FoxQuirk 🦊 @quirk@computerfairi.es

🎵currently listening to colorcoaster by fusoxide, such a good song https://fusoxide.bandcamp.com/track/colorcoaster

my cold take on the Threads federation thing is: if you simply consider them not as some mystical "platform" but as any other "instance", then they're an over-sized under-moderated data-scraping instance housing many vile users right up to the point of "technically legal free speech"... and we've all suspended instances before for much less.

‪this is but one tiny example of what i mean when i say: THIS WORLD IS BEAUTIFUL, AND WE MUST PROTECT IT‬

hazy night

Some of my favorite papers are the ones where you can go back and look at other, non-vulnerable constructions and see "oh, that's why they did it that way". Here: SSH doesn't do handshake transcript integrity --- they felt like it was good enough to just authenticate the _parts_ of the handshake that went into key negotiation. Compare with (say) Noise, or TLS.

Result: attackers can inject no-op messages into the handshake. "Who cares”, right, except that SSH keeps implicit sequence numbers and the NOPs bump those sequence numbers, allow attackers to edit the underlying handshake.

Ruhr Bochum continues its unabated relentless killing spree https://terrapin-attack.com/TerrapinAttack.pdf

@tqbf note to self: do not call protocol "secure"

@hikari ah, I remember one of the Mozilla blog posts about XUL and WebExtensions, where they talked about how they ported some internal functions from JavaScript to C and then some big extensions broke because they were patching those functions by stringifying and regexing them...

i had a whimsical idea for a gpu compute library, a few years ago: true single-source programming in c, without changing your build flow. you'd just pass the function pointer to the run_on_gpu() function and it'd work even though it shouldn't. how? parsing x86 assembly at runtime

i love that you can call toString() on a function in JS and get back its source code. it's not something you should do, but there are so many wonderfully silly applications for it. i love this shit

https://twitter.com/zzznah/status/1736117845438636500

make friendships with people who can see the light in you, who can find the angles from which you can sparkle together. seek out those positive reinforcement loops. there's so much of yourself you don't know you have

there's so much love and joy out there, waiting to be found

Weird question: Does anyone know where I can find the "original" Twitter egg avatar images? I can find some pretty high quality versions but I'm wondering if the files Twitter actually served were archived.

There's just a lot of people on here today saying "give facebook a chance" who do not seem to want to talk about what facebook does with the chances it's given.

@mhoye

*proprietary software shoves ads in your face, implements dark patterns everywhere and does everything to keep your attention*
"Well, but it's free to use and everyone uses it. It's not that bad."

open source software shows a sidebar on the right instead of left side
"Literally unusable garbage."

Don't trust her