Email or username:

Password:

Forgot your password?
63 posts total
Ariadne Conill 🐰

how am i supposed to come together with people who just campaigned on the pretense of wanting me to die?

FinchHaven

@ariadne

Exactly

I'm not doing very well with this whole "Well let's not criticize these people. They're just different from you."

Nuts to that

They're not "just different"

Ariadne Conill 🐰

when you design for security, you tend to also get reliability as a consequence

Ariadne Conill 🐰

I gave up on trying to make the C trampoline in libucontext work on x86, the calling convention is just too broken :(

Ariadne Conill 🐰

inspired by @darius's talk at #fossy24 about the study he and @kissane did about fediverse moderation, i figured i would outline how treehouse moderation works.

so if that does not interest you, feel free to mute this thread.

Ariadne Conill 🐰

first off: screening new signups has helped us a lot.

when we first launched treehouse mastodon, because we have high profile community members, we attracted trolls basically immediately whose goals were to disrupt operations of the instance.

the most notable incident involved a person who signed up for an account and then immediately uploaded multiple pieces of media which were CSAM.

this actually has wound up going very badly for that person, who has had to cancel his podcast several times because his door has gotten kicked in by law enforcement due to this, and other maladaptive behavior.

first off: screening new signups has helped us a lot.

when we first launched treehouse mastodon, because we have high profile community members, we attracted trolls basically immediately whose goals were to disrupt operations of the instance.

the most notable incident involved a person who signed up for an account and then immediately uploaded multiple pieces of media which were CSAM.

Jacob Lewallen

@ariadne I saw @darius speak at Eyeo in 2019 and can vouch for how inspiring he can be. I immediately left his talk and followed his template for getting a Mastodon instance up and running.

Ariadne Conill 🐰

i don’t even need to hear from the EFF to have a good argument why adshit shouldn’t run on my computers

the argument is: it’s my computer

no seriously. are they paying me for the use of my computer to run their adshit? no? then it doesn’t need to run on my computer.

that shit is for me, not doubleclick or whatever the bloody thing is called now. if it ain’t making me happy or bringing me money, it’s out

Mori

@ariadne Dingdingding, we have a winner. This 💯

Ariadne Conill 🐰

imagine using a social media platform where the owner can just fuck your shit up whenever he wants

Doridian

@ariadne Clearly the solution is to become the owner, so you can become the person to ruin your own day instead! :3

Stephen Wuebker

@ariadne I do! It’s me, I’m the owner! And if I ever wanted to, I could just straight up wreck my own shit. 🙃

Ariadne Conill 🐰

am i going to have to just make a fucking web browser

Dan Lyke

@ariadne oh no, I did that back in 1993, I'm not falling for that one again.

Victor S Sigmoid

@ariadne bunnywitch is a good name for a browser, potentially

Ariadne Conill 🐰

the AP stylebook recommends "X, formerly known as Twitter"

I recommend "Twitter, the platform which delusionally refers to itself as X"

Ariadne Conill 🐰

the nice thing about C is that if you want to shoot yourself in the foot, it will enthusiastically let you do so and then ask for the next appendage to shoot

Show previous comments
DELETED

@ariadne I do appreciate that C just does it.. C++ always makes you ask nicely to shoot yourself in the foot.

StarkRG

@ariadne It won't so much ask as just assume you want it to and do so unless you tell it not to.

veetee

@ariadne conveniently, you can just leave the next appendage right there on the stack!

Ariadne Conill 🐰

as a security practitioner, i can no longer legitimize telegram given their latest behavior of attacking actual legitimate secure messaging tools

i was already planning to delete my account at the end of the month over the nazi thing, but i am not going to tolerate a bunch of useless rich-ass techbros (durov and musk in this case) bullying @Mer__edith who is one of the most empathetic people in this industry and who runs an absolutely solid team who cares extensively about the safety and security of the users of their product

i don't care if "all the furries are still there" anymore. i won't be. i'm done with this.

as a security practitioner, i can no longer legitimize telegram given their latest behavior of attacking actual legitimate secure messaging tools

i was already planning to delete my account at the end of the month over the nazi thing, but i am not going to tolerate a bunch of useless rich-ass techbros (durov and musk in this case) bullying @Mer__edith who is one of the most empathetic people in this industry and who runs an absolutely solid team who cares extensively about the safety and security...

Ariadne Conill 🐰

i can't stress enough the importance of learning about systems design and analysis if you want to be an effective SRE / senior engineer.

if you don't learn about these things... well, that is how kubernetes happens.

and we don't need to create any more kuberneteses.

...what even is the plural of kubernetes anyway?

Ariadne Conill 🐰

(the correct answer to "what is the plural of kubernetes" is "clinical depression", by the way)

Ariadne Conill 🐰

i'm sorry, but to be blunt, if you're going to come into my mentions talking about "big tech" without naming specific bad actors, i'm going to be forced to conclude that you're probably a fascist at this point

Ariadne Conill 🐰

"big tech" implies a nebulous conspiracy organized by tech workers and executives. it is like the "deep state."

the monopolistic behaviors of google, amazon, microsoft, etc are real, but we must identify these behaviors specifically in order to have any hope of actually addressing them.

Ariadne Conill 🐰

One of my larger complaints about Linux Foundation events is that they are very much targeted at corporations with large budgets to send people to conferences.

For example, as someone who has mostly been an indie OSS maintainer over their career, I would love to go to Open Source Summit and meet up with people to discuss what problems they are having with the software I maintain and how we can collaborate on resolving those problems.

But my choices are to register as a "hobbyist" (a frankly demeaning thing to call an indie maintainer) at $249, which requires me to go ask them for a discount code (also frankly demeaning), or register at the full $949 rate, or maybe I could get the "small business" discount code which brings it down to *only* $500. Man, what a favor, huh?

I understand that putting on these events is very costly, but when indie OSS maintainers are given the option of paying nearly $1000 or having to go ask someone for a "hobbyist" discount code, it seems very disrespectful to the maintainers who are building the actual software that this summit is about.

Do you really think the guy in Nebraska who is holding up all modern digital infrastructure in his spare time has the money to spend $949 to go to a conference? For all the talking we do about building inclusive conferences, this has to include *access* for indie maintainers.

One of my larger complaints about Linux Foundation events is that they are very much targeted at corporations with large budgets to send people to conferences.

For example, as someone who has mostly been an indie OSS maintainer over their career, I would love to go to Open Source Summit and meet up with people to discuss what problems they are having with the software I maintain and how we can collaborate on resolving those problems.

Show previous comments
Jérôme Petazzoni

@ariadne I don't know if this is solvable, because in addition to the conference ticket, there is travel and hosting. Local conferences do better on these metrics but I feel like we're hitting a contradiction in terms, i.e. gathering contributors from all over the globe to a central place so they can collaborate in person - that's not a local event 😅

On top of all that, personally I think global conferences the way we do them today are an unsustainable practice. Idk if they can be fixed :/

Freddy vs. JSON 🔪

@ariadne Attended KubeCon EU a few years back, but it felt more like a BigCorp sales event for other BigCorps, but with the occasional food truck and swag.

Not really targeted for an OSS mindset or for maintainers to exchange.

mid_kid

@ariadne I've always considered FOSDEM the hobbyist free software summit (and even then it's increasingly more inhabited by corporate folks)

Ariadne Conill 🐰

not surprised that @postmarketOS folks pulled the trigger on systemd

in alpine we have promised to build something better than openrc for years, but it still isn’t here.

meanwhile, the polyfills for various systemd apis to work on openrc do not actually work correctly in many cases, leading to unnecessary bugs on the desktop.

i think @alpinelinux should join pmOS in getting off openrc, the project is basically on life support anyway and the maintainers primarily focus on Gentoo usecases also.

Show previous comments
DELETED

@ariadne @postmarketOS @alpinelinux Is there a blog post or something about this new init system plan?

SpaceLifeForm

@ariadne @postmarketOS @alpinelinux

If everyone is going to get on the systemd bandwagon, then it is important to focus many thousands of eyes on the source code.

I would look for race conditions.

They will not be obvious. While studying the code, you have to think outside the box, and ask yourself:

How can this be attacked?

🌈 A. Wilcox delicately

@ariadne Adélie would have switched a few years ago if journald wasn't still joined at the hip with it. If there was an effort to make a systemd without journald I'd be all-in. So tired of dealing with OpenRC bull.

See also my thought piece on it: catfox.life/2024/01/05/systemd

Ariadne Conill 🐰

in the latest "the software supply chain is only as secure as the humans which review it" debacle, somebody installed a fake exodus wallet application from the snapcraft store, which was reviewed by nobody, and lost ~$490,000 dollars in bitcoin: popey.com/blog/2024/02/exodus-

h/t @popey

(also @davidgerard might be interested in reading about this incident)

Ariadne Conill 🐰

(while i do not personally find crypto to be a good investment, i do think that this person might have a good case for suing canonical!)

Ariadne Conill 🐰

a popular libvirt-based VPS panel does not bother to run customer workloads under separate UIDs. oh dear.

A screenshot from a SolusVM box, it is running multiple customer workloads as the "qemu" user.  These workloads belong to different customers and share a common security boundary, meaning that if qemu is compromised, the attacker will have access to every customer's disk images.
Ariadne Conill 🐰

this is bad, really bad. it is bad because an attacker can exploit qemu, and then break into a user account which has direct access to other customers' data.

April @ c3soft

@ariadne oh yea I cant imagine anything goingwrong

Ariadne Conill 🐰

if buying content does not convey permanent rights to use that content, then piracy isn’t theft.

playstation.com/en-us/legal/ps

Doridian

@ariadne [Insert "can piracy itself be the right course" quote from Pirates of the Caribbean here]

Ariadne Conill 🐰

incidentally, this is why i prefer physical media or, at the very least, DRM-free media which i can preserve for my use forever

Aleksei � Matiushkin

@ariadne if renting a car does not convey permanent rights to use that car, then stealing that car isn’t theft.

Go Up