gemini - kennedy.gemi.dev

💾 Archived View for lists.sh › rss captured on 2022-06-04 at 00:23:31. Gemini links have been rewritten to link to archived content

-=-=-=-=-=-=-

<?xml version="1.0" encoding="UTF-8"?><feed xmlns="http://www.w3.org/2005/Atom">

<title>lists.sh discovery feed</title>

<subtitle>lists.sh latest posts</subtitle>

<name>lists.sh</name>

</author>

<entry>

<title>opensource_games</title>

<id>/polyglot/opensource_games</id>

<content type="text/plain">

=> https://www.beyondallreason.info/ https://www.beyondallreason.info/
=> https://screeps.com/ https://screeps.com/
=> https://endless-sky.github.io/ https://endless-sky.github.io/
=> https://github.com/dividuum/infon https://github.com/dividuum/infon
=> https://www.chiark.greenend.org.uk/~sgtatham/puzzles/ https://www.chiark.greenend.org.uk/~sgtatham/puzzles/
=> https://teeworlds.com/ https://teeworlds.com/

</content>

</entry>

<entry>

<title>crypto_tutorials</title>

<id>/polyglot/crypto_tutorials</id>

<content type="text/plain">

=> https://cryptocurrencyclass.github.io/ https://cryptocurrencyclass.github.io/
=> https://www.youtube.com/watch?v=xwA2TkcAQgQ&list=PL6TbWIxWsLY0VPlese2_z5xDZZ33ZuvV6 https://www.youtube.com/watch?v=xwA2TkcAQgQ&list=PL6TbWIxWsLY0VPlese2_z5xDZZ33ZuvV6

</content>

</entry>

<entry>

<title>2022-06-02-first-post</title>

<id>/vlladdrakk/2022-06-02-first-post</id>

<content type="text/plain">

* first post!!
* from my blackberry classic!

</content>

</entry>

<entry>

<title>bookmark-supply-chain-security</title>

<id>/erock/bookmark-supply-chain-security</id>

<content type="text/plain">

=> https://socket.dev https://socket.dev
=> https://www.sigstore.dev https://www.sigstore.dev
=> https://in-toto.io https://in-toto.io
=> https://theupdateframework.io https://theupdateframework.io

</content>

</entry>

<entry>

<title>Service Resurrection Attacks</title>

<id>/eke/resurrection-attacks</id>

<content type="text/plain">


## What are the facts?
* A service resurrection attack is when access to a dead service, such as an expired domain or other abandoned resource, grants some degree of access or(or perceived access) to another resource.
* In Maven Central, software packages and related artifacts are organized into namespaces (referred to as groupId).
* The Java convention is to use domain names as part of the namespace.
* Maven Central requires a proof of namespace control in order to register or recover publish access to a namespace.
* There are two types of proof that are currently accepted.
* One type of proof is ability to add a DNS record to the domain.
* Another type of proof is to create a public SCM repository.
* About 80%!o(MISSING)f all new projects use a public SCM URL as the type of proof.
=> https://central.sonatype.org/publish/requirements/coordinates/ Maven Central coordinate reference
* Software packages and related artifacts are published once to Maven Central - they are unable to be altered by publishers after they have been published.

## Why is this important?
* A bad actor may be able to introduce malicious code into other software applications.

### How?
* An SCM organization/account or DNS settings can be modified by a bad actor.
* The bad actor requests and receives publish access to Maven Central by demonstrating proof of namespace control.
* New versions of an existing software packages can be published to that namespace.
* Any software applications which 1) depend on the latest version of the existing software package; and 2) are rebuilt may execute the malicious code.

### Examples
=> https://github.com/manuelstofer/foreach/issues/21 A claimed (but unsubstantiated) takeover in the Javascript / NPM ecosystem.

## Reasons this is not a really big deal
* The risk is generally very low: best practice for Java applications is to specify versions for dependencies. If this is the case, then a newer version of dependencies will not be incorporated into an application.
* Maven Central provides other information, such as PGP signatures, which allows users to validate provenance of software packages they depend on.
* Maven Central provides assertions about control over a namespace and other information about software packages it hosts. But there are no implied guarantees about code quality or suitability to purpose of these packages: it is the responsibility of downstream quality and security toolchains to make this determination.

## What might be done?
* If a revalidation of namespace occurs, Maven Central can make this information readily accessible to downstream quality & security toolchains.
* Maven Central can lock namespaces following a period of inactivity, and require revalidation in order to reuse it. Note this does not prevent a bad actor who controls the namespace from revalidating it.
* Better determine the scope of the problem. For instance, what percentage of packages in Maven Central published in the last 3 years include dependencies without valid, semantic version information? How many revalidations are performed on an annual basis? How many expired domains are associated with active namespaces?

</content>

</entry>

<entry>

<title>Link_Generator</title>

<id>/timw/Link_Generator</id>

<content type="text/plain">

=> https://go.openathens.net/generate/libraryof.michigan.gov/72320862 Link Generator
> https://go.openathens.net/generate/libraryof.michigan.gov/72320862

</content>

</entry>

<entry>

<title>open-source-react-codebases</title>

<id>/erock/open-source-react-codebases</id>

<content type="text/plain">

=> https://github.com/RocketChat/Rocket.Chat https://github.com/RocketChat/Rocket.Chat
=> https://github.com/ProtonMail/WebClients https://github.com/ProtonMail/WebClients
=> https://github.com/pancakeswap/pancake-frontend https://github.com/pancakeswap/pancake-frontend
=> https://github.com/HospitalRun/hospitalrun-frontend https://github.com/HospitalRun/hospitalrun-frontend
=> https://github.com/Automattic/wp-calypso https://github.com/Automattic/wp-calypso
=> https://github.com/keybase/client https://github.com/keybase/client

</content>

</entry>

<entry>

<title>first</title>

<id>/eke/first</id>

<content type="text/plain">


## services
=> gemini://geddit.glv.one gemini://geddit.glv.one
=> gemini://drewdevault.com/cgi-bin/man.sh gemini://drewdevault.com/cgi-bin/man.sh
=> gemini://gemi.dev/cgi-bin/wp.cgi gemini://gemi.dev/cgi-bin/wp.cgi
=> gemini://cryptocrawl.space gemini://cryptocrawl.space
=> gemini://tilde.team/~bqb/awesome-gemini.gmi gemini://tilde.team/~bqb/awesome-gemini.gmi

## fun reading
=> gemini://warmedal.se/~antenna gemini://warmedal.se/~antenna
=> gemini://flounder.online/ gemini://flounder.online/
=> gemini://alex.flounder.online/ gemini://alex.flounder.online/
=> gemini://republic.circumlunar.space/users/flexibeast gemini://republic.circumlunar.space/users/flexibeast
=> gemini://foo.zone gemini://foo.zone
=> gemini://calcuode.com/gmisub-aggregate.gmi gemini://calcuode.com/gmisub-aggregate.gmi
=> gemini://rawtext.club/~sloum/spacewalk.gmi gemini://rawtext.club/~sloum/spacewalk.gmi
=> gemini://gemi.dev/gemlog gemini://gemi.dev/gemlog
=> gemini://medusae.space gemini://medusae.space
=> gemini://review.treeblue.space gemini://review.treeblue.space

## technical
=> gemini://erock.io gemini://erock.io

</content>

<summary type="text/plain">useful or interesting links in the gemiverse</summary>

</entry>

<entry>

<title>pretense</title>

<id>/serious/pretense</id>

<content type="text/plain">

* Prompt. Answer. Repeat sample draw 10000x. How many archetypes can you find after running Doc2Vec & PCA? How many sets are there, and of those, how many are interesting? Within each set, how many are awful pastiche of regurgitated
* opinions that the writers ingested at some primordial time in the womb?
* Basically I'm upset that there's such a thing as the analytical writing section on the GRE.
* The 'Score 6' examples I've seen read like the unhinged ramblings of someone who barely passed AP English Lit. trying to keep it together while forced to manifest barely coherent ideas on some opinion he just read and had two minutes
* to think about. And from this we expect this process we expect that the output is some reliable estimator of the person's analytical abilities and or their writing competencies?
* Awful.

</content>

</entry>

<entry>

<title>vegetables</title>

<id>/m040601/vegetables</id>

<content type="text/plain">

* cabbage
* onions

</content>

</entry>

<entry>

<title>fruits</title>

<id>/m040601/fruits</id>

<content type="text/plain">

* appples
* bananas
* oranges

</content>

</entry>

<entry>

<content type="text/plain">

* BASH(1) General Commands Manual BASH(1)
* NAME
* bash - GNU Bourne-Again SHell
* SYNOPSIS
* bash [options] [command_string | file]
* COPYRIGHT
* Bash is Copyright (C) 1989-2020 by the Free Software Foundation, Inc.
* DESCRIPTION
* Bash is an sh-compatible command language interpreter that executes
* commands read from the standard input or from a file. Bash also incor‐
* porates useful features from the Korn and C shells (ksh and csh).
* Bash is intended to be a conformant implementation of the Shell and
* Utilities portion of the IEEE POSIX specification (IEEE Standard
* 1003.1). Bash can be configured to be POSIX-conformant by default.
* OPTIONS
* All of the single-character shell options documented in the description
* of the set builtin command, including -o, can be used as options when
* the shell is invoked. In addition, bash interprets the following op‐
* tions when it is invoked:

</content>

</entry>

<entry>

<title>containers</title>

<id>/polyglot/containers</id>

<content type="text/plain">

* minikube
=> https://cycle.io/platform/ https://cycle.io/platform/
=> https://kind.sigs.k8s.io/ kind for running local Kubernetes clusters using Docker container “nodes”
=> https://k3d.io/v5.4.1/ https://k3d.io/v5.4.1/
=> https://tilt.dev/ good feedback on HN

</content>

</entry>

<entry>

<title>selfishness</title>

<id>/serious/selfishness</id>

<content type="text/plain">

* The default mode network in the brain is apparently that which runs when you're not actively doing anything, thinking about anything, suppressing your desire to do anything, and you're just ... being.
* Generalize that to the default mode behavior of a human, and what kind of taxonomies could you do? Consider some axis of selfish vs. selfless. For the vast majority of humans their DMB is selfishness, with nary a concern for others.
* Whatever they do or say, there's usually some narrow scope of needs they're trying to meet, and the particular thing about those needs is that it is always *theirs* and no one else's.
* People do this subconsciously, unconsciously, and consciously; call this id, ego, superego if you'd like; we'll summarize with F.
* The most benign acts and speech can be broken down by the above two axes, and in so doing we find a density plot almost entirely massed in the [F, Selfish] quadrant. What a picture of humanity that paints. How dull and predictable.

</content>

</entry>

<entry>

<title>math_resources</title>

<id>/polyglot/math_resources</id>

<content type="text/plain">

=> Calculus made easy
=> Unknown Quantity: A Real and Imaginary History of Algebra
=> https://www.amazon.in/Quantity-Real-Imaginary-History-Algebra/dp/0452288533/ref=sr_1_1?crid=FPHS5S9ETR2K&keywords=unknown+quantity&qid=1653457739&sprefix=unknown+quantity%!C(MISSING)aps%!C(MISSING)291&sr=8-1&asin=B00X8EMOPO&revisionId=&format=2&depth=1 https://www.amazon.in/Quantity-Real-Imaginary-History-Algebra/dp/0452288533/ref=sr_1_1?crid=FPHS5S9ETR2K&keywords=unknown+quantity&qid=1653457739&sprefix=unknown+quantity%!C(MISSING)aps%!C(MISSING)291&sr=8-1&asin=B00X8EMOPO&revisionId=&format=2&depth=1
=> brilliant.org brilliant.org

</content>

</entry>

<entry>

<title>multiple-accounts-same-key</title>

<id>/news/multiple-accounts-same-key</id>

<content type="text/plain">

* I'm excited to announce another feature!
* Now users can create as many accounts as they want with the same keypair. There's a special user `new` that when used to ssh into our CMS will send you to the account creation screen.
> ssh new@lists.sh
* If you decide to create mutiple accounts with the same keypair, the only caveat is you'll need to always provide the username of the account you want to use for `ssh` and `scp`.
* Honestly, I'm feeling like at this point we are pretty much feature complete. I imagine I'm going to spend more time using the product than making code changes to it.

</content>

</entry>

<entry>

<title>mpa-frameworks</title>

<id>/erock/mpa-frameworks</id>

<content type="text/plain">

=> https://hotwired.dev https://hotwired.dev
=> https://markojs.com https://markojs.com
=> https://alpinejs.dev https://alpinejs.dev
=> https://htmx.org https://htmx.org
=> https://astro.build https://astro.build
=> https://qwik.builder.io https://qwik.builder.io
=> https://hexdocs.pm/phoenix_live_view/Phoenix.LiveView.html https://hexdocs.pm/phoenix_live_view/Phoenix.LiveView.html

</content>

<summary type="text/plain">alternative approaches to building front-end applications with minimal javascript</summary>

</entry>

<entry>

<title>gemini</title>

<id>/news/gemini</id>

<content type="text/plain">

* I'm excited to announce we have launch gemini support!
=> gemini://lists.sh gemini://lists.sh
* It was always our goal to launch the product with gemini support. Gemini is a new kind of protocol that emphasizes reading and writing documents. It's the perfect blend of readability and ease-of-use.
* If you haven't downloaded a gemini client, I highly recommend it.
=> https://github.com/kr1sp1n/awesome-gemini awesome-gemini

</content>

</entry>

<entry>

<title>lists.sh ❤️ lists</title>

<id>/rubiojr/fav-lists</id>

<content type="text/plain">

=> https://erock.lists.sh/ https://erock.lists.sh/

</content>

</entry>

<entry>

<title>Every day tools (for a computer geek)</title>

<id>/rubiojr/everyday-tools</id>

<content type="text/plain">

=> https://github.com/go-shiori/shiori https://github.com/go-shiori/shiori
=> https://elv.sh https://elv.sh
=> https://starship.rs https://starship.rs
=> https://github.com/junegunn/fzf https://github.com/junegunn/fzf
=> https://neovim.io https://neovim.io
=> https://rclone.org https://rclone.org
=> https://restic.net https://restic.net

</content>

</entry>

<entry>

<title>Hosting services</title>

<id>/rubiojr/hosting</id>

<content type="text/plain">


### New generation
=> https://render.com https://render.com
=> https://fly.io https://fly.io
=> https://www.inngest.com https://www.inngest.com

### Old school
=> https://www.hetzner.com https://www.hetzner.com

</content>

</entry>

<entry>

<content type="text/plain">

* Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed non enim sed odio tempus commodo. Etiam maximus consequat accumsan. Integer convallis sodales efficitur. Vivamus dictum id sem id dictum. Suspendisse molestie ex vel rhoncus viverra. Fusce laoreet leo vel libero ultricies porta. Praesent pharetra eget mauris id eleifend. Nulla pulvinar aliquam porttitor. Suspendisse diam purus, dictum quis metus sit amet, pharetra sagittis elit.
* Phasellus tortor nisi, condimentum sit amet dui quis, sodales aliquet augue. Quisque ut quam vitae quam ultricies iaculis. Quisque vestibulum lacus at nunc ultricies ultrices. Ut a faucibus dui. Morbi convallis nisl eget facilisis efficitur. Aliquam eu dignissim nisi, quis condimentum eros. Nunc pharetra, ex suscipit tempor molestie, lectus tellus egestas erat, semper vestibulum felis velit sit amet mi. Etiam nulla libero, mollis in ultrices fringilla, scelerisque ut lorem.
* Phasellus aliquet eu risus a feugiat. Nam sed turpis mattis orci fermentum pulvinar. Duis mollis purus et cursus tempor. Sed id nulla in nisi ultrices volutpat. Aenean ultrices velit sit amet lectus tincidunt mollis. Curabitur condimentum risus id elit venenatis iaculis. Donec vel nunc ultrices, eleifend lorem quis, feugiat dui. Donec suscipit quam tempus lacinia sollicitudin. Donec ex velit, facilisis in diam at, pretium convallis elit.
* Duis vestibulum feugiat lectus, a tristique nulla elementum eu. In interdum dui vel euismod eleifend. Vestibulum viverra gravida nibh, dapibus imperdiet lorem gravida a. Vestibulum gravida ex quis elit vulputate ultrices. Donec cursus leo ut magna tincidunt, at iaculis elit venenatis. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Maecenas rutrum augue a mi rhoncus varius. Praesent rutrum consequat ex vitae vulputate. Nunc bibendum consequat neque commodo viverra. Nunc eleifend pretium nisi et aliquam. Quisque nisl ante, viverra at maximus ac, mattis ut metus.
* In euismod tempor interdum. Donec pulvinar lectus in efficitur luctus. Aenean sem eros, pharetra et rhoncus sed, ultricies cursus lacus. Suspendisse eu placerat quam. In mattis, sapien pellentesque dapibus rhoncus, quam felis egestas tellus, pulvinar lacinia arcu quam ut tortor. Aliquam dolor sem, varius et suscipit in, vestibulum et felis. Phasellus pretium nec lectus quis consequat. Sed dictum suscipit interdum. Curabitur lobortis nisl pretium fringilla egestas.

</content>

</entry>

<entry>

<content type="text/plain">

* Sunday
* Monday
* Tuesday
* Wednesday
* Thursday
* Friday
* Saturday

</content>

</entry>

<entry>

<id>/antoinetest/days-in-week</id>

<content type="text/plain">

* Sunday
* Monday
* Tuesday
* Wednesday
* Thursday
* Friday
* Saturday

</content>

</entry>

<entry>

<title>Newspaper_Archive</title>

<id>/timw/Newspaper_Archive</id>

<content type="text/plain">

=> https://go.openathens.net/redirector/libraryof.michigan.gov?url=https%!A(MISSING)%!F(MISSING)%!F(MISSING)access.newspaperarchive.com%!F(MISSING) Newspaper Archive
> https://go.openathens.net/redirector/libraryof.michigan.gov?url=https%!A(MISSING)%!F(MISSING)%!F(MISSING)access.newspaperarchive.com%!F(MISSING)

</content>

<summary type="text/plain">Right-click & copy the hotlink below or highlight & copy the address below the hotlink</summary>

</entry>

</feed>