Give your hot takes on American culture & cuisine and you, too, can be ratioed!

I’m really proud of this talk and I hope you’ll watch it. I put care in to making it approachable while still delivering my perspective and insights to security professionals. If you don't get the "why" behind passkeys, this talk will help fill that gap. [2/2] www.youtube.com/watch?v=otOb...

Just upload your creds to GitHub like everybody else does. It would save time and then people wouldn't have to phish you.

I know plenty of people who don't use dev tools who might immediately benefit from this. Maybe I'll start enabling it on their boxes over the next few weeks. 😈

That would be awesome! I wonder if they'd ever add a Misanthrope Mode. Don't notify me about people, but you bet I want a real time alert every time a critter is seen. :)

I don't need to know that the postman walked down the driveway, up the stairs, onto the porch, retrieved a package from his satchel, placed it in front of the door, walked off the porch, down the stairs, .... Just say "Postman left a package at the door." Christ.

A very frequent example: they give tons of extraneous details spanning multiple sentences rather than a succinct "<Bob> entered the house." It's often so long that the iOS lock screen truncates the text and excludes the actual useful details at the end!

The tech is genuinely impressive *when it works*. But G trashed usability in the process because they're trying to use the Nest platform as a "isn't this cool?" tech demo rather than tailoring the experience for a typical residential use case.

And for King County, at least, you can pull up the webcams and watch the verification and tabulation happen live!

kingcounty.gov/en/dept/elec...

Funny. After reading that chart, I have a hankering for some beignets. 🥺

Me, a consummate intellectual: "It is so convenient to schedule the entire household to get vaccinated at the same time!"

Nature: *gleefully rubbing hands together* "Muahahahaha! You fool!"

We've looked into making System.Random be backed by a true CSPRNG, but it's impractical for a variety of reasons. One fatal flaw (among many) is that the Random class uses floating point in all its abstractions, which means any call to Next(...) has inherent bias, regardless of PRNG used.

That said, it's not a huge issue, but people look to Microsoft's docs for best practice and the docs really should be held to a gold standard.

It's not a CSPRNG. We issued a CVE (the number escapes me right now and I don't have email access) for System.Web some months ago due to this exact issue: use of System.Random rather than a true CSPRNG for entropy generation.