Mastodawn

New blog post: A Decade of Slug
This talks about the evolution of the Slug font rendering algorithm, and it includes an exciting announcement: The patent has been dedicated to the public domain.
https://terathon.com/blog/decade-slug.html

duk Mar 16

Show thread

Kevin Beaumont Mar 11

So @xaitax has cracked Microsoft Recall, he's got access to the encrypted database and has automated dumping of screenshots and all text from screenshots.

I've looked at most recent Recall and yep, you can just read the database as a user process. The database also contains all manner of fields which aren't publicly disclosed for tracking the user's activity.

No AV or EDR alerts triggered, world's #1 in infostealer 😅

* you can just read it in plain text

Show thread

duk Mar 10

@addison looking at this protocol it's also very overengineered anyway? like, remote key provisioning makes it not possible to identify users as-is. just do fucking key/id attestation using the actual API specifically designed for this purpose? there's no reason not to?? it's literally fine???

why does this thing exist at all

duk Mar 10

Addison Mar 10

I encourage you to look at the responses here. GOS folks do tend to flounder when responding a bit, but many of the threads demanding "action" or "response" here seem to focus on undercutting the legitimate concerns of GOS by repeatedly bringing up topics that attack the legitimacy of GOS in general (e.g., previous interactions with other developers). This is a theme on threads of theirs -- GOS brings up legitimate concern, people come in to concernbait about specific topics to make GOS folks look fixated on drama rather than the actual security claims of GOS (due to, admittedly, poor social media practices on GOS's part; it would almost be better if they just didn't engage with this concernbait). Also, people advertising their own solutions and platforms seemingly unrelated to the post at hand.

I'm not a particularly conspiratorial person, but I must point out that this looks like consistent delegitimizing campaigning, specifically designed to take advantage of how GOS interacts on social media.

RE: https://grapheneos.social/users/GrapheneOS/statuses/116200110686604617

duk Mar 2

Zhuowei Zhang Mar 1

Who called it "prompt injection" and not "Escape from Markov"

duk Feb 28

Andy Wingo Feb 27

five syllable horror stories

Show thread

duk Feb 24

@zwarich oh yeah the syntax is confusing for sure and Ada's heap allocation stuff was very, very obviously tacked on retroactively

there's a lot of stuff in Ada but language-wise it doesn't really compose as well as one would hope unfortunately, and there are weird gnarly edge cases around subtyping arrays and such that can bite you

Show thread

duk Feb 24

@zwarich you can almost do automatic untrusted parsing of variable length packed binary data in the type system itself with a combination of Unchecked_Conversion, 'Valid_Scalars, representation clauses, and dynamic predicates

literally the only thing missing is that discriminants can't be used to specify bit offsets (which sucks because the compiler has to support this for field offsets anyway!): https://stackoverflow.com/questions/22768834/ada-packing-record-with-variable-sized-array

Ada: packing record with variable sized array

I am looking to create a packed record that can hold an array the varies in length from 5 - 50 elements. Is it possible to do this in such a way that the record can be packed with no wasted space?...

Stack Overflow

Show thread

duk Feb 24

@zwarich representation clauses also let you specify where and how big the discriminant tag is, which is pretty neat

duk Feb 8

had a thought and was happy (albeit not surprised) to be correct: the FDA does, in fact, have legal definitions for what the words "excellent" or "good" mean in relation to nutrition content

https://www.ecfr.gov/current/title-21/chapter-I/subchapter-B/part-101/subpart-D/section-101.54

Ada: packing record with variable sized array

Federal Register :: Request Access