Database maintenance
Oct. 25th, 2025 08:42 am![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png){kind=small}
mark posting in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png){kind=small}
dw_maintenanceGood morning, afternoon, and evening!
We're doing some database and other light server maintenance this weekend (upgrading the version of MySQL we use in particular, but also probably doing some CDN work.)
I expect all of this to be pretty invisible except for some small "couple of minute" blips as we switch between machines, but there's a chance you will notice something untoward. I'll keep an eye on comments as per usual.
Ta for now!
Books Received, October 18 — October 24
Oct. 25th, 2025 09:20 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
james_davis_nicoll
Eight works new to me. Three fantasies, two horror, two SF, and one hard-to-classify RPG. One of the SF books is pretty horrory, so maybe that should be three fantasies, three horror, one SF, and one hard-to-classify RPG.
Books Received, October 18 — October 24
Poll #33761 Books Received, October 18 — October 24
Open to: Registered Users, detailed results viewable to: All, participants: 43
Which of these look interesting?
View Answers
Abyss by Nicholas Binge (May 2026)
5 (11.6%)
Testimony of Mute Things by Lois McMaster Bujold (October 2025)
24 (55.8%)
Morsel by Carter Keane (April 2026)
3 (7.0%)
The Cove by Claire Rose (May 2026)
5 (11.6%)
Outgunned by Riccardo “Rico” Sirignano & Simone Formicola, with art by Daniela Giubellini (December 2024)
4 (9.3%)
And Side by Side They Wander by Molly Tanzer (May 2026)
16 (37.2%)
Lightning Runes by Harry Turtledove (March 2026)
8 (18.6%)
A Long and Speaking Silence by Nghi Vo (May 2026)
21 (48.8%)
Some other option (see comments)
0 (0.0%)
Cats!
33 (76.7%)
emotional support spinning
Oct. 25th, 2025 08:12 amyhlee(cross-post with more technical details: ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png)
prototypediablerie)
Three-ply yarns where each single is a different wool variety since I was going through and spinning up some samples. Next up will be an experiment in dyeing.
Also, the next owner of this spinning wheel is going to have to live with the aftermarket addition of Warhammer 40,000 base magnets to hold the hecking orifice hook because I keep losing them (and having to DIY new ones out of paper clips - this works quite well and is easy but also, I'm running embarrassingly low on paper clips).
prototypediablerie)Three-ply yarns where each single is a different wool variety since I was going through and spinning up some samples. Next up will be an experiment in dyeing.
Also, the next owner of this spinning wheel is going to have to live with the aftermarket addition of Warhammer 40,000 base magnets to hold the hecking orifice hook because I keep losing them (and having to DIY new ones out of paper clips - this works quite well and is easy but also, I'm running embarrassingly low on paper clips).
Exit Sigil
Oct. 24th, 2025 08:51 pmjames_davis_nicollFrom WOTC: exit their VTT
We have made the difficult decision to end development on Sigil. T
how to draw a tetrapod
Oct. 24th, 2025 10:42 pmfanfhttps://dotat.at/@/2025-10-24-tetrapod.html
Concrete tetrapods are used to dissipate wave energy in coastal defences.
There's a bit of a craze for making tetrapod-shaped things: recently I've seen people making a plush tetrapod and a tetrapod lamp. So I thought it might be fun to model one.
I found a nice way to describe tetrapods that relies on very few arbitrary aesthetic choices.
Click here to play with an animated tetrapod which I made using three.js. (You can see its source code too.)
( Read more... )
Death in the Cards by Mia P. Manansala
Oct. 24th, 2025 08:57 amjames_davis_nicoll
High school student and semi-professional tarot card reader Danika Dizon assists her PI mother to look for a missing person... a teen who vanished after Danika gave her a tarot card reading.
Death in the Cards by Mia P. Manansala
Holy Monkey Bladders! It's Monkey Island™.
Oct. 23rd, 2025 11:10 amarcanetrivia posting in dw_community_promoAhoy there, adventure gamers! monkeyisland is a community for the beloved classic game series Monkey Island, featuring the comedic swashbuckling adventures of the improbably-named Guybrush Threepwood, Mighty Pirate™. Anything about Monkey Island is fair game: your own fanworks (art, fic, videos, games, music, cosplay, memes/silliness, whatever), recs of others' fanworks, livestreams/let's-plays, discussions, news and articles, tips for messing about in the game resources or scripting, requests for hints, screenshots, all that good stuff. If Monkey Island is your jam rum rum and jam (it's an old pirate favorite, everybody knows that), then come on over and have a grog.
monkeyisland is a community for the beloved classic game series Monkey Island, featuring the comedic swashbuckling adventures of the improbably-named Guybrush Threepwood, Mighty Pirate™. Anything about Monkey Island is fair game: your own fanworks (art, fic, videos, games, music, cosplay, memes/silliness, whatever), recs of others' fanworks, livestreams/let's-plays, discussions, news and articles, tips for messing about in the game resources or scripting, requests for hints, screenshots, all that good stuff. If Monkey Island is your New blog post
Oct. 23rd, 2025 01:09 pmswehNew blog post in which I discuss what happened when I broke guidance and asked an interview question about information that can be found in a manpage: https://www.sweharris.org/post/2025-10-23-options-to-ls/
Bundle of Holding: Nightmares Underneath (from 2023)
Oct. 23rd, 2025 11:41 amjames_davis_nicoll
The August 2023 Nightmares Underneath Bundle featuring The Nightmares Underneath, the old-school horror-fantasy tabletop roleplaying game from Chthonstone Games.
Bundle of Holding: Nightmares Underneath (from 2023)
short story rec: Chris Willrich's "A Random Walk through the Goblin Library"
Oct. 23rd, 2025 09:07 amyhleeA Random Walk through the Goblin Library" by Chris Willrich [Beneath Ceaseless Skies]. Superlative fantasy + math short story. I am excited to FINALLY be able to shout about this now that it's published - I had the privilege of reading this in draft and I love it to pieces. :3
therapy spinning, helpy catten edition
Oct. 23rd, 2025 08:51 amyhlee
This one's headed for
helen_keeble. :3(Sorry, I need to source some purple spinning fiber! I'm running low on inherited detash wools and most of what I have is blues or neutrals.)
Cloud was VERY HELPY.
Girl in the Creek by Wendy N. Wagner
Oct. 23rd, 2025 08:51 amjames_davis_nicoll
Faraday, Oregon, seems to have a missing persons problem. Its problem is much worse.
Girl in the Creek by Wendy N. Wagner
Another Repeat Horror/Fantasy Bundle - Nightmares Underneath
Oct. 22nd, 2025 06:20 pmffuturesThis is a repeat of a bundle previously offered in August 2023, featuring "Chthonstone Games horror-fantasy RPG of dungeon incursions from the Realm of Nightmares." which I then described as follows: '...another "old school" fantasy offer in which the idea is to face the adventurers with deadly nightmares, which might be considered 'Monsters from the Id' except that they are real for game purposes and dangerous. But hey, you can kill them and loot their stuff, so maybe it isn't all bad...'
https://bundleofholding.com/presents/25Nightmares 
Last time I went on to say "I'm REALLY not the target audience for this one, I think. I've pretty much given up on straight fantasy RPGs. Other games have done the dream thing before, and in my opinion have done it better. But as usual your opinion may differ." I really don't see any reason to change that.
Back in blue
Oct. 22nd, 2025 05:40 pmrmc28I am very happy to say that I'll be playing for the Cambridge University Huskies this season.
Fixture list (clashes with Kodiaks 2 games in italics)
- 1 Nov 2025 21:00, Cambridge Ice Rink, Oxford Women's Blues
- 15 Nov 2025 23:15, Oxford Ice Rink, Oxford Vikings B
- 22 Nov 2025 20:30, Planet Ice Gosport, Southampton Spitfires B
- 29 Nov 2025 21:00, Cambridge Ice Rink, Birmingham Lions B
- 6 Dec 2025 21:00, Cambridge Ice Rink, Kent Knights
- 24 Jan 2026 21:00, Cambridge Ice Rink, Oxford Vikings B
- 7 Feb 2026 21:15, Planet Ice Solihull, Birmingham Lions B
- 14 Feb 2026 21:15, Oxford Ice Rink, Oxford Womens Blues
- 21 Feb 2026 20:15, Streatham Ice and Leisure, Kent Knights
- 28 Feb 2026 21:00, Cambridge Ice Rink, Southampton Spitfires B
- TBD: Varsity game against Oxford Vikings B
No guarantee I'll be on the squad for any particular game, and Kodiaks 2 will have my priority when there's a clash. But yay, getting to represent my university again.
A Thousand Blues by Cheon Seon-Ran
Oct. 22nd, 2025 08:53 amjames_davis_nicoll
A robot muses contentedly on the events that led it to its rapidly approaching doom.
A Thousand Blues by Cheon Seon-Ran
Wrong kind of leaves
Oct. 22nd, 2025 10:00 amrmc28Latest in a series of silly non-ice-hockey injuries: I came off my bike yesterday evening on the cycle path through the woods between Madingley Road and Storey's Way. I braked suddenly to avoid an oncoming cyclist, the wheels went sideways on the damp leaf mulch, and I ended up on the ground. The other cyclist was able to stop safely, and made sure to check I was ok.
Nothing is broken on me or the bike, but some impressive scrapes to the elbow and knee I landed on. I went home via the co-op and a supply of comfort food, cleaned everything up, and ate the food.
It's all a bit tender this morning, and rather puts the random ice hockey bruises in the shade.
The Eye of Argon by Jim Theis
Oct. 21st, 2025 08:55 amjames_davis_nicoll
The story that began the grand tradition of picking on a teenager's work.
The Eye of Argon by Jim Theis
Finally got a new(er) phone
Oct. 21st, 2025 12:08 pmffuturesHaving been happy with my old iPhone SE (first 2016 version) since 2020 I've had to upgrade because some apps I use quite often will no longer run on it, presumably due to security issues. I need a Lightning connector for my thermal camera, and the most recent iPhones are USB-c, so I got the last iPhone released with a Lightning connector, a 2022 iPhone SE 3rd version - it's an ex-display one from an eBay shop which sells at £154.99 including P&P and appears to be completely unused. They've got a lot of them, if anyone else is interested I can send you a link.
So far I'm pretty happy - it's a bit bigger than I like to carry, but does have the advantage that I can read the screen clearly. Data transfer turned out to be remarkably easy - I've never had two phones or devices that were compatible with Apple's settings transfer thing before, and it really does seem to have gone perfectly without supervision. Not sure yet what I'll do with the old phone - trade-in value is pretty small so I'll probably keep it as a backup for the time being.
And yes, this is yet another lurch into rampant consumerism - I've had to replace my ipad, PC and phone this year and my old Macbook Pro last year - but it's probably keeping someone in work somewhere...
So far I'm pretty happy - it's a bit bigger than I like to carry, but does have the advantage that I can read the screen clearly. Data transfer turned out to be remarkably easy - I've never had two phones or devices that were compatible with Apple's settings transfer thing before, and it really does seem to have gone perfectly without supervision. Not sure yet what I'll do with the old phone - trade-in value is pretty small so I'll probably keep it as a backup for the time being.
And yes, this is yet another lurch into rampant consumerism - I've had to replace my ipad, PC and phone this year and my old Macbook Pro last year - but it's probably keeping someone in work somewhere...
Where are we on X Chat security?
Oct. 20th, 2025 03:45 pmmjg59AWS had an outage today and Signal was unavailable for some users for a while. This has confused some people, including Elon Musk, who are concerned that having a dependency on AWS means that Signal could somehow be compromised by anyone with sufficient influence over AWS (it can't). Which means we're back to the richest man in the world recommending his own "X Chat", saying
Elon is either uninformed about his own product, lying, or both.
As I wrote back in June, X Chat genuinely end-to-end encrypted, but ownership of the keys is complicated. The encryption key is stored using the Juicebox protocol, sharded between multiple backends. Two of these are asserted to be HSM backed - a discussion of the commissioning ceremony was recently posted here. I have not watched the almost 7 hours of video to verify that this was performed correctly, and I also haven't been able to verify that the public keys included in the post were the keys generated during the ceremony, although that may be down to me just not finding the appropriate point in the video (sorry, Twitter's video hosting doesn't appear to have any skip feature and would frequently just sit spinning if I tried to seek to far and I should probably just download them and figure it out but I'm not doing that now). With enough effort it would probably also have been possible to fake the entire thing - I have no reason to believe that this has happened, but it's not externally verifiable.
But let's assume these published public keys are legitimately the ones used in the HSM Juicebox realms[1] and that everything was done correctly. Does that prevent Elon from obtaining your key and decrypting your messages? No.
On startup, the X Chat client makes an API call called GetPublicKeysResult, and the public keys of the realms are returned. Right now when I make that call I get the public keys listed above, so there's at least some indication that I'm going to be communicating with actual HSMs. But what if that API call returned different keys? Could Elon stick a proxy in front of the HSMs and grab a cleartext portion of the key shards? Yes, he absolutely could, and then he'd be able to decrypt your messages.
(I will accept that there is a plausible argument that Elon is telling the truth in that even if you held a gun to his head he's not smart enough to be able to do this himself, but that'd be true even if there were no security whatsoever, so it still says nothing about the security of his product)
The solution to this is remote attestation - a process where the device you're speaking to proves its identity to you. In theory the endpoint could attest that it's an HSM running this specific code, and we could look at the Juicebox repo and verify that it's that code and hasn't been tampered with, and then we'd know that our communication channel was secure. Elon hasn't done that, despite it being table stakes for this sort of thing (Signal uses remote attestation to verify the enclave code used for private contact discovery, for instance, which ensures that the client will refuse to hand over any data until it's verified the identity and state of the enclave). There's no excuse whatsoever to build a new end-to-end encrypted messenger which relies on a network service for security without providing a trustworthy mechanism to verify you're speaking to the real service.
We know how to do this properly. We have done for years. Launching without it is unforgivable.
[1] There are three Juicebox realms overall, one of which doesn't appear to use HSMs, but you need at least two in order to obtain the key so at least part of the key will always be held in HSMs
The messages are fully encrypted with no advertising hooks or strange “AWS dependencies” such that I can’t read your messages even if someone put a gun to my head.
Elon is either uninformed about his own product, lying, or both.
As I wrote back in June, X Chat genuinely end-to-end encrypted, but ownership of the keys is complicated. The encryption key is stored using the Juicebox protocol, sharded between multiple backends. Two of these are asserted to be HSM backed - a discussion of the commissioning ceremony was recently posted here. I have not watched the almost 7 hours of video to verify that this was performed correctly, and I also haven't been able to verify that the public keys included in the post were the keys generated during the ceremony, although that may be down to me just not finding the appropriate point in the video (sorry, Twitter's video hosting doesn't appear to have any skip feature and would frequently just sit spinning if I tried to seek to far and I should probably just download them and figure it out but I'm not doing that now). With enough effort it would probably also have been possible to fake the entire thing - I have no reason to believe that this has happened, but it's not externally verifiable.
But let's assume these published public keys are legitimately the ones used in the HSM Juicebox realms[1] and that everything was done correctly. Does that prevent Elon from obtaining your key and decrypting your messages? No.
On startup, the X Chat client makes an API call called GetPublicKeysResult, and the public keys of the realms are returned. Right now when I make that call I get the public keys listed above, so there's at least some indication that I'm going to be communicating with actual HSMs. But what if that API call returned different keys? Could Elon stick a proxy in front of the HSMs and grab a cleartext portion of the key shards? Yes, he absolutely could, and then he'd be able to decrypt your messages.
(I will accept that there is a plausible argument that Elon is telling the truth in that even if you held a gun to his head he's not smart enough to be able to do this himself, but that'd be true even if there were no security whatsoever, so it still says nothing about the security of his product)
The solution to this is remote attestation - a process where the device you're speaking to proves its identity to you. In theory the endpoint could attest that it's an HSM running this specific code, and we could look at the Juicebox repo and verify that it's that code and hasn't been tampered with, and then we'd know that our communication channel was secure. Elon hasn't done that, despite it being table stakes for this sort of thing (Signal uses remote attestation to verify the enclave code used for private contact discovery, for instance, which ensures that the client will refuse to hand over any data until it's verified the identity and state of the enclave). There's no excuse whatsoever to build a new end-to-end encrypted messenger which relies on a network service for security without providing a trustworthy mechanism to verify you're speaking to the real service.
We know how to do this properly. We have done for years. Launching without it is unforgivable.
[1] There are three Juicebox realms overall, one of which doesn't appear to use HSMs, but you need at least two in order to obtain the key so at least part of the key will always be held in HSMs