#Tag
Tried to watch that Vite documentary, I'm so glad that I got out in time from that entire ecosystem.
These mfs act like they just created a room-temperature superconductor, impossible to take any of them seriously.
They keep "reinventing" webdev but it's worse than before.
With this photographic memory I fully understand how someone can become delusional and seem like they have schizophrenia now.
You get so stressed it corrupts your picture and you stop registering logical context because all the information you're working with is corrupted.
Your basic files are wrong and lead you somewhere made of nonsense.
Stress causes this if great enough, and my brain makes whole worlds that never happened if I don't sleep well.
If Qualcomm has no chill to screw both MS and Apple with patent BS, what makes you think they'll give two flying f*cks about the hobbyist community around Arduino.
With this photographic memory I fully understand how someone can become delusional and seem like they have schizophrenia now.
You get so stressed it corrupts your picture and you stop registering logical context because all the information you're working with is corrupted.
Your basic files are wrong and lead you somewhere made of nonsense.
Stress causes this if great enough, and my brain makes whole worlds that never happened if I don't sleep well.
I find sad that even if I think about making outline for some service that able to federate with ActivityPub / Fediverse, it also means I have to think about something that can be deplatformed, outlawed or censored out in 2025.
But both ActivityPub (and even ATProto) is NOT designed to be functional in such conditions.
Attempt to support it makes immediately you dependent on pyramid of:
💻 servers, likely cloud
📜 DNS
🔑 SSL certificate(s)
Each of above can become point of failure 🧵
Of course it does not mean that ActivityPub is bad on itself.
It just necessary to admit these things before even thinking about some software project:
1️⃣ Each tech has limits of applicability
2️⃣ Each design decision would either limit your audience (by demanding some tech knowledge to get started) or make your project more vulnerable to censorship or other treats of forced closure.
3️⃣ IT solutions can't solve political problems
Whoever designed the Avanti West Coast train seats, may your pillow always be warm, your tea cold and your shower never just right
Most unfomfortable shit ever, these things. At least 3/4 of me is in pain. #UK #trains #rant #avanti #ergonomics
Whoever designed the Avanti West Coast train seats, may your pillow always be warm, your tea cold and your shower never just right
Most unfomfortable shit ever, these things. At least 3/4 of me is in pain. #UK #trains #rant #avanti #ergonomics
Spent my morning figuring out why Nginx was dead on a server with many days of uptime. No reboot, no kernel panic. Just... down. Ubuntu 24.04.
The cause? An automatic unattended-upgrade of libc6. This prompted systemd to work its magic, wisely deciding to restart every running service to apply the patch. Fine.
The problem is, in the exact same minute, the systemd timer for certbot decided it was time to renew certificates.
The result:
- systemd stops Nginx.
- Port 80 becomes free.
- certbot, in standalone mode, immediately grabs it for validation.
- systemd tries to restart Nginx, which fails with "Address already in use".
The web server was knocked offline by its own certificate renewal script.
I swear, this is the kind of cascading failure that has never happened to me in years of running *BSD. With a classic cron job, certbot would have failed, logged an error, and tried again the next day. The web server would have remained untouched.
systemd was doing its job, but something failed because of the interactions.
Sometimes, too much automation and too many interconnected parts just create more spectacular ways for things to break.
Wir schreiben das Jahr 2025. Autos fahren selbstständig, Kühlschränke bestellen eigenständig Milch, und mein Toaster hat wahrscheinlich mehr Rechenleistung als die Apollo 11. Aber wenn ich eine SMS mit Umlauten verschicken möchte, fällt die Nachricht sofort zurück in die Steinzeit mit 70 Zeichen Limit. Also schreibe ich wieder „ue“ wie 2003, als wäre ich auf einer T9-Tastatur gefangen. Fortschritt ist, wenn die Zukunft schneller kommt als die Umlaute.
Spent my morning figuring out why Nginx was dead on a server with many days of uptime. No reboot, no kernel panic. Just... down. Ubuntu 24.04.
The cause? An automatic unattended-upgrade of libc6. This prompted systemd to work its magic, wisely deciding to restart every running service to apply the patch. Fine.
The problem is, in the exact same minute, the systemd timer for certbot decided it was time to renew certificates.
The result:
- systemd stops Nginx.
- Port 80 becomes free.
- certbot, in standalone mode, immediately grabs it for validation.
- systemd tries to restart Nginx, which fails with "Address already in use".
The web server was knocked offline by its own certificate renewal script.
I swear, this is the kind of cascading failure that has never happened to me in years of running *BSD. With a classic cron job, certbot would have failed, logged an error, and tried again the next day. The web server would have remained untouched.
systemd was doing its job, but something failed because of the interactions.
Sometimes, too much automation and too many interconnected parts just create more spectacular ways for things to break.
Style guides, API references etc. often indicate best practices regarding how these are meant to be used and, if you have a well-supported widget toolkit, a lot of these things even happen automatically. This is why a lot of apps are accidentally usable even if no #accessibility considerations were ever deliberately made.
The visual side of things is harder, but requires a similar early call on accessible color combinations when you're locking in your branding and design. This is where a lot of designers feel their style's being cramped because they're trying to make a Van Gogh painting rather than a usable UI. At the end of the day, a user interface is meant for the user to interface with the product, not for a user to ooh and ahh at the pwetty colors you stuck intheirface. Easy mistake to make, but now you know, alright?
This is where I'm often told that a product needs to stand out, that it needs to be eye-catching, visually separate itself from the rest. Maybe that's true, I can't judge that, nor do I have the background, or senses, to properly refute or dispute that. I do have a viewpoint on this, though, and it is thus:
How helpful is your eye-catching, outstanding, visually separate design if through its very presence, users can't actually get the task done they're paying for the product to complete? Are you truly so uncertain about your product's capabilities that you need to "trick" a user into staying around by throwing pwetty pictures at them? Does nobody realize how pitiful that is?
For this and more viewpoints that often go unseen, hit me up at https://youtube.com/@ViewpointUnseen 😜 #rant
Linus Torvalds on why desktop Linux sucks (2014)
I'm tired of web sites inflicting known-bad rules on passwords. Like what characters are required, or minimum length.
https://pages.nist.gov/800-63-4/sp800-63b/passwords/
https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html
https://tuta.com/blog/minimum-password-length
TL;DR: don't require specific classes of characters, require at least 15 characters.
I'd go for a minimum length of at least 16, myself. Brute force guessing is a thing and is dealt with by using longer passwords.
Any web site that doesn't follow these is just security incompetent.
🆕 blog! “Is it possible to allow sideloading and keep users safe?”
In which I attempt to be pragmatic.
Are you allowed to run whatever computer program you want on the hardware you own? This is a question where freedom, practicality, and reality all collide into a mess.
Google has recently announced that Android users will only be able to…
👀 Read more: https://shkspr.mobi/blog/2025/08/is-it-possible-to-allow-sideloading-and-keep-users-safe/
⸻
#android #google #rant #scam
🆕 blog! “Is it possible to allow sideloading and keep users safe?”
In which I attempt to be pragmatic.
Are you allowed to run whatever computer program you want on the hardware you own? This is a question where freedom, practicality, and reality all collide into a mess.
Google has recently announced that Android users will only be able to…
👀 Read more: https://shkspr.mobi/blog/2025/08/is-it-possible-to-allow-sideloading-and-keep-users-safe/
⸻
#android #google #rant #scam
I'm tired of web sites inflicting known-bad rules on passwords. Like what characters are required, or minimum length.
https://pages.nist.gov/800-63-4/sp800-63b/passwords/
https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html
https://tuta.com/blog/minimum-password-length
TL;DR: don't require specific classes of characters, require at least 15 characters.
I'd go for a minimum length of at least 16, myself. Brute force guessing is a thing and is dealt with by using longer passwords.
Any web site that doesn't follow these is just security incompetent.
I don't know which genius at #Google thought it was a good idea that swiping the right side of the screen on #Android goes 'Back'
It's so sensitive that I accidently go back several times a day. What's the gesture to go forward? Who knows?!
You can disable swiping actions, but that disables everything and swiping from the left of the screen to go back is actually useful (and the same as iPhone) and never accidentally triggered.
Hmm, looks like the login process in the mastodon.el is complicated AF.
Two possible places to store the credentials: ~/.authinfo.gpg and ~/.emacs.d/mastodon.plstore (both support GPG encryption).
When I make first login the mastodon.el asks me about passphrase then about password 
. Both entered strings should match.
After some experiments I realized that it asks me not about my #Mastodon password but about passphrase to unlock my GPG key (twice 
, then other programs, like Magit or pass frontend doing this only once).
Then, I successfully logged in by entering GPG passphrase twice, entering authorization code from Mastodon instance to authorize mastodon.el and entering the GPG passphrase to store necessary credentials in the /.emacs.d/mastodon.plstore (twice again ).
The official documentation states that mastodon.el will store credentials in the /.authinfo.gpg since 2.0.0, but this is not true . I'm using version 2.0.2 from NonGNU ELPA and it is still saves all credentials to the aforementioned mastodon.plstore. Despite my auth-sources is:
("/.authinfo.gpg" "/.netrc")
After I restart Emacs and enter M-x mastodon, I got:
Decrypting /home/drag0n/.emacs.d/mastodon.plstore...done
Loading home timeline...
Contacting host: mastodon.bsd.cafe:443
Loading fediverse account nil on https://mastodon.bsd.cafe...
error in process filter: mastodon-tl--init*: Looks like the server bugged out: "The access token was revoked"
error in process filter: Looks like the server bugged out: "The access token was revoked"
While I didn't revoked access token, it is still visible in the Mastodon settings, in the list of my authorized applications.
And both mastodon-instance-url and mastodon-active-user have valid values, pointing to the my actual account.
0/10 will not recommend
After a little investigation, I found that I was wrong. The problem is not with mastodon.el. Looks like my instance somehow won't accept access_token, issued by the /oauth/token, if this token was stored and reused e.g. after Emacs restart.
BTW, if I try to get the access_token by hand, via the Librewolf DevTools, then the server won't give me any token, saying that "The provided authorization grant is invalid"
https://codeberg.org/martianh/mastodon.el/issues/732#issuecomment-6580210
Hmm, looks like the login process in the mastodon.el is complicated AF.
Two possible places to store the credentials: ~/.authinfo.gpg and ~/.emacs.d/mastodon.plstore (both support GPG encryption).
When I make first login the mastodon.el asks me about passphrase then about password . Both entered strings should match.
After some experiments I realized that it asks me not about my #Mastodon password but about passphrase to unlock my GPG key (twice , then other programs, like Magit or pass frontend doing this only once).
Then, I successfully logged in by entering GPG passphrase twice, entering authorization code from Mastodon instance to authorize mastodon.el and entering the GPG passphrase to store necessary credentials in the /.emacs.d/mastodon.plstore (twice again ).
The official documentation states that mastodon.el will store credentials in the /.authinfo.gpg since 2.0.0, but this is not true . I'm using version 2.0.2 from NonGNU ELPA and it is still saves all credentials to the aforementioned mastodon.plstore. Despite my auth-sources is:
("/.authinfo.gpg" "/.netrc")
After I restart Emacs and enter M-x mastodon, I got:
Decrypting /home/drag0n/.emacs.d/mastodon.plstore...done
Loading home timeline...
Contacting host: mastodon.bsd.cafe:443
Loading fediverse account nil on https://mastodon.bsd.cafe...
error in process filter: mastodon-tl--init*: Looks like the server bugged out: "The access token was revoked"
error in process filter: Looks like the server bugged out: "The access token was revoked"
While I didn't revoked access token, it is still visible in the Mastodon settings, in the list of my authorized applications.
And both mastodon-instance-url and mastodon-active-user have valid values, pointing to the my actual account.
0/10 will not recommend
A space for Bonfire maintainers and contributors to communicate
