pleroma.debian.social

Jonathan Dowland | @jmtd@pleroma.debian.social

Principal Software Engineer on #OpenJDK #RedHat. #Debian developer (dormant). Computer Science PhD student. Amateur Computing historian (Computer Science and H/W, esp. Commodore Amiga). Guerilla archivist.

Jonathan Dowland jmtd
New blog post: Biosphere https://jmtd.net/log/biosphere/ #music

Jonathan Dowland jmtd
@venthur @dondelelcaro this got me thinking on the nature of "long term" or "short term" in FOSS/volunteer projects. If nobody steps up to do the WSDL work, is that still "short term"?

Jonathan Dowland jmtd
This morning's soundtrack: the mighty Biosphere https://biosphere.bandcamp.com/music

Jonathan Dowland jmtd
@venthur @dondelelcaro it would seem that adding a REST API to debbugs would be a better use of time. With lots of debbugs consumer experience, you could do a lot of the design work, even without Perl experience to implement it

Debian debian@framapiaf.org

Congratulations to Andreas Tille our newly elected Debian Project Leader. https://micronews.debian.org/2024/1713587115.html?utm_source=dlvr.it&utm_medium=mastodon

Jonathan Dowland jmtd
this struck me as pretty thoughtful
https://pleroma.debian.social/notice/AgxNumuReyXE2AokMa

Doña Estridencia julieofthespirits@kolektiva.social
I don't trust anyone who hasn't acknowledged their capacity for evil. “I'm just a smol bean uwu” No sir, what you are is someone who is so habituated to thinking of yourself as innocent that you will continue to do so even when you're guilty. And if you convince yourself that you're always and only a victim, you can inflict absolutely monstrous cruelty and never once feel bad about it.

kim_harding ✅ kim_harding@mastodon.scot

Wow, this really is something! A letter to The Times by a former *Tory MP* on the Angela Rayner story.

Screenshop of a letter to the editor of The Times newspaper. The letter reads: Sir, Having served for nine years as an MP I know how low politicians can stoop when their backs are against the wall. But the Conservative attack on Angela Rayner is one of the most grotesque spectacles of hypocrisy I have witnessed. On one side is a billionaire Tory peer, Lord Ashcroft, and a multimillionaire Tory prime minister, Rishi Sunak, whose families have all avoided paying millions of pounds in UK tax as beneficiaries of non-dom status and who live lives of luxury. On the other is a woman who grew up in poverty caring for her illiterate mother, who is now mother to a child who is registered blind, and who through her own guts and character has risen to be deputy leader of the Labour Party. Even Rayner’s accusers accept that the most she might have benefited from the error that they allege — and which she denies — is less than £3,000 in tax. I suppose that her attackers cannot bear the idea that they are about to lose to a woman who pulled herself up by her bootstraps. And who is going wipe the floor with them. Nick Boles London SE5

Jonathan Dowland jmtd
@werdahias interesting, thanks

Jonathan Dowland jmtd
Puzzled why this is in heavy rotation at the moment. Was it in a TV show? https://pleroma.debian.social/notice/Agwj6cuUZBACNOMkQC

Jonathan Dowland jmtd
What do you think about the idea of heuristically detecting passwords in log lines and sanitising them? OTOH, I worry about it making people more complacent about putting passwords in not-safe places. On the other, there are some circumstances where it's hard to avoid.

Jonathan Dowland jmtd
https://daily.bandcamp.com/lists/johann-johannsson-album-guide?utm_source=notification

Simon Phipps webmink@meshed.cloud

OpenTofu denies plagiarism.

https://opentofu.org/blog/our-response-to-hashicorps-cease-and-desist/

Josh Bressers joshbressers@infosec.exchange

On Friday I gave a talk at @CypherCon about the mind boggling size of open source

I want to also share the deck here because I think this is a super huge deal

There are A LOT of organizations (governments, foundations, companies) that are trying to create rules and regulations for open source use

And none of them understand how huge it is. And it's not just the size, it's also growing faster than we can possibly keep up (for example there are more than 9000 releases every day. Good luck auditing that)

Anyway, there's no happy ending here, the presentation was really just meant to frame the problem because we're currently working on solutions to a problem we think is hundreds of magnitudes smaller than it really is

Thanks to @ecosystems for the data

https://docs.google.com/presentation/d/1exE08fUUra34FtlGaAk_kD4GSFuOftxej7DtQib_lus/edit

Jonathan Dowland jmtd
Refactoring pipelines into awk => moving things awkward

aeva aeva@mastodon.gamedev.place

I think we're approaching this collective brainstorming all wrong. We're not going to solve the xz problem by throwing pennies at burnt out over worked hobby maintainers or by making them jump through extra bureaucratic hoops in the name of security theater. There's only one reasonable solution here and it's to turn maintaining critical open source projects into REALITY TELEVISION.

Jonathan Dowland jmtd
@BraveRobynArt accessing discord via Pidgin/libpurple hides much of the rubbish but I suspect that route is on borrowed time

Baldur Bjarnason baldur@toot.cafe

Once I realised that quite a few people not only don’t enjoy reading or writing, many actually resent it and consider one, the other, or both to be the biggest chore at work, a lot of things clicked into place about both generative models and how people read

eclectech eclectech@things.uk

I have just realised that the one benefit to the amount of disinformation, lies & LLM rubbish that swirls around the internet these days is that April Fool's 'pranks' don't make a dent. No requirement to be extra vigilant, because that level of attention is required every sodding day.

see shy jo joeyh@hachyderm.io

While has people talking about issues with binary test files etc in source repos, and issues with using tarballs that can vary from git, doing a `git clone` and building in there is *also* exposed to a huge amount of binary data.

Including binary data hidden inside commit objects, for example. Also git blobs are zlib compressed so might be possible to smuggle in extra binary data at the end. Possibly also at the end of tree objects, I don't remember if git checks for that.

»