Notices by Matthew Garrett (mjg59@nondeterministic.computer)

Has anyone scraped git repos with embedded graphics files to verify whether any of them have undisplayed embedded data of suspicious complexity?

@qdot @foone yes pls

Cursed PSU that's fixed 12V but has a USB-C connector

Look at this shit. Just horrifying.

I think the thing that most people do not realise is that correctly implemented privacy preserving apps are very much the exception, not the norm

So many social norms are entirely based around nobody ever hitting F12 and looking at the network traffic

App security is frequently based on the idea that nobody can just hit F12 there, and, sadly, things like mitmproxy

@qdot hey uh for reasons I'm wondering whether you have a list of devices with protocols that haven't been reimplemented yet

Why does my IdP have two entirely different flows for MFA auth depending on how you're hitting it

User freedom is obviously the most important aspect of free software but the economic cost of staring at wire dumps to figure out a transaction flow instead of just being able to read the implementation should not be understated

Twitter just doing a "redirect links in tweets that go to x.com to twitter.com instead but accidentally do so for all domains that end x.com like eg spacex.com going to spacetwitter.com" is not absolutely the funniest thing I could imagine but it's high up there

Sometimes I think maybe San Francisco isn't as weird as people think and then I remember I've dated multiple people who've had Tommy Wiseau as a landlord

I /could/ figure out what this function is doing with bignums by staring at decompilation for long enough, or I could just fake up a declaration for it and call it directly, and the latter sounds more fun

First rule of RE: if you already have the function, consider just calling the function

@lain your attendees should know whether someone is allowed to be at the event or not. They should not be left with a statement that implies one while actually the other is true.

You're running a conference and you receive reports of an attendee having sexually assaulted people. You have 3 choices:
(1) you behave as if you believe the accusation. You make it clear that the alleged assailant is permanently banned.
(2) you behave as if you don't believe the accusation. You make it clear that the alleged assailant is still welcome.
(3) you choose neither, and imply that the alleged assailant is not welcome but do nothing to enforce that

(3) is the worst choice here

Your attendees should be able to make an informed decision about how safe they'll be at your event. If you imply one outcome while allowing another you aren't giving them the information required to make that decision.

How has the Salesforce Tower never shown Bad Apple surely that should have been the canonical test event

Bother I have somehow ended up with 12mm-wide 3 pin LED strips despite the vendor stating that they were 1cm, and now these connectors won't fit so I'm going to have to solder a bunch of shit

Just bought a USB foot pedal, now I can finally learn vi