A reminder that everything being shared online about the Southport attacker is not real, and is being reshared by media outlets in Russia to peddle anti-migrant fears (and by IT people on LinkedIn).

The person also isn’t called Ali Al-Shakati, and did not arrive by boat.

https://www.bbc.co.uk/news/live/cevwgqz0x41t?post=asset%3A41e0a685-70bf-4606-bcd4-013cdf5c3e1f#post

@dangillmor

In case any journalists are interested in a real story, this censorship of the Harris dudes is certainly it. In fact, the entire reason the richest man in the world bought the biggest social network is to assert improper influence on the upcoming election, and he is doing it. Over and over again. But you can't write about it because you are dependent on the social network he controls. Do you see the problem here? Isn't this a really good story? Except you can't write about it. 😳

@hazelnoot https://darkvisitors.com/agents and https://github.com/ai-robots-txt/ai.robots.txt

@major yeah, I'm a language nerd and proud. :)

(Also, I see what you did there.)

@major it's the same in European vs Québec French -- nobody calls them cacahuètes here (though it will be understood), but arachides.

To all unsung heroes maintaining critical IT infrastructure and without whom the modern civilization would crumble, I salute you. Happy sysadmin day!

@gromit @corbet I've seen both -- big corps will stick themselves into the user agent, but I see plenty of what is obviously bot traffic that uses generic browser strings, with both outdated and recent release versions in them.

Childless cat ladies, it’s time to fight monsters. Again.

The amount of LWN traffic that is just AI bots downloading the same stuff over and over again is staggering; it's increasingly hard to see any sort of human signal in there at all. Something is going to give here at some point...

https://about.readthedocs.com/blog/2024/07/ai-crawlers-abuse/

@corbet 100% agreed -- I estimate upwards of 95% of all traffic to kernel.org services are greedy llm bots who operate in complete disregard of robots.txt.

Hey, if you put a private file onto a USB drive, then delete it, and give that USB drive to someone else, they can still read that file's contents if they know the inode where it was stored.

This is in re: Truffle Security stuff blog making rounds today.

https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github

Obligatory reposting of the same blog article I wrote in 2022: "Cross-fork object sharing in git is not a bug."

https://people.kernel.org/monsieuricon/cross-fork-object-sharing-in-git-is-not-a-bug

Working as a baseball umpire is just like playing video games -- any money you earn you spend on getting yourself higher grade armour.

He said only 100M

RADICLE

Some months ago I learned about Radicle, a truly distributed git forge based on a custom gossip protocol similar to SSB. This allows collaborative code development without the use of any centralised nodes altogether, much less ugly monsters like Github.
See https://radicle.xyz for more details about the implementation.

My experience with it

TL;DR it's almost good, but not quite there yet.

Longer version.

The Good:
Initial setup is easy. Generate keys, run a node, seed your repos, clone others. Despite being fully distributed, Radicle still has a notion of repo ownership, implemented via cryptography. Every repo has one or more delegates, whose versions are considered master copies in case of conflicts.

Unlike other git forges, everything about the repo is the part of the repo. Ownership information, access permissions, PRs, issues, everything is implemented via git objects. You won't ever need to open a browser to submit a PR. Furthermore, you can do all of this while being completely offline. Your work will automagically synchronise once you get internet connection.

For better availability, Radicle has the concept of Seed Nodes. These are (almost) always online nodes with public IPs that donate their disk space and bandwidth for spread others' repos.

The bad:
Bugs. Bunch of them. This is what you get for using software with versions like 1.0.0-rc14. Sometimes my two nodes fail to connect, citing some cryptic error as a reason. My seed node froze up a few times, no idea why.

Radicle is implemented in Rust, which sometimes adds to it peculiarity. It's still better than most Rust software, but logs and errors are cryptic. I'm yet to see a typical Rust stacktrace vomit, though I'm completely prepared for it.

The ugly:
Since there is no centralised authority, there are no centralised identities. Every node is represented by a public key. Which means, every one of your computers will have separate identity. While you technically can share keys between them, this isn't advised. This ultimately results in requiring some form of key management system, which I'm yet to explore.

Private repo support - while being there - is somewhat lacking. Someone with delegate access must list all nodes allowed to receive the repo, including your seed node. In my case, private repos require just three nodes for me alone. For a group larger than one person this might just turn into a nightmare. Have you ever managed SSH access with public key authentication? Similar story.

Seed nodes can either seed everything they touch or they can seed a select list of repos. There is no in-between, i.e. follow a select group of nodes and seed their repos only. Or at least, I couldn't find this feature. Which means, whenever you create a new repo and want to share it between devices using your seed node, you must SSH into it and manually add it to the list.

Discoverability is almost non-existent. Someone needs to provide you with a hash for repo to clone before you can work on it. Some seed nodes employ a web interface to list repos and browse code, but it's less than ideal. Same goes for discovery peers.

@monsieuricon by the way, thanks a lot for writing b4, I feel like it lowers the psychological barrier to sending patches a lot for me

Do you want to know why #Musk, #Google, #Bezos, #Zuckerberg are backing #Trump?

Easy.

The #Biden administration, in policies likely to be continued by the #Harris administration, have been enforcing anti-trust regulations at a level not seen since the 60's.

#Harris2024 is viewed as an existential threat to their profits. How can they engage in #Rent seeking behavior?

Yes, they are happy to have #fascism if it means continued #profits.

@major I'd say because you're describing where an event takes place, not where a thing is. For example, if you said "a fourth of all my funds are in banks" you would use "están" because that's where they are located. But since a robbery isn't a thing that you keep in a bank, you would use "son." I would use "se ocurren" because even in English "happen in banks" sounds better than "are in banks".

KnowBe4 hired a software engineer. As soon as they received their laptop the SOC light up like a christmas tree because of the malware it was loading up.

Working with Mandian and the FBI, it turned out it was a fake IT worker from N. Korea.

https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us