Krzysztof Jurewicz is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

Krzysztof Jurewicz

is a popular wallet, one of the recommended by An elementary and serious issue had been at first not treated seriously on IRC, then ignored for over a month on GitHub (currently over 200 watchers). Apparently Linus’s law is not always working.

According to the creators, browser is not susceptible to / :

“Pale Moon already set the granularity for the performance timers sufficiently course in Oct 2016 when it became clear that this could be used to perform hardware-timing based attacks and fingerprinting.

Pale Moon also, by design, doesn't allow buffer memory to be shared between threads in , so the »SharedArrayBuffer« attack is not possible.”

@rysiek @paco Exactly. By using bare metal you have eliminated an entire class of attacks.

There will be more bugs like this.

Security professionals know this and have known for a long time. Thus my claim it was a standard best practice, albeit one that has costs not everyone could justify.

That math has shifted now, more people will justify the expense. Not all, but more.

From IRC:

22:15 <@MoonchildPM|Away> KrzysiekJ: You may have to write an addendum to the article. They finally got back to me (potentially after having my post show up for them) and there is an extremely bad and fragile workaround possible to make SHA256 signing with their crypto hardware possible that I found out (no thanks to their terrible support and not something discoverable even for tech-minded devs).

Code signing of binaries on will come to an end because signing certificates are practically unavailable to individual developers. The only viable option (Certum, ) uses . Sadly, ignoring the fact that SHA1 has been broken seems to be common in Poland. The market of certificates seems to be highly regulated, yet still the regulation has not prevented this situation occuring.

Federated GitLab? Yes, please…

I run my own GitLab. You run your own GitLab. Your GitLab sends my GitLab a pull request.

How cool would that be?

If you’d like to see that, take a moment to upvote issue #4013:

Since the government of is reported to own 213,519 BTC, it is incentivized to make price raise. Instead of imposing restrictions on trading, it could then, for example, allow paying taxes in BTC. What do you think, @kunev?

Dziś na Weekendzie Kapitalizmu przedstawiłem dwie krótkie prezentacje:

• o , czyli czym zastąpić pracę w kryptowalutach, oszczedząjąc energię i tym samym pieniądze;
• o zdecentralizowanych sieciach społecznościowych (wspomniałem oczywiście o Mastodonie).

Wystąpienie można obejrzeć pod adresem (polecam też inne wystąpienia, drugie, o ochronie środowiska).

is officially flawed in regard to atachments. I’ve attempted to send a ZIP file containing two presentations made in and the server rejected it because the file had containted . I’ve ultimately used Send, though advises senders to send JavaScript files using Google Drive (sic!).

Tomorrow on the Weekend of in I’m going to give a flashtalk about decentralized social networks. Obviously I’m going to mention (and in particular). Where can I find statistics about the whole network / ?

Coca-Cola jakiś czas temu postanowiła najwyraźniej ograniczyć sprzedaż ’a, bo zmniejszyła zawartość cukru (do 2g na 100 ml) i zaczęła dodawać ( K, , DC).

W i Trzech Cytrynach tymczasem wciąż węglowodany (odpowiednio 11,2 i 9,7 g na 100 ml).

Base Directory Specification defines $XDG_DATA_HOME, $XDG_CONFIG_HOME and $XDG_CACHE_HOME to store user-specific: data, config and cache, respectively. The sad reality is however that many packages abuse $XDG_CONFIG_HOME and store data and/or inside that directory. Among them are:


That’s unfortunate especially for cache, as it introduces potential to flood .

@KrzysiekJ I've been bugged by this for as long as I can remember. Standards are agreed upon, then discarded for the sake of convenience. Major browser being less strict is considered a "competitive advantage", as from the nontechnical user's viewpoint, they are the ones that "work" with those sites unlike others.
But there seems to be no adequate way to fight this behavior. Standards can't really be enforced by anyone other than browser creators.

Let’s say that I create a account on my own, private instance (only hypothetically, as I like my current one) and immediately post an introduction. Then:

• Nobody will see the introduction (as initially I will have no followers).
• If I use the search feature, I will see only posts from my own timeline.

How does the model respond to these problems?

I read the warren v. district columbia decision a few days ago and I can't stop thinking about it

If we want to achieve compatibility between , it is important to implement strictly, without non-standard error recovery. For example, someone mistyped backslashes into stylesheet URL on and convert backslashes into slashes, while displays website without any styles (correctly, I presume).

Wg udział Facebooka w ruchu sieciowym generowanym przez sieci społecznościowe spadł w ciągu ostatniego roku o 8% (7 p.p.) na świecie, podczas gdy aż o 20% (16 p.p.) w Polsce. Efekt cenzorskiej polityki portalu?

(Statystyki zapewne nie uwzględniają niektórych portali społecznościowych, ale jednak mogą pokazywać pewien trend).