Mastodawn

The `left-pad` incident was 10 years ago today.

https://en.wikipedia.org/wiki/Npm_left-pad_incident

Thankfully, we've completely solved software supply chains in the years since.

npm left-pad incident - Wikipedia

Nicolás Alvarez 2d ago

Zhuowei Zhang 2d ago

Sunday is the 10-year anniversary of the npm left-pad incident.

npm left-pad incident - Wikipedia

Show thread

Nicolás Alvarez 5d ago

Or maybe I should just get an LSP plugin for Vim 🤔

Nicolás Alvarez 5d ago

I accidentally updated VS Code when I updated the rest of my distro and now it has an AI Chat panel by default, the plugins panel has a whole section for MCP servers, etc etc.

How far back do I need to downgrade to?

Nicolás Alvarez Mar 12

Are fonts too powerful? https://github.com/nevesnunes/z80-sans

GitHub - nevesnunes/z80-sans: OpenType font that disassembles Z80 instructions

OpenType font that disassembles Z80 instructions. Contribute to nevesnunes/z80-sans development by creating an account on GitHub.

GitHub

Nicolás Alvarez Mar 10

Show thread

Joshua Wise Mar 8

@jcreed Jason I have wanted to give a !!Con-style talk on how insanely small GNSS signals are because I just cannot even begin to fathom it.

-107dBm is pretty good for a radio protocol carrying data -- I think Bluetooth LE tends to bottom out around -105 dBm, with most receivers being sensitive more to like -90 or -95 dBm. but once you only have to correlate *known* data, holy shit, you can get to the truly bonkers stuff.

if you have no idea where you are or what time it is, Sony's receivers can get a lock down to -149 dBm [1]. if you already have an almanac and vaguely know what time it is, you can get a lock down to -163 dBm. and once you already have a lock on some satellites and you're just tracking them, you can keep tracking them down to -167 dBm.

-167 dBm! what the FUCK! and they can do this while consuming just 6 mW of power!

IMO this is one of the most magical things we have ever built.

[1] https://www.sony-semicon.com/en/products/lsi-ic/gps.html

GPS/GNSS Receiver | Products & Solutions | Sony Semiconductor Solutions Group

Sony Semiconductor Solutions Group develops device business which includes Micro display, LSIs, and Semiconductor Laser, in focusing on Image Sensor.

Sony Semiconductor Solutions Group

Nicolás Alvarez Mar 10

maribu Mar 8

@bagder IANA just published a new field for the security.txt (RFC 9116) format: "Bug-Bounty: True/False".

The @RIOT_OS team is receiving an increased amount of presumably LLM generated bogus vuln reports (though nowhere near curl levels). And since we deployed a security.txt, scrapers started sending emails inquiring about our bug bounty programs.

I was hoping that if that field gets some visibility, scrapers might filter for that before spamming the security inboxes.

https://www.iana.org/assignments/security-txt-fields/security-txt-fields.xhtml

security.txt Fields

Nicolás Alvarez Mar 9

https://agelesslinux.org/ I love this.

Ageless Linux — Software for Humans of Indeterminate Age

Nicolás Alvarez Mar 7

Sharing without comment: https://github.com/pobrn/mktorrent/issues/68

Using an insecure hash algorithm · Issue #68 · pobrn/mktorrent

Hello, I'm a researcher specializing in cryptographic API misuse detection. During testing of your project, I discovered that the code uses the SHA1 insecure hashing algorithm.If you need to know w...

GitHub

Nicolás Alvarez Mar 6

Gabriele Svelto Mar 4

A few years ago I designed a way to detect bit-flips in Firefox crash reports and last year we deployed an actual memory tester that runs on user machines after the browser crashes. Today I was looking at the data that comes out of these tests and now I'm 100% positive that the heuristic is sound and a lot of the crashes we see are from users with bad memory or similarly flaky hardware. Here's a few numbers to give you an idea of how large the problem is. 🧵 1/5

Twitter	https://twitter.com/nicolas09F9
Location	Buenos Aires, Argentina
Liberapay	https://liberapay.com/nicolas17