Dag-Erling Smørgrav

@des@bsd.network
186 Followers
106 Following
51 Posts
Systems programmer. FreeBSD developer. Cyborg. Every single day, you use a computer, device or service that runs my code. 🇪🇺🇫🇷🇳🇴
Twitter@desdotdev
Bluesky@des.dev
Bloghttps://blog.des.no
Pronounshe / him
Dag-Erling SmørgravNov 13, 2024
Alright, it's been fun but I'm done with the Fediverse. Find me where the skies are blue.
Dag-Erling SmørgravSep 4, 2024
https://demarches.asso-purr.eu.org/letters/f1a75962-9b68-4fad-a5a3-fa00ad090a57
Association PURR :: Nos démarches

Dag-Erling SmørgravAug 16, 2024
I've never listened to Planet Money but only ever heard good things about them. Today I listened to their episode on the xz hack (May 17th, 2024) and it's truly impressive how they managed to string together a bunch of mostly true sentences into a completely false narrative. Makes me wonder if all their other material is equally wrong.
Dag-Erling SmørgravJul 12, 2024

The Norwegian Unix User Group is celebrating its 40th anniversary on August 10. I was invited to speak at the event and initially accepted, but after learning of the schedule for the event, which was not communicated to me at the time, I have decided to withdraw.

https://blog.des.no/2024/07/what-year-is-it-nuug/

What year is it, NUUG? – May Contain Traces of Bolts

Dag-Erling SmørgravMay 16, 2024
ltningMay 15, 2024
So I've been working on a major migration from #MySQL and #Galera Cluster to #MariaDB over the past few weeks, obviously on #FreeBSD (duh!). This has been a wild ride, and while it ain't over yet, I think it's story time.
The new cluster has been crashing, seemingly randomly. If you want to know why, and how, watch this thread...
Dag-Erling SmørgravMay 16, 2024
scy #GPN23 📞 7299May 15, 2024
every typography nerd loves a good keming joke
Dag-Erling SmørgravMay 9, 2024
Lauren GawneMay 9, 2024
It's worth patiently and persistently pushing back against AI hype in your worksplace to try and counter the bubble evangelists
- Generative AI can't do facts
- Generative AI can't reason
- Unless a model tells us what it's trained on, we should assume it's participated in the largest copyright theft in history
- No incremental improves are going to change this
Dag-Erling SmørgravMay 6, 2024
Kate TemkinMar 16, 2024
important life lessons: a multimillion dollar company can, in years, *almost* approach the output of a ragtag group of lesbians working for two weeks
Dag-Erling SmørgravApr 22, 2024
GeofCoxApr 21, 2024

Who killed Britain?
This Danish article has the correct answer: Thatcher.

"Around two-thirds of Britons believe the country is in decline, and it's not hard to see why. Real wages are lower than 15 years ago. A third of British children grow up in poverty, many millions have to skip meals every single week. The UK is not just significantly poorer than France, let alone Germany or Denmark. The poorest 10% of Britons now also earn less than the poorest 10% in Slovenia...

"A particular story of decay still plagues the country... and it goes something like this: the 1960s and 70s were a dark time... Then Thatcher came and saved it all with economic common sense, tax cuts and a necessary showdown with unions... But that narrative is fundamentally wrong... Margaret Thatcher did not increase the growth of the British economy... The post-war period, including the 1970s, was the time of high growth and major transformations... an economic model reminiscent of the one found in the rest of Western Europe was established... In the 1980s many countries lowered taxes, removed regulation, encouraged deindustrialization and privatized public enterprises. But Britain took exceptionally radical action. Today, it is Europe's most financialized economy, with very high inequality - and a very low level of both public and private investment in the economy.

"Four criminal acts have destroyed the economy.... Monetarism in the 1980s, deregulation in the 80s, the austerity policy of the 2010s and Brexit. All motivated by the same economic thinking... free market fundamentalism."

https://www.information.dk/udland/2024/04/hvem-slog-storbritannien-ihjel?kupon=eyJpYXQiOjE3MTM1MjQ5MzUsInN1YiI6IjIyMjUyMDo4MTkwMzUifQ.9_7QOpyn65Fg3-8EP-Enfg

Hvem slog Storbritannien ihjel?

Storbritannien er et land i økonomisk, politisk og moralsk krise. Information er rejst til London for at lede efter rødderne til det britiske forfald.

Dagbladet Information
Dag-Erling SmørgravApr 20, 2024
are you for fucking real, GitHub?
×
Dag-Erling SmørgravApr 20, 2024
are you for fucking real, GitHub?
Show threadTak!Apr 20, 2024
@des That looks pretty cool, but what I could really use is some drop-in code for my autotools scaffolding
Show threadmhoyeApr 20, 2024
@des holy shit
Show threadMoffin'toshApr 20, 2024
@des Nothing new. They announced this a while back
Show threadGlyphApr 20, 2024
@moffintosh @des the issue is not the fact that there is a recommendation, it is that JiaT75 was the malware author involved in the xz debacle, and that account should not even still exist, let alone be recommended to people to encourage them to adopt malware
Show threadBrachistochroneApr 20, 2024
@des jiatan is in need of some jialtime
Show threadJoe Cooper 🇺🇦 🍉Apr 21, 2024
@brachistochrone @des I suspect they were well-paid by their government for their efforts, though the fact that it was discovered before it could be put to use probably cost them their annual performance bonus.
Show thread`Da ElfApr 21, 2024
@swelljoe @brachistochrone @des At best.
Show threadgkrnoursApr 21, 2024

@elfin @swelljoe @brachistochrone @des did you know there was a soviet agent that was send to do spy work in paris and when they came back, they were given no career advancement as a punishment for being in paris so they reactivated their paris contact to defect and the french gave that operation an english name so if it was found, they would suspect the CIA.

Someone found Jia full name is an anagram of CIA agent johnson. So 50/50 it wasn't a chinese agent

Show threadJoe Cooper 🇺🇦 🍉Apr 21, 2024
@gkrnours @elfin @brachistochrone @des I think the general consensus is eastern European, and probably not Chinese. The name is apparently a mix of common names/spellings from three different regions, which would be unusual for someone from China, and the working hours looked like those of an eastern European country. So, Russia or an ally seems believable. The US certainly spies on everyone, but probably wouldn't go about it this way.
Show threadthe vessel of morgannaApr 21, 2024
@gkrnours @elfin @swelljoe @brachistochrone @des Because the bad guys are going to leave clues in the form of anagrams for us to find. Right. 🙄
Show thread`Da ElfApr 21, 2024
@brachistochrone @des SHAITAN!
Show threadshaunApr 20, 2024

@des

LGTM 🚪🔑

Show threadDaniil BaturinApr 20, 2024
@des Is it _that_ Jia Tan or someone else?
Show threadBrian CampbellApr 20, 2024
@dmbaturin @des It's that Jia Tan.
Show threadAsbjørn UlsbergApr 22, 2024
@unlambda @dmbaturin @des For which reasons have Jia Tan not been permanently banned from all code hosting services on the entire Internet already?
Show threadBrian CampbellApr 22, 2024

@bitbear @dmbaturin @des His account has been suspended, but all of his code still remains; the xz project was taken down temporarily, but is back up again.

This particular repo seems to be a perfectly innocuous fork of Seatest, a unit-testing framework.

It is a bit frustrating that GitHub doesn't make it more obvious that his account is suspended for being malicious, or add warnings or remove other of his projects, but in this case it seems like this project is perfectly innocuous.

Show threadBrian CampbellApr 22, 2024
@bitbear @dmbaturin @des And when I say "he", I should probably say "they" because we don't know the gender, or even if Jia Tan is a single person or group of people.
Show threadkarttuApr 20, 2024
@des Security Awareness Test!
Show threadani bettsApr 20, 2024
@des "This user is trending!"
Show threaddefelApr 21, 2024
@anizocani @des "everyone is using this lib!"
- jia tan's sock puppet accounts
Show threadalexApr 20, 2024
@des LMFAOOOO
Show threadAriadne Conill 🐰Apr 20, 2024
@des can't wait to drop backdoor.c/backdoor.h into my project
Show threadZack WeinbergApr 21, 2024
@ariadne @des You know, I haven't looked at this but I bet it's completely innocuous. Does exactly what it says and nothing more. Because that's how a mole builds up a cover persona. Years of diligent innocuous work so that some day — and that day may never come — they can send you a pull request that does something you don't quite understand and you will think, this is that nice Jia Tan who wrote that nice unit checking library, so helpful, I'm sure they know what they're doing, and you let it slide.
Show threadAriadne Conill 🐰Apr 23, 2024
@zwol @des i mean, yes, in practice it is probably boring, but the joke opportunity is obvious
Show threadZack WeinbergApr 23, 2024

@ariadne @des Yeah.

I did look at it, in fact, and I now think it might have *become* malicious in the future. It's a fork of a testing library with a similar name, whose original author seems to have lost interest, and all the changes I looked at were cosmetic — but clearly the idea was to take over mindshare from the original, and, hmm, twice is starting to sound like a modus operandi.

Show threadBeady Belle FanchannelApr 21, 2024
@des meanwhile, a main contributor on NewPipe was recently shadow-banned for a week, all issues turning into 404s all comments disappearing. No reason given.
Show threadAlexander Sosedkin Apr 21, 2024
@Profpatsch @des if you're talking about https://github.com/TobiGr profile, this isn't how banning on GitHub looks like, more like an attempt from that person's side to hide some of the stuff.
TobiGr - Overview

TobiGr has 23 repositories available. Follow their code on GitHub.

GitHub
Show threadBeady Belle FanchannelApr 21, 2024
@monk @des I'm not, but thanks
Show threadBeady Belle FanchannelApr 21, 2024

@des

#include <setjmp.h>

Here we goooo

Show threadMark Shane HaydenApr 21, 2024

@des Microsoft's new AI driven Vulnerability as a Service (VaaS) is live I see

will full Copilot integration no doubt

Show thread Mélani (Melanie) Bjornsdottir (she, ŝi)Apr 21, 2024
@des clone’d, for hysterical reasons
Show threadCybarbieApr 21, 2024
@des LMAO - but I thought he was suspended? They locked #xz and not his own account?
Show threadYaksh BariyaApr 21, 2024
@des Looks like a bunch of folks are trolling the mallicious actor. Definitely go to the issues tab if you wanna have some fun :P
Show threaduraimo Apr 21, 2024
@des I want it now. So easy.