hello

  • 42 Posts
  • 121 Comments
Joined 5M ago
cake
Cake day: Jan 17, 2022

help-circle
rss



lmao the ISS is literally the least self-sufficient place anywhere in the universe where humans currently live


via the /r/fuckcars thread about this, someone said in February that they were working on submitting a proposal. It appears that the 2022 submissions aren’t on the unicode consortium’s list of proposals yet; hopefully they submitted it!


You call that a TTY? This is a TTY:

smdh at kids today with their fancy emoji-having terminal emulators


Can anyone shed any light on what the impetus to this letter was? It very much reads like it must be in response to something specific having been widely distributed prematurely, but doesn’t say what it is/was.



In theory I think you can:

  1. put a peer tube video URL in the search box here
  2. wait a moment for lemmy to fetch the video page
  3. comment on the resulting lemmy page for the video
  4. your comment should appear on peertube

However, I just tried it with this video (that instance is running peertube 4.2.0, which is required for some features according to the lemmy release notes) and my comment here has not yet appeared on peertube (nor are the four existing comments on that video appearing on lemmy, nor is the one other video on that channel appearing on the lemmy page for that channel).




via https://news.ycombinator.com/item?id=31566031 source: https://github.com/satwikkansal/wtfpython
fedilink

maybe it’s different elsewhere but in US English i think that is a pickup, not an SUV


i lol’d at the comically large shadows in this one (“BaZik”):


Signal’s “sealed sender” feature is insufficient to actually protect metadata. Since that feature was implemented, the server ostensibly doesn’t know which user a message is from, but it still knows the IP address that sent it and in most cases there is only one signal user (who must identify themselves to receive incoming messages) using a given IP at a given time. AWS is very cooperative with law enforcement (not to mention intelligence agencies) so it is unlikely that they are not correlating senders and receivers of Signal messages.




they could just ask AWS for the signal metadata, like the FBI presumably does 🤡


do you think most brave users know or care what BAT is? i suspect not.


also via HN i just found https://videomentions.com/search which does it for youtube channels.

I still haven’t found something that can search a private offline video+subs library, though.


Temporary rollback of recent Google log retirements
> *Note that this change will break an invariant of the Chrome CT state machine that Retired logs never transition to another state besides Rejected. Consumers of the log lists may wish to ensure that their tooling can handle this change.* # 😂
fedilink

downloadable binaries are how the overwhelming majority of currently-running programs got distributed; it isn’t merely a convenience, it is the status quo. (and, I don’t think that should change - it would be a waste of time and energy for everyone to run source-based distributions and need to compile everything themselves. i just wish the binaries were reproducible so that we didn’t need to rely on build infrastructure remaining honest!)




update: via HN i just discovered videogrep which does it over a single video, at least: https://lav.io/notes/videogrep-tutorial/


Why aren't non-reproducibly-built binaries of GPL-licensed software considered undistributable?
cross-posted from: https://lemmy.ml/post/274345 > Reading the rather disturbing (albeit refreshingly honest, compared to some other distros) [answer to the FAQ "Can Slackware be recompiled from scratch?"](https://docs.slackware.com/slackware:faq#can_slackware_be_recompiled_from_scratch) got me wondering... > > GPLv3 says: > > The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. > > GPLv2 says something similar: > > The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. > > In the absence of [reproducible builds](https://en.wikipedia.org/wiki/Reproducible_builds), how is it actually legal for third parties (not the copyright holder) to distribute binaries of GPL-licensed software? > > Even if I have the corresponding source code and precisely the same build environment that the distributor built a binary with, if the build process is not reproducible then I cannot actually ***generate*** precisely the same copyrighted ***work in object code form*** which I've received. > > The GPL doesn't seem to say anything about how distributing source code and build scripts which can generate a different-but-effectively-equivalent(-but-not-easily-verifiably-so) binary being sufficient to comply with the source code requirement. > > So, how is distributing these binaries not copyright infringement? > > (Obviously in practice everyone agrees that it is OK to distribute non-reproducible binaries, since most everyone does it, but the answer "the entire free software community just seems to agree that slightly violating the GPL is OK because reproducible builds are too much work" is pretty unsatisfying.)
fedilink

Useful Python decorators for Data Scientists
via https://news.ycombinator.com/item?id=31476521
fedilink




Arguably USENET was actually the beginning of the fediverse, in 1979 :)

The quiz says “On May 18, 2008 🐣 the first public post appeared on a site called identi.ca powered by free software. The idea behind it was that anyone could download the source code and run their own social network connected to other nodes. This was the beginning of Fediverse.

It doesn’t link to that first post though, because the first ~5 years of identica posts are mostly gone now (modulo what you can find on the wayback machine) 😞

I’m not certain, but if I remember correctly laconica (the software behind identica, which today lives on as GNU Social) instances couldn’t actually federate at the very beginning, but that was its goal from the start so I guess May 18 is a reasonable enough day to celebrate if that is actually when identica launched. I wish I could see that actual first post, though!


Why aren't non-reproducibly-built binaries of GPL-licensed software considered undistributable?
Reading the rather disturbing (albeit refreshingly honest, compared to some other distros) [answer to the FAQ "Can Slackware be recompiled from scratch?"](https://docs.slackware.com/slackware:faq#can_slackware_be_recompiled_from_scratch) got me wondering... GPLv3 says: > The “Corresponding Source” for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. GPLv2 says something similar: > The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. In the absence of [reproducible builds](https://en.wikipedia.org/wiki/Reproducible_builds), how is it actually legal for third parties (not the copyright holder) to distribute binaries of GPL-licensed software? Even if I have the corresponding source code and precisely the same build environment that the distributor built a binary with, if the build process is not reproducible then I cannot actually ***generate*** precisely the same copyrighted ***work in object code form*** which I've received. The GPL doesn't seem to say anything about how distributing source code and build scripts which can generate a different-but-effectively-equivalent(-but-not-easily-verifiably-so) binary being sufficient to comply with the source code requirement. So, how is distributing these binaries not copyright infringement? (Obviously in practice everyone agrees that it is OK to distribute non-reproducible binaries, since most everyone does it, but the answer "the entire free software community just seems to agree that slightly violating the GPL is OK because reproducible builds are too much work" is pretty unsatisfying.)
fedilink


Note that being transport-agnostic is also an argument in favor for some use-cases, such as gateways. Plug in your OTR addon of choice and chat across various bridges. Otherwise both sides of the bridge need to agree on a common encryption mechanism and a serialization format. I’m not sure there is any other use-case where this (being transport-agnostic) is actually useful though.

Yeah, there are IRC clients that support OTR for private (1:1) messages, and there are IRC to XMPP gateways… i’ve never done it myself but I have heard of people using cross-protocol OTR that way. I’m not aware of any other cross-protocol e2ee system.

Poezio still supports OTR, and also supports OMEMO mostly

poezio’s OTR support comes from potr which unfortunately relies on pycrypto which says it is “unmaintained, obsolete, and contains security vulnerabilities”. Its its OMEMO support comes from poezio-omemo which uses python-xeddsa which says “This code was not written by a cryptographer and is most probably NOT SECURE”. I haven’t looked very closely but I think python-xeddsa might actually be OK; it has some (barely) post-covid commits and is built using primitives from djb’s SUPERCOP, but pycrypto is definitely dead and should not be used anymore.


When I saw this headline I couldn’t help but wonder if this might be related to that blackmail thing back in March… but sadly from how not-comprehensive it is, it clearly isn’t.

  • Only Turing (their microarchitecture introduced in late 2018) and newer GPUs will be supported by this open-source kernel driver, because it uses their new new “GPU System Processor (GSP)” architecture which involves loading binary firmware (which they aren’t opening the source for) on the GPU at runtime.

  • NVIDIA’s user-space libraries and OpenGL / Vulkan / OpenCL / CUDA drivers remain closed-source.

Having the kernel module be open source (and maybe one day accepted in mainline) will certainly make life easier for some people (especially nvidia engineers), but from the security, privacy, and philosophical standpoints, this doesn’t really change much.

so,

🖕 Nvidia

(still)


oh, interesting, i see they actually had their own package manager from 2005 to 2013!



Is there any decent XMPP client that supports both OTR and OMEMO?
The OMEMO dev's push to get many clients to drop OTR support has seriously fragmented the XMPP world :( It seems like there *must* be a modern client that supports both OTR and OMEMO, but, I haven't found one.
fedilink


interop with other fediverse platforms
If I understand correctly, users of other fediverse things like Mastodon can follow lemmy communities (and users?) but the reverse is not currently possible. Would it not make sense for lemmy users to be able to subscribe to a hashtag or user on a mastodon instance?
fedilink