Interested in FOSS, cyber security and ecofriendly technology.
Hacking on #alpinelinux in my free time.
| pronouns | he/him or anything else |
| Boring disclosure | |
| More time for people to reverse engineer |
Reminder for those who may not be aware that those "fancy/custom text" things using special unicode characters that bypass ASCII fonts to make your name look cool or fancy or whatever ruin accessibility, like hard.
They break screen readers hard, since most, if not all, don't know how to handle them properly and end up pronouncing something like "Special character S" or whatever. They're also significantly harder to read than a user's chosen font, or the default fonts on any reasonable operating system or website, especially for neurodivergent and in particular dyslexic people.
Please stop using them, and maybe nudge your friends to stop using them.
Boosts appreciated for awareness
A brainfuck interpreter in POSIX bc might not be very usable but it now exists anyways 
https://codeberg.org/sertonix/brainfuck/src/branch/main/bf.bc
Ok, slight followup question:
Is this UB if ptr does not have the correct alignment for uint16_t?
(unsigned char *)(uint16_t *)ptr
The reason is that __builtin_assume_aligned(buf, 2) seems to allow further optimization on arches where alignment matters even though I would have expected that alignment to be implicit due to the pointer type.
Does anybody know why gcc and clang can't optimize away this bit shift on most architectures?
uint16_t test(uint16_t *buf) {
return (uint16_t)((char *)buf)[0] | ((uint16_t)((char *)buf)[1] << 8);
}
I tested with godbolt.org and it only really showed good optimizations on powerpc.
On all little endian systems this should be equivalent to just *buf which has much shorter assembly.
An F in cryptography is aes-js / pyaes, as this Trail of Bits blog by Opal Wright explains:
Mistakes in cryptography are not a sin, even if they can have a serious impact. They’re simply a fact of life. As somebody once said, “cryptography is nightmare magic math that cares what color pen you use.” We’re all going to get stuff wrong if we stick around long enough to do something interesting, and there’s no reason to deride somebody for making a mistake.
What matters—what separates carelessness from craftsmanship—is the response to a mistake. A careless developer will write off a mistake as no big deal or insist that it isn’t really a problem—yadda, yadda, yadda. A craftsman will respond by fixing what’s broken, examining their tools and processes, and doing what they can to prevent it from happening again.
Does this sound familiar?
Two popular AES libraries (aes-js and pyaes) provide dangerous default IVs that lead to key/IV reuse vulnerabilities affecting thousands of projects. One maintainer dismissed the issue, while strongSwan’s maintainer exemplified proper security response by comprehensively fixing the vulnerability in their VPN management tool.
Please be specific when warning about "AI" in software!
AI is just a buzzword for machine learning, and we all use machine learning every day. VTubing wouldn't exist without it (face tracking). All good TTS is using ML, and that's fine, if it's consensually and ethically trained.
Good ML runs on your phone and didn't require scraping the entire internet to train, and has existed for many years.
What the techbros are pushing isn't just any AI/ML, it's a particularly bad version of it.
Your irregular reminder that Alpine Linux DOES NOT have any Telegram channels and any community use of the Alpine marks in a way which indicates an official relationship with or endorsement by the project is forbidden by our Code of Conduct.
Unfortunately, it is hard to get Telegram to do anything about this. We have been trying for years.
To close: I only want to bother with critiques for projects I actually think have the capacity to do better and make the world a better place.
The problems in this space are so large and multifaceted that we need people going out and exploring different approaches.
But when it comes to privacy tooling, being honest and upfront with people about the nuance matters - and my goal with the above thread is to bring some of that nuance.
Izzy
Soatok Dreamseeker
Hoshino Lina (星乃リナ) 🩵 3D Yuri Wedding 2026!!!
Ariadne Conill 🐰
Sarah Jamie Lewis
sarah tonin 