@kemona_halftau rn

Cloudflare just published a vibe coded blog post claiming they implemented Matrix on cloudflare workers. They didn't, their post and README is AI generated and the code doesn't do any of the core parts of matrix that make it secure and interoperable. Instead it's littered with 'TODO: Check authorisation' and similar

https://blog.cloudflare.com/serverless-matrix-homeserver-workers/

Happy “Large boulder the size of a small boulder” day to all who celebrate.

@puppygirlhornypost2 h

@doskel how does that work?

@kemona_halftau nya

just figured out how to time travel #Winning . oh fuck they’re onto me

@nay f

why are payment-related things always like this?

my bank requires an online banking PIN (separate from the ordinary one) and a password to log in, but instead of asking for the whole thing they ask for random access to individual characters. this both makes it inconvenient to use and implies they are storing them in plain text

@elly @domi @toast works great for QCNFA222 (that spams dmesg with ASPM errors and also has broken 5GHz)

@toast @domi

@bagder oh no. I guess I might have to get a USB-C power bank capable of 20V to charge my thinkpad

paypal silently truncated my 26-character password to 20 characters (but not in the login field, so I couldn't log in until I thought to look up the paypal password length limit and truncate it to 20 characters). why does that limit even exist? bcrypt has a much higher limit. I hate paypal

new tech warcrime

ppl always complain that the clock on my microwave never shows the right time bcs i cant be assed to set it manually

so now i have an unfuck-microwave.sh cronjob which briefly kills its power every day at midnight

@julia @Gargron @txtx

Namely, I’ve seen at least 3 people claim that they need to move off of Sharkey because of the US’ instability

…why? Is Sharkey even US-based other than some maintainers being in the US?

I wonder what these people are doing about Linux (which actually has a US-based Linux Foundation and complies with US sanctions).

@benjojo my preference would be a way of configuring exactly which ports can be bound to by which users (which I've been told is possible with eBPF), but I don't think CAP_NET_BIND_SERVICE is any more of a security risk than setting net.ipv4.ip_unprivileged_port_start to 0 (arguably it is more of a security risk than setting it to 23 though)

@benjojo

just because I don’t trust multi user boundaries does not mean that I’m going to actively give away surface for free

Exactly. It’s still worth restricting which users can bind to which ports just like it’s still worth using separate users for separate services, even if the security of multi-user boundaries is imperfect.

@cwebber @jfred @vagrantc this also has the advantage that it wouldn't be as slow as GRUB to decrypt your disk, and if you wanted to you could avoid entering your disk encryption password twice by either putting the key into the second (encrypted) initramfs (although this has security implications for LUKS2 because it makes the key accessible from userspace) or possibly using kexec handover (which I'm not sure how to do, or if it would require kernel modifications, but that is a thing)