors that can improve road safety, a lot of the telemetry gathered by self driving car tests has been really cool. https://www.youtube.com/watch?v=ridS396W2BY Volvo for instance does a lot of cool things in regards to experimental safety devices. If you're still working at Tesla with its misleading marketing regarding FSD which is just a fancy driver's assist... I mean don't get me wrong I feel bad for all of the tesla employees that got shafted after https://en.wikipedia.org/wiki/Tesla,_Inc. elon's acquisition. I feel bad for those hardworking engineers who put in the effort to make a reliable car, and who didn't get a say in what Elon marketed the cars as.

One of the things I've always found fascinating was the discussion regarding the philosophy of "What should our self driving car do if there is a choice between killing a family of 5 or killing the driver". I mean, for starters that's not really a solved problem, people have differing opinions on that. Maybe, and this is crazy you wouldn't have been in the position to "solve" that problem if you didn't create it in the first place. All of these philosophical debates about something that genuinely can happen in the real world and must be prepared for because nobody wants to be used as an example by regulatory bodies of what not to do. Yet Tesla seems pretty damn insistent on being a leader of industry, teaching people the mistakes not to make and losing a bunch of trust.

lispi314,
@lispi314@udongein.xyz avatar

@puppygirlhornypost @Duncan > Diesel electric is a fucking incredible power train. Diesel electric locomotives are so powerful. Yeah that doesn’t solve emissions but making things more efficient, trains don’t have these grippy tires that drag em down.

Railway electrification really should be considered one of the most basic steps in infrastructure too. We're not in 1880 anymore.

lispi314, to random
@lispi314@udongein.xyz avatar

Swap leading to sticky-keys-like behavior. :/

winter, to random
@winter@translunar.academy avatar

launching your enemies into the Sun:
>extremely difficult, most of y'all do not grasp just how daunting a task this is. no existing launch vehicle could accomplish this
>you either give them months of food provisions for the journey (who can afford that?) or else they starve to death long before reaching the Sun and then what was even the point? you could have starved them to death on Earth
>you can't eat the rich if you are converting them into plasma at the bottom of the biggest gravity well around
>they get to forever be remembered as the first humans to travel to the Sun

marooning your enemies on the Moon:
>doable with existing Artemis hardware plus a halfway functional Lunar lander which at least one of the passengers can willingly provide
>they have to stare hopelessly at the distant Earth they know they can never return to
>once any part of life support fails, will boil alive or freeze to death depending on time of month
>bodies will be perfectly preserved, a feast for the first actual Lunar colonists later
>not the first to go there so history will forget their names

lispi314,
@lispi314@udongein.xyz avatar

@winter @whitequark > bodies will be perfectly preserved, a feast for the first actual Lunar colonists later
lmao

simontatham, to random
@simontatham@hachyderm.io avatar

We've released version 0.81. This is a SECURITY UPDATE, fixing a in ECDSA signing for .

If you've used a 521-bit ECDSA key (ecdsa-sha2-nistp521) with any previous version of PuTTY, consider it compromised! Generate a new key pair, and remove the old public key from authorized_keys files.

Other key types are not affected, even other sizes of ECDSA. In particular, Ed25519 is fine.

This vulnerability has id CVE-2024-31497. Full information is at https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html

lispi314,
@lispi314@udongein.xyz avatar

@simontatham @indigoparadox If I understand from skimming the link, this solely affects PuTTY (on Windows) and /not/ other implementations of SSH, right?

mia, to random

girl who is as stable as her linux desktop

lispi314,
@lispi314@udongein.xyz avatar

@mia Arch girls vs Debian girls. A few seconds in the future or rehashing the memes of years past.

whitequark, to random
@whitequark@mastodon.social avatar

DMA-chan, the moe personification of a standalone bus initiator in a System-on-Chip ASIC

lispi314,
@lispi314@udongein.xyz avatar

@whitequark @niconiconi Moments when I wish I had bothered to get good at art.

jackiegardina, to journalism
@jackiegardina@awscommunity.social avatar

Meta blocked a story critical of its climate change ad policies on all of its platform. An independent journalist asked permission to repost the story verbatim on her substack. It was blocked too.

Here it is.

https://www.thehandbasket.co/p/kansas-reflector-meta-facebook-column-censored

lispi314,
@lispi314@udongein.xyz avatar

@msh @jackiegardina So... won't people just start using the Chinese answer to that (putting text in images to bypass the filter, as well as euphemisms galore)?

niconiconi, to random

"package maintainers"? more like "software librarians"

lispi314,
@lispi314@udongein.xyz avatar

@lanodan @niconiconi More like editor-librarians than just librarians.

shoq, to random
@shoq@mastodon.social avatar

Right again, professor. So, now what?

In reply to…
https://mastodon.social/@rbreich@masto.ai/112202832010960015

lispi314,
@lispi314@udongein.xyz avatar

@shoq Either said individual doesn't want to fedpost and is self-censoring (most charitable), has no idea about activism & actual solutions (sadly common) or considers this an observation with no moral imperative logically following (wtf?).

pid_eins, to random
@pid_eins@mastodon.social avatar

PSA: In context of the xzpocalypse we now added an example reimplementation of sd_notify() to our man page:

https://www.freedesktop.org/software/systemd/man/devel/sd_notify.html#Notes

It's pretty comprehensive (i.e. uses it for reload notification too), but still relatively short.

In the past, I have been telling anyone who wanted to listen that if all you want is sd_notify() then don't bother linking to libsystemd, since the protocol is stable and should be considered the API, not our C wrapper around it. After all, the protocol is so trivial

lispi314,
@lispi314@udongein.xyz avatar

@pid_eins @dalias I still think that documenting it outside of the documentation meant for a C API call would've made it a lot more obvious.

It's a protocol, not a library call. Why would one search for it in a library call's documentation?

zyd, to random
@zyd@emacs.ch avatar

Having boosts hidden (because Phanpy makes them easy to ignore with its carousel) and following the autistic tags+groups makes April Fools on social media much more tolerable. Pleasant surprise. Still had some annoyance though today, like Discord's loot box joke that I thought was real and irritated me. Didn't even feel like a joke considering Discord will soon be rolling out even more ads (Don't fall into the mistaken idea that Discord doesn't have ads, it does. What do you think game promos and collabs are?). I could see them easily adding loot boxes and other nonsense in the future. My paranoia made me wonder if this "joke" of theirs was a test to warm the waters, so to speak.

lispi314,
@lispi314@udongein.xyz avatar

@dekkzz76 @zyd Which was based on a complete misunderstanding of how harassment works.

Legitimate users found it annoying while those intent on using it for harassment simply did it the /slightly/ harder way or made tools to automate it.

lispi314,
@lispi314@udongein.xyz avatar

@dekkzz76 @zyd Mostly out of convenience, there's little reason for its absense to have any real impact on that. As has been demonstrated by fedi bad actors promptly coming up with alternatives.

shoq, to random
@shoq@mastodon.social avatar

It astounds me how effective the plastics industry was at duping the public as far back as the “crying indian” ad. We are a nation of suckers. We always were.

“Plastic experts say recycling is a scam. Should we even do it anymore?”

https://www.salon.com/2024/02/23/plastic-experts-say-recycling-is-a-scam-should-we-even-do-it-anymore/

lispi314,
@lispi314@udongein.xyz avatar

@shoq It's really only a scam insofar as the infrastructure is unprofitable and not built.

It is feasible. It just so happens that it would be magnitudes cheaper and more effective to simply use something other than plastic for basically everything where it's an option to do so.

Di4na, to random
@Di4na@hachyderm.io avatar

Well, I finally have data to back my model of the software world out there. And the data is relatively solid and shows what I keep saying.

You are all on our turf now. Please accept that you have no idea what you are talking about. Sit down. Listen. Ask questions.

But respect our work. We are trying to keep the world running, 1h per month.

https://www.softwaremaxims.com/blog/open-source-hobbyists-turf

lispi314,
@lispi314@udongein.xyz avatar

@Di4na I'm not sure why Free Software activists are presumed not to be part of this ecosystem.

lispi314,
@lispi314@udongein.xyz avatar

@Di4na Considering we haven't even remotely begun to liberate the hardware which is at the root of our systems, I don't think we have won.

Software was only ever the easy part, and even there the corposcum monopolies and their legislator cronies are doing their best to limit the effective Freedom of users (consider the criminalization of interoperability and adversarial interoperability). That they derive most of their tools from our labor intended to liberate in order to oppress is just a sick and ironic joke (and the best we could do in retaliation is just sabotage with results of indiscriminate harm, a profoundly undesirable notion).

But even if we managed to pull things back into the control of the users and ensure their software systems actually serve the user?

At the moment, the majority of us do our computing on hardware where any Freedom that software grants us could be pulled under our feet a moment's notice, should some hitherto unknown backdoor or vulnerability (what's the difference?) be activated.

Battles have been won, the campaign moved forward, but we're far from being able to just shout victory.

dalias, to random
@dalias@hachyderm.io avatar

Huge pet peeve: the PL folks' obsession with implementing their language compiler in the language itself.

All language interpreters or compilers should be written in a more primitive, widely available, easier to bootstrap language.

IDGAF if it's C. Write your compiler in Python if you like. Or Perl. Or shell script. Just not the new language itself or something obscure.

lispi314,
@lispi314@udongein.xyz avatar

@dalias It's fine, but the bootstrap path from Assembly/Forth/Machine-Code should always be clear.

It is perfectly fine to have a compiler that goes Machine Code/Assembly->Forth->Scheme->an interpreter for whatever you actually intended to implement: in Scheme.

Forgetting the bootstrap for a single moment is not acceptable.

It's fine to implement a better, more optimized compiler in its own language thereafter. But never should the initial build rely on the optimized compiler.

And yes, the fact that literally all the options I named are standardized and unlikely to change is not a coincidence.

dfeldman, to random
@dfeldman@hachyderm.io avatar

If there were another binary backdoor similar to the xz attack that was found today... how would you find it?

(The xz attack was found by chance and some trivial issues that caused performance degradation)

lispi314,
@lispi314@udongein.xyz avatar

@lanodan @dfeldman @dalias Looks like Mono isn't trustworthy then.

Incidentally, this is or was a major issue with Ada, the fact it can't (or couldn't) be bootstrapped without a prior Ada compiler.

lispi314,
@lispi314@udongein.xyz avatar

@lanodan @dfeldman @dalias Huh, how the hell did that happen?

lispi314,
@lispi314@udongein.xyz avatar

@lanodan @dfeldman @dalias Gross.

I sure hope there's a project ongoing to re-create the bootstrap chain then?

AndresFreundTec, to random
@AndresFreundTec@mastodon.social avatar

I accidentally found a security issue while benchmarking postgres changes.

If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.

https://www.openwall.com/lists/oss-security/2024/03/29/4

lispi314,
@lispi314@udongein.xyz avatar

@glyph @AndresFreundTec That is true.

Binary artifacts have no business existing in Free Software (or near-binary considering how auditable pre-generated config scripts end-up being). The way it was compromised in this case is almost certain to have happened before and reminds me of the SourceForge malware debacle (so arguably that's another famous example of it happening before).

I"m not sure if many other projects do like Guix and record the checksum of the whole repository so as to ensure reproducibility purely from source.

lispi314,
@lispi314@udongein.xyz avatar

@glyph @AndresFreundTec In this case the actual malicious vector was the near-binary injected code in the practical binary of the unaudited autotools vomit (always autoreconf) which was then bundled in the actual binary artifact that was the compromised tarballs.

None should have ever been part of the project.

As for the test files, I still think that having a hex dump with comments explaining what flaws particular parts test would be desirable in a lot of cases.

ipg, to random
@ipg@wetdry.world avatar

ffmpeg have never been more real

lispi314,
@lispi314@udongein.xyz avatar

@lanodan @ipg @halva You don't have to make the core in C and there are quite a few self-hosted languages that don't.

Linux has a stable ABI for userspace (mostly), so it is possible to even do the whole thing from scratch and communicating directly with the system that way, skipping C entirely. In general instead such languages deem it simpler to make a C wrapper which can communicate with their own ABI instead.

astrid, to random
@astrid@fedi.astrid.tech avatar

Arch Linux is a soulslike:

  • it's brutal to people not acquainted with it
  • it's reaction based (when you fuck up grub and need to hit keys to go into the bios)
  • environmental (variable) storytelling
  • rolling (release)
lispi314,
@lispi314@udongein.xyz avatar

@astrid > - it's reaction based (when you fuck up grub and need to hit keys to go into the bios)

Does one ever need to do that?

I've needed little more to fix grub mishaps than to boot with a live system (usually a liveCD for me), bind-mount a few things (/proc /sys /dev, mounting /boot and /boot/efi requires some consideration depending on your install) and then chroot into the on-disk install and fix things from there.

lispi314,
@lispi314@udongein.xyz avatar

@astrid Ah yes, I suppose faulty firmware would do it.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • ngwrru68w68
  • everett
  • InstantRegret
  • magazineikmin
  • thenastyranch
  • rosin
  • Durango
  • khanakhh
  • Youngstown
  • slotface
  • ethstaker
  • kavyap
  • DreamBathrooms
  • provamag3
  • osvaldo12
  • normalnudes
  • modclub
  • GTA5RPClips
  • tacticalgear
  • mdbf
  • tester
  • cisconetworking
  • anitta
  • Leos
  • cubers
  • megavids
  • lostlight
  • All magazines
    •