GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Leszek (makdaam@chaos.social)

  1. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Tuesday, 22-Apr-2025 21:15:11 JST Leszek Leszek
    • Tulip ?️‍⚧️

    @domi Oh yes, let me enroll my own 2nd factor. I can even downgrade to your silly short TOTP.

    In conversation about a month ago from chaos.social permalink
  2. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Saturday, 19-Apr-2025 19:18:30 JST Leszek Leszek
    in reply to
    • Haelwenn /элвэн/ :triskell:
    • Wolf480pl
    • Tulip ?️‍⚧️

    @wolf480pl @domi @lanodan The answer, as always, is "it depends".

    Basically it depends on the people implementing compliance. If they care, compliance and security are aligned. You can use most compliance tools to make life of your SoC easier. Like you wrote before - you can decide on dev teams' priorities, you can learn about practices in other places etc.

    But also you can do the absolute minimum to pass an audit and fight with people who discover actual issues outside the approved process.

    In conversation about a month ago from chaos.social permalink
  3. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Saturday, 19-Apr-2025 19:06:26 JST Leszek Leszek
    in reply to
    • Haelwenn /элвэн/ :triskell:
    • Wolf480pl
    • Tulip ?️‍⚧️

    @wolf480pl @domi @lanodan Sorry for thread necromancy, but I think this is the core of the good/bad distinction.

    Your goal is to fix any security issues. For most large companies the goal is not to be liable for security issues in their product/service (usually through standards compliance). Those are two different goals that can be in direct conflict.

    CVEs enable a quick scan to improve security, but also they give people a way to do the performative CVE Scan to check a compliance box.

    In conversation about a month ago from chaos.social permalink
  4. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Sunday, 26-Jan-2025 05:01:13 JST Leszek Leszek
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦

    @rysiek Please clearly mark it as sarcasm, since I've had a chat with some Americans and even the left leaning ones seem to be unsure about his Nazi* salute.

    *)For people who argue it could have been a Fascist salute instead: It's not the different economy theories regarding distribution of wealth stolen from the murdered minorities that people have issue with. It's the murdering that we consider wrong.

    In conversation about 4 months ago from chaos.social permalink
  5. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Wednesday, 22-Jan-2025 09:39:02 JST Leszek Leszek
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦
    • Avitus

    @Avitus CloudFlare doesn't mention any guarantees of anonymity of the audience.

    Someone made a decision to use their services with all the implications of using it. So either nobody at Signal cares about exposing endpoint IPs (which I believe to be the actual stance - but like @rysiek said let's see if they respond) or they care and didn't check it when using CFlare as a dependency.

    Either way it's the integrator's responsibility to check if the chosen components fit the purpose.

    In conversation about 4 months ago from gnusocial.jp permalink
  6. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Wednesday, 22-Jan-2025 07:46:05 JST Leszek Leszek
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦

    @rysiek It depends.

    What actually interests me is the response (or lack of it) from Signal. Seems like not much has changed over there in the last decade. Despite big words and hacker con keynotes they just want to be the new Facebook messenger.

    Also there's an easier attack to get your exact egress IP address. It's good to be aware that just having Signal on your phone can reveal it (assuming notifications are enabled).

    In conversation about 4 months ago from gnusocial.jp permalink
  7. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Wednesday, 15-Jan-2025 01:10:21 JST Leszek Leszek

    So #FreeOurFeeds wants us to give 4M USD to already rich Americans some of whom already ran Mozilla into the ground, others pumping the AI bubble to

    *double checks notes*

    build an independent centralized instance of a social network apparently not designed for more instances (unless I underappreciated how rich all of the fedi developers and instance admins are). And this second centralized instance is supposed to improve decentralization of social media?

    Feels like a scam.

    In conversation about 4 months ago from chaos.social permalink
  8. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Wednesday, 18-Dec-2024 01:25:27 JST Leszek Leszek
    • Jan Wildeboer 😷:krulorange:
    • mhd

    @jwildeboer @mhd so it's anti-cloud in multiple ways?

    In conversation about 5 months ago from chaos.social permalink
  9. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Sunday, 10-Nov-2024 04:33:48 JST Leszek Leszek
    • Jan Wildeboer 😷:krulorange:

    @jwildeboer
    Congratulations to Germany on finally arriving here a decade later. It's good they did, It's sad it took so long. Even sadder others didn't arrive yet.

    Regarding the coal: it does and it makes me sad that Poland keeps using almost half as much brown coal as the biggest polluter in EU.
    The move to renewables is slow and there's not enough investment in the grid infrastructure to handle individual producers. I wish both PL and DE did more in that area.

    In conversation about 7 months ago from chaos.social permalink
  10. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Sunday, 10-Nov-2024 04:18:44 JST Leszek Leszek
    • Jan Wildeboer 😷:krulorange:

    @jwildeboer Is the information about Germany blocking the 14th sanction package for more than a week (which among other things was supposed to block LNG imports from Russia across EU) untrue? Am I misinformed?

    In conversation about 7 months ago from chaos.social permalink
  11. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Sunday, 10-Nov-2024 04:06:10 JST Leszek Leszek
    • Jan Wildeboer 😷:krulorange:

    @jwildeboer I'm not questioning the effort it took to actually implement the zeroing off Russia's gas. It just wasn't Germany's decision. See https://www.reuters.com/business/energy/exclusive-germany-prepares-crisis-plan-abrupt-end-russian-gas-sources-2022-05-09/ and https://www.ft.com/content/6c6352c3-cb60-48e5-aa5e-7cf02328f544
    You could argue that connecting those two causally is just journalistic speculation.
    Well, it would add up if Germany didn't block sanctions against buying Russian LNG in EU https://www.politico.eu/article/germany-blocks-first-ever-sanctions-russian-gas/
    So answer to your actual question about NL & BE is: because it's legal and not an issue according to DE&HU.

    In conversation about 7 months ago from chaos.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: www.politico.eu
      Germany blocks first-ever sanctions on Russian gas
      EU countries had been close to a deal targeting liquefied natural gas, but talks fell apart at the last minute.

    2. Domain not in remote thumbnail source whitelist: www.ft.com
      LNG revolution: Germany’s plan to wean itself off Russian gas takes shape
      Three terminals could be built but the plants rub up against tight global market and Berlin’s long-term energy strategy
  12. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Sunday, 10-Nov-2024 03:47:51 JST Leszek Leszek
    in reply to
    • Jan Wildeboer 😷:krulorange:

    @jwildeboer Because Russia closed the valve to Germany? Let's not give German government credit for something they were forced to accept.

    Moving off the limited LNG coming in through channels other than the pipeline was just a logical next step after the pre-winter "oops a pipeline turbine is broken and we can't fix it with all those sanctions" blackmail.

    https://www.bbc.com/news/business-62318376

    In conversation about 7 months ago from chaos.social permalink
  13. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Thursday, 07-Nov-2024 09:57:30 JST Leszek Leszek
    • Haelwenn /элвэн/ :triskell:
    • Wolf480pl
    • Tulip ?️‍⚧️

    @domi @wolf480pl @lanodan One of the big consulting firms used to have (maybe still has) a rule auditing tool which screams when it sees "Allow ICMP Port:Any" in cloud configs, where the port field means ICMP message type.

    It's completely fine with listing all of the RFC defined values individually because it's just for show.

    In conversation about 7 months ago from chaos.social permalink

    Attachments


  14. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Monday, 02-Sep-2024 08:07:22 JST Leszek Leszek
    in reply to
    • Haelwenn /элвэн/ :triskell:
    • Tulip ?️‍⚧️

    @lanodan @domi Amtlichdeutsch, but it's just a subdialect. It's not esoteric since it's in common use on dedicated hardware (faxes).

    In conversation about 9 months ago from chaos.social permalink
  15. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Monday, 22-Jul-2024 01:29:04 JST Leszek Leszek
    in reply to
    • Thomas Depierre

    @Di4na One thing we can learn from the Horizon scandal is no matter how bad and harmful your software is, you can keep on doing what you're doing as long as your customer is ok with covering it up.

    I prefer the Therac case mostly because it covers multiple mistakes (changing assumptions, ignoring user feedback, reuse of code outside of its scope) and it had actual positive outcomes. Dieselgate might be a better case, since it teaches the developer they're on the hook, not the C-suite.

    In conversation about 10 months ago from chaos.social permalink
  16. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Tuesday, 26-Mar-2024 08:08:27 JST Leszek Leszek
    in reply to
    • Drew DeVault

    @drewdevault 100% but I had to assume you mean "allowed in the USA" since trademark law is different where I live and a name of a product/software could be infringed upon without prior registration (but the process of proving that is usually more costly than just outright registering a ™).

    In conversation about a year ago from chaos.social permalink
  17. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Sunday, 10-Mar-2024 10:55:10 JST Leszek Leszek
    in reply to
    • Thomas 🔭🕹️
    • Deirdre Saoirse Moen

    @deirdresm @thomasfuchs Please read the Tesla manuals and let me know how to open the rear door in the newest model Y in case of a power cut off without a tool.

    I'll wait.

    In conversation about a year ago from chaos.social permalink
  18. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Sunday, 10-Mar-2024 10:55:07 JST Leszek Leszek
    in reply to
    • Thomas 🔭🕹️
    • Deirdre Saoirse Moen

    @deirdresm @thomasfuchs Sorry for the tone of my message.

    The thing is: Tesla doesn't provide a way to open the rear door without power. Having read the manual doesn't resolve the core issue of evacuating a car in case of an emergency.

    In conversation about a year ago from chaos.social permalink
  19. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Friday, 19-Jan-2024 05:50:52 JST Leszek Leszek
    • Thomas 🔭🕹️

    @thomasfuchs If the first one was from US and the second one from Central or Eastern Europe - both have the same emotional load and sentiment.

    In conversation Friday, 19-Jan-2024 05:50:52 JST from chaos.social permalink
  20. Embed this notice
    Leszek (makdaam@chaos.social)'s status on Monday, 18-Dec-2023 05:04:49 JST Leszek Leszek
    in reply to
    • Graham Sutherland / Polynomial
    • Rich Felker
    • 404 Media

    @gsuberland @dalias @404mediaco Not exactly consumer law this time :(
    However without going into legal minutae most (if not all?) Polish customers of Newag bought Impulse 2 trains with money from taxes in public tenders. There's an additional book of regulations to hit them with for defrauding the taxpayer which might have EU-wide consequences.

    In conversation Monday, 18-Dec-2023 05:04:49 JST from chaos.social permalink
  • Before

User actions

    Leszek

    Leszek

    Playing Tetris professionally with weird techy tetrominos. Just doing things in Berlin.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          107196
          Member since
          15 Mar 2023
          Notices
          24
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.