Tootfinder

"It places page cache pages in a writable scatterlist, separated from the legitimate write region by nothing more than an offset boundary. The design assumes every AEAD algorithm will confine its writes to the intended destination, but nothing in the API enforces this, and nothing documents it as a requirement.
Unfortunately, one AEAD algorithm breaks this silent invariant."
"No other standard AEAD algorithm in the kernel [uses memory that doesn't belong to it as a scratch pad]. GCM, CCM, and regular authenc all confine their writes to the legitimate output area. authencesn alone writes past the boundary."
I'm actually amazed that there's only one bug here. Somehow almost everyone just managed to do the right thing, despite no mechanism enforcing it and no documentation describing it. That's just amazing. It's a testament to the skill of those developers, despite an incredibly bad design.
#copyfail

"But in a testament to an enduring relationship forged during the miners’ strikes of the 1980s, this year’s event has returned bigger than ever, thanks to funding from trade unions.
Stephen Guy, the chair of the Durham Miners’ Association (DMA), said that when it became apparent Durham Pride was under threat, he took it upon himself to “encourage the trade union movement to step up and do the right thing, and stand shoulder to shoulder with the LGBT community”."

‘Bigger and better than ever’: how Durham Pride beat Reform’s funding axe with help from the miners
Solidarity between LGBTQ+ people and unions has saved an event denied ‘a single penny’ of council money

On Making Christmas Greener - Twelve top tips that the Internet gave to me - for a green Xmas... Have fun, save money, do the right thing by the planet - triple win! #greenXmas - https://www.earth.org.uk/note-on-greenin…

On Making Christmas Greener
Twelve top tips that the Internet gave to me - for a green Xmas... Have fun, save money, do the right thing by the planet - triple win! #greenXmas

Logistics in the technical sense (part of supply chain management) is a subset of logistics in the vernacular sense ("the handling of the details of an operation"). You can explore this second and more general sense, and thereby build an understanding of the first and more technical sense, by iteratively asking the question, "how does one make that happen" and follow questions from there.
A big part of organizing is figuring out the (vernacular) logistics (and helping others figure it out). You want to organize a seed swap? Ok. How does one make that happen? Well, you need seeds, people, a place, and perhaps a time. How does one make that happen? You can forage seeds or you can buy seeds for a garden and swap extras. How do you get people to come? Well, figure out where you want people to come from and choose an accessible place. What's the easiest thing to do? Get people from your neighborhood. How does one make that happen? Well, maybe put up flyers. How does one make that happen? Well, print them on your printer if you have one, or at a library, then go post them up. Etc.
Keep asking questions until you either find a roadblock that you can't find a way around, or you find things you can do yourself (one of those things you can do yourself is asking friends to help).
If you practice the exercise of thinking about how things happen, you can start to find things that you can do yourself. You can start to understand what exists now, and you can imagine what's possible. By thinking about logistics, you can figure out how to replace things when they collapse or are dismantled. You can also identify things that can't easily be replaced, and try to figure out alternatives.
This practice is good for figuring out how to build, but it can also be a valuable practice for figuring out how to resist. Concentration camps and ethnic cleansing also require logistics. Mass displacement means moving people. How does one do that? People are generally going to be moved in planes or buses. How does one do that? Well, people get loaded on to planes or buses in specific places. Planes and buses need fuel. Planes are fueled at their airports, which may well be the same places where people are loaded on to them. There is a fuel depo and a fuel truck that makes flying people out of a specific place possible. How does the fuel get to that fuel depo? Well, that fuel is probably also delivered by truck. Someone drives those trucks. Someone fuels those planes. Someone clears the planes for takeoff. Someone fuels those busses. Someone drives those busses. And so on.
Logistics networks can be highly complex. The more complex the operation, the more possible points of failure and more possible points where pressure can be applied, where operations can be disrupted. Ethnic cleansing is a complicated operation. The logistics of disrupting complicated things tend to be much less complicated than the logistics of the complicated things themselves.
The Right has exploited this fact for a long time. Centralized social services are logistically complex. Public infrastructure is logistically complex. By destroying these things, they can loot public resources by privatizing the infrastructure and functionality.
But the things that support the Right are even more logistically complex. Oil, cars, AI data centers, internal paramilitary, these are extremely complicated and fragile. There are numerous pressure points, all of which can respond to numerous strategies.
If we want to win, we should reduce the influence of politics over the things we care about. We should focus on building distributed mutual aid networks that don't rely on state funding and aren't subject to the whims of politicians. This is also known as "dual power." That is, creating counter-institutions outside of the dominant political system. The Right already does this in the form of churches and corporations.
As we reduce our complexity, we can then press our complexity advantage against the things for which the Right *needs* the state: the apparatus of violence needed to maintain capital and enforce the dominant order.

I’ll raise a quiet glass to Robert Mueller here. In the public mind, he was first the messianic savior of democracy and then an emblem of inadequacy and institutional failure — and both those visions did him a disservice.
He tried to do the right thing in a principled way. His effort failed, and we’ve paid dearly for that failure. The failure was his, but also all of ours to share: for every one of his choices that I can second-guess, I can name half a dozen places where others failed to hold up their/our end of the bargain, took the work he handed off and dropped it flat.
He failed, but he tried his damndest — and that’s more than I can say for a lot of folks in the USA over the last 10 years.

Bill Belichick: Tom Brady leaving New England in 2020 was 'absolutely the right thing for him to do' https://www.nfl.com/news/bill-belichick-tom-brady-leaving-new-england-2020-absolutely-right-thing-for-him

The concept of a rotating villain is so funny to me. The best example is the U.S. House of Representatives where one Democrat sacrifices themselves to vote in line with the Republican party, so that all other Democrats can claim they were trying their best to do the right thing, yet in reality are just as complicit. That one Democrat always changes (rotates) so that the blame is spread equally and no particular Democratic representative makes their hands too dirty.
The latest instance…

If a not-for-profit for-profit privacy-protecting company funded by surveillance capitalism isn’t trustworthy, I don’t know what is. @… https://polymaths.social/@c…

I've seen a bunch of "the CA age verification law is the best way to do a bad thing and so we shouldn't oppose compliance" takes, which others are rightly pointing out is a bad stance because it's blindingly obvious that compliance now sets the stage for compliance later and the clearly set up later is mandatory verification of age data. Even if you think that, for example, California's current "progressive" government won't go there, we're all currently seeing just how easy it is for a new government to pick up the oppressive tools the "good" government was using "restraint" with and put them to worse ends.
On the other hand, I'll freely admit that distros *do* need a way to shield themselves from liability right now. The clear (to me; IANAL) correct solution is to say on your website "don't download this OS if you're in a jurisdiction where it's not legal for us to provide it."). Assuming this does put you in the clear liability-wise, it has several positive effects:
- Stops zero people from downloading it.
- Makes it clear that your project will not collaborate with fascists/oppressive regime enjoyers.
- Means that when the next law makes verifying user ages mandatory (and/or explicitly requires using Palantir-adjacent services to do so) you've already got a strategy in place and there's no need for a "debate" in your "community" about compliance.
- Gets users more practice with "the law is malicious/needlessly bureaucratic/oppressive; let's ignore it" which to be honest people in general clearly desperately need at this point.
- Is the most effective political move if you want to resist the way things are going. Forcing the other side to explain why "California bans Linux" is good rhetorical strategy. Make *them* try to explain "well it's actually not so harmful since we let users set it themselves" and answer your follow-up "but what if next year the requirements change; I just refuse to go along with this slippery slope stuff and I'm not bothered if that means you want to *ban* me."
#AgeVerification

I'm guilty of being a "competitive pessimist" from time to time... Are you?
"Pessimism is more accurate in the short term - almost always, I'll give it that. Things do go wrong in roughly the ways people predict they will. But optimism is more productive over decades. Optimism is the thing that generates attempts, and without attempts nothing changes.
...
I would rather be wrong about what we're capable of than right about why we shouldn't bothe…

Optimism is not a personality flaw
This newsletter is free to read, and it’ll stay that way. But if you want more - extra posts each month, no sponsored CTAs, access to the community, and a direct line to ask me things - paid subscriptions are $2.50/month. A lot of people have told

The people on top are good in one thing: getting to the top and staying there. This can help for some of the work that needs to be done but is a kinda one-sided qualification.
We should try to get people on top that know how to do the work that needs to be done – and allow them to do their work¹.
In politics as in companies.
__
¹which does not mean to let them do what they want to. It is important monitor those in power, but we should learn to stop them for the right re…

I wanna jump one more time on the whole "distraction" framing, because this is a point that needs to be hammered home (and I need a reminder to write something longer).
Attacks on trans youth are not a distraction from other types of coercion, they are central to it. Attacks on trans youth come from a conceptualization of children as property, which is literally patriarchy in the Roman sense of the legal objectification all people who share a household as belonging to a man. This legal structure, Roman slave law, continues to be the root of property rights and therefore the foundation of capitalism.
But colonialism also extends from it through the infantalization of colonized people as a justification for oppression. This can also be turned inward again manifesting as the justification for police (that is, some people "can't handle themselves and need external authority to act right").
The #Epstein stuff isn't some weird thing that rich people get away with, it's core to how wealth works. Money isn't useful by itself, it's a proxy for power. One manifestation of power is being able to violate laws that constrain others (this is the "freedom of the monarch" that Graeber talks about in Dawn of Everything). The war in Iran, especially the threats of nuclear weapons and genocide is not a distraction from the #EpsteinFiles, but rather a manifestation of the same thing.
Power must be demonstrated to affirm that it is real. War is a demonstration power. Violating the law without consequences is a demonstration of power. The most taboo things are using nuclear weapons and child sexual abuse. He has already done one of those, and he is going to do everything he can to do the other.
These are not distractions, these are all manifestations of the underlying thing that we need to fight. But we need to make sure we're fighting it as a single thing. We have to tie these things together, because if we do not then we risk reproducing the same thing again but worse.

Hangin' With The 'Boys: Push the Money https://www.dallascowboys.com/podcast/hangin-with-the-boys-push-the-money

Free speech is the power to criticize your government without fear of prosecution. It is a basic human right.
It is not about getting away with hurting your neighbor who never caused you any harm. Dignity is a human right.
That is also what "love your neighbor" is about.
It's just a sensible thing to do.
Do not tolerate hate speech.
There is no (need for a) "freedom to hate".
Be kind to one another. 🧡

If the only thing that makes a "Ferrari" a “Ferrari" is the sound... then why the heck have we been impressed at its speed, its agility, its style, its accoutrements, its handling, and its engineering all these years?
If being an electric “breaks" that because it doesn't "sound right" then I think, perhaps, you may be missing the boat...
I'm actually disappointed they tried to 'replicate' a 'sound' from the mechanics inside... because the blinding speed, relentless torque, and absolutely insane engineering all in a *nearly silent* vehicle, should have been part of the charm and wonder.
But some people just gotta have that roar. I get it... but.. also... some things do have to end and we will all be better off for it.
Though really, we'd be much better off on public transit and/or a bike or our own two feet but i digress.
#ferrari #Luce #PopeLeo #Italy #tradition

Excerpt from an essay I may or may not write:
Ontologies evolve to fulfill functions. They serve a purpose, and will be adapted until they fulfill this purpose. There are, occasionally, things that exist within those ontologies which do not actually exist.
Programming bugs are an example. There is no such thing. Code is code. It can't be right or wrong, it just is or isn't. The mismatch between the intent and the execution creates a side effect. We may confidently assert such a thing exists. We may name such things. But they don't exist. This becomes apparent when you try to figure out how to suppress one specific instance of a bug in one specific place through multiple revisions.
At some level, a lot of things don't actually exist. We only need to follow through the logic of The Ship of Theseus to see how our ontologies break down.
One thing that doesn't exist, that is a side effect rather than an object, is the personal self. You do not exist. Your perception of your existence is an illusion, a necessary side effect.
Every day you wake up a different person. Every second you are not who you were. That person is as dead as you will be the next instant, as all versions of you will be every second until there are no more. These selves are bound together by imperfect memories. The person you remember as yourself, all those people, never existed. You created them based on your current experience, your current iteration.
You could, just as easily, wake up an unrecognizable person, in some Dark City, and never know the difference. Continuity is absurd. And yet, some people believe they'll still experience the same self after being frozen or "uploaded." It's a silly illusion.
Once you can get over that illusion, you can let go of the need to thrash against the void. You can let go of the various furious dreams of immortality.
At a high enough level, all ontologies are illusions. Useful illusions, but illusions none-the-less. There is only the undifferentiated universe, and you are experiencing it. You are the universe. You will always persist, long past the time this specific iteration or any iteration experiences it.
This implies a certain obligation then to all the others experiencing the same self, the future iterations that may remember being someone like you, and any other person you, the universe, could wake up as tomorrow.

Note to self: next time don't pre-program the #TOTP Now Playing bot 2 weeks in advance and then expect it to do the right thing while I go swanning off in Forrin Parts.
Sorry, folks. Back to usual antics next week, I promise.

About bloody time.
It was bought into public ownership by Harold Wilson, privatised by Thatcher. After 15 cumulative years (Blair, Brown, Starmer) of Labour they'll finally do the right thing.
British Steel nationalisation plans announced by Starmer - BBC News
https://www.bbc.co.uk/news/articles/c8xwg0

British Steel nationalisation plans announced by Starmer
The steelworks has been under government control for almost a year, but leglistation to nationalise it will be put forward this week.

Some years ago I wanted to do a thing and for reasons client didnt want it - we guessed like 6 months or whatever to get it built right.
I still have the spec I wrote for the protocol and some thoughts on how it might look.
Twice a year or so I try to get a LLM to build it.
So yesterday was the first time in a while, blew my Claude Max token allowance in one sitting and just...finished it in one go? Just works, easy to use, does what I wanted.
Fuck.

Yesterday, I've read a vibe coded script for the first time in my life, and I've cried.
It wasn't ugly. "Ugly" is not the right term. It was as if someone wasn't able to comprehend beauty, but badly tried to mimic it. It felt like "malicious compliance" to beauty. The kind of awful verbose pedantry that feels wrong every step of the way.
It's the kind of code you'd expect in a corporate environment when you know that the code would be read by the top suits who have no idea about coding, but judge it by the volume and expect science fiction level of make-believe.
It's the kind of code is abstracted away into the tiniest details. Every function returns a complex dataclass explaining precisely what it did, for no reason at all. What would be two lines of code is a function. What would be a function is a whole module. It's a caricature of good programming practices.
I was supposed to add modifying a second field on the same object via GitHub API. I've guessed it would take me about an hour to figure out the code enough to be able to do that — what ought to be 2-3 extra lines. I suspected I'd discover that most of the code does precisely nothing. Just meaningless API exchanges that are absolutely unnecessary. It felt like the kind of parody of bureaucracy where you have to file 10 forms to do something, and only one of them actually means anything.
What used to be "do one thing well" became "doing ten totally random things is fine, as long as one of them happens to be what I need, and the whole thing doesn't blow anything up in an obvious way".
Perhaps it's just because this way a throwaway script. Maybe "production" stuff takes more, err, prompt refining? Maybe it actually can produce stuff that's comprehensible.
But if that code was any indicator, then I'm not going to believe that any big LLM contributions are actually reviewed by humans. A review will take more time than rewriting from scratch. This is a ticking time bomb. That LLM-generated code isn't introducing exploits right now is either a statistical accident, or it's just that nobody bothers.
Clarification: I didn't "prompt" it or request one. I'm not a hypocrite.
#NoAI #NoLLM #AI #LLM

China has problems, but at least their courts still do the right thing every so often:
https://finance.yahoo.com/sectors/technology/articles/ai-termination-ban-why-chinese-184031008.html

The AI Termination Ban: Why Chinese Courts Just Made It Illegal to Replace Workers with Robots
Chinese courts ruled AI adoption can't justify firing workers, forcing tech companies to budget for expensive transitions that could increase global gadget...

🇺🇦 Auf radioeins läuft...
D-Troit:
🎵 Do The Right Thing
#NowPlaying #DTroit
https://open.spotify.com/track/3YG33HJ4Jm3F1hfWSTgy1Y

RE: https://kolektiva.social/@tiotasram/116595511143252449
These types of things regularly destroy otherwise well organized groups. If we could develop practice exercises around sexual violence, bad-jacketing, and interpersonal conflict, we could significantly decrease state leverage against movements and internal disruption.
Bad things happen. We will have to deal with those bad things. The more experience we have dealing with them (even in simulation), the more easily we'll be able to manage them and the more often we'll be able to do the right thing.
But yes, this would need to be at the very least informed by DV/SV survives to make sure scenarios drive towards the right conclusions.

I'm sorry to say that I actually wrote it:
"The pinnacle of enshittification, or Large Language Models"
#AI #LLM #NoAI #NoLLM