Notices by Rich Felker (dalias@hachyderm.io)

Interesting post from Siemens Energy on their off-shore wind Power-To-X experiments and the various deployment models. https://spectrum.ieee.org/green-hydrogen-2663997448

@v_d_richards @benroyce @MastodonEngineering I taught my kids you always lie about your age online and your birthdate is always [easy to remember date that makes you over 30] and you don't submit to tests that could try to verify it.

@Saupreiss Fuck off and stop advocating for censorship. If you don't like it you can defederate with everyone and run your own little prudiverse.

@geco_de @guardianproject @signalapp @threemaapp That's only the case if the promised security properties of the messenger that users are depending on admit subversion by the party who provided it. That's not the case with Signal. The only way they could subvert it is by denying availability (shutting the infrastructure down) or shipping malware in new versions of the application. They are not going to do the latter. Thinking they are is insulting to the people working on it and makes no sense. They have no reason to do that.

@david_chisnall @guardianproject @signalapp @fdroidorg I know it's not what you were doing, but I saw someone promoting threema in this same thread.

@dalias @guardianproject @signalapp @fdroidorg

When you are making a claim of security as a result of being open source, the fact that that you allow someone else to provide a binary and then inject it into your final build is a problem.

I can only assume that you're arguing for the sake of arguing, rather than making a real point.

@david_chisnall @guardianproject @signalapp @fdroidorg No, I'm calling out bad faith criticism. Using closed source components from untrustworthy party X is a valid criticism. "Allows party X to inject arbitrary code" is a mischaracterization of that which serves an agenda (usually promoting scammy fake secure messengers).

@david_chisnall @guardianproject @signalapp @fdroidorg No, they're fixed code that contains exactly whatever code was there at the time Signal acquired and linked them in. Regardless of whether you have the source, this is analyzable, and if it doesn't have backdoor communication channels, the likelihood of harm is low even if you haven't done detailed analysis.

"Arbitrary code execution" would mean that they phone home to dynamically obtain code that Google could alter at any time to change the behavior after Signal shipped the app. That's the apparently false allegation folks are making about Signal.

@bagder Oh you're nice. I just CC the list when replying.

@geco_de @guardianproject @signalapp @threemaapp No.

@david_chisnall @guardianproject @signalapp @fdroidorg That's a perpetual myth that seems to have no basis in reality. The libraries in question have not been shown to be able to inject arbitrary code unless a malicious OS (which already has the capability to inject code into any program it hosts) has instructed them to do so.

(To be clear, this means on a Googled Android, you're just as vulnerable to Google's whims as you already were by running a Google OS, and on deGoogled Android you do not appear to be vulnerable.)

If this is incorrect, I'd like to see evidence.

Still I think on principle Signal should remove all Google code. There's no reason for it to be there and it hurts trust.

@Impossible_PhD 👍 🔥 for the chargeback. This is how you make slimy businesses pay double for their fuckups they try to shift onto customer.

@maggiejk Car payments and mortgages are compounding. They're just on an amortization schedule so you pay the same amount each month as long as you pay on time, but over the lifetime of the loan, the payments transition from being mostly interest almost no principal to mostly principal almost no interest.

@debugpoint "Fedora says fuck you to accessibility"

Fixed that headline for you.

@cstross Not just why you should pay attention, but why you should have immense gratitude for trans folks sounding the warnings (and maybe contribute some mutual aid to express that gratitude) rather than deriding them for it.

How does anyone know that these guys in plainclothes 💥and wearing balaclavas are legitimate federal officers, and not kidnappers?

And what happens when a "good guy with a gun" kills a "bad guy with a gun" who turns out to be a Fed?

It will happen

https://dailyprogress.com/news/local/crime-courts/article_9ce921d6-5f61-4546-b0c9-ea2287d8bf16.html

@xgranade @valkyrie The entire "appeal" of "AI" is as an excuse to bypass regulation and subject consent to amass information that can be used to wield power & control.

@xgranade i remember my doctor arguing about this with me recently, saying that none of that will ever be accessible without permission. and i was like yeah, i'm gonna keep being cagey about anything ive learned in my therapy sessions so it's not on record, because i know that's a lie. and here we are with the autism registry and a free for all on access to people's private medical data. sick.

Urgh, upgraded my alpine server and ssh doesn't like my anymore :<

@autinerd @NewtonMark @raven667 @voltagex @ryanc Despite most versions of Windows having a ridiculous UI in control panel that zero pads the decimal quad fields. Probably lots of routers, printers, etc. too.