I am getting a little fed up about Twitter's sharing of Favs. Other people's Favs are mostly off-topic to me and there is no way to hide them away. I just want to see their Retweets. I wonder if this pet peeve will ever go away.

If you like solving Mastermind puzzles or need an aid solving them, you may want to check out my "mmhelper" mini-project:


Comparto la última parte del rejuvenecimiento de mi laptop: chasís, resultados y conclusiones. ¿Será que podrá seguir siendo útil otros 3 años? ¿Habrá valido la pena la inversión? Sólo el tiempo lo dirá. -- blog.alvarezp.org/2020/07/05/r

Ya en la recta final, se resuelve la mayor de mis expectativas: ¿sería capaz de resolver el eterno problema térmico de mi laptop? Y si sí, ¿hasta qué grado? blog.alvarezp.org/2020/06/20/r

Sexta parte: temperatura, parte 1: perdiendo una batalla con una pasta térmica con una pasta chaaaaaaafa! -- blog.alvarezp.org/2020/06/14/r

Whoever you are and whatever you write about, please reply sharing a link to your blog and the topics you write about.

"So if you feel that the web is getting boring, commodified and homogeneous, if you feel that the web is controlled by a handful of large corporations, this is one way that you can make a bit of a difference. Create your site and start publishing and producing stuff about things that you love and care about."


plugging this yet again, just in case:

a while ago i started a project, libk, in hopes of offering coders a modern replacement for the insufferable C standard library. we've made a strong start but there are only a couple of us working on it so far and we have neither the time nor the energy the project deserves to dedicate to it.

so if you dislike working with libc or just want to help give people another option, you can help us out even if you're not an ancient greybeard with a total wizardly mastery of the deep dark corners of UNIX -- a lot of the hard, foundational work is basically done, and a lot of what's left is just writing fairly simple functions, many of which have already been documented; there's really a lot even a C beginner could help us with. or even if you're not a coder, you can also help with technical writing, or by contributing design ideas (which right now mostly take the form of markdown files describing how an interface should operate, but we also welcome your insights on irc).

libk is still in very early stages but it's already possible to build and link simple code against it on x86-64 Linux; getting it to work on ARM, x86-32, and the BSDs should also not be terribly difficult, tho it will require some porting effort.

if any of this sounds interesting to you, consider checking out our website at c.comint.su/libk or joining our irc channel, #libk at irc.oftc.net

"Can we please stop doing ridiculous nonsense with websites that don't need it? You don't need JS to make a button press or JS to make a link work or JS to type text or JS to load all content on a page or... just no.

Developers, stop breaking the web, please."


Related: gov.uk/service-manual/technolo

Hoy #git cumple 15 años.

En mi blog he escrito un buen número de artículos y tutoriales sobre esta gran herramienta:


1. Implement the basic content of each page in HTML and CSS. No JavaScript.

Show thread

ssh key file authentication is very primitive. it is suitable primarily for individuals with small, decentralized networks. i only use it as a backup and i'm getting ready to remove it entirely from my network. there are a number of alternatives you can and should be using if you're running an actual organization.

the simplest and most obvious is Kerberos. even if you don't use LDAP (if you have more than one or two hosts, you should use LDAP), you can use Kerberos. it gets a bad rep, probably because AD is a dumpsterfire and the MIT Kerberos interface is kind of confusing, but once you get the basics down it's very easy to understand and use. you can create all sorts of versatile setups with just Kerberos alone. if you only need centralized password management and SSO, *not* centralized identity management, use Kerberos. all anyone needs to do to SSH in is run "kinit", type their password, and then they can ssh into any server they're authorized for without typing any more passwords, and the authentication ticket automatically expires after a configurable period of time, so even if it's compromised somehow there's only a short window where it can be used.

if you also need centralized identity management, you should use LDAP. i'm only familiar with OpenLDAP myself, and while it's a bit of a dumpsterfire it does work, and it has some very powerful features i've had to exploit to essentially use it as an interface for authentication frameworks that don't speak Postgres, like NSS. 389 Directory Server is less powerful but from what i hear it's much less unpleasant to work with than OpenLDAP. LDAP is scary at first (the "lightweight" part is a historical inside joke) but even on my own without any help or professional support i've been able to use it to set up very complex and powerful directory systems, and i'm just some random chick. don't let its reputation scare you away from doing things right.

however, if you really need to use SSH keys, there are ALSO ways to do this that are much safer, cleaner, and harder to hack than just keeping text files with lists of allowed keys on every individual host (let alone trying to "centralize" the config with configuration file management software). OpenSSH has a little-known configuration directive called "authorizedkeyscommand" which allows you to get the list of allowed keys and users by running a command instead of reading a file. you can go completely wild here; my plan for COMINTERN is to write a program in PGC to access the central authentication database, read a list of SSH keys bound for each user with shell access, and emit that in a form OpenSSH can understand. this effectively means that with a click of a button on our web interface you'll be able to add or remove users from the system, email, irc, and a number of other services simultaneously AND add as many SSH keys as you want for them, and this will take immediate effect.

of course, since it's just can arbitrary command, you can use any logic you like here. it's great. there's really no reason to be using the authorized keys file if you need centralized auth management. there's especially no reason to be using the authorizedkeys2 file because GOOD GRIEF. you should disable both of those entirely in your sshd_config and use authorizedkeyscommand to query your user database (whether that's LDAP, Postgres, Heimdal, or just a text file on a web server somewhere) instead.

don't do what the Matrix dipshits did.
Show thread

What is the open source equivalent of Zoom? Features I am using and looking for: desktop sharing, single-window sharing, on-call audio and video device detection and switching, mute by user and by host, chat, remote control and recording. So far I have only tried Jitsi Meet but I went back because it didn't work properly.

Reduced SVG path data to 1/5 of its size in librsvg by changing its representation. Blog post tomorrow; gitlab is down right now 😓

Show more

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!