“what’s the difference between a vendor that only promotes the ideas that are in its own interest and a foundation that does the same thing. Or worse, a foundation that will only represent projects that it’s paid to represent.”

techcrunch.com/2019/04/29/cano

Here's something frustrating in hardware design: vendor designs custom board such that there's no recovery mechanism without doing hardware rework. In this case, instead of providing a dip switch or jumpers, they force the developer to desolder/solder an 0402 resistor switch from QSPI<->UART bootloader mode. Just no thought to designing for development at all.

The "not doing April Fools" thing? Fully endorse and agree.

*sigh* definitely a case of the Mondays: s/muti-user.target/multi-user.target/

DMA! DMA! My kingdom for working R-Car 3 DMA!

Facebook collected users' phone numbers for 2FA, then made it impossible for them to keep their phone number private techcrunch.com/2019/03/03/face Facebook is not concerned about privacy because it views data as something to capitalize, not protect. Choose services that value #privacy

OAuth2 key/scope bugs are analogous to embedded pinmuxing bugs where you look everywhere else first before coming back to the obvious.

@trini @bradfa As part of the ongoing discussion of the need for higher end arm64 desktop solutions... I'd be far more willing to be on something from fsl/nxp with proper docs and community support than anything in a similar core configuration from amlogic, rockchip, etc. linuxgizmos.com/first-i-mx8-qu

Filling my development system with loads of node.js stuff for a fun FOSS project. I'm not sure if I should be happy or sad right now but I know it's Friday.

Gotta love the React's dangerouslySetInnerHTML attribute. Not every framework warns about security risks in their naming.

I was using SSH on my smart phone once and I looked up for a moment and thought.. TRUCK!!!!!!!

To elaborate on this, here's an algorithm how to DDoS someone and break the Matrix network at the same time:

* Get a domain
* Get a wildcard certificate
* Spawn a stripped down instance with $randomname.yourdomain.org that can only talk to matrix.org.
* Send a join to #matrix:matrix.org
* Redirect $randomname.yourdomain.org to your target you want to DDoS
* Kill the instance, repeat with another $randomname

Now 2000 - 5000 servers will constantly hammer your target with TLS handshakes.

I tried hard to use #Matrix. After wasting a week on it, I just had to give up. The protocol is just too bad, and the federation design is broken. It's impossible for me to run a server due to this. The Matrix protocol *by design* is the largest DDoS amplification attack vector I have ever seen. Until they fix that, I cannot use it. And it doesn't seem to be a priority to fix it, it's just "Would be nice if we would fix it some day".

This must confuse people that don't realize that it's standard I2S/PCM on these signals kindly named SCK/MISO/MOSI:

"Data transfer between the microcontroller and additional board is performed via the Serial Peripheral Interface (SPI), whereas the operation of the board is controlled by the microcontroller via I2C communication."

Show more
Society of Trolls

A nice little Mastodon instance. Mild trolling encouraged (keep it local), but not required. Malicious behaviour is not tolerated. Follow Wheaton's law and you'll be fine.