Show more

Speaking of ✨ lamps ✨ and electronics, I have a question: if I'm trying to drive a 24V LED strip with MOSFETs or similar hanging off a computer running at 5V, do I need to have a source at like 25.6V rather than 24V in order to counter voltage drop in the driver transistors?

deutrino boosted
deutrino boosted

Statism 

deutrino boosted

My two (enormous) stories about how companies turn you and your data into cash, and how to stop them, are both out today! You can read them for free!

Happy that I was able to work in shout-outs to #Mastodon and @pixelfed

pcmag.com/article/364152/how-c

pcmag.com/article/364153/onlin

deutrino boosted

hey all, there's a rash of http2 vulnerabilities going around c/o Netflix today.

the default mastodon nginx config has http2 enabled, and nginx is affected (in one form or another) by three of these attacks, so you should upgrade nginx as soon as possible:

nginx.com/blog/nginx-updates-m

@alcinnz Cool! I just recently got back into web design and rem is new to me but seems super useful

deutrino boosted
fediverse admins and software designers should really read the UNIX-HATERS Handbook chapter on USENET. so many mistakes have been repeated here.
deutrino boosted

@arthurlutzim we already have partial experiments in that direction :) github.com/yunohost-apps/fallb

And have some kind of "federated"/"friend 2 friend" YunoHost mechanism to share backup is something we want to do since a loooooooong time

deutrino boosted

Transparence et #Google
-chercheurs: l’algorithme de YouTube favorise les vidéos d’extrême droite
-YouTube: Nos chiffres prouvent le contraire.
-journalistes: Montrez-nous les chiffres qu’on puisse constater qui a raison.
-YouTube : C’est confidentiel.
nytimes.com/2019/08/11/world/a

deutrino boosted

Huh. Did you know that if you use Avast anti-virus, they are tracking every single thing you click on in your web browser, storing this, and selling this data to marketers?

sparktoro.com/blog/less-than-h - scroll down to the “methodology” section.

deutrino boosted

@CobaltVelvet Does Mastodon still do that? FWIW, we thought about this when working on AP and decided that federating blocks could open users up to danger:

> Servers SHOULD NOT deliver Block Activities to their object.

w3.org/TR/activitypub/#block-a

deutrino boosted

@cwebber @CobaltVelvet it does, and Gargron always defended it with “but we aren't delivering it to the object, just to the instance!”

also, I personally think this behavior could be something that some user wants, but it should probably not be the default, and in any case it should be explicitly described, which is… not the case currently :x

deutrino boosted

@Thib @CobaltVelvet yeah I think this assumes a model where instance administrators are good actors (heh), or where people aren't self-hosting, which I think is decreasingly the case

deutrino boosted

tech, Mastodon, fediverse blocks, long 

deutrino boosted

tech, Mastodon, fediverse blocks 

Show thread
deutrino boosted

tech, Mastodon, fediverse blocks, long 

deutrino boosted
when you lead people to believe they are "safe" on an issue when they are *not*, you are compromising their security.

this is the reason why Pleroma blocks don't go as far as Mastodon blocks.

i'm not comfortable with "fake it till you make it" when it comes to security.

i'm only interested in building features that actually work securely in the present model. i'm also interested in changing the model (see also: OCAP) so that we can build more robust security features.

the people who jumped me last night have a completely broken understanding of the problem. they need to think more deeply about these problems.

let me explain their argument and why it is wrong.

they argue that if [email protected] sends a `Block` to [email protected], that it's fine because kiwifarms.cc is supposed to stop showing all content including the knowledge of the [email protected] account to [email protected]

in proprietary, non-federated services, this behaviour makes sense.

but in the fediverse, it doesn't, because any admin can simply modify their server to circumvent the `Block`. it takes approximately 5 minutes to do on Mastodon or Pleroma.

this is not good security, because it assumes that there are no hostile nodes. and, like, this is the fediverse, so obviously that's a bullshit assumption.

so, why does all of this matter?

the reason why it matters is because the fundamental architecture is broken. we are trying to graft security into a network that originally ran on a protocol designed strictly for shitposting and built around the data model used by GNU Social.

and what does a correct network model look like? actually, the ActivityPub spec has the answer: stop caching remote profiles locally on the server.

this has other problems, but, fundamentally, any security assumptions under the spec (fortunately or unfortunately, depending on how you look at it, the spec defines security as non-normative though) are built around peers NOT having local caches of profile data.

so instead of trying to push blocks around the network, why not actually solve the caching problem?

it is simply not possible to have the security guarantees Mastodon's block feature claims under the current data model of the fediverse. i am surprised nobody has created a service already that lets you automate scraping profiles of accounts that block you. it's not because it's hard to do, that's for sure.

and why do all of these software (Pleroma included) shadow all of these remote profiles? because people want to stay in one place and things need to be decently fast.

what i am saying is that if we want security guarantees like "blocked users cannot access profiles" that aren't trivially bypassed, then we need to move toward stuff like what Hubzilla is doing, where instead of doing things 100% from your own home instance, there is fediverse-wide single sign on, and people move from instance to instance to interact.

which is ultimately what OCAP is about evolving toward.
Show thread

"...1rem equals the font size of the html element (which for most browsers has a default value of 16px)."

(As opposed to cascading from the font-size of the containing element, like 1em would)

sitepoint.com/understanding-an

@alcinnz Thinking about float lists is a little beyond me.

Right now, I'm using a Wordpress visual builder type thing and my first inclination to get a div further up within its containing box (which is set to vertical-align: middle) was to use top: -4rem, and then I also tried margin-top: -4rem. Both worked fairly well although I have previously seen relative positioning act weird in the builder element I'm using.

I suppose relative positioning is less worse here..

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!