C’est parce que certains services privés touchent tout le monde que c’est devenu un gros problème : des entreprises siphonnent nos données, étudient nos comportements, suivent nos déplacements, et pour la plupart nous continuons comme si de rien n’était.

Toutes ces données amassées sur vous ne disparaîtront pas du jour au lendemain. Si des régimes politiques déviants s’installent, et ils ont toutes les chances de le faire quand les options sont manipulées à grande échelle, vos anciennes opinions et pratiques pourront être retournées contre vous.

La suite dans les commentaires sur https://mamot.fr/@tcrouzet/115179829173868768

Note de Khaled Gaiji: Je ne pense pas qu’on lutte tou-tes avec le même capital culturel et la conscience de ça. Je pense que les gens luttent avec ce qu’iels connaissent et avec "l’éducation" qu’iels ont eu . Ça demande une démarche très active d’aller vers d’autres formes de pensées et nous ne partons pas toutes et tous du même point de départ.

Facebook est déjà compliqué comme outil en fait. Une alternative libre reste déjà plus dans l'intérêt de l'utilisateur.

Mais attention si les messageries instantanées aident à s’organiser, elles ne sont généralement pas un vecteur de viralité. La priorité : quitter les réseaux sociaux algorithmiques, ceux qui vont monter d’odieuses mayonnaises.

It's absolutely possible to beat even the best sort implementations with domain specific knowledge, careful benchmarking and an understanding of CPU micro-architectures. At the same time, assumptions will become invalid, mistakes can creep in silently and good sort implementations can be surprisingly fast even without prior domain knowledge. If you have access to a high-quality sort implementation, think twice about replacing it with something home-grown.

Une critique des publicités en ligne, de leur impact sur l'utilisateur, les ressources consommées, les données collectées

D'où l'initiative https://bloquelapub.net/, et une liste d'alternatives

Ideas for creative projects. Lean and have fun.

“What I cannot create, I do not understand”

One ting to consider: KISS. The program can crash or panic for a lot of code path. Implement only the necessary!

Bids and buy custom omg.lol domains.

That's a way to run a business.

The problem is annoying and difficult. Also secrets can be easy to rotate, can not rotate or ones that attackers use.

You could be doing so many good data security practices, like secure-by-design frameworks, database and field-level encryption, zero-touch production, access control… but logging bypasses all of that… and ultimately degrades trust, in your systems and in your company.

It happens to companies of all sizes: X, Google Cloud, Facebook

Causes:

1. Direct logging
2. Kitchen sinks: objects that contain or hold secrets, often in opaque or unexpected ways. Errors of requests are examples.
3. Configuration changes: turning logging level to debug.
4. Embedded secrets: a token shared by URL
5. Telemetry: error monitoring and analytics are logs. They often provide the local variable context.
6. User Input: the user provides wrong but PII data in a wrong field for example.

Fixes:

1. Data architecture:part of the solution is reducing the number of data flows and shrinking the problem space so you simply have less things to worry about and protect. One logging utility!
2. Data transformation: minimization, redaction, tokenization (and the trolls: hashing, encryption, masking)
3. Domain primitives: “combines secure constructs and value objects to define the smallest building block of a domain”. new Secret("..."). They provide security invariants and guarantees that basic string primitives simply cannot.
4. Compile-time: a logging function that never accepts secrets (TS branded types helps!)
5. Run-time classes (extends String): it identifies the secrets. Overwrite the toString() method in JS to return [redacted] but an explicit unwrap() method for example.
6. Read-once objects: they throw an error or [redacted] in case of second read.
7. Taint checking: the general idea here is that you add taint to various sources (like database objects), and yell loudly if the data flows into certain sinks (like logs). Demo: https://semgrep.dev/playground/s/4bq5L It's awesome and not awesome as the same time.
8. Log formatters: redact known dangerous property names
9. Unit tests
10. Sensitive data scanner
11. Sampling (every cases instead of proportions)
12. Log pre-processors such as Vector
13. People

Strategy:

1. Lay the foundation: Developing expectations, culture, and support is a must-have. Define what a secret is. Use structured logs to allow operations on them.
2. Understand the data flow: with the foundation laid, the next best thing to do is to understand and chart out how secrets flow through your system.
3. Protect at chokepoints: CI/CD and App code first, before relying on the loggging library and other operation services.
4. Apply defense-in-depth: data transformation, read-once objects, log formatters in the library, log pre-processors, sensitive scanners, people
5. Plan for response and recovery

(via https://sebsauvage.net/links/?LscYqg)

The method to build software feature by iteration is a mistake long-term.

Carrying over this approach past the learning phase was a mistake.

It is possible to dramatically cut the amount of bugs you introduce in the first place, if you focus on optimizing that (and not just the iteration time)

One super power is bugs can be found while reading the code.

The key is careful, slow reading. What you actually are doing is building the mental model of a program inside your head.

If you are reviewing a PR, don’t review just the diff, review the entire subsystem.

Follow the control flow or stare at the state

RSS feeds can be broken because of

• expired SSL certificates
• timeouts caused by slow servers
• misconfigured firewalls
• servers going down
• change feed URLs
• feed parsing failures
• deleted feeds
• deleted websites

Thoughts on ratelimiting, which can be implemented in different ways depending of the needs.

Help to build microservices as WASM components in Rust.

It can be used to handle HTTP requests for example.

There is a demonstration: https://www.youtube.com/watch?v=UoRfr3Q2R8A

Une introduction à Nix afin de recréer des environnements.

On remarque que Nix évite toute la couche OS de Docker.

Si votre salaire ne suffit qu'à manger et dormir, ce n'est pas un travail, autrefois, on appelait cela de l'esclavage.

v👨‍💻 Le LIDAR est accessible dans l'éditeur ID. Pas vérifié dans #JOSM.

Donc les données d'OpenStreetMap sont enrichies par les . Ainsi il est possible de tracer, corriger ou compléter le tracé de pistes, chemins, cours d'eau qui sont masqués par la végétations. Génial !

C'est une technologie de télédétection par laser permettant, depuis un avion 🛩️, de créer une carte 3D très précise du terrain, même sous la végétation 🌳

(via https://sebsauvage.net/links/?Tt7tQw)

1. Remove social media apps (or completely mute them at the very least)
2. Opt-in instead of opt-out notifications
3. Managing sounds
4. Report telemarketers and robo-calls

They wouldn't use Google Search engine as default for 20 billions per year.

Their marketing values privacy, but this partnership is a on their commitment to privacy.

Take: If Apple really cared about privacy, not only should they choose a different search engine, they should block ads and trackers in Safari by default.

But they don't even if they can do it tomorrow.

Create a CA locally and use it to generate certificates. So it's perfect for local network requests (https, etc...)

One file per project.

Each entry starts with a timestamp and is succinct: one or two sentences. That's it.