lonjil

@[email protected]
91 Followers
202 Following
732 Posts
Non-micro blog @ https://blog.lonjil.xyz
Cohosthttps://cohost.org/lonjil
Twitterhttps://twitter.com/lonjil
lonjilJan 28
Soatok DreamseekerJan 28
Hey, so... https://publickey.directory :3
Public Key Directory - Key Transparency for the Fediverse

lonjilJan 17
HarJITJan 16
Plural of “mutex”?
Mutexes
38.7%
Mutices
35.5%
Mutexen
6.5%
Muteges
0%
Mutexar
3.2%
Mutex (same as singular)
16.1%
Poll ended at .
lonjilDec 28
abadideaDec 28

I'm just making a note of this because I'm old enough to remember and a lot of people aren't – I saw someone claim that Google stole the name Chrome "from Firefox's internals", which makes no sense.

Back in the early 2000s, "chrome" was common programmer slang for "user interface". Like in general. Any user interface at all was "the chrome." I have no doubt Firefox's older source code refers to it as chrome, because I'm pretty sure I was referring to UI as "chrome" in my own university homework assignments at the time.

The term became much less common after Google Chrome launched because it became too confusing. Google's own claim is that the name was inspired by sports cars, and the programmers found it funny because having less "chrome" in the UI sense was an explicit goal. Whether that's true or not: they definitely didn't spitefully steal some secret Firefox codeword???

The above post is not to be construed under any circumstances as general approval of Google and everything they have ever done ever, and anyone yelling at me about how I'm a bad member of their religion because I said this SPECIFIC accusation is ahistorical will be blocked to the moon and back.

lonjilDec 16
Show threadDavid Chisnall (*Now with 50% more sarcasm!*)Dec 16

@ariadne

I prefer to think of it as an n-dimensional latent space of problems.

lonjilDec 13
mx alex tax1a - 2020 (6)Dec 13

a thought on protecting code against slop machines:

common lisp, rust, and ocaml all have similar language features where you can predicate expressions on compile-time config

so we plan to lace ratrap with various [@config trans_rights] tags and also various [@config die_slopsucking_pigfucker] tags and then maybe produce complicated-to-evaluate expressions that boil down to true and false respectively

lonjilDec 12
Ariadne Conill 🐰Dec 12
Rethinking sudo with object capabilities: https://ariadne.space/2025/12/12/rethinking-sudo-with-object-capabilities.html
Rethinking sudo with object capabilities

I hate sudo with a passion. It represents everything I find offensive about the modern Unix security model: like su, it must be a SUID binary to work it is monolithic: everything sudo does runs as root, there is no privilege separation it uses a non-declarative and non-hierarchical configuration format leading to forests of complex access-control policies and user errors due to lack of concision it supports plugins to extend the policy engine which run directly in the privileged SUID process I could go on, but hopefully you get the point.

lonjilDec 12
Yukari Hafner Dec 12

#2235

Yuritide day 12

Support my work https://patreon.com/shinmera

#creativetoots #mastoart #haruna #yukari #onesies

lonjilDec 12
I wish web mastodon had any way of opening a post in a new tab in my current instance. Ctrl clicking the timestamp opens the post in the original instance, where I can't actually interact with it.
lonjilNov 10
Ember is so tired of people. Nov 10

@elilla

If the changes were proposed by a maintainer, another maintainer will do the review. This policy is strictly followed, even for small changes.

wow, so they're straight up lying in a very easily proven way (this PR) (or do they think it doesn't count because "the LLM proposed it, not the prompter of the LLM"??)

also that pr for "we only use slop for bug fixes or UI" password history being correctly imported is a pretty important thing i would think

Improve Bitwarden JSON import: Add support for timestamps and password history by Copilot · Pull Request #12588 · keepassxreboot/keepassxc

Summary This PR enhances the Bitwarden JSON import functionality to preserve entry timestamps (creationDate, revisionDate) from Bitwarden exports, enabling users to maintain entry metadata when mig...

GitHub
lonjilOct 25
Show threadDavid Chisnall (*Now with 50% more sarcasm!*)Oct 25

@lina @commdserv

I can’t speak for fd.o, but I was in a leadership position on another project where we got a similar case disastrously wrong, so I might be able to illuminate how that happens.

The first mistake we made was not to differentiate harassment from conflict resolution. Most of the issues we had between contributors were personality clashes or technical disagreements that escalated. As you say, most of these have both parties acting in good faith. The main thing that the project needs to do is deescalate and get the people involved to talk again. This is absolutely the wrong approach in cases of harassment. There were two key causes of this:

First, (as you mentioned) no one involved had any formal (or, in most cases, informal) training in how to deal with harassment. Most employers offer this, but it’s rarely compulsory. After the initial incident, I signed up for this training with my employer (as did another colleague involved with the same project). This highlighted some of the things we did wrong, but it was quite illuminating who was there: we were the only men on the course who were there voluntarily. Most of the people were women who were there because they had been targets of harassment or bullying and wanted to understand the processes better. The rest were men who had been forced to take the training because they had been accused of harassment (and, from a lot of their comments, I suspect had been engaged in it long term).

Most F/OSS (or other community-led) projects don’t have any formal structure for providing this kind of training. And the work-provided training wasn’t sufficient. There were a bunch of ‘and this is where you need to escalate it to HR specialists (or the police)’ moments, but volunteer projects don’t have those experts. One of the biggest things a F/OSS charity could do to improve the situation would be to hire real experts that projects can use as consultants. Companies that back projects could help out be loaning HR as well as engineers to the projects.

Second, we had very poor visibility into what happened. There’s a natural tendency for humans to trust the first person who explains a situation. In our case, it was made worse because the only thing that happened on project infrastructure (and so the thing that we saw) was an IRC exchange where one project member connected and had a go at another member then left. We didn’t see the backstory, which involved a load of gamergate nonsense on Twitter and elsewhere (and those of us not in the Twitterverse had only a very vague idea of what Gamergate was. I thought it was a handful of people who were upset some game they didn’t like won an award, I had no idea that it was a coordinated harassment campaign). When a lot of the things that happened are private messages, or in non-project spaces, it’s hard to know what the real context is. We saw a load of things quoted out of context that made both people look bad. We also had friends of both people jumping in and defending them and attacking the other.

It really takes weeks of investigation to properly handle this kind of thing and dig to the truth. And this compounds the problem of the people dealing with it not having the right training. And, unless they are employees of a foundation backing the project, they also lack the time to do a good job. And, again, the assumption that people are basically decent (which is normally valid) hurts when one of the people is not and is actively trying to subvert the process. The evidence from an honest person reporting what happened and a dishonest person cherry-picking out-of-context comments will look very similar. Unless you personally know the people involved (which brings its own problems of bias) then it’s very hard to work out who is telling the truth. This is even harder when one or both people involved are highly visible in the community, because they will both be publicly sharing a narrative and one is mostly accurate (but only mostly: no one is 100% objective when they’re being personally attacked) while the other is a carefully crafted fabrication, but there’s pressure to respond quickly because both are public and the community is full of people who believe either one and are complaining.

In the last few years, the problem has become worse. A lot of CoC complaints now are malicious. Far-right folks absolutely love baiting people into saying things that look bad when quoted out of context, then deleting the context and reporting the remark. They make a game out of trying to get people kicked out of projects. So the workload has gone up, which compounds the other problems.

I wish I had a good answer for how to improve this.