Mastodon fixes critical “TootRoot” vulnerability allowing node hijacking | Ars Technica

In all, Mastodon’s Thursday patch batch fixed five vulnerabilities. One of the bugs, tracked as CVE-2023-36459, also carried a critical severity rating. Mastodon’s bare-bones writeup described the flaw as an “XSS through oEmbed preview cards.”

Patched today on moth.social. Safe and sound. 🔒

What does AUTHORIZED_FETCH actually do? | Sunny Garden Hub

Putting this here for reference later.

There seems to be increased interest lately in the Mastodon configuration settings AUTHORIZED_FETCH and the newer and lesser known DISALLOW_UNAUTHENTICATED_API_ACCESS.

The Death Cult of the American Car - The American Prospect

As Emily Badger and Alicia Parlapiano write at The New York Times, back in the mid-1990s, France and America were squarely in the middle of the pack of OECD countries when it came to road fatalities, with both at about 150 deaths per million inhabitants. Since then, France has cut its traffic death rate by over two-thirds, while America’s has only declined by about a tenth. During that time, we have been surpassed by middle-income nations that were formerly much deadlier, like Latvia and Lithuania.

We could do something about it. We choose not to. 😞

A San Francisco library is turning off Wi-Fi at night to keep people without housing from using it - The Verge

Some local residents scoffed at the value of 24/7 online access. “[We] have been presented with NO EVIDENCE that it does anything [to] ‘bridge the digital divide’ as the library claims,” said one email.

Imagine sitting in your climate controlled home, kitchen with plenty to eat, soft bed in the other room, emailing on your labtop that those less fortunate don’t need internet access after 6pm because it really bothers you personally.

OpenAI execs warn of “risk of extinction” from artificial intelligence in new open letter

“Mitigating the risk of extinction from AI should be a global priority alongside other societal-scale risks such as pandemics and nuclear war.”

This is from … checks notes … an AI company. 🤨

Twitter Is a Far-Right Social Network - The Atlantic

Twitter has long been described, even by its most ardent users, as a hellsite. But under Elon Musk, Twitter has evolved into a platform that is indistinguishable from the wastelands of alternative social-media sites such as Truth Social and Parler. It is now a right-wing social network.

Spot on.

Ford CEO came very close to saying the right thing about heavy EV batteries - The Verge

The Rivian R1T truck and R1S SUV run on batteries as large as 135kWh. The Hummer EV’s 212kWh battery is heavier than a Honda Civic.

Its what?!?

Does funding matter for schools? Most studies say yes. - Vox

It finds that when schools get more money, students tend to score better on tests and stay in school longer, at least according to the majority of rigorous studies on the topic.

No kidding. 🤦‍♂️ Education is so vastly underfunded across the board even small increases in money will have a net positive effect. Is there some amount of diminishing returns? Sure. But we are so far from that end of the spectrum one can only hope and dream that would be actually be a problem.

Spotify CEO promises not to ‘overpay’ on podcast deals as Joe Rogan renewal approaches - The Verge

The podcast business isn’t profitable yet,

It’s been years and how many billions ?!?

New Adventures

Today, I am starting a new adventure, no longer working at ThisDot, where I have been for the last three or so years. I am moving on into the Mastodon space. If you have not heard about Mastodon, we will give a post later with all the details. You can expect a lot more Mastodon social posting from me. I am joining Mammoth to really flush out and make the social web a great place for everybody. The precipice is that in 2011 and 2012, there was this idea around Twitter called “nerd Twitter”, where I met many people, made good friends, and networking was frictionless. It was the renaissance of social media. I hope to contribute and make Mastodon, through Mammoth, a pleasant, enjoyable, and positive place for everyone. Everyone should have that experience. I met people who are now very dear friends 10 to 15 years ago on Twitter. In a small community of like-minded interests, we were able to connect and chat openly. It was not a struggle to spend as little time as possible, and we were not bombarded by spam or other things that made it less pleasant. But we will talk about that in another post.

I am also really sad to be leaving the people at ThisDot, whom I have grown to enjoy and cherish my time with over the last three years or so. I have learned an enormous amount about programming, business, the web, and myself. It has been a real chance for growth, and I am very thankful for that opportunity to Tracy and everybody at ThisDot. Look forward to more from me about Mastodon from Mammoth. If you need a Mastodon app, you can get the app at Get mammoth.app. If you need an instance, you can join at moth.social. You can also check me out. I will put my handle in here, and I look forward to catching up with you.

@jtomchak@moth.social

How Disney won the latest battle in Florida governor DeSantis’s culture war - Vox

The new board’s only purview is to maintain roads and other essential infrastructure. The agreement limiting the board’s powers is effective for perpetuity or — should that be successfully challenged in court — at least “until 21 years after the death of the last survivor of the descendants of King Charles III, King of England living as of the date of this Declaration.”

That’s a pretty long time.

After Mass Shootings, Republicans Expand Access to Guns - The New York Times

Right there in the title.

Magazine restrictions could reduce mass killings by AR-15s, but courts must decide - Washington Post

Those magazines are increasingly seen as an area where policy changes could lessen the carnage that has become emblematic of attacks waged with AR-15s and other guns, according to a growing body of research and interviews with experts and law enforcement veterans. An emerging consensus among these experts — and one that has taken hold in some state legislatures — is that mandating smaller magazines would force mass shooters to pause to reload, allowing people to flee or fight back.

Or. And hear me out. Ban personal ownership of guns. You want a gun for hunting? Fine. The process takes longer than filing for a passport, costs several hundred dollars out of pocket, and requires an on going safety training license. The gun will be serialized and registered with the state. An annual registration fee will be required. Failure to keep up on any of the above will result in seizure of the gun and a permanent ban from any and all gun ownership indefinitely. Private injury insurance will also be required. Similar to owning and operating a motor vehicle, which has actual societal value.

City planners are questioning the point of parking garages | Ars Technica

In the coming years, we believe that urban life will rely less and less on providing adequate storage for cars, and the cities of the future will eagerly embrace making urban neighborhoods more inclusive, pedestrian-oriented, and climate friendly.

As someone who lives in an almost exclusive car first city, I look forward to these changes. I will happily turn in my ridiculous SUV for an electric cargo bike. I lived in London for a while and constantly miss the car free lifestyle. Able to hope from bus to bus, read on the tube, and trains to just about anywhere. I was able to get a coffee or sandwich with a short walk. Today it’s get in the car, drive a short distance, park, then get my coffee. Repeat to get home. 😭

WhatsApp: Rather be blocked in UK than weaken security - BBC News

Signal president Meredith Whittaker previously told BBC News it “would absolutely, 100% walk” and stop providing services in the UK if required by the bill to weaken the privacy of its encrypted messaging system.

I would switch over from iMessage to Signal based on this ethos alone.

Learn HTML

This HTML course for web developers provides a solid overview for developers, from novice to expert level HTML. If you’re completely new to HTML, you will learn how to build structurally sound content. If you’ve been building websites for years, this course may fill in gaps in knowledge that you didn’t even know you had.

Absolutely worth it.

What ChatGTP Thinks of Serverside JS

JavaScript has come a long way since it was first introduced as a client-side scripting language for the web. With the introduction of Node.js in 2009, JavaScript has become a popular language for server-side programming as well. While JavaScript on the server has come a long way in the last decade, there are still several issues that need to be addressed.

Firstly, the performance of JavaScript on the server can be a concern, especially for applications that require heavy computation. JavaScript is an interpreted language, which means that it can be slower than compiled languages like Java or C++. However, recent advances in just-in-time (JIT) compilation and other optimizations have improved the performance of JavaScript significantly.

Another issue with JavaScript on the server is its asynchronous and event-driven programming model. While this model can provide better performance and scalability for web applications, it can be difficult for developers to understand and maintain. The use of callbacks and promises can lead to callback hell and make code difficult to read and debug. However, the introduction of async/await in ES2017 has made asynchronous programming in JavaScript more manageable and easier to read.

Security is also a concern when it comes to JavaScript on the server. Unlike client-side JavaScript, which is run in a sandboxed environment in the user’s browser, server-side JavaScript has access to sensitive information and resources. Therefore, it is essential to ensure that the code is written securely and to follow best practices to prevent security vulnerabilities.

Lastly, the lack of a strong type system in JavaScript can make it difficult to write large, complex applications. TypeScript, a superset of JavaScript that adds optional static typing and other features, can help alleviate this problem, but it requires additional tooling and learning curve.

In conclusion, JavaScript on the server has come a long way, and its popularity shows no sign of slowing down. However, developers need to be aware of its limitations and challenges, such as performance, asynchronous programming, security, and the lack of a strong type system. With the right tools and best practices, JavaScript can be a powerful language for server-side development.

These are all cursory details of JS using something like Node on the backend. All of which are factually accurate sure, but don’t really tell a complete story. None of these I would list as concerns when starting a new backend project in JS. Things like cohesion, interoperability with the data layer and other services, and real testability are the real struggles with using JS on the backend. These are the things that developers are going to run into. The obstacles that will slow them down, cause errors/bugs, and require a lot more attention than they really need to. What isn’t really possible in JS as a backend server is:

rails new project
rails g scaffold DataType
rails db:migrate
rails server

And that’s gonna cost you and the other developers a lot of time and effort on maintenance and away from your core business logic. Not really a good trade off.

Twitter experiencing international outages; most users can’t tweet or DM | Ars Technica

Late Wednesday afternoon, Twitter began experiencing international outages, with many users unable to perform basic functions like tweeting, sending direct messages, and following accounts. When Ars reporters attempted to tweet, an error message was generated saying that a daily limit of tweets had been reached, even from accounts that had not tweeted that day. According to Twitter, users typically have to tweet 2,400 times to reach the platform’s daily limit.

Cracks in the damn.

–update seems to be back up back up

Florida schools tell teachers: Hide your books to avoid felony charges - The Washington Post

Manatee County’s January directive, obtained by The Post, says teachers who maintain elementary and secondary classroom libraries must “remove or cover all materials that have not been vetted” in accordance with state law. Going forward, any classroom library books must be “reviewed by a media specialist using the FDOE guidelines” before they are “presented and approved” at a special school meeting and finally “signed off by the principal.” When one teacher emailed Manatee Superintendent Cynthia Saunders with questions and concerns about the directive, Saunders replied that violating the state law on book collection could lead to “a felony of the third degree,” according to a copy of the superintendent’s email obtained by The Post.

Absolutely disgusting.

Netlify Acquires Gatsby, Its Struggling Jamstack Competitor - The New Stack

In any event, now that Gatsby has been gobbled up, it’s clear that Netlify is one of the strongest players in this ecosystem — regardless of whether it’s a Jamstack company or one focused on “composable architectures.” Vercel is now probably its closest competitor, although CDN companies like Fastly and Cloudflare are also successfully mining this space.

It’s tough to be a cloud provider, and it was likely that we’d see a survival of just a few major players as they acquire their less successful competition. It will be interesting to see if niche offerings like Deno Deploy or Fly.io can carve out a sustainable business.

The FAA updates flight system to prevent future outages - The Verge

To help prevent repeat incidents, Reuters says the FAA has implemented a one-hour delay in the time it takes for its databases to synchronize, which is supposed to block any erroneous changes from instantly taking effect in the backup database. The agency also “now requires at least two individuals to be present during the maintenance of the NOTAM system, including one federal manager.”

To ensure this isolated event that has not happened before never happens again we’ve implemented an appropriate over reaction process on top of all the other processes we have in place to ensure other failed events don’t happen again.

OpenAI Might Be Training AI to Replace Some Software Engineers: Report

While OpenAI already has a product called Codex, which can convert natural language into working code, the company’s hiring spree indicates that it’s looking to advance that technology, potentially creating a working replacement for some human coders. 

LOL. Good luck with that. 😂

Appliance makers sad that 50% of customers won’t connect smart appliances

“The challenge is that a consumer doesn’t see the true value that manufacturers see in terms of how that data can help them in the long run. So they don’t really care for spending time to just connect it,” Henry Kim, US director of LG’s smart device division ThinQ, told the Journal.

LG told the Journal that fewer than half of its smart appliances—which represent 80–90 percent of its sold appliances—stay connected to the Internet. Whirlpool reported that “more than half” are connected. Wi-Fi-connected smart appliances may be connected when they’re first set up, but a new Internet provider, router hardware, or Wi-Fi password could take the device offline. And a smart oven is likely to be far down the list of devices to set up again once that happens.

Yeah no kidding. What customer wants to get notifications from their dishwasher or stove? On top of that I don’t want a services subscription to a washing machine I bought. I just want it to wash clothes not tag me on Instagram.

What explains recent tech layoffs, and why should we be worried? | Stanford News

Why are so many tech companies laying people off right now?

The tech industry layoffs are basically an instance of social contagion, in which companies imitate what others are doing. If you look for reasons for why companies do layoffs, the reason is that everybody else is doing it. Layoffs are the result of imitative behavior and are not particularly evidence-based.

I’ve had people say to me that they know layoffs are harmful to company well-being, let alone the well-being of employees, and don’t accomplish much, but everybody is doing layoffs and their board is asking why they aren’t doing layoffs also.

Little evidence based decision making happening across the industry when it comes to layouts. Feels like the same social contagion of a bank run.

So you want to make a new JS framework - daverupert.com

  • You need a library that is different from React, but similar enough that people might actually use it
  • You need say it’s “fast”
  • You need 10 influencers to get hyped about it because it’s “fast”
  • You need a CLI
  • You need a specialized linter/formatter
  • You need a build process

The final note is absolutely 🤌