Notices by Anthropy (anthropy@mastodon.derg.nz)

RE: https://eupolicy.social/@bert_hubert/116091420771713307

https://discourse.gnome.org/t/anime-girl-on-gnome-gitlab/27689 this entire thread is giving me an aneurysm

why are some people like this? imagine being upset at a neko girl, who by the way can be removed if you just financially support the project to begin with, or with ublock if you're really that salty of a person :woozy_sob:

this reeks of unwitted bigotry and xenophobic intolerance tbh, maybe they're the ones who need to be removed :v

I guess this is as good a time as any to remind people that

if you only know how to contact friends through a single platform, you're liable to lose touch with them sooner or later.

Give them alternatives. ANY alternatives.

Any single place can just blow up overnight. And if something is starting to smell like a brewing dumpsterfire, that SHOULD be a clear sign.

#Discord

RE: https://infosec.exchange/@munin/115528564500273715

Hotter take:
- If your thing requires logging in to view documentation it is fully undocumented to most people

- If your thing is documented on a chat platform of any kind, you have no documentation, just tribal knowledge

- If your thing requires reading the source code the understand, you consider all code documentation, and deserve to be taken away all your manpages, help texts and manuals, and aren't allowed to search online for answers anymore when writing code

Some thoughts I had about the 'end of the AI bubble' while talking with a friend.

I honestly think it's important to share this here, because I see a lot of "when the AI bubble ends" kinda sentiment, but I feel like people imagine everything AI-related just randomly popping out of existence, which I don't think is a reasonable assumption.

Almost every new technology has had a hype bubble. Even trains (Railway Mania).

Rarely does the technology disappear after.

#AI

I do think it's important to even nuance this take, because I think a lot of people will take this as 'OMG WE'RE DOOMED'.

But humans never needed machinery to write disinformation and fake news, flood academia with low quality papers, produce masses of propaganda, make wrong judgment calls on important subjects, imagine events that never happened, etc etc etc. It just got slightly easier is all

And the way forward isn't to 'hate AI more', but to make solutions

because frankly as much as I understand people hating all the negative outcomes from AI and people/corporations/etc abusing it,

we're not going to solve anything by being divided and all-or-nothing about the subject.

In that same sense I get why people might hate crime, but being upset at crime as a whole doesn't solve why crime happens, it doesn't indicate what kind of crime, in the end it doesn't really fix anything, it just makes everyone blind and upset.

I came across an article that more or less said 'get higher Cat ethernet cables for more speed!'

But the reality is more nuanced.

1) Cat is just a rating for 'capable of xxx mhz'. It doesn't say anything about the material. Copper > CCA.

2) Many 'Gamer Cat7+' cables are not certified; essentially fake.

3) A *good* Cat5e cable is capable of 1gbit at 100(!) meters and maybe 10gbit often up to 30-40 meters.

4) Consider EMI; Don't ziptie your Ethernet to your Power cabling, that'll always suck.

@skeletor I have lots of experience :dragon_uwu:

Do you hate microplastics?

bit weird topic but, it should be said that many water based lubricants are not biodegradable* in human bodies.

This includes the seemingly popular j-lube powder, but also many other premade water based lubricants, as they're easy to preserve (non-biodegradable) and are slippery.

What if I told you there are much better options available?

Many food thickening/gelling agents are great at this. Try Xanthan gum for example; Entirely biodegradable & works like jlube.

honestly the best countermeasure the EU could take right now without any losses or monetary requirements, is to remove all the USA-mandated anti circumvention laws, and severely reduce the legal power USA companies have here, as @pluralistic suggested.

I wish there was a way to amplify that message towards EU leaders right now, because as he says, "it's much better than retaliatory tariffs; it's a targeted response"

https://www.youtube.com/watch?v=3C1Gnxhfok0

#eu #europe #tariffs #eupol #uspol

your daily reminder that there are too many good, and too many bad things, for a single person to keep track of

if you focus on the good, and pick ONE battle, you'll do way more good, both for yourself and your cause, than when you're depressed about "the state of the world" (which you objectively cannot fathom as a whole)

RE: https://furry.engineer/@soatok/115855402039229608

it's somewhat amusing to see GPG/PGP being methodically pulled to bits in response to people refusing to acknowledge problems

somethingsomething the F in FAFO is for Furries or something

@dalias @astraleureka personally my main gripe is that systemd scraping all kinds of sources for keys to use for auth makes it much harder to harden your system even outside of hypervisor situations. if something altered your system's smbios strings somehow, or manages to open a socket with systemd over an unauthenticated channel, or other things alike, they could just inject root ssh keys.

I guess for me the main takeaway is that root should be disabled, and systemd neutered for hardening

@dalias @astraleureka I mean, I do agree it feels dirty, but, if you don't trust the hypervisor you're running under that has a whole host (pun intended) of other implications

like they could just:
- extract keys from your RAM (volatility tool, https://github.com/ZarKyo/awesome-volatility/blob/main/README.md )
- reboot your VM and inject malicious boot params into your grub/whatever
- technically even alter instructions on the fly
- etc

while it does make me feel dirtier to run systemd, hypervisors are always kind of a problem tbh.

@dalias @astraleureka this is a valid point, because it seems it actively use credentials from elsewhere than the filesystem, such as the SMBIOS strings, though that's not specific to this and more a general systemd concept as outlined here: https://systemd.io/CREDENTIALS/

I'm... undecided on what to feel about this though, because if you don't trust the hypervisor you're running under that is a problem of its own. but it does make me feel somewhat uneasy that systemd accepts creds from everywhere.

@astraleureka that is the recommended way, which also seems weird to me, but just to be complete, you can supposedly also mask the socket(s):

sudo systemctl mask --now sshd-vsock.socket
sudo systemctl mask --now sshd-unix-local.socket

and you can also remove the ssh server.

but it's definitely.. awkward that they implemented it like this, as much as SSH is fairly safe in terms of protocols

@soatok what if it was a spiritually enlightening shitpost full of wisdom, advice and guidance :drgn_think_woozy:

@v this inspired me to crudely make this

it chrimmis :anthropyblepvca:

(original source: user "Bekkie" on Tumblr, december 2014, but it has been removed since)