wakingrufus @wakingrufus@mastodon.technology

holy shit, Mastodon 3.2 comes with notes you can put onto people you follow / followers so you can remember things.

Our CEO just referred to SaaS as "Software as a hostage" and I think that's pretty spot on.

The falsehoods of anti-AGPL propaganda

https://drewdevault.com/2020/07/27/Anti-AGPL-propaganda.html

#blog

You can now use readme-scribe, a GitHub Action I just published, to automatically update a repository's markdown files (like its README), using markscribe and its powerful template engine.

You don't even need to install or host anything!

https://github.com/muesli/readme-scribe

@bclindner
1995: "The internet sees censorship as damage, and routes around it."

2020: "One shitty company had a bad day, now nothing on the internet works."

Ah, progress.

#Element (formerly #RiotIM) is now published on F-Droid: https://f-droid.org/packages/im.vector.app/

This is a new app replacing both Riot.im and RiotX, it's based on the RiotX codebase.

Apple is renaming a bunch of their APIs and such to remove non-inclusive language (master/slave, whitelist/blacklist, etc). It’s pretty cool! It’s not, you know, sufficient... but it is necessary. https://developer.apple.com/news/?id=1o9zxsxl

If it’s related to SMS 2FA then Twitter asked for this tbh. SMS 2FA is an KNOWN attack vector and isn’t recommended by OWASP OR NIST IIRC. https://twitter.com/mi6rogue/status/1283526006389833728 (https://v2.jacky.wtf/post/1d710df9-5395-4f71-8176-a1e42ff4f167)

It's like golf

you go to https://myaccount.google.com/dashboard and try and get all the numbers as low as possible

I'm going to regret asking this but... uh... what's your favourite programming language and hwhy?

(boosts welcome so I can find new cool people)

@Chaos_99
Thank you for your query. I'm just an internet ranter here so I may have some details wrong, but here is what I've been able to glean so far:

The technical change itself does appear to store the contact information encrypted (good), although there are expressed concerns about the quality of encryption if it can be opened with a mere pin (thread: https://twitter.com/qrs/status/1280242272660082688 ). As the intended goal is, as you mentioned, to support non-phone-number accounts, this may be as a design step highly correct.

Even requiring pin entry (or passphrase entry, which would be better, see concerns in above linked thread) on every opening of the app is defensible, since repeatedly used passphrases are forgotten less often, and accounts without external contact data would not be able to support external data recovery.

My frustration is with the user communication surrounding this change. Every user has their own threat profile and their own preferences, for which this design decision may or may not be acceptable. As evidenced by the backlash now, a considerable number of users would have arranged alternate channels with their contacts if they knew in advance this would occur.

I personally nearly input a pin because I mistakenly assumed the pin was just for on-phone access control when presented with the dialog; being uploaded in a contact graph of mine is not something my friends have consented to, so I wouldn't be comfortable with finding out afterward that my actions had caused that if I had entered a pin.

When the first communication that many users understand about this change comes in a scenario where they then can't access the app without consenting to it, in order to discuss with their contacts whether to mutually consent or select another platform, that's where I take issue with it and have gone so far as to call it outrage driven development.

Changes that may require user action to continue to support their individual security needs, and changes that can cut people off from support networks or contacts they might not be able to reach by other secure means, require especially careful handling to prevent negative effects.

While I'm at it, can we note that Outcry Driven Development is a huge resource drain on a user community? We shouldn't have to be constantly on the alert for a policy, code or legal, change that will become permanent if we don't scream loudly enough, fast enough.

That's tiring, emotionally painful, and a form of labor I'd rather not consent to doing. There are other ways to figure out whether users will find a feature troublesome -- like presenting its effects clearly, thinking through user scenarios, and asking enough of them in advance.

So Moxie backtracked and says they'll push a fix to make pins optional. Meanwhile if you don't add a pin (which the app still doesn't say will /upload your signal contact list into the signal servers/) you can't get back in to coordinate a platform switch with your secure contacts. Unless you were already using the desktop app which isn't pin locked, or somehow manage to downgrade the phone app.

Suddenly being held data-hostage -- turn over this data or you can't talk to the people, not even to arrange a different means of contact -- without any forewarning is unacceptable and a perfect example of why centralized infrastructure and single-client rather than interoperable systems are a major failure.

what's eventually going to happen is elon musk is going to announce complete nonsense 'evidence' of the world being software, and the entirety of reddit will flock to him to form the world's most embarrassing sex cult

Another reason to avoid Telegram as it’s not truly e2ee if it’s something you can toggle. https://twitter.com/signalapp/status/1280166087577997312 (https://v2.jacky.wtf/post/523b66ce-0bc7-4e3f-86ca-544e568dfa71)

...honestly, the various uses that "master/slave" terminology gets put to in computer programming and electrical engineering and other such fields is

um

/profoundly/ distressing to us as an anxious black plural system that's intimately aware of how dangerous it is to normalize hostile language towards a marginalized group

so, like, just want to note that y'all pushing for changes of wording here are definitely helping some folks

- 🦎 🦊

Instead of uploading all our information to silos like Facebook or Twitter, we should be able to host our own basic (meta)data like avatar, status updates or social connections in a standardized format.

You would then be able to grant services like Facebook or Twitter access to that data via a token, and you could control which service gets access to what kind of data.

Yes, I'm still dreaming of a semantic web.

Studio quality restorations of the Donkey Kong Country music, using the original samples before compression for the Super Nintendo https://www.youtube.com/watch?v=lndBgOrTWxo&list=PL5apiQ8PZxT-dfUdcp86ijpKQ_hdPexMI

Incredible to hear it all so clear but true to the originals.