Pinned post

It's time!

- ๐Ÿ‡ฎ๐Ÿ‡น geek in his mid-thirties, based in ๐Ÿ‡ณ๐Ÿ‡ฑ

- ๐ŸŽ“ M.Sc in computer engineering.

- My current job is about fixing and automating global supply chains, one line of code at the time, but I have worked in a wide range of industries over the past (nearly) two decades.

- My hobbies often involve automating everything around me.

- :linux: user since 2001. My experience as a Linux admin started back in a time when I used run my IRC and Apache servers on a repurposed Pentium 1 under my bed, and it still took about 10 ๐Ÿ’พ to install a full Slackware system.

- :arch: Linux and rolling release enthusiast.

- ๐Ÿ›  Creator and main developer of (platypush.tech), an open-source (mainly :python: and :vue:), general-purpose platform/framework to automate everything - from smart devices, to cloud services, to robots, to DevOps operations, to everything in between. With hundreds of available integrations, you can think of it as IFTTT+Tasker+SmartThings on steroids, scriptable, and runnable on almost any device. Or maybe like HomeAssistant's lighter brother.

- Admin of social.platypush.tech, a Mastodon instance where I may talk a lot about Platypush, automation, programming, electronics and maths. I tend to write a lot, so if you're looking for an instance with a 10,000 characters per toot limit...

- Looking for relays with instances dedicated to similar topics. My dream would be to build an experience, when it comes to , that is akin to curated lists, where admins can create curated federated experiences for the users on their platforms, rather than the open-to-everything overwhelming stream of toots on the federated timeline that most of the relays provide nowadays.

- ๐Ÿค– Machine-learning enthusiast. I have published a book on it link.springer.com/book/10.1007, with simple computer vision exercises that can be run on a , and I did some academic research back in time where neural networks were still a green field fabiomanganiello.com/#research, and I never stop learning new stuff.

- ๐Ÿงช๏ธ Physics, chemistry, biology, maths and astronomy enthusiast.

- ๐ŸŽต Music addict, ๐ŸŽธand ๐ŸŽน player, and occasional composer/producer You can find some of my music here open.spotify.com/artist/5H6BJf and here soundcloud.com/blacklight01

- I may often write about random politics/economics/philosophy. I may sometimes be very passionate on topics such as open-source, open data, open protocols, tolerance and social inequalities. I mostly belong to the progressive/social-democratic field. You are welcome to try and change my mind, as long as you do it in a civilized and data-driven way.

- ๐Ÿ„ and ๐Ÿ›น๏ธ rider. And, as a good Dutch resident, ๐Ÿšฒ enthusiast.

- ๐Ÿ‘ช Full-time father.

After my article on how to create / -> cross-posting bots, I did an experiment with @crossbot and let it run with ~10 different sources for a couple of weeks.

The idea was definitely successful: I brought with me to the Fediverse all the sources that I wanted to follow, without forcing them to move, and I actually didn't feel the urge to open Twitter/Facebook for "fear of missing out".

But I've realized that one single bot to manage multiple sources isn't ideal. People who may want to follow only some of them are forced to get on their timelines also content that they didn't ask for. Some people did indeed follow crossbot, but many also unfollowed it - probably because it posted too much, too often, and since all the content was coming from the same account it was hard to tell which was the source without actually reading the toot.

So I've decided to split it into multiple bots, one for each of the sources that I'm cross-posting. Feel free to follow any of these bots if you are interested in the content! But please also avoid commenting on their activities (there's no human behind the profile that can react). Instead, favourite/boost/re-share the link if you want to bring the discussion to the "human" sphere.

List of available bots:

- The Economist: @economist_bot
- Quanta Magazine: @quanta_bot
- Nautilus Magazine: @nautilus_bot
- Nature: @nature_bot
- Scientific American: @sciam_bot
- Phys.org: @physorg_bot
- The Gradient: @gradient_bot
- The Hacker News: @hackernews_bot
- Hackernoon: @hackernoon_bot
- IEEE: @ieee_bot
- IoT for All: @iot4all_bot
- Better Programming: @better_programming_bot

Also, feel free to comment on this post if you have any requests for interesting sources that are only available on Twitter/RSS and you'd like to bring here - I may definitely consider making a bot for them.

If a monkey hoarded more bananas than it could eat, while most of the other monkeys starved, scientists would try to figure out what's wrong.

When humans do it we put them on cover of Forbes.

discourages employees from talking about to prevent the risk of being seen as a "hostile work environment".

In other words, you can't openly oppose bigotry, religious narrow-mindedness and people wanting to put their noses in affairs that don't belong to them, because the priority of the company is to "make everybody's ideas feel welcome and respected" rather than sitting on the right side of history.

theverge.com/2022/5/19/2313171

Dear open source users,

If the author of your favorite open source app has announced they stopped developing and supporting the app (because they're frustrated and possibly burned out), please don't suggest they do more free work so that you can continue using the app.
Instead, consider thanking them for their past work and let them know that you enjoyed their app.

Regards,
another open source developer

@blacklight

This is bullshit!
Marcel doesn't deserve this treatment, he is one of the best application developers I know; fairemail, netguard, xprivacy... are indispensable in my day to day life.
It's deplorable, all my contempt to Google.
@EU_Commission @eff @ombudsman

@EU_Commission please do something about this. And @eff please intervene and support the open-source developers who are victims of Google's abuses.

, an open-source email client for that allows you to manage multiple accounts, has been taken down from the Play Store.

Even if its source code is freely available, and both the code and the app's activities have been inspected and audited before being submitted to F-Droid, Google keeps harassing the developer as it considers the app as "spyware", but it refuses to provide ANY details about their findings, or inform the developer on what they are supposed to change to get the app approved again. An appeal request from the developer only resulted in an automatic response from Google.

The developer was advised to appeal to the EU, but (maybe rightfully) he said "what's the point? it's going to take them five years anyway just to come with a decision, and in the meantime my app won't be distributed on the major Android channel, and I'll have no incentive to keep working on it". We, as open-source developers, should NOT end up in this situation. We should NOT have the feeling that the institutions are not protecting us because they're just too slow to intervene or even to understand an issue.

This isn't the first time that harasses open-source developers and gets away with it. Email clients alternative to Gmail, as well as any app that accesses what Google deems "sensitive user data" (including emails, calendar, fit data etc.) will now require an expensive (talking of at least $4500 a year) and intentionally cumbersome certification process, and such a certification needs to be renewed on a yearly basis: pmail.com/newsflash.htm. This will mean the end for most of the alternative apps that support Google services.

This isn't about users' security. Most of these apps are open-source, owned by the community, and regularly audited by F-Droid - a store with far higher security standards than the Play Store.

This is just Google declaring their final war against those who dare to access their email, calendar or maps without using Google's apps. This is Google showing the middle finger to the world and saying "the only way to interact with your email and calendar must be through my apps".

More and more open-source developers are being so discouraged by Google's efforts, requests for money and the Kafkaesque labyrinth that they've set up for appeals that they are pulling their apps and services for good.

This shouldn't happen, and the EU has a duty to defend us against this evil corp, because we can't keep defending ourselves. Enough with all the talk about new EU unicorns: if the EU really wants to battle Google, they should do so by defending an enthusiastic community that is already building the alternatives - often without being paid a single dime, while being regularly harassed by big tech.

forum.xda-developers.com/t/app

officially joins the ranks of evil companies whose sole purpose is to control the whole user experience within their walled gardens and make the life of who build stuff against their sh*t miserable.

libspotify was a way to get Spotify streams into your own application. After all, if you have a premium account, then you should also have a way to play music wherever you like - and that was exactly the job of libspotify.

Except that, if you can play content from whatever device or client you like, then Spotify can't track you that well. They can't force you to swallow whichever "customized content" they created for you. On your client you won't be able to see that horrible "Top 100 Hits" playlist again and again.

So they decided to deprecate libspotify 7 years ago, stopped any active developments and didn't fix it when things were getting broken. Luckily, basic features were *mostly* still working in spite of the deprecation - until now.

About a year ago (twitter.com/BlackLight01/statu) I complained about libspotify getting regularly broken. They responded with "oh, but libspotify has been deprecated for 6 years". I asked them "then please tell me what are the alternatives". They responded with "good question - we don't have any". 6 years after deprecating their only official supported way to stream content in other clients, they didn't have an official alternative.

Now, apparently, they do. The alternative to libspotify is the Web Playback SDK. In other words, they replaced a stand-alone library with a web-based JavaScript framework that only allows you to stream from a browser. Because, of course, things are much easier to control and users much easier to track in a browser.

Do you still have a use-case where you want to play music from your Spotify account in a custom application, or on a custom device - ranging from a Raspberry Pi to a Snapcast server that can be used for multi-room streaming? Well, quote: "Device makers who are interested in integrating Spotify with a commercially available speaker can learn more about integrating Spotify Connect here". In other words, you need to contact them directly and discuss a business deal. Because they treat any use-case that doesn't fall into the web client category as a "custom commercial hardware implementation".

I'm sick of these evil companies treating open-source developers like sh*t. WE are the ones pushing the envelop. WE are the ones expanding their ecosystem. WE are the ones that make sure that Spotify doesn't work only within a walled garden, but that you can stream music from any device you like. WE are the ones implementing stuff that they should have implemented themselves. WE deserve more respect.

Instead, the degenerated oligopoly that rules today's tech world is only interested in making our lives harder, adding more and more barriers, and ensuring that all the interactions with their product only happen within a small garden that they can control.

Spotify, just like Google and Microsoft, now deserves to die and burn in a ball of fire. Piracy should not only be tolerated, but encouraged when these companies behave like jerky gatekeepers.

developer.spotify.com/communit

Data protection: Microsoft 365 banned in Baden-Wรผrttembergโ€™s schools!

As we have seen in BW, in time itโ€™s a likely prediction that more states in Germany and in countries abroad will follow suit and look for a suitable, GDPR compliant solution. Read more!
nextcloud.com/blog/data-protec

Once grasped all the possible characteristics of a fundamental particle (mass, charge, spin, direction and color), and how matter particles interact with one another through force carriers, it feels natural to try and visualize them in a coherent framework.

Except that physicists aren't usually that good at providing intuitive visualizations.

The "periodic table" of the standard model is a good "static" visualization, but it fails to capture how particles interact and transform into one another, and it doesn't distinguish left- vs. right-handed particles, nor it shows the colors of .

The "double " visualization proposed in this article is much more complete, and it even manages to provide an intuitive visualization of which force carriers interact with which particles.

And big kudos to the guys at , who have managed to provide in a 5 minutes read a much more intuitive and complete explanation of the standard model than hundreds of bulky books written on the topic.

quantamagazine.org/a-new-map-o

Arrangement of Round About Midnight on solo classic . Re-arranging standards on solo guitar is almost as fun as playing them with a band!

cloud.fabiomanganiello.com/nex

It took me a while, but I've finally managed to get my working on all of the platypush.tech servers ๐ŸŽ‰

You can now register and login with a single account on:

- The instance (social.platypush.tech)
- The instance (git.platypush.tech)
- The instance (matrix.platypush.tech)

And I've also got it configured on my instance (it was the most painful one to configure), though through a different realm so I won't get random people poking in my personal cloud :)

Things I've learned in the process:

- SSO on your network is amazing! You can also configure WebAuthn over e.g. Yubikey, and you won't have to keep track of tons of different credentials across several services. No Google/Facebook/Microsoft or any third-party SSO solutions required.

- is the most popular and complete solution, but it's unjustifiably heavy. It's maintained by Red Hat, it runs on top of an obese web server like , it takes at least 1 GB of RAM to run, it comes with tons of unintuitive configurations, and it screams "heavyweight enterprise sh*t" from everywhere. Wish there was a more lightweight solution with a less steep learning curve.

Over the past couple of years has, among the other things:

- Kept on going with its campaign of forced evictions of Palestinians from the West Bank, in spite of many calls from humanitarian groups, the UN and even its own allies to stop.

- Indiscriminately beaten up journalists, women and children in the Esplanade of Mosques during the Ramadan.

- Nuked the building where Al Jazeera used to operate.

- Murdered Shireen Abu Aqleh, a senior Al Jazeera journalist, while she was doing her job. Nobody from the Israeli army has so far been fired or prosecuted for this murder. Not even a word of apology has come so far from the Israeli authorities.

- They couldn't even let Shireen have a proper funeral. Even in such a somber moment, the Israeli police couldn't contain the urge of charging the crowd and beating up a bunch of Palestinians.

I'm sick and tired of listening to Israel's justifications. "Oh, they started it"/"Oh, they were throwing stones at us"/"Oh, that building was shielding suspect terrorists so we had to bomb it"/"Oh, we just followed the orders". The imbalance between the two sides when it comes to number of dead and wounded says a very different story. They even took care of making Gaza one of the most densely populated places on earth, and when they bomb a civilian building they even have the guts to say that "Palestinians use civilians as human shields".

If a policeman or a soldier can't calibrate the response to provocation, they probably should do another job. If a government doesn't even bother to police its own police, or gives an order that results in the death of innocent civilians, then its members should go away and find another job.

Israel keeps on murdering journalists, nuking their offices, beating up largely peaceful crowds, evicting people on an ethnic basis, ignoring UN resolutions, apologizing for nothing and blaming others for everything, and it keeps getting away with it.

If we have (rightfully) imposed unprecedented sanctions on Russia after a few weeks into its neo-colonial war in Ukraine, how come are we still best pals with Israel after all the crimes that they have committed against the Palestinians?

Bear I'm mind: I'm very far from being antisemitic. I have many Israeli and Jewish friends and I'm fascinated by their history and traditions. There is a clear distinction between condemning somebody's actions and indiscriminately hating a whole ethnic or religious group. But the Israeli government in the past few years has even made sure to blur the lines between these two very distinct positions. Apparently, you can't criticize what the Israeli police and army do against Palestinians today without being some kind of neo-Nazi. Shame on them, because the only way they've got to deal with criticism is by shifting the blame.

youtube.com/watch?v=WHqytR_y0I

It's better to provide a real-world example understand how dumb the EU's argument for is.

Their argument is basically that they have to implement client-side checks on all the messaging apps to protect children from abuse.

Besides the sheer absurdity of the implementation of client-side checks for *all* the available apps out there, while not reducing people's privacy and not creating a backdoor that malicious actors will be eager to exploit, and besides the macroscopic contradictions in the EU's position (first they called E2E encryption a civic right, then they push for client-side checks on those E2E-encrypted chats), it's appropriate to provide a real-world example.

Most of the domestic abuse doesn't happen online. It happens within the domestic walls.

If we follow the EU's logic, it's therefore appropriate to push everyone with kids in the EU to install surveillance cameras and mics in their homes (you know, to ensure that they don't abuse their kids). Or maybe keep the doors of their houses open so authorities can immediately intervene in case of abuse.

In other words, is it allowed to drastically lower the bar for privacy and security for everyone for the benefit of a minority, without first considering if there are smarter solutions to solve the problems of that minority? Just to name a few: invite parents to pay more attention to what their kids do online, or establish a European emergency line with specialists immediately within reach in case of reports.

Big kudos to the team behind this stunning picture of Sagittarius A*, the supermassive at the center of our galaxy ๐ŸŒŒ

Given the amount of optical distortion and stardust pollution that makes observations of the center of our galaxy tricky, I'm surprised that we've already managed to take a (blurry) picture of this monster with today's state of technology. Taking this picture is like taking the picture of a donut on the moon, but imagine that there's a lot of dust sitting between us and the moon.

And it's another huge win for the theory of general relativity: the shape and mass of this monster confirm what predicted more than a century ago.

public.nrao.edu/news/astronome

There's a common misconception that methods mainly come in two flavours:

1. If you want to run your own servers and network, then you'll have separate services with separate users - therefore you need one set of credentials for each service.

2. If you want to allow and having only one account for all of your services, then you'll have to give a big external authenticator (Google/Facebook/Microsoft/Github etc.) access to your precious services.

After spending a couple of days setting up my server, I'm happy to disprove this misconception.

You can indeed set up your own SSO server, federate it with other sources (LDAP, Kerberos, or even other SSO services like Google/Github), and even federate realms with one another, if you want to create a more granular ACL.

Current state of integrating SSO into the services I run:

โœ… NextCloud (although it was hell and the nextcloud_saml integration is held together with toothpicks)
โœ… Gitlab
โœ…. Mastodon (yes, OpenID Connect finally works!)
โณ Matrix
โณ Main platypush.tech portal

So Platypush web services will soon require you one single account to log into everything ๐ŸŒ

The experience also reminded me why I hate JVM-based applications (come on guys, you can't require a minimum of 1GB of RAM just to run an authentication service, and just for the sake of using heavy smelly enterprise shit like JBoss) and why I hate and I believe that should be the future.

SAML is to OIDC what SOAP is to JSON/REST, or what OpenVPN is to Wireguard: a bloated alternative whose additional overhead and learning curve isn't in any way justified by better features.

@blacklight @tastytea

On "how the protocol handles things" we have serious issues.

โ€œAny decentralized [ecosystem] requires a centralized substrate, and the more decentralized the approach is the more important it is that you can count on the underlying system.โ€

โ€” Byrne Hobart. The Promise and Paradox of Decentralization

discuss.coding.social/t/challe

Lacking people and processes to help 'substrate formation', libraries and SDK's can be part of the answer to motivate people. Address #FOSS dynamics

Some simple numeric examples to make a point that I've been trying to make for a while (although without the extensive amount of examples reported by the author of this article).

There's no way of grouping voters into districts that doesn't introduce distortions.

Sure, some politicians may be tempted to play the card harder than others. Some may purposefully redraw maps in ways that dilute the votes for their opponents. But eventually *any* groupings introduce distortions that can be played by either side.

We often hear that the best solution to districting issues is to have smaller district. But the math easily proves that the distortions are removed only when the size of each district tends to one - i.e. when we get rid of districts entirely.

You just can't be fine-grained locally while being fair globally at the same time.

demodexio.substack.com/p/how-t

โ€™s parent company RELX bills itself as โ€œa global provider of information-based analytics and decision tools for professional and business customersโ€. And Elsevier now brands itself as an "information analytics business" - not as the prestigious publisher of scientific content that they once were.

So not only Elsevier hasn't really brought any innovation to the field since the time when Einstein was in diapers.

Not only their spokesmen come out with sentences like "if you think that information should be open to everyone, go to Wikipedia" that show the real face of these self-entitled jerks who make money publishing somebody else's work.

Living out of the luxury rent that researchers and academia pay to them as the gatekeepers of the industry (almost never reinvested in innovation) isn't enough.

So they feel entitled to make some extra money on the side by collecting and selling to 3rd-parties all the personal information about their readers and publishers, just like any other mediocre ads company would do. And they even call themselves an analytics business nowadays, just to make their mission clear to everyone.

If you are a researcher, boycott Elsevier. Nowadays you can get a lot of visibility also without them. There's plenty of open platforms for researchers to submit their work. And if you are in charge of journal subscriptions in academia, cancel your subscriptions to Elsevier journals. There are many cheaper/free alternatives that provide plenty of value for students and researchers without keeping parasites with no added value alive.

eiko-fried.com/welcome-to-hote

@blacklight the fediverse today reminds me more of 1989 than 1999. In 1999 if you wanted to socialize online, you had an AOL or CompuServe account. In 1989 you dialed into the BBS run by the SysOp you ran into at Radio Shack. And that BBS was a thriving community of local folks, but federated into FidoNet or similar networks. There were enough sysops in every area code that there truly was a BBS for everybody.

Show older
Mastodon

A platform about automation, software architecture, data science and tech.