FoxQuirk 🦊 @quirk@computerfairi.es

@arcade

December 17! It's a Mavica!

Here is a later model that was lightly used back in the day. This platform-agnostic camera was revolutionary for its compatibility and ease of use. The optics weren't bad either! 📸

These are also very reasonably priced, and new batteries are affordable and available. Highly recommend!

This is your regular and very unwanted reminder that it's not "heli+copter", but "helico+pter", with "pter" being the same root word meaning "wing" as in pterodactyl.

You know I think animals might be onto something with the whole nuzzling thing

You ever rub your face into a pillow like super hard? Most satsifying thing ever

‪look upon the world with the eyes of a game developer and everything looks pretty because wow the real world is so good at diffuse reflections and lighting (for real though)‬

🎵currently listening to colorcoaster by fusoxide, such a good song https://fusoxide.bandcamp.com/track/colorcoaster

my cold take on the Threads federation thing is: if you simply consider them not as some mystical "platform" but as any other "instance", then they're an over-sized under-moderated data-scraping instance housing many vile users right up to the point of "technically legal free speech"... and we've all suspended instances before for much less.

‪this is but one tiny example of what i mean when i say: THIS WORLD IS BEAUTIFUL, AND WE MUST PROTECT IT‬

hazy night

Some of my favorite papers are the ones where you can go back and look at other, non-vulnerable constructions and see "oh, that's why they did it that way". Here: SSH doesn't do handshake transcript integrity --- they felt like it was good enough to just authenticate the _parts_ of the handshake that went into key negotiation. Compare with (say) Noise, or TLS.

Result: attackers can inject no-op messages into the handshake. "Who cares”, right, except that SSH keeps implicit sequence numbers and the NOPs bump those sequence numbers, allow attackers to edit the underlying handshake.

Ruhr Bochum continues its unabated relentless killing spree https://terrapin-attack.com/TerrapinAttack.pdf

@tqbf note to self: do not call protocol "secure"

@hikari ah, I remember one of the Mozilla blog posts about XUL and WebExtensions, where they talked about how they ported some internal functions from JavaScript to C and then some big extensions broke because they were patching those functions by stringifying and regexing them...

i had a whimsical idea for a gpu compute library, a few years ago: true single-source programming in c, without changing your build flow. you'd just pass the function pointer to the run_on_gpu() function and it'd work even though it shouldn't. how? parsing x86 assembly at runtime

i love that you can call toString() on a function in JS and get back its source code. it's not something you should do, but there are so many wonderfully silly applications for it. i love this shit

https://twitter.com/zzznah/status/1736117845438636500