The Unclear Impact

To FLOSS projects but also individuals: Please stop relying on GitHub, Discord or other proprietary services. What happened to Twitter and Unity WILL happen to them as well.

Also people shouldn't have to use proprietary software or services to contribute to FLOSS projects, that just doesn't make any sense. #FreeSoftware

java.lang.NullPointerException: Cannot read field “W” because “this” is null

this doesn’t sound healthy at all

(trying to cross-build a docker container for aarch64 using jlink with buildx and qemu binfmt_misc)

i have a sudden urge to combine tauri with the jni invocation api

@robby i accidentally rsynced something to my server into the directory named '~' instead of into my home directory, and i tried to get rid of it

(a very poor man’s deployment solution when i work on the app at https://refinery.services – rsync the jar into my home directory, then sudo mv into /var/lib where it should live and restart the corresponding systemd service. the funny thing is that this project is sponsored by amazon science, but we have our AWS guy on vacation, and debugging research software on my own VPS is much easier)

so i just issued the command rm -rf ~ instead of rm -rf '~'

good thing i have btrfs snapshots

No, academics do not "forget" to answer emails. They remember and feel bad about them, the guilt slowly building up, until the only way out is to fake their own death and move far, far away under a different identity to build a new life, a better one, with inbox zero and no shame

Anyways, I owe you an email.

If your computer can’t lie to other computers, then it’s not yours.

This is a fundamental principle of free and open source software. The World Wide Web abides by this principle, although we don’t often think of it that way. The Web is just an agreed-on set of programmatic interfaces: if you send me this, I’ll send you that. Your computer can construct the “this” by whatever means it wants; it’s none of the other side’s business, because your computer is not their computer.

Google’s so-called “Web Environment Integrity” plan would destroy this independence. “Integrity” is exactly the wrong word for it — a better name would be the “Browser Environment Control” plan.

In the normal world, you show up at the store with a five dollar bill, pick up a newspaper, and the store sells you the newspaper (and maybe some change) in exchange for the bill. In Google’s proposed world, five dollar bills aren’t fungible anymore: the store can ask you about the provenance of that bill, and if they don’t like the answer, they don’t sell you the newspaper. No, they’re not worried about the bill being fake or counterfeit or anything like that. It’s a real five dollar bill, they agree, but you can’t prove that you got it from the right bank. Please feel free to come back with the right sort of five dollar bill.

This is not the Open Web that made what’s best about the Internet accessible to the whole world. On that Web, if you send a valid request with the right data, you get a valid response. How you produced the request is your business and your business alone. That’s what software freedom is all about: you decide how your machinery works, just as other people decide how their machinery works. If your machine and their machine want to talk to each other, they just need an agreed-on language (in the case of the Web, that’s HTTP) in which to do so.

Google’s plan, though, steps behind this standard language to demand something no free and open source software can ever deliver: a magical guarantee that the user has not privately configured their own computer in any way that Google disapproves of.

The effrontery is shocking, to those with enough technical background to understand what is being proposed. It’s as though Google were demanding that when you’re talking to them you must somehow guarantee, in a provable way, that you’re not also thinking impure thoughts.

How could anyone ever agree to this nonsense? Must all our computers become North Korea?

The details of your own system’s configuration are irrelevant to — and unnecessary to accurately represent in — your communications with a server, just as your private thoughts are not required to be included, in some side-band channel, along with everything you say in regular language.

If a web site wants to require that you have a username and password, that’s fine. Those are just a standard part of the HTTP request your browser sends. But if a web site wants your browser to promise that it stores that username and password locally in a file named “google-seekritz.txt”, that’s not only weird and creepy, it’s also something that a free software (as in libre) browser can never reliably attest to. Any browser maintenance team worth its salt will just ship the browser with a default configuration in which the software reports that to Google when asked while, behind the scenes, storing usernames and passwords however it damn well pleases.

Indeed, the fundamental issue here is the freedom to have a “behind the scenes” at all. Environments in which people aren’t allowed to have a “behind the scenes” are totalitarian environments. That’s not an exaggeration; it’s simply the definition of the term. Whatever bad connotations the concept of totalitarianism may have for you, they come not from the fancy-sounding multi-syllabic word but from the actual, human-level badness of the scenario itself. That scenario is what Google is asking for.

My web browser (currently Mozilla Firefox running on Debian GNU/Linux, thank you very much) will never cooperate with this bizarre and misguided proposal. And along with the rest of the free software community, I will continue working to ensure we all live in a world where your web browser doesn’t have to either.

(Cross-posted at https://rants.org/2023/07/the-right-to-lie-and-google-wei/ .)

#Google "Web Environment Integrity" explained:

1. You request content from the web site "site.example"

2. You send a photo of you to the third party "authority.example". No worries, you can blur your face.

3. authority.example ensures that you:
- have put on a hat (brands X, Y accepted)
- wear a T-shirt (brand X, Y, or Z)
- sit on a chair (type C only, brand X or Y)

It gives you back a token.

4. You give the token to site.example

5. site.example serves you content

Happy open web!

https://support.github.com/contact/report-abuse?category=report-content&report=RupertBenWiser&report_content_url=https%3A%2F%2Fgithub.com%2FRupertBenWiser%2FWeb-Environment-Integrity&report_id=26461279&report_type=content#contact_comments

The repository contains a proposal for a piece of malware which, through remote attestation, directly threatens browser diversity (by only allowing officially certified builds of a handful of browsers to access webpages), operating system diversity (by only allowing certified builds of certain operating systems), device diversity (by only allowing devices with certified firmware) and computer architecture diversity (by only allowing architectures where such certified firmware, OS, and browsers exist). As such, it poses a critical threat to innovation and free and open source software.

By taking away users’ ability to customize their user agents, computing technology not only becomes solely a vehicle for corporate profit, but we also risk extinguishing the very human curiosity and experimentation that is needed to produce the next generation of developers. More broadly, by forcing people to watch advertisements in their browser without the possibility filtering in order to access any web service (likely including government services), we expose citizens to mandatory misinformation. Locked down platforms also promote government surveillance and control, destroying democracy itself by removing the possibility of protest and dissent.

While some people might be able to buy a non-locked down device (in addition to a locked-down device required to access websites with integrity requirements), the proposal discriminates against people with no economic means to do so. Disabled people are also discriminated against, especially if they need accessibility tools not certified and locked down for attestation.

Therefore, any attempt to lock down the web and adopt DRM ubiquitously should be stopped at all costs.

who will write magisk for the web and how long will they take to get hired by google anyways?

the fact that some people find LLMs useful for writing code is not a credit to LLMs but an indictment of the average signal to noise ratio of code: it means that most code is confusing boilerplate -- boilerplate because a statistical model can only reliably reproduce patterns that reoccur many times across its training corpus, and confusing because otherwise-intelligent people capable of convincing a hiring manager that they are competent programmers find it easier to ask a statistical model to produce an incorrect prototype they must debug than write the code themselves. we all know from experience that most code is bad, but for LLMs to be able to write more-or-less working code at all indicates that code is much worse than we imagine, and that even what we consider 'good' code is from a broader perspective totally awful. (in my opinion, it is forced to be this way because of the way we design programming languages and libraries.)

Boost this toot if you quietly say hello to dogs when you see them even if they can't hear you or have a strong fantasy of committing arson against billionaires