Christopher Lemmer Webber @cwebber@octodon.social
GNU (MediaGoblin, 8sync, Guile, Guix) hacker, ActivityPub co-editor, occasional artist. https://dustycloud.org/
@joeyh If you're an ActivityPub implementor, you should *make sure your software is not vulnerable to these kinds of attacks*. The redirect one is especially tricky.
@joeyh If you're an ActivityPub implementor, you should *make sure your software is not vulnerable to these kinds of attacks*. The redirect one is especially tricky.
@joeyh posted about two security vulnerabilities he uncovered http://joeyh.name/blog/entry/two_security_holes_and_a_new_library/
Notably the ActivityPub appendix warns about these kinds of security vulnerabilities: don't fetch from uri schemes you don't know (be sure your http lib doesn't accept file://) and don't fetch from localhost (though sadly it's hard not to do this one... "localhost-only" is mostly doomed).
But Joey's post also points out that even if you filter out the scheme and localhost yourself, redirects may bite you
Wait, what. Windows 10 sends info on USB devices plugged in directly to Microsoft?
And it does that using pure HTTP?
https://pastebin.com/ttYp5rLg
You gotta be kidding me.
I dont accept ads, or aggressive brand/s accts or paid toots (I’ve been approached) but I do support free & #opensource programs. We have some amazing creative orgs represented on the #Fediverse thru 
#Mastodon’s super-scalable #ActivityPub implementation.
If you havent tried them then you’re missing out (a-z). U have control over ur social & creative lives w #FLOSS
@Blender
#DarkTable
@GIMP 
@inkscape 
@Krita
@ubuntustudio
Others?
Godwin's Law in the Age of Trump by... Godwin https://www.rstreet.org/2018/06/25/godwins-law-in-the-age-of-trump/
@kmicu that line of argument is not gonna help us. Free/open source software is both free *and* commercial. See http://blog.ieeesoftware.org/2016/04/dissecting-myth-that-open-source.html?m=1 . #art13 should go away also for commercial use in order for #FOSS to thrive.
I just helped to stop #CensorshipMachines that would filter ALL of our online content. You too can help to #SaveYourInternet: http://d.shpg.org/420107097t Contact your EU representative before 4 July!
@jorty la forge
@cwebber me: auuughhh it's so hot today
christopher lemmer webber: ah... it's so.... temperate here...
Guile 3 update from Andy Wingo:
https://lists.gnu.org/archive/html/guile-devel/2018-06/msg00026.html
tl;dr We're well on our way to JIT-compiled code!
Despite all the stress of our stuff not having arrived yet and us not knowing when it will, I'm very excited to be here. Western MA is a temperate paradise, and especially Easthampton, where we are.
I also look forward to it arriving so I can stop being in a constant state of anxiety
getting ready for another client meeting
I look forward to our stuff arriving so I don't have to keep using a folding chair and card table for a desk setup
Scheme / Guile / Racket
I've often said that I would love to take @cwebber's brain and shake it to see what all pops out because I know that anything in there will be amazing. One of the languages that he introduced me to was Scheme. Scheme is a functional language that borrows heavily from Lisp. It's a teaching language but still retains a lot of Lisp's power. I haven't explored it fully but I want to get back there again.
help I am so many exhausted
Working on PeerTube federation support! Mastodon & Pleroma support is pretty much finished (had to simulate remote follow since this is a localhost instance)
cc @Chocobozzz
(Time passes)
Things that are now working:
• Slack
• work email
• Mastodon
Things that are not working:
• SCOTUS
Randomly, "International" by Jim's Big Ego just came up on my playlist. Probably gave me the only ray of optimism I could get on this day.
I don't know how to get us out of this but I'm going to do my best... the best thing I know how to do is work on digital platforms that preserve peoples' civil liberties and rights to organize.
Instead of celebrating this 4th of July (we don't feel like celebrating), @mlemweb and I are going to be donating to orgs which can possibly push back.
