Show more

"This bug also shows that we have an over-reliance on for security assurance of complex parser code. Fuzzing is great, but we know that there are many serious security issues that aren't easy to fuzz. For sensitive attack surfaces like image decoding (zero-click remote attack surface), there needs to 1) be a bigger investment in proactive source code reviews, and 2) a renewed focus on ensuring these parsers are adequately sandboxed." blog.isosceles.com/the-webp-0d

The vulnerability CVE-2023-4863 demonstrates a huge advantage of the "distro" approach of shipping software, like pushes so hard to deliver. We see a mad scramble for many software vendors to ship with the patched version of . In the distro model, the patch is shipped in the single lib package, then all of the software automatically uses the safe version. This leads to shorter times to get fixes to users with much less work overall.

@hexmasteen me too, I wonder why I didn't get a paywall on that one? I guess because of ?

@joncamfield Reminds me of how analysis is making a comeback, since it puts labor and automation in a central position. I can't say I agree with Marxist policy proposals in general, but I think Marxist analysis is still very much a powerful tool for understanding the world.

I just read this op-ed about the intelligence of (its 6 months old). It is the best piece I've read so far that demonstrates how things like can bring in "banality of evil" amoral decision making where humans would be troubled by the moral issues in the situation.
nytimes.com/2023/03/08/opinion

I'd LOVE more serious journalists digging into the recent proliferation/funding of these advocacy orgs, who use stirring tales of harm to push for surveillance, w/o engaging with ppl/orgs who do front line service work for victims (and generally reject these narratives)

Show thread

@sergii Actually, when you look at the economics of ride sharing services, the services with apps like Uber/Lyft/etc are not cost competitive with the telephone-based ones. Software developers and servers are super expensive, call center operators and phones are not. The business model of Uber especially avoids competing on efficiency. They take lots of VC funding to build a monopoly, so they can squeeze the drivers to the minimum possible wage.

Visiting the Norwegian city of Bergen, I cycled along a stunning 3-km bike path blasted through a mountain.

It's the longest bike tunnel in the world -- and a centerpiece of Bergen's plans to reduce driving.

I wrote about it in Bloomberg CityLab.

#norway #bergen #bike #cycling

bloomberg.com/news/features/20

I was in a European city new to me at an event where the planners assumed that Uber and Bolt where the only taxi options people would use. I asked for a taxi phone number, called and had a car in 5 minutes. That's much quicker than the account signup, and leaks much less private data. Taxi apps are not more efficient, horrible for privacy, and their business model is based on building a monopoly. I guess fancy UX in the apps really hooks people, or I'm missing something

sfchronicle.com/opinion/openfo

@bartvdpoel Do you have a graph of energy expended producing the wind turbines versus their lifetime output? My guess is that the large ones are much more efficient in that regard, but I'd love to see data on that. I think the graphs look quite similar with solar.

Alphabet, Amazon, Apple, ByteDance, Meta, Microsoft

These are the first 6 companies designated as ‘gatekeepers' under the Digital Markets Act.

They have 6 months to ensure their core platform services comply with our rules, including:

✔ Allowing users to unsubscribe and remove pre-installed services
✔ Allowing the download of alternative app stores

❌ Banning tracking outside of their services without consent
❌ Stopping ranking their products more favourably

europa.eu/!NbfBbn

#DMA

Another problem that often goes ignored is how less attractive countries can keep the people that they have paid to educate. I know this first hand because my father was a doctor who was educated by the social system of including an annual stipend that he lived off of, then he left for once he finished his studies. Austria paid to educate a doctor but got little in return. This dynamic is common around the world, medical pros from poorer countries emigrate to richer ones. 3/3

Show thread

I grew up the child of an immigrant and emigrated myself, so clearly I'm not anti-immigration. When incoming streams are too large, that will drive housing prices up and wages down, that's the basic economics of supply and demand. But there are also advantages, like letting refugees flee war zones.

Also, for many people it is quite stressful when their neighborhood changes from single language to majority other language. This had happened in neighborhoods in less than 20 years. 2/

Show thread

We need to build a tolerant, anti-racist debate about , otherwise we abandon those who have experienced problems with immigration. Their only recourse is then to go to the racist politicians since they are talking about reducing immigration. There are lots of legitimate concerns about immigration, especially when the incoming streams are large or when areas newly gain a large portion of immigrants. 1/

I think it is impossible to regulate or with the current structure of because it is all about pricing as if software was a commodity. Until takes into account , it will be an extremely limited tool for dealing with problematic software companies. This is laid bare in this current case against arstechnica.com/tech-policy/20

The most promise is in . 's & 's policy overhaul shows promise.
2/2

Show thread

Economic analysis fails when discussing : economists want to think about software as a commodity, where one app is a drop in replacement for another, like buying wheat or oil from a different supplier. User-facing software is really about a culture and conversation between users and developers. Consider and Org-mode. This would entirely fail in either direction, the cultures are too different. Teams is for large top-down mgmt, emacs for decentralized hackers. 1/

The old bobsled run from the 1984 Winter Olympics in Sarajevo is quite fun to walk down, with some lovely graffiti. But it is difficult to still see the scars of war, almost 30 years later.

Show more
image/svg+xml Librem Chat image/svg+xml