My thoughts on the failure of Agile software development: https://wakingrufus.neocities.org/fail-agile.html
Please give me feed back on this. I am constantly trying to synthesize new ideas into this.
The falsehoods of anti-AGPL propaganda
You can now use readme-scribe, a GitHub Action I just published, to automatically update a repository's markdown files (like its README), using markscribe and its powerful template engine.
You don't even need to install or host anything!
1995: "The internet sees censorship as damage, and routes around it."
2020: "One shitty company had a bad day, now nothing on the internet works."
Apple is renaming a bunch of their APIs and such to remove non-inclusive language (master/slave, whitelist/blacklist, etc). It’s pretty cool! It’s not, you know, sufficient... but it is necessary. https://developer.apple.com/news/?id=1o9zxsxl
If it’s related to SMS 2FA then Twitter asked for this tbh. SMS 2FA is an KNOWN attack vector and isn’t recommended by OWASP OR NIST IIRC. https://twitter.com/mi6rogue/status/1283526006389833728 (https://v2.jacky.wtf/post/1d710df9-5395-4f71-8176-a1e42ff4f167)
It's like golf
you go to https://myaccount.google.com/dashboard and try and get all the numbers as low as possible
re: signal app
Thank you for your query. I'm just an internet ranter here so I may have some details wrong, but here is what I've been able to glean so far:
The technical change itself does appear to store the contact information encrypted (good), although there are expressed concerns about the quality of encryption if it can be opened with a mere pin (thread: https://twitter.com/qrs/status/1280242272660082688 ). As the intended goal is, as you mentioned, to support non-phone-number accounts, this may be as a design step highly correct.
Even requiring pin entry (or passphrase entry, which would be better, see concerns in above linked thread) on every opening of the app is defensible, since repeatedly used passphrases are forgotten less often, and accounts without external contact data would not be able to support external data recovery.
My frustration is with the user communication surrounding this change. Every user has their own threat profile and their own preferences, for which this design decision may or may not be acceptable. As evidenced by the backlash now, a considerable number of users would have arranged alternate channels with their contacts if they knew in advance this would occur.
I personally nearly input a pin because I mistakenly assumed the pin was just for on-phone access control when presented with the dialog; being uploaded in a contact graph of mine is not something my friends have consented to, so I wouldn't be comfortable with finding out afterward that my actions had caused that if I had entered a pin.
When the first communication that many users understand about this change comes in a scenario where they then can't access the app without consenting to it, in order to discuss with their contacts whether to mutually consent or select another platform, that's where I take issue with it and have gone so far as to call it outrage driven development.
Changes that may require user action to continue to support their individual security needs, and changes that can cut people off from support networks or contacts they might not be able to reach by other secure means, require especially careful handling to prevent negative effects.
re: signal app
While I'm at it, can we note that Outcry Driven Development is a huge resource drain on a user community? We shouldn't have to be constantly on the alert for a policy, code or legal, change that will become permanent if we don't scream loudly enough, fast enough.
That's tiring, emotionally painful, and a form of labor I'd rather not consent to doing. There are other ways to figure out whether users will find a feature troublesome -- like presenting its effects clearly, thinking through user scenarios, and asking enough of them in advance.
So Moxie backtracked and says they'll push a fix to make pins optional. Meanwhile if you don't add a pin (which the app still doesn't say will /upload your signal contact list into the signal servers/) you can't get back in to coordinate a platform switch with your secure contacts. Unless you were already using the desktop app which isn't pin locked, or somehow manage to downgrade the phone app.
Suddenly being held data-hostage -- turn over this data or you can't talk to the people, not even to arrange a different means of contact -- without any forewarning is unacceptable and a perfect example of why centralized infrastructure and single-client rather than interoperable systems are a major failure.
Another reason to avoid Telegram as it’s not truly e2ee if it’s something you can toggle. https://twitter.com/signalapp/status/1280166087577997312 (https://v2.jacky.wtf/post/523b66ce-0bc7-4e3f-86ca-544e568dfa71)
tech meta, racist terminology
...honestly, the various uses that "master/slave" terminology gets put to in computer programming and electrical engineering and other such fields is
/profoundly/ distressing to us as an anxious black plural system that's intimately aware of how dangerous it is to normalize hostile language towards a marginalized group
so, like, just want to note that y'all pushing for changes of wording here are definitely helping some folks
- 🦎 🦊
Instead of uploading all our information to silos like Facebook or Twitter, we should be able to host our own basic (meta)data like avatar, status updates or social connections in a standardized format.
You would then be able to grant services like Facebook or Twitter access to that data via a token, and you could control which service gets access to what kind of data.
Yes, I'm still dreaming of a semantic web.
This article is a few years old, but still highly relevant.
Programmers need to understand that we have more in common with gig-workers and hourly workers that use our code to work, than we do with the Bezos's and Zuckerbergs who profit from all our labor
Studio quality restorations of the Donkey Kong Country music, using the original samples before compression for the Super Nintendo https://www.youtube.com/watch?v=lndBgOrTWxo&list=PL5apiQ8PZxT-dfUdcp86ijpKQ_hdPexMI
Incredible to hear it all so clear but true to the originals.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!