For the first #Caturday picture today: a #RandomCat from #Bogdaniec, near Gorzów Wielkopolski. I've met it near the train station, it looked like a stray.
I suffer from a strong pollen #allergy. For a month now, my nose and throat are constantly irritated. This in turn means that I'm particularly sensitive to #cigarette smoke. My throat gets itchy if someone is #smoking three metres ahead.
I have three conclusions.
Firstly, if cigarettes affect my throat over such a distance, I wonder how poisonous their fumes are to us, all the time that we don't even smell their odor.
Secondly, I don't envy people with asthma and other diseases worse than mine. I have to suffer this for up to two months a year.
Thirdly, it is absolutely necessary to *ban smoking in public*. It's absurd that I can't use a sidewalk because some asshole needs to cultivate their addiction (and I can already imagine the policemen listening to my explanation why I'm not using the sidewalk).
Furthermore, it's even more absurd to place "smoking zones" so close to the main passage that you can't avoid the poisonous fumes and have to hold your breath to pass through. Like in this parody of a train station building in Poznań.
I suffer from a strong pollen #allergy. For a month now, my nose and throat are constantly irritated. This in turn means that I'm particularly sensitive to #cigarette smoke. My throat gets itchy if someone is #smoking three metres ahead.
I have three conclusions.
Firstly, if cigarettes affect my throat over such a distance, I wonder how poisonous their fumes are to us, all the time that we don't even smell their odor.
But yeah… smoke of all kinds is a menace. A few years ago we had a bad bushfire season, and I recall spending Christmas/New Year in bed because I was coughing my lungs up.
Masks were sold out everywhere. I now have a full-face N95 (thank-you COVID-19), but yeah, bushfires or even controlled burns, are murder.
Cigarette smoke is a completely avoidable menace, and not nearly enough consideration is given to passive smoking.
Don't get me started on vaping.
@mgorny Here in Queensland, it's illegal to smoke less than 5 meters from the entrance of any non-residential building.
But yeah… smoke of all kinds is a menace. A few years ago we had a bad bushfire season, and I recall spending Christmas/New Year in bed because I was coughing my lungs up.
@mgorny yes, absolutely! I’ve been saying that since forever. I normally only have a couple weeks per year really hard allergies, last year it was three months or so due to the warm winter, but this year tops it at over five months… it’s crazy. Last few days it got mich worse again. #scheißRaucher oh and also ban smoking weed… if they want it they should bake tea and cookies or something.
If you use a "woman-facepalming" or "man-facepalming" #emoji in #Mastodon web interface, and try to delete it via backspace, it will turn into a "person facepalming" (which for some reason is missing on both of my instances).
This is because both these emojis are a ZWJ (Zero Width Joiner) sequences:
🤦♀️ is actually 🤦 (U+1F926) + ZWJ (U+200D) + ♀️ (U+2640 U+FE0F).
🤦♂️ is actually 🤦 (U+1F926) + ZWJ (U+200D) + ♂️ (U+2642 U+FE0F).
Note that U+2640 is plain ♀ ("Female Sign"), while U+2642 is plain ♂ ("Male Sign"). U+FE0F is "Variation Selector-16" which turns a "plain" #Unicode character into "emoji presentation" (though apparently Mastodon implicitly turns the former into the latter after publishing).
You can also combine them with skin tone modifiers. Curious enough, these don't use ZWJ (I guess because they're modifiers by design):
🤦🏿 is 🤦 (U+1F926) + 🏿 (U+1F3FF, "Modifier Fitzpatrick Type-6")
If you use a "woman-facepalming" or "man-facepalming" #emoji in #Mastodon web interface, and try to delete it via backspace, it will turn into a "person facepalming" (which for some reason is missing on both of my instances).
This is because both these emojis are a ZWJ (Zero Width Joiner) sequences:
🤦♀️ is actually 🤦 (U+1F926) + ZWJ (U+200D) + ♀️ (U+2640 U+FE0F).
🤦♂️ is actually 🤦 (U+1F926) + ZWJ (U+200D) + ♂️ (U+2642 U+FE0F).
The storm season has started. Lulu doesn't like that kind of weather, though to be honest, I'm still wondering if she's more concerned about thunder, or about rain pattering.
Time for your daily dose of #RustLang complaints. Yep, the ecosystem is doing great.
#UV depends on tokio-tar library. Tokio-tar is broken on #PowerPC, doesn't have a bug tracker (!) and seems to be quite dead, with a bunch of PRs ignored since 2022 (last activity mid-2023). Nevertheless, I've filed a PR to fix PowerPC, with little hope that it'll be merged, released and that we could get UV working on PowerPC.
On top of that, it seems that tokio-tar was forked in early 2021 from async-tar. It doesn't seem to have synced the few commits from 2021, and async-tar is dead since late 2021. But at least it has a bug tracker to keep track of how dead it is.
Rewriting stuff in Rust is great. Maintaining it afterwards for the sake of reverse dependencies isn't.
Time for your daily dose of #RustLang complaints. Yep, the ecosystem is doing great.
#UV depends on tokio-tar library. Tokio-tar is broken on #PowerPC, doesn't have a bug tracker (!) and seems to be quite dead, with a bunch of PRs ignored since 2022 (last activity mid-2023). Nevertheless, I've filed a PR to fix PowerPC, with little hope that it'll be merged, released and that we could get UV working on PowerPC.
As we all know, one of the primary purposes for #RustLang rewrites is improving security. And there is no better way to make your code secure than by not including it at all.
On the Sunday's Council Meeting, #Gentoo has approved the new #AI contribution policy:
"""
It is expressly forbidden to contribute to Gentoo any content that has been created with the assistance of Natural Language Processing artificial intelligence tools. This motion can be revisited, should a case been made over such a tool that does not pose copyright, ethical and quality concerns.
"""
On the Sunday's Council Meeting, #Gentoo has approved the new #AI contribution policy:
"""
It is expressly forbidden to contribute to Gentoo any content that has been created with the assistance of Natural Language Processing artificial intelligence tools. This motion can be revisited, should a case been made over such a tool that does not pose copyright, ethical and quality concerns.
"""
I suppose everyone and their grandmother is now using the xz/sshd exploit to further their own agenda, so I am going to take this opportunity to further mine as well.
1. #Autotools are a bad build system. If configure scripts are completely unreadable, there should be no surprise that people won't notice obfuscated malicious code in there, provided that everything else is obfuscated by design.
2. Static linking and vendoring is bad. Do you know why the prompt #security response was possible? Because we just had to revert to older liblzma. We didn't have to check, patch and re-release hundreds of projects. It wouldn't be this easy with #RustLang and cargo.
3. You can blame #OpenSource for being underfunded and open to abuse in core system packages. However, no IT project can be resilient to a sufficiently powerful bad actor, and that it happened to xz is just an incident. Corporate projects aren't resilient to it, neither is proprietary, closed-source software.
So, embrace #Meson, embrace dynamic linking, embrace distribution packaging and donate to open source developers.
I suppose everyone and their grandmother is now using the xz/sshd exploit to further their own agenda, so I am going to take this opportunity to further mine as well.
1. #Autotools are a bad build system. If configure scripts are completely unreadable, there should be no surprise that people won't notice obfuscated malicious code in there, provided that everything else is obfuscated by design.
@mgorny About the Open Source part: I cannot see, how the attract would be found, had it been closed source. It's clearly showing, that Open Source is working.
You've probably seen it elsewhere already, but: xz-utils 5.6.0 and 5.6.1 release tarballs contain an elaborate exploit that injects a backdoor into SSH. #Gentoo systems shouldn't be affected since our OpenSSH doesn't link to liblzma — apparently the exploit targets distributions that patch OpenSSH to link with libsystemd, which in turn may link to liblzma. However, it's not clear if the exploits doesn't do anything else, so we've masked the new versions.
You've probably seen it elsewhere already, but: xz-utils 5.6.0 and 5.6.1 release tarballs contain an elaborate exploit that injects a backdoor into SSH. #Gentoo systems shouldn't be affected since our OpenSSH doesn't link to liblzma — apparently the exploit targets distributions that patch OpenSSH to link with libsystemd, which in turn may link to liblzma. However, it's not clear if the exploits doesn't do anything else, so we've masked the new versions.
A #Wikipedia editor has arbitrarily decided to remove #JPEGXL from the "Comparison of browser engines" table as "irrelevant", based on the #Google decision not to support it. That's a nice example of lack of objectivity, and letting the reality be defined by Google monopoly — and not even #GAFAM, because Apple supports the format.
@mgorny The arrogance in that editor's comments is insane.
>
I also removed JPEG XL for the same reason. Google decided not to support it in Chrome, so therefore it's irrelevant to the real Web.
None of those arguments matter compared to lack of Blink support and thus doomed to irrelevance on the Web.
Why have a comparison page at all if Blink is the only engine that matters? Edit the page to have only a single sentence that says that "comparison of web engines is irrelevant because other browser engines besides Blink are irrelevant".
@mgorny The arrogance in that editor's comments is insane.
>
I also removed JPEG XL for the same reason. Google decided not to support it in Chrome, so therefore it's irrelevant to the real Web.
None of those arguments matter compared to lack of Blink support and thus doomed to irrelevance on the Web.
@mgorny
This will make my day to have read someone who is self-proclaim being objective and talking about "the real web", something vague and hardly more subjective
I've just learned that there's https://nostalebots.xyz/ and I've just reported two organizations. Let's make a shame list of projects that disrespect their users, and send #StaleBot after their bug reports.
If you want to mark my bug report stale, at least bother doing it personally, just like I bothered filing it. Or ideally, run my reproducer if I managed to provide one.