aditya's recent activity
-
Comment on What programming/technical projects have you been working on? in ~comp
-
You should be reading academic computer science papers
10 votes -
Comment on Ten reasons to live on a boat in ~life
aditya LinkPossibly related: https://git.sr.ht/~rabbits/busydoingnothingPossibly related: https://git.sr.ht/~rabbits/busydoingnothing
-
Comment on "SHA-1 is a Shambles" - A demonstration of a chosen-prefix collision for SHA-1 (2020) in ~comp
aditya Link ParentI suspect they'd also have to compromise the host of the repository to overwrite the existing object in the store. Or operate a malicious mirror I suppose. The colliding object also has to be the...I suspect they'd also have to compromise the host of the repository to overwrite the existing object in the store. Or operate a malicious mirror I suppose. The colliding object also has to be the exact same length. All of that said, Git needed to transition away five years ago.
-
Comment on "SHA-1 is a Shambles" - A demonstration of a chosen-prefix collision for SHA-1 (2020) in ~comp
aditya (edited )Link Parentnit: I think saying Git migrated is an overstatement even today.nit: I think saying Git migrated is
a bit ofan overstatement even today. -
Comment on SolarWinds: The untold story of the boldest supply-chain hack ever in ~tech
aditya LinkSolarWinds introduced Project Trebuchet as a response to this hack where they showed off a more resilient build setup. IIRC, this was the keynote for 2021's Open Source Summit as well. Trebuchet...SolarWinds introduced Project Trebuchet as a response to this hack where they showed off a more resilient build setup. IIRC, this was the keynote for 2021's Open Source Summit as well. Trebuchet uses in-toto attestations for software provenance and reproducible builds semantics to defend against build-time compromises.
The software supply chain security space as a whole as blown up since SUNBURST came to light. The OpenSSF has a bunch of projects and working groups focused on related efforts as does the CNCF. SLSA's a key framework that's grabbed some headlines in recent months with the v1.0 release and so on. I suspect we're some way off from seeing broad adoption of all the new tooling and practices though.
I'm personally very excited about all of this. I'm studying software supply chain security as part of my PhD and I'm one of the maintainers of in-toto.
-
Comment on The Untold Story of the Boldest Supply-Chain Hack Ever in ~comp
-
Comment on Bluesky is Jack Dorsey’s attempt at a Twitter redo and it’s already growing fast in ~tech
-
Comment on Bluesky is Jack Dorsey’s attempt at a Twitter redo and it’s already growing fast in ~tech
aditya LinkI’ve been meaning to check it out. Does anyone have invites?I’ve been meaning to check it out. Does anyone have invites?
-
Comment on Arizona city cuts off a neighborhood’s water supply amid drought in ~enviro
aditya Link ParentNot the original user but usually we just run drinking water through RO filters / "aquaguards". It's common to find something like what's sold here on many Indian kitchen walls. When I go home, I...Not the original user but usually we just run drinking water through RO filters / "aquaguards". It's common to find something like what's sold here on many Indian kitchen walls. When I go home, I need to remember not to drink straight from the tap. I should also note that we didn't use borewells, our city supplied water which also went through some processing on their end. So we didn't use a full blown RO filter. That said, others in the city did have borewells if it was a neighbourhood the city didn't support and so on.
-
Comment on What programming/technical projects have you been working on? in ~comp
aditya LinkI'm working on an open source project which is still in an early prototype phase that embeds access control policies and more in Git repositories. I'm using https://theupdateframework.io/ for...I'm working on an open source project which is still in an early prototype phase that embeds access control policies and more in Git repositories. I'm using https://theupdateframework.io/ for defining policies around who can do what in the repository and validating changes made and pushed to the repo against these policies. I'm curious what others think or have to say about this space!
Edit: I'm working on this as part of my research activities at NYU where I'm a Ph.D. candidate focusing on software supply chain security. TUF is primarily developed and maintained at our lab.
-
Comment on Tildes Game Giveaway Thread: Holiday 2022 in ~games
-
Comment on Tildes Game Giveaway Thread: Holiday 2022 in ~games
-
Comment on The Taxpayers - I Love You Like An Alcoholic (2012) in ~music
aditya LinkI want to point folks to what the artists had to say about the "Henry Turner" from the album title. (I believe he was made up but I find it interesting nonetheless.) "God Forgive These Bastards"...I want to point folks to what the artists had to say about the "Henry Turner" from the album title. (I believe he was made up but I find it interesting nonetheless.)
"God Forgive These Bastards" Songs from the Forgotten Life of Henry Turner by The Taxpayers (2012)
The first time I met Henry Turner I feared for my life. I remember the exact date – February 18th, 2007 – because the day before, a close friend of mine had unsuccessfully attempted to commit suicide in his studio apartment and I'd spent the entire night at the hospital. It was one of those terrible and typical Pacific Northwest winter nights where the rain seemed relentless and the gloom was contagious, and as I waited at a sheltered bus stop on Martin Luther King Jr. Boulevard for the # 6 to arrive, a man approached me for a cigarette.
I shook my head and gave him a half-smile.
“Sorry. I quit a few years back.”
I stuck my head back into the newspaper I was reading, and he took a few steps closer.
“How about a buck and a quarter then? All I need is a dollar and a quarter and I'll have enough for bus fair.”
I shrugged and fumbled around in my pocket.
“I'm using an expired bus transfer myself, but I might have a few extra dimes. It ain't much, but if it helps, it's yours.”
I passed him the change, and when he grabbed it, he ducked down to my level and looked me straight in the eyes.
“Look at me. Does it look like a few extra dimes would help? You think a few extra dimes would do any good to anybody? Take a look at me. I got a rotten heart and a bad shoulder and I ain't slept a good night's sleep in the past ten years, and you wanna know the kicker? I get fuckers like you tossing me their condescending extra dimes.”
He was tall and intimidating, with wild gray hair and deep wrinkle lines all across his face, and his eyes would occasionally roll up into his head, quiver, and then refocus. His thick, wet coat and his tangled beard had bits of crumpled leaves stuck to them, and he carried himself with the strange confidence of an angry and confused lion.
“And the best part about all of this is that I know you're cheating me. And you know what I did to the last bastard that cheated me? “
He paused for a few silent, terrifying seconds.
“I bit his ear off.”
I almost pissed my pants. My brain was telling me, “get up and run”, but my body was frozen in fear, and I sat there shaking in excruciating silence. Sure, maybe he was harmless, but something about the look in his eyes terrified me. I could see the bus approaching from about a quarter of a mile away. I did the math. From that distance, it would be another minute or so before the bus arrived, saving me from certain death. I could try to fight back. But while he was an old man, he was an enormous old man, and anyways, you just can't fight a crazy person. I could run. That was it. I was going to have to get up and run before he sunk his teeth into me, or pulled out a knife, or worse.
Suddenly, he burst into laughter. Not a maniacal laughter, but a booming, good-natured laughter, and his angry eyes became kind and warm. His snarl turned into a crooked smile, and he slapped me on the back like an old friend.
“Aw, I'm just fucking with you, kid. Ain't much for laughs around here. You'll have to forgive me.”
He held out his massive hand for me to shake.
“Henry Turner. Friends call me Hank. How ya doin'?”
I was still petrified. Was this some sort of a trick? Was he going to grab my hand and then snap it off like a tree branch? He looked me over and laughed again, reached into his coat pocket, and pulled out a bus pass.
“Here. This one ain't expired. Go on, take it, I got a whole stack of 'em.”
And with that, the bus pulled up to our stop in the rain, the doors opened with a loud mechanical sigh, and Henry held out both his arms, outstretched, in the direction of the doors.
“After you, kid.”
I didn't realize it at the time, but he was a semi-celebrity around town, although most people wrote him off as just another one of the crazy folks that told rambling, drunken tales - amusing for a few minutes, but best largely avoided. It was true, he had his demons, but he also had a magical brilliant quality to him, and whenever I ran into him around town, I'd end up spending a few hours with him, if for no other reason than to listen to his unbelievable stories. It didn't really matter whether they were true or not, it was the way he told them, with absolute clarity and confidence, no matter how crazy they sounded. Some of it even checked out. He'd often talk about his years playing baseball with Georgia Tech, and the famous play-off game where he pitched a two-hitter in 1979. When I got home, I went on the internet and looked up the Georgia Tech roster from 1979, and there he was. Henry Turner. I'll be damned.
The years went by. I'd leave town for months at a time, but when I came home I could always expect to run into Henry for the latest news and a ridiculous tale. Businesses closed and new ones opened, houses changed ownership, new faces arrived and old ones disappeared, but he was like an ancient marble pillar – unaffected by the changes around him. Or so it seemed. In the winter of 2010, three years after we first met, I ran into Henry on one of the downtown park blocks. He was disheveled and had these crazy eyes, and when he recognized me, he touched me on the shoulder and said something to the effect of, “Gonna go away for a while. You'll hold onto something for me, yeah?”. He reached into his coat pocket, pulled out a huge stack of unused bus passes, thrust them into my hands, and walked away. It was the last time I would see him.
Henry Turner died on March 25th, 2010, a product of years of substance abuse and tough living. If a funeral was held I wasn't aware of it. The news of his death hit me harder than expected, and it sparked an obsession: I began compulsively writing down every outlandish and unbelievable story he'd ever told me, as a sort of tribute. My band started working on an album of songs pertaining to Henry's life. My nights were spent researching everything I could find about the Turner family. I would rant on and on to complete strangers about the whole ordeal. Then slowly, it began to subside. Life went back to normal. Though I never quite forgot about it, my utter entrancement with the Turners faded.
What follows is an amalgamation of the stories Henry told me, as best as I can remember them. I hope I did him justice. There are some embellishments and I took quite a few liberties, but like all good narrators, Henry knew that any story worth telling should be grand, significant, and a little bit false. It's important to note that Henry was no hero, and I'm not trying to romanticize or defend him – as you'll find out, he was a murderer, an abusive husband, an unapologetic addict, and a crook who was haunted by his most awful moments. But he was also at times a tender, loving father, a brave adventurer, and an amazing pitcher, who was surprisingly candid and an absolute charm to listen to. No person can be summed up by their worst actions. And despite his insistence that “forgiveness ain't an inherent human quality”, that's what this whole thing's been about for me: the capacity to forgive someone's most wretched moments.
Ultimately, I think that when Henry was at his best, he was something simple: a kind, strange friend.
Rob Taxpayer
September 17th
12:44 a.m.
Portland, Oregon -
The Taxpayers - I Love You Like An Alcoholic (2012)
2 votes -
Comment on Maybeshewill - Not For Want Of Trying (2008) in ~music
aditya Link ParentHave you played No Man's Sky?Music for an Infinite Universe
Have you played No Man's Sky?
-
Comment on Maybeshewill - Not For Want Of Trying (2008) in ~music
aditya Link ParentYeah, this song was my introduction to the movie!Yeah, this song was my introduction to the movie!
-
It Was A Good Dream - You Left a Letter and a Song (2019)
3 votes -
Comment on Maybeshewill - Not For Want Of Trying (2008) in ~music
aditya Link ParentAll of them are fantastic! I recommend adding Caspian, We Lost The Sea, Sigur Ros to your rotation.All of them are fantastic! I recommend adding Caspian, We Lost The Sea, Sigur Ros to your rotation.
-
Comment on Maybeshewill - Not For Want Of Trying (2008) in ~music
aditya LinkAnother fantastic album. Also love He Films The Clouds Pt. 2. This was also my introduction to Network.Another fantastic album. Also love He Films The Clouds Pt. 2.
This was also my introduction to Network.
I've talked about it before but I've been working on enabling access control (and more) policies within Git repos. We call it gittuf. It implements some prior research as a log of actions performed in the repo to apply policies such as the developers authorized to write to one or more refs, specific files or directories stored in the repo etc.