Show more

#RMS joke is not about #abortion, it's about #censorship!

As such, it fit quite well in a #GNU manual, as its focus is #freedom.

It's perfectly fine for a #hacker manual to be #NSFW.

That's the main difference between #OpenSource and #FreeSoftware.

If you prefer subtle manipulations to jokes that make you think, you should not use free software, just open source.

Open source is not #neutral at all! No politics in software is a political position: #Capitalism!

@Anna @ary @CobaltVelvet

Repair is awesome, but equally important is to take good care of stuff in the first place. Look after things to prevent them breaking. Learn how they work and how to make them last. (e.g. learn how to keep batteries in good condition.) Get a good case. Keep things clean. Look after stuff!


Interesting fact about HTTP:

One of the little known status codes is 451, named as you might have guessed after Ray Bradbury's novel Fahrenheit 451. It is used when something on the web is "Unavailable for Legal Reasons".


Looking for a subscription-based way of funding creative projects that respects user privacy and focuses on open content? @Liberapay might be the thing you're after.

I had forgotten what swap on a 5400rpm HDD feels like.

@Liberapay is indeed our favourite donation platform ❤. You can read more about the #fdroid liberapay integration here:

And you can support us via liberapay here:

On the question of IoT where Stallman recommends abstinence, that's possible now but I don't think it will be in another five or ten years. So it is worth thinking about how small computers everywhere will impact software freedom. Surveillance Capital plus IoT does not seem like an equation with a good outcome.

Have you heard of StreetComplete? It's an Android app that shows you open questions/issues with OpenStreetMap in your area, and asks you to answer them.

It's made for people with no experience with #OpenStreetMap, so it shows only very simple questions that can be answered very clearly. ("What is printed on this street sign?", "What's the number on this house?")

It's available on @fdroidorg, of course! #mapping #android #apps #recommendation

Starbucks vs. coffee houses... ☕️

"[...] it wasn’t necessary to buy food or even coffee 200 or 300 years ago, but everyone had to pay an entrance fee: one penny. 'They were called ‘penny universities’ because of the idea they were alternative educational structures.'"

Every fucking company saves your password without encryption. Few days ago I had a talk with Vodafone customer support and on the phone the guy asked me: "I can see your password here, can you tell me your last 3 letters of your password please?" As I said: "What?? You know that this is illegal?" he changed subject.

FOSS situation, yet again

via @athoune

Remind me that luajit was maintained by only one person and decided to stop one day while a whole industry was relying on it.

Of course the fact that the logging code used for debugging ended up in the production server should count as gross incompetence...

It might be genuinely useful if for example a middleware is sanitising user input. Test if your code receives a < character instead of an &lt character representation.

@MatejLach During development, a few cases come to mind:

1. Making sure the "wrong password" message is actually because of a wrong password given.
2. problems with passwords containing special characters in different charsets.
3. Unit testing of the password routines without exposing too much of the innards to the Unit testing framework.

Keeping this logging on in production is the real fuckup.

@MatejLach I've personally encountered a scenario where it happened by accident - bad auth attempt resulted in writing to the error log with the params, including plaintext pre-hash password. (Not saying it's ok, just that we're human and sometimes don't anticipate things well enough).

@MatejLach I don't want to assume incompetence over malice, but..

I've seen Apache+PHP log erroring function calls with arguments in plaintext, so it's possible that it might have been (partly) unintentional.

Show more
Matej Lach's mastodon

Hi there! I am a free software developer. I enjoy working on useful software, as well as advocating for software freedom and the use of open standards, promoting data ownership, decentralization and privacy. If this is important to you, I may be worth following. If you like Go, Rust, or Swift, it may be worth following me as well. Besides computing, I enjoy metal, a good read and occasionally some gaming, (not much time for that these days).