jgil

Articles in this section Note to Self Signal Secure Backup Filtered by unread Chat Folders on Signal Android | wo STH How to create and share call links « @ Notetoserr 8 Phone Number Privacy and Usernames oN » Phone Number Privacy and 4 3 Usernames: Deeper Dive 7] | Stories 8. | an @ Text Formatting Change the Signal app icon on your Who is Note to Self? phone « This contact entry is a chat to send messages to yourself. Edit Message « Use this feature to jot down a note for yourself to review later or to share messages and files with your linked devices. See more « All messages in Note to Self are end-to-end encrypted Signal messages. + Yes, you can send disappearing messages to yourself. The timer starts immediately. Here's how to start a Note to Self on: « Android . 0s « Desktop

Was searching my Signal contacts for something something "N" and found a contact I'd not noticed before: Note to Self. One of these days I will just RTFM.

"Who is Note to Self?

This contact entry is a chat to send messages to yourself.
Use this feature to […]

[Original post on infosec.exchange]

Crazyyy

我，一个初学开发的人，是如何阅读你，一个开发者，为我编写的教程的 How I, a beginner developer, read the tutorial you, a developer, wrote for me (anniemueller.com) 09:27  ↑ 106 HN Points

This satirical blog post really illustrates the problem with a lot of technical writing. Amazing technical writing is so good and then everything else reads like this

https://anniemueller.com/posts/how-i-a-non-developer-read-the-tutorial-you-a-developer-wrote-for-me-a-beginner

"A conversation with Daniel Stenberg, creator and maintainer of #curl, one of the most widely used networking tools on the internet. We talk about Daniel’s journey through decades of protocol work, the story of curl, what keeps him going, and how he balances open source with real life." […]

#pastpuzzle en-373
🟩🟩🟥🟥 (+7)
🟩🟩🟥🟨 (-7)
🟩🟩🟩🟩 (0)
▪️▪️▪️▪️

3/4 🥉
https://www.pastpuzzle.de

Let this be his legacy. This was his message. That's what he wanted.

https://www.reddit.com/comments/1nmdiau

🎉🎉🎉

Learn a language with me for free! Duolingo is fun, and proven to work. Here’s my invite link: https://invite.duolingo.com/BDHTZTB5CWWKSNN2AMZDP2NOZA?v=sm

Learn a language with me for free! Duolingo is fun, and proven to work. Here’s my invite link: https://invite.duolingo.com/BDHTZTB5CWWKSNN2AMZDP2NOZA?v=sm

Made a more modern password field

"Sam Altman's AI army is laughing its silicon balls off while you're knee-deep in React's virtual DOMshit, praying your app doesn't choke on its own bloated corpse. This isn't progress. It's a fucking tragedy. You've got a shiny new Ferrari in your garage, and you're still riding a rusty […]

Learn a language with me for free! Duolingo is fun, and proven to work. Here’s my invite link: https://invite.duolingo.com/BDHTZTB5CWWKSNN2AMZDP2NOZA?v=sm

ˢˡᵃᵖˢ

Un alumno me llega hoy: ¿sabes cómo deshabilito el copilot es que quiero aprender? 🥲

Over 3 years ago I changed my avatar on Mastodon from my original and I said not to change it back after the war in Ukraine was over

Never did I expect that I would almost forget what the original one looks like.. and not in a good way

Oooof.. :sad_cat: 😟

Currently I am still over €440 min short for the server & media storage bills :AAAAAA:

Please, if you can think about donating to help me pay these bills

https://paypal.me/stuxOS
https://patreon.com/mstdn
https://ko-fi.com/mstdn
https://bunq.me/stuxhost […]

@stux I hadn't accessed my pixey.org account for a while and seems it may have been deactivated. Basic login says wrong credentials. attempting to recover password says not possible. Trying to create a new one with same email and user says already registered 🤷
I […]

[Original post on toot.io]

holy fuck john oliver just bumped mastodon

tv host John Oliver with image of BLuesky, Pixelfed, Mastodon and Signal logos

Tonight, on John Oliver's Last Week Tonight, #Mastodon and #PixelFed got a call out for not falling in line with Trump and as an alternative to Meta products.
#USPol

Strands #317
“Bundle up”
🔵🔵🟡🔵
🔵🔵🔵

Waymo (aka Google) admits that it trains its robotaxis to break the law. When WaPo reporter finds robotaxis fail to stop for pedestrians in marked crosswalk 70% of the time, Waymo says it follows "social norms" rather than laws.
Expert explains: When robotaxis obey law, they don't go fast […]

Look what I learned on Duolingo in 2024! #Duolingo365

These images are ridiculous 😅

A twenty-five years old curl bug <p>I have talked about old curl bugs before, but now we have a new curl record.</p> <p>When we announced the security flaw <a href="https://curl.se/docs/CVE-2024-11053.html">CVE-2024-11053</a> on December 11, 2024 together with the release of <a data-id="26066" data-type="post" href="https://daniel.haxx.se/blog/2024/12/11/curl-8-11-1/">curl 8.11.1</a> we fixed a security bug that was introduced in a curl release <strong>9039</strong> days ago. That is close to twenty-five years.</p> <p>The previous record holder was <a href="https://curl.se/docs/CVE-2022-35252.html">CVE-2022-35252</a> at 8729 days.</p> <p>Now at <a href="https://curl.se/docs/security.html">161 reported CVEs</a>, the <em>median</em> time a security problem has existed in curl until fixed is <strong>2583</strong> days, a little over seven years.</p> <h2 class="wp-block-heading">Age</h2> <p>We know the age of every single curl security problem because every time we have a confirmed one, I spend a significant time and effort digging through the source code history to figure out in which exact commit the problem was introduced.</p> <p>(This is also how we know that almost every CVE we have ever announced was introduced by <em>my</em> mistakes.)</p> <h2 class="wp-block-heading">What’s Wrong?</h2> <p>I don’t think anyone is doing anything wrong here. I think it illustrates the difficulty and challenges involved. There are a lot of people looking at curl code all the time. We run tests and analyzers on the code, all the time. In fact, in November 2024 alone, we had CI jobs running on GitHub alone at 9.17 CPU days per day. Meaning that on average more than nine machines were running curl tests and builds to help us verify that it works as intended.</p> <p>Apart from that, we of course have all the human individual testers, security researchers and the Google OSS-Fuzz project that are fuzzing curl non-stop and have been doing so for the last 6-7 years.</p> <p><em>Security is hard.</em> I mean really really hard.</p> <p>I have no immediate ideas how to find the next such bug other than the plain old: add more test cases for scenarios and setups not previously tested. That is hard, difficult and quite frankly quite boring work that nobody in particular wants to do nor fund someone else to do.</p> <h2 class="wp-block-heading">Enough eyeballs</h2> <p>I think we all agree by now that not all bugs are shallow. Or perhaps we can’t ever truly get enough eyeballs. Or maybe the saying works, just that it needs an addendum</p> <p class="has-text-align-center"><em>Given enough eyeballs <strong>and time</strong>, all bugs are shallow</em></p> <h2 class="wp-block-heading">Learn from each mistake</h2> <p>It is often said, and it is true, that you learn from mistakes. The question is only what exactly to learn from each and every reported security vulnerability. Each new one always feels like a unique stupid mistake that was a one-off that <em>surely</em> will not happen again because that situation is now gone and we have no other like that.</p> <h2 class="wp-block-heading">Not a C mistake</h2> <p>Let me also touch this subject while talking security problems. This bug, the oldest so far in curl history, was a plain logic error and would not have been avoided had we used another language than C.</p> <p>Otherwise, about 40% of all security problems in curl can be blamed on us using C instead of a memory-safe language. 50% of the high/critical severity ones.</p> <p>Almost all of those C mistakes were done before there even existed a viable alternative language – if that even exists now.</p> <h2 class="wp-block-heading">Graphs</h2> <p>I decided to not sprinkle graph images in the post this time. You can find data and graphs for all my claims in here in the <a href="https://curl.se/dashboard.html">curl dashboard</a>.</p>

https://daniel.haxx.se/blog/2024/12/12/a-twenty-five-years-old-curl-bug/

@jaosorior.dev sup

testing bsky bridge