FoxQuirk 🦊 @quirk@computerfairi.es
Trans woman, bisexual, someone's fiancée, forever a programmer, poly, and former total mess
Joined May 2019
FoxQuirk 🦊
boosted
You don't necessarily need to say "image of" in your alt text for users to know it's an image. Screen readers will announce that it's an image. But it can help readers to specify if it's a hand-drawn image, Polaroid, infographic, screenshot, chart, map, diagram, or so on.
FoxQuirk 🦊
boosted
Tip for new fedi users! you should reject your humanity
become cat or fox or dog or wolf or doll or robot or angel or creature
FoxQuirk 🦊
boosted
misinfo, rustlang
Rust 2024 edition is about to drop! Here are some of the new features they’re adding to the standard library:
- std::ops::Yeet is becoming stable! A better name could not be invented so we will be staying with Yeet.
- serde has become std::serde
- std::collections::Aquarium, a collection for holding multiple generic types. (It’s called Aquarium because it holds all your ::<>’s)
I'm going to continue building my website/blog today, but I feel there must be a better verb for it than building
We used to surf the web (complimentary), now we just search it (derogatory)
Do you Spin a WEBsite? is this anything? idk
FoxQuirk 🦊
boosted
I accidentally found a security issue while benchmarking postgres changes.
If you run debian testing, unstable or some other more "bleeding edge" distribution, I strongly recommend upgrading ASAP.
FoxQuirk 🦊
boosted
by age 30 you should have spent years contributing to an open source project in your free time, building trust and becoming a maintainer, and then have skilfully inserted a highly obfuscated backdoor that successfully made its way into multiple linux distributions
FoxQuirk 🦊
boosted
making videogames is easy. you just sit down at your computer every day and put in the work on your game as your sanity slowly slips away from you
FoxQuirk 🦊
boosted
FoxQuirk 🦊
boosted
Whenever you feel like saying "dude", just say "gamer".
"Gamer" is....
1) Gender neutral: Everyone can be a gamer
2) Guaranteed to piss somebody off because not everybody identifies as "gamer", but they can't give you any real flak for it because see point number one.
FoxQuirk 🦊
boosted
In Gaza, every person, the first thing they want to tell me in English or Arabic is 'We need food.' They are saying that because their assumption is the world doesn’t know, because how would this be allowed to happen if the world knew? ~ UNICEF spokesperson James Elder
FoxQuirk 🦊
boosted
@eb I really hope that this causes an industry-wide reckoning with the common practice of letting your entire goddamn product rest on the shoulders of one overworked person having a slow mental health crisis without financially or operationally supporting them whatsoever. I want everyone who has an open source dependency to read this message https://www.mail-archive.com/xz-devel@tukaani.org/msg00567.html
FoxQuirk 🦊
boosted
I’ve seen numerous people express concern that their xz installation is several versions out of date — because while it may have saved them in this specific case, doesn’t that mean they must not be running updates correctly in general?
No! It’s normal for your personal copy of an open source program to be several versions out of date. When you get an update to a commercial software package, it’s already been through months of internal testing by professionals. In volunteer-based open source, the bulk of this testing is done by simply releasing the update on their site and letting advanced users try it out. At some point, if there’s no problems, it will get shuffled forward to stable update channels. Therefore it’s normal for most Linux software to be one to two years out of date compared to the absolute newest version you could possibly get.
The good news is that this backdoor was found before most distros accepted the update as stable, and therefore it was not yet installed on the majority of production servers — it’ll be mainly on testing servers. The bad news is that the malicious actor was clever enough to make sock puppet user accounts to complain about xz crashing and claim that the new update is a critical fix that needs to be rushed out the door as soon as possible. This was a close call, we were very lucky.
FoxQuirk 🦊
boosted
Me: "Wait, why doesn't Unreal have a cone trace?"
Marketplace: "Don't worry friend, we gotcha, check out this plugin"
<looks>
Me: "This only raises further questions"
I'm unreasonably happy right now about having figured out how to regulate the power produced by my coal power plants in factorio, so that when the nuclear power plant is producing enough power the coal power plants turn off
FoxQuirk 🦊
boosted
Terry keeps rolling out the bangers. Finally, he's found his medium.
FoxQuirk 🦊
boosted
2913. Periodic Table Regions
title text: Cesium-133, let it be. Cesium-134, let it be even more.
(https://xkcd.com/2913)
(https://www.explainxkcd.com/wiki/index.php/2913)
FoxQuirk 🦊
boosted
A couple things to think about here:
This appears to be a malicious maintainer - not a compromised account. Meaning the person themselves, coded this in an pushed it out.
So:
1) Did they try and backdoor any other code?
2) Are they part of a greater campaign or is anyone else helping them.
This is a massive breach of trust.
That said! Huge kudos to Andres Freund, Florian Weimer, and others in finding this.
A lot of eyes are on this now. CISA is involved. Major distros are involved, etc. Many eyes and such.
Yea, so, I'm gonna wait with doing a dist-upgrade for a little while tbh
FoxQuirk 🦊
boosted
xz-utils was backdoored by its upstream. Tracked as CVE-2024-3094 and thoroughly documented by vuln discoverer Andres Freund on oss-security@: https://www.openwall.com/lists/oss-security/2024/03/29/4
Trans woman, bisexual, someone's fiancée, forever a programmer, poly, and former total mess
Joined May 2019
