Show newer

Is there any way to deploy serverless functions so that their code would be publicly available and auditable?
That is, that I (as a consumer of such a function) would know what code actually gets executed when I invoke it. So that I would only have to trust the hosting provider, not the hosting provider _and_ the developer? To somehow know that the developer did not tamper with source code prior to deployment.

sorry kiddo but real love is when you're laying in bed saying nonsense words back and forth to each other

🖥️​ :blobowo:
*Starts typing a message.*

🖥️​ :blobnervous:
"Remote user is typing..."

🖥️​ :blobglare:
*Types faster*

Competitive instant messaging.

Story of Truecrypt

If you remember last decade, you probably remember an enigmatic disk encryption utility Truecrypt. Some strange design choices, an eventual Linux port, a wealth of unheard of features and rather paranoid design features, as well as an unusual license that didn't play nice with Free software norms.

Its developers remained pseudonymous, something not so unusual back then, and didn't interact much except developing Truecrypt.

And then one day the music stopped. A warning noting that the program had flaws, to updated to the latest decrypt only, and migrate data was given that immediately threw off red flags. It was a very obvious sign to do something else with data.

Truecrypt was survived by its volume container format TCRYPT. The program was forked into a few other viable projects including the even more paranoid Veracrypt. Entirely Free software implementations such as tcplay sprung up for operating TCRYPT partitions.

Eventually, after many years, cryptsetup, the mainstream linux encrypted volume support added support for TCRYPT volumes. Truecrypt might be dead and buried, but its container format, with all its features live on.

So why was Truecrypt? As we later came to know, the creator of Truecrypt was unmasked as a mid-level drug trafficker. No better inspiration for writing decent security as if your data is actually at risk. Did the hidden volume actually work? We don't know. But we do know he flipped states witness.

We also know after he flipped, as soon as he was released from prison, he updated Truecrypt telling everyone to abandon the project. He might have given up drug dealers, but he didn't sell out the FOSS community.(also now, cannabis is legal)

je suis tombée sur un traité de la prononciation du français au 19e et j'apprends qu'on genrait certaines lettres au féminin et que le w n'était pas encore là

Every so often I go back and reread this because it's just so satisfying and fascinating:

The corporate doesn't want you to know that Coltech Global Limited (, is sending unsolicited e-mails to addresses scraped from GitHub.

Dear twitter: what is the word for "when searching, being able to picture a lost item in every location you can think to look"?

A feeling which makes you look for you keys in the fridge.

Finally setup my emails in emacs with mu4e and mbsync. This is very very handy, now onto the calendar

i hate that when not having everything backed up i need to fear that if i use certain protocols, like BitTorrent or other P2P or Tor, i am under threat of my computers and disks being taken from me for a few years, there —very much not unheard of— potentially damaged w/ data loss

@mkf jebać polskie drogi, na których ciągle jest szkło

zapodziałam jakiś czas temu przejściówkę do pompowania przedniego koła hulajnogi i wsm nie pompuję żadnego jakoś tak wyszło, do czasu aż znajdę unikam tras ponad 5min, dzisiaj miałam koszmar że przebija mi się opona (tylna) i się lekko kapciowata robi

re: polish police brutality 

they killed another guy, again in Wrocław, this time some Ukrainian guy that was drunk when coming back from the party, wasn't aggressive or anything like that, happened on 31st July (, shorter, non paywalled version

Show thread
Show older
Functional Café

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!