@movq@www.uninformativ.de it’s sooo bad here on the east coast of the US omg 102F/38C heat here!!

@lyse@lyse.isobeef.org

They’re all talks, not real hands-on trainings like you did.

I love listening to good, well-structured talks. Problem is, not everybody is a good speaker and many screw it up. 🥴 I’m certainly not a great speaker, which is why I gravitate more towards “workshops”, in the hopes that people ask questions and discussions arise. Doesn’t always work out. 🤣 At the very least, I almost always have some other person connect to the projector/beamer/screenshare and then they do the stuff – this avoids me being wwwwaaaaaaaaayyyy too fast.

We are usually drowned in stress and tight deadlines, hence events like today are super rare … We used to do it more often until ~10 years ago.

Once a year the security guys organize a really great hacking event, though.

Oh dear, I’d love to participate in that. 🤯 That sounds like a lot of fun. (Why don’t we do this?!)

@movq@www.uninformativ.de Interesting internal education sessions are way too infrequent here as well. There are a bunch of “knowledge transfer” meetings actually, but 90% of the topics already sound totally boring to me. The other 9% talks turned out to be underwhelming, sadly. I only attended a single one where it was delivered what has been promised. They’re all talks, not real hands-on trainings like you did.

Once a year the security guys organize a really great hacking event, though. Teams can volunteer to hand in their software dev instances and all workmates are invited to hack them and report security vulnerabilities. That’s a lot of fun, but also gets frustrating towards the end when you don’t make any progress. :-) There’s also some actual hands-on training in advance for preparation of the two days. Unfortunately, I missed the last event due to my own project being very stressful at the time.

When I had a Do What You Want Day I also show my direct teammates what I learned in the hopes of this being interesting to them as well. I’m the only one in my team using this opportunity, sadly.

I did a “lecture”/“workshop” about this at work today. 16-bit DOS, real mode. 💾 Pretty cool and the audience (devs and sysadmins) seemed quite interested. 🥳

• People used the Intel docs to figure out the instruction encodings.
  
• Then they wrote a little DOS program that exits with a return code and they used uhex in DOSBox to do that. Yes, we wrote a COM file manually, no Assembler involved. (Many of them had never used DOS before.)
  
• DEBUG from FreeDOS was used to single-step through the program, showing what it does.
  
• This gets tedious rather quickly, so we switched to SVED from SvarDOS for writing the rest of the program in Assembly language. nasm worked great for us.
  
• At the end, we switched to BIOS calls instead of DOS syscalls to demonstrate that the same binary COM file works on another OS. Also a good opportunity to talk about bootloaders a little bit.
  
• (I think they even understood the basics of segmentation in the end.)
  

The 8086 / 16-bit real-mode DOS is a great platform to explain a lot of the fundamentals without having to deal with OS semantics or executable file formats.

Now that was a lot of fun. 🥳 It’s very rare that we do something like this, sadly. I love doing this kind of low-level stuff.

think i’m gonna use this license on my git repos going forward. it kicks ass https://anticapitalist.software/

@movq@www.uninformativ.de I’m feeling SO dumb right now 😅 I used to think !! was a sudo argument and never used it out of that context! Thanks for the $(!!) tip 🤘

Saw this on Mastodon:

https://racingbunny.com/@mookie/114718466149264471

18 rules of Software Engineering

1. You will regret complexity when on-call
   
2. Stop falling in love with your own code
   
3. Everything is a trade-off. There’s no “best” 3. Every line of code you write is a liability 4. Document your decisions and designs
   
4. Everyone hates code they didn’t write
   
5. Don’t use unnecessary dependencies
   
6. Coding standards prevent arguments
   
7. Write meaningful commit messages
   
8. Don’t ever stop learning new things
   
9. Code reviews spread knowledge
   
10. Always build for maintainability
    
11. Ask for help when you’re stuck
    
12. Fix root causes, not symptoms
    
13. Software is never completed
    
14. Estimates are not promises
    
15. Ship early, iterate often
    
16. Keep. It. Simple.
    

Solid list, even though 14 is up for debate in my opinion: Software can be completed. You have a use case / problem, you solve that problem, done. Your software is completed now. There might still be bugs and they should be fixed – but this doesn’t “add” to the program. Don’t use “software is never done” as an excuse to keep adding and adding stuff to your code.

Okay, here’s a thing I like about Rust: Returning things as Option and error handling. (Or the more complex Result, but it’s easier to explain with Option.)

fn mydiv(num: f64, denom: f64) -> Option<f64> {
    // (Let’s ignore precision issues for a second.)
    if denom == 0.0 {
        return None;
    } else {
        return Some(num / denom);
    }
}

fn main() {
    // Explicit, verbose version:
    let num: f64 = 123.0;
    let denom: f64 = 456.0;
    let wrapped_res = mydiv(num, denom);
    if wrapped_res.is_some() {
        println!("Unwrapped result: {}", wrapped_res.unwrap());
    }

    // Shorter version using "if let":
    if let Some(res) = mydiv(123.0, 456.0) {
        println!("Here’s a result: {}", res);
    }

    if let Some(res) = mydiv(123.0, 0.0) {
        println!("Huh, we divided by zero? This never happens. {}", res);
    }
}

You can’t divide by zero, so the function returns an “error” in that case. (Option isn’t really used for errors, IIUC, but the basic idea is the same for Result.)

Option is an enum. It can have the value Some or None. In the case of Some, you can attach additional data to the enum. In this case, we are attaching a floating point value.

The caller then has to decide: Is the value None or Some? Did the function succeed or not? If it is Some, the caller can do .unwrap() on this enum to get the inner value (the floating point value). If you do .unwrap() on a None value, the program will panic and die.

The if let version using destructuring is much shorter and, once you got used to it, actually quite nice.

Now the trick is that you must somehow handle these two cases. You must either call something like .unwrap() or do destructuring or something, otherwise you can’t access the attached value at all. As I understand it, it is impossible to just completely ignore error cases. And the compiler enforces it.

(In case of Result, the compiler would warn you if you ignore the return value entirely. So something like doing write() and then ignoring the return value would be caught as well.)

@aelaraji@aelaraji.com I use Alt+. all the time, it’s great. 👌

FWIW, another thing I often use is !! to recall the entire previous command line:

$ find -iname '*foo*'
./This is a foo file.txt

$ cat "$(!!)"
cat "$(find -iname '*foo*')"
This is just a test.

Yep!

Or:

$ ls -al subdir
ls: cannot open directory 'subdir': Permission denied

$ sudo !!
sudo ls -al subdir
total 0
drwx------ 2 root root  60 Jun 20 19:39 .
drwx------ 7 jess jess 360 Jun 20 19:39 ..
-rw-r--r-- 1 root root   0 Jun 20 19:39 nothing-to-see

@kat@yarn.girlonthemoon.xyz I guess that qualifies as an “Arch moment”, albeit the first one I encountered. I’m running this since 2008 and it’s usually very smooth sailing. 😅

@lyse@lyse.isobeef.org Yeah, YMMV. Some games work(ed) great in Wine, others not at all. I just use it because it’s easier than firing up my WinXP box. (I don’t use Wine for regular applications, just games.)

@movq@www.uninformativ.de Must be a decode ago that I last used Wine. I wanted to play GTA2, but that didn’t go as planned.

@movq@www.uninformativ.de That sounds great! (Well, they actually must have recorded the audio with a potato or so.) You talked about pledge(…) and unveil(…) before, right? I somewhere ran across them once before. Never tried them out, but these syscalls seem to be really useful. They also have the potential to make one really rethink about software architecture. I should probably give this a try and see how I can improve my own programs.

Speaking of Wine, Arch Linux completely fucked up Wine for me with the latest update.

• 16-bit support is gone.
  
• Performance of 3D games is horrible and unplayable.
  

Arch is shipping a WoW64 build now, which is not yet ready for prime time.

And then I realized that there’s actually only one stable Wine release per year but Arch has been shipping development releases all the time. That’s quite unusual. I’m used to Arch only shipping stable packages … huh.

Hopefully things will improve again. I’m not eager to build Wine from source. I’d rather ditch it and resort to my real Windows XP box for the little (retro)gaming that I do … 🫤

@prologic@twtxt.net Ahhh, right, my bad, I could have easily found that. 🤦

There’s also a project page which lists some limitations of this study: https://www.media.mit.edu/projects/your-brain-on-chatgpt/overview/

It certainly sounds plausible. “Use it or lose it.”

@movq@www.uninformativ.de I think it’s here on MIT’s website: Your Brain on ChatGPT: Accumulation of Cognitive Debt when Using an AI Assistant for Essay Writing Task 🤔

@prologic@twtxt.net But is there a source for it? Am I too stupid to use that site? 🤪

Unless your Terms of use update email looks and reads the same as the one I got yesterday from mastodon.social, I don’t wanna know about it, nor do I agree to it.

@prologic@twtxt.net I’m trying to call some libc functions (because the Rust stdlib does not have an equivalent for getpeername(), for example, so I don’t have a choice), so I have to do some FFI stuff and deal with raw pointers and all that, which is very gnarly in Rust – because you’re not supposed to do this. Things like that are trivial in C or even Assembler, but I have not yet understood what Rust does under the hood. How and when does it allocate or free memory … is the pointer that I get even still valid by the time I do the libc call? Stuff like that.

I hope that I eventually learn this over time … but I get slapped in the face at every step. It’s very frustrating and I’m always this 🤏 close to giving up (only to try again a year later).

Oh, yeah, yeah, I guess I could “just” use some 3rd party library for this. socket2 gets mentioned a lot in this context. But I don’t want to. I literally need one getpeername() call during the lifetime of my program, I don’t even do the socket(), bind(), listen(), accept() dance, I already have a fully functional file descriptor. Using a library for that is total overkill and I’d rather do it myself. (And look at the version number: 0.5.10. The library is 6 years old but they’re still saying: “Nah, we’re not 1.0 yet, we reserve the right to make breaking changes with every new release.” So many Rust libs are still unstable …)

… and I could go on and on and on … 🤣

@movq@www.uninformativ.de make that 4 people! i use plain text when i can because this page convinced me lmfao

@movq@www.uninformativ.de Yeah. :-( But hey, there are at least six of us using mail as it should be™. :-)

I sent the dealer an e-mail about that with all sorts of other issues as well. Let’s see if they fix anything of that some day. Or yet just even read it.

@lyse@lyse.isobeef.org … because you, me, and that guy over there in the corner are the only three people left using plain-text email. 🫤 (And probably Stallman.)

OpenBSD has the wonderful pledge() and unveil() syscalls:

https://www.youtube.com/watch?v=bXO6nelFt-E

Not only are they super useful (the program itself can drop privileges – like, it can initialize itself, read some files, whatever, and then tell the kernel that it will never do anything like that again; if it does, e.g. by being exploited through a bug, it gets killed by the kernel), but they are also extremely easy to use.

Imagine a server program with a connected socket in file descriptor 0. Before reading any data from the client, the program can do this:

unveil("/var/www/whatever", "r");
unveil(NULL, NULL);
pledge("stdio rpath", NULL);

Done. It’s now limited to reading files from that directory, communicating with the existing socket, stuff like that. But it cannot ever read any other files or exec() into something else.

I can’t wait for the day when we have something like this on Linux. There have been some attempts, but it’s not that easy. And it’s certainly not mainstream, yet.

I need to have a closer look at Linux’s Landlock soon (“soon”), but this is considerably more complicated than pledge()/unveil():

https://landlock.io/

@bmallred@staystrong.run Ahhh this is an agent I’m tryining to play the game of Connect3. It uses a library written in Go I’ve been working on that supports Neuroevolution using Genetic Algorithms. Some features include: Mutation, Speciation, Lamarckian Evolution/Inheritence.

So I was using this function in Rust:

https://doc.rust-lang.org/std/path/struct.Path.html#method.display

Note the little 1.0.0 in the top right corner, which means that this function has been “stable since Rust version 1.0.0”. We’re at 1.87 now, so we’re good.

Then I compiled my program on OpenBSD with Rust 1.86, i.e. just one version behind, but well ahead of 1.0.0.

The compiler said that I was using an unstable library feature.

Turns out, that function internally uses this:

https://doc.rust-lang.org/std/ffi/struct.OsStr.html#method.display

And that is only available since Rust 1.87.

How was I supposed to know this? 🤨🫩

@bender@twtxt.net I know I know! I don’t know why I ever signed up and used it and still continue to pay for the silly thing. Twtxt/Yarn is so much better in every way 🤣

@prologic@twtxt.net yes, I never understood you using micro.blog (and paying for it, nonetheless!). I don’t like it (as a platform), and have an unexplainable dislike for its creator.

@prologic@twtxt.net do you remember Hamachi? Tailscale/Headscale is Hamachi on steroids. They are used primarily for creating a VPN among all your devices so they can talk to one another as if they were on the same LAN, even when they’re not. That was, mostly, my WireGuard usage.

I still have WireGuard running—because it is so lite that it doesn’t matter—to use as regular VPN, but Headscale keeps all my devices connected forming their own “mini-Internet” 100% of the time.

@bender@twtxt.net What’s awesome about it btw? I use WireGuard pretty heavily here. And my entire family also use it to keep a VPN connection back to our home network

@prologic@twtxt.net Yeah, it’s difficult, you often don’t get what you’d expect. They also make heavy use of 3rd party libraries. IIUC, for random numbers, they refer to this library. I’ve read many times that the Rust stdlib is intentionally minimalistic (to make it easier to maintain and port and all that).

I’m struggling with this, using 3rd party libs for so many things isn’t really my cup of tea. I’ll probably make my own tiny little “standard library”. It’s silly, but I don’t see any other options. 🤷

@aelaraji@aelaraji.com got new screenies? Show them for the rest of us! Last I saw them was at the very early development stage.

@movq@www.uninformativ.de Thanks. It’s already over, the heat got us. :-(

Of Pointlessware and CEOs
Had a moment, to check up on some of the companies, I stopped following, get to The Browser Company and see their newest product - it’s just Chrome, with an AI chat window pop-up and that’s it. Something Canary Chrome, come with already.
I see Theo from T3.gg, making fun of it on YouTube and promoting “his” product - an AI chat app, where you can choose from multiple models, by all the popular AI companies. Something I already have a worse version of, at work and I don’t even use it.
There’s also an interview, about the future of virtual keyboards, surely this is at least actually a real thing and not more pointless horse shit. I check the website of the keyboard SDK, and it’s around 20 identical apps, that just copy the same keyboard SDK/api and slap chatgpt features on top - in the App Store, these are surrounded by chatgpt clones, that just feed the users prompts, into the real thing and put ads, next to the answers.

@kat@yarn.girlonthemoon.xyz toally forgiven, and welcome back! :-) What’s new? Tell us all about it!

been a while! i’ve been using my laptop more to kind of change my workflow, but without my browser bookmarks to remind me to check some sites, i’ve forgotten to check yarnverse! forgive me friends T_T

Having some fun with SIRDS this morning.

Image

What you should see: https://movq.de/v/dae785e733/disp.png

And the tutorial I used for my C program: https://www.ime.usp.br/~otuyama/stereogram/basic/index.html

@lyse@lyse.isobeef.org LOL. I barely use my mother tongue. 😫

@kat@yarn.girlonthemoon.xyz I don’t do a lot of CSS and tried to use flexboxes recently, couldn’t find a great explanation. I somehow managed to get the desired effect, but am I using them correctly? Who knows.

@lyse@lyse.isobeef.org I cannot / could not imagine that, either – but if it’s publicly available on the internet and something links to it, they’ll eventually find, scrape it, use it. ☹️

totally understandable.

i used to drive a car which has the entertaining system display on digital-clock like screen, and all the asian song name goes [][][][][] 😄

lol a fren called me nigalee and somehow i liked the name, started to use as a new alias

@lyse@lyse.isobeef.org oh it wouldn’t be very long, maybe that’d make for a fun blog post! i just used the same tool that the nerd font people use to add glyphs, but for a “custom glyph set” i just added. the whole noto font LMAO

@movq@www.uninformativ.de I hear you! I’d also love to forbid any use in military software (development). Even though I cannot imagine anything of my stuff ending up there.

When I chose the MIT license for all of my software, I thought:

“Should I use GPL, which I don’t really understand? Is that worth it? Yeah, there is a theoretical possibility that some company might use my code in their proprietary product … and then what? Should I sue them to enforce the GPL? I’m not going to do that anyway, so I’ll just use the MIT license.”

And now we have those LLM scrapers and now it’s suddenly a reality that these companies (ab)use my code. I can see it in my logs. I didn’t expect that back then.

GPL wouldn’t help, either, of course. (Regardless, I now think that GPL would have been the better choice anyway.)

I’m honestly considering taking my code and website offline. Maybe make it accessible through some obscure protocol like Gopher or Gemini, but no more HTTP.

(Yes, Anubis might help. Temporarily.)

I’m just tired.

i saw folks in #lowendtalk are discussing about which password managers are worth using?. should have summary people’s opinion and my own into a blog post, had this idea for a while, the purpose is to tell my people how to be more secure & easier in life.

me liked the tech me using at the moment. pretty decent for production & daily use.

utilize HetrixTools for servers monitoring, then use a small one for UptimeKuma all the running websites.

the number of servers are increasing, free plan is going to be exploded.

that’s why i have to think of a solution to have separated monitoring solutions. one for the (virtual) machines, one for the websites

still haven’t had my decision on which location & VM will be use for the VPN gateway.

next up: authentication center / for both work & personal use.
for the work project, the customers (of my client) are unhappy with the account login flow and I need a fast & easy SSO for them.

for personal use: just a gateway to lock all the apps and provide access to friends.

i slowly realize the power of 1% everyday on what i am doing.

On QRs, as long as they work (and they are quite resilient), it doesn’t matter. Their design, and colours, will be based on theme in which they are included. They are getting used more now in the US. They are king on East Asia. They are awesome.

@movq@www.uninformativ.de this is mind boggling. How come it looks just fine under Mosaic, and not under IE3? Man, am I glad I don’t use a Microsoft browser!