What are babushka dolls ? Old matryoshka dolls ? 🪆
January 17, 2025 at 5:48 PM
What are babushka dolls ? Old matryoshka dolls ? 🪆
This is very cool! But wouldn't that amplify echo chambers? I fear such a system would encourage me never to change my mind about anything. The things I'm "interested in" are the things I think are important in the world. And maybe I'm wrong about what really is important.
January 6, 2025 at 5:36 PM
This is very cool! But wouldn't that amplify echo chambers? I fear such a system would encourage me never to change my mind about anything. The things I'm "interested in" are the things I think are important in the world. And maybe I'm wrong about what really is important.
Interesting! What are you using it for?
January 6, 2025 at 2:59 PM
Interesting! What are you using it for?
console.log("Is js fun? ", [1] != '1');
January 6, 2025 at 2:50 PM
console.log("Is js fun? ", [1] != '1');
You won't miss any of these security incidents when you switch to another language that does not require "polyfills" 😁
January 6, 2025 at 2:33 PM
You won't miss any of these security incidents when you switch to another language that does not require "polyfills" 😁
Reposted by Lovasoa
That would create legal risk. When I was part of the VeriSign practices group, we pushed to get attempts to crack keys that are in use criminalized in various countries. Not sure how far we succeeded.
I was always a defense in depth guy: use every possible control.
I was always a defense in depth guy: use every possible control.
January 5, 2025 at 4:45 PM
That would create legal risk. When I was part of the VeriSign practices group, we pushed to get attempts to crack keys that are in use criminalized in various countries. Not sure how far we succeeded.
I was always a defense in depth guy: use every possible control.
I was always a defense in depth guy: use every possible control.
Scary! I hope these attempts never succeeded anywhere!
That sounds shortsighted, and a good way to ensure black hats will always have an edge over white hats.
That sounds shortsighted, and a good way to ensure black hats will always have an edge over white hats.
January 5, 2025 at 7:50 PM
Scary! I hope these attempts never succeeded anywhere!
That sounds shortsighted, and a good way to ensure black hats will always have an edge over white hats.
That sounds shortsighted, and a good way to ensure black hats will always have an edge over white hats.
No, I don't think this has ever happened to a root certificate.
Root certs have been compromised before, but never leaked publicly, to my knowledge.
But individual TLS certs for valuable domains have of course leaked before, such as gist.github.com/nstarke/a611...
Root certs have been compromised before, but never leaked publicly, to my knowledge.
But individual TLS certs for valuable domains have of course leaked before, such as gist.github.com/nstarke/a611...
Netgear TLS Private Key Disclosure through Device Firmware Images
Netgear TLS Private Key Disclosure through Device Firmware Images - netgear-private-key-disclosure.md
gist.github.com
January 5, 2025 at 3:05 PM
No, I don't think this has ever happened to a root certificate.
Root certs have been compromised before, but never leaked publicly, to my knowledge.
But individual TLS certs for valuable domains have of course leaked before, such as gist.github.com/nstarke/a611...
Root certs have been compromised before, but never leaked publicly, to my knowledge.
But individual TLS certs for valuable domains have of course leaked before, such as gist.github.com/nstarke/a611...
okay, I understand what you meant. signing request is indeed more secure, but it's also a pain in the ass to use when you don't want to go through a custom third party library to make HTTP requests
January 2, 2025 at 5:40 PM
okay, I understand what you meant. signing request is indeed more secure, but it's also a pain in the ass to use when you don't want to go through a custom third party library to make HTTP requests
Session tokens (access tokens) are more likely to get stolen because they are actively transmitted over the network with each API request. They could leak in logs or in a MITM attack. The attacker would not be able to persist their impersonation because they do not have the refresh token.
January 2, 2025 at 5:34 PM
Session tokens (access tokens) are more likely to get stolen because they are actively transmitted over the network with each API request. They could leak in logs or in a MITM attack. The attacker would not be able to persist their impersonation because they do not have the refresh token.
I'm not sure I follow... Session and refresh tokens do use public key cryptography already. The tokens are signed with the identity provider's private key and verified by applications using the provider's public key. What are you suggesting to use instead?
January 2, 2025 at 5:29 PM
I'm not sure I follow... Session and refresh tokens do use public key cryptography already. The tokens are signed with the identity provider's private key and verified by applications using the provider's public key. What are you suggesting to use instead?
The rust one should probably return an iterator of options ;)
December 20, 2024 at 7:05 PM
The rust one should probably return an iterator of options ;)
I don't know go but is seems like it doesn't do the same thing as the rust and python examples? If there is an odd number of items, the go version returns a tuple with (last, nil) in the end, right?
December 20, 2024 at 6:54 PM
I don't know go but is seems like it doesn't do the same thing as the rust and python examples? If there is an odd number of items, the go version returns a tuple with (last, nil) in the end, right?
That's more like 20 years ago...
December 9, 2024 at 1:43 PM
That's more like 20 years ago...
composable, not compostable, obviously 😁
December 4, 2024 at 8:54 PM
composable, not compostable, obviously 😁
This! This is why I think nocode tools cannot be the future. We need simple code that anyone can understand, and edit visually, but that is still searchable, versionable, compostable, and copy-pastable like true code.
a close up of a man with the words it 's so true below him
ALT: a close up of a man with the words it 's so true below him
media.tenor.com
December 4, 2024 at 8:51 PM
This! This is why I think nocode tools cannot be the future. We need simple code that anyone can understand, and edit visually, but that is still searchable, versionable, compostable, and copy-pastable like true code.