1.  

    From https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequently-asked-questions#pgp_broken

    The weaknesses in the underlying OpenPGP standard (specifically, OpenPGP’s lack of mandatory integrity verification) enable one of the attacks given in the paper. Despite its pre-existing weaknesses, OpenPGP can still be used reliably within certain constraints. When using PGP to encrypt or decrypt files at rest, or to verify software with strict signature checking, PGP still behaves according to expectation.

    and further (https://efail.de/):

    Long term: Update OpenPGP and S/MIME standards. The EFAIL attacks exploit flaws and undefined behavior in the MIME, S/MIME, and OpenPGP standards. Therefore, the standards need to be updated, which will take some time.

    (my emphasis)

    1.  

      The author implied that this was a fundamental fault of nuclear-fission based reactors. I might have misunderstood though…

      1.  

        The old Mac game I want to do more work with is ZeroGravity, which also has source. I played that incessantly on my friend’s dad’s Mac Plus in 1988.

        1.  

          A minor, inconsequential quibble in this article: Open Transport was certainly deprecated in 10.4, but wasn’t actually removed until 10.9.

          1.  

            I read this not long after choosing Discord for our game’s public discussion. We chose Discord because the Rust project chose it, and well, it’s pretty.

            I ruled out IRC because it has a number of primitive UI features/missing features. For example, no reactions, and no (out of the box) ability to see chat history from before you connected.

            I ruled out Matrix because it did not appear to have reactions.

            I ruled out Mastodon/ActivityPub because it didn’t have a chatty feel. It was more like twitter.

            1.  

              I agree. It’s also much safe to use a sharp knife, no matter the quality.

              I just LOVE the aesthetic of the Japanese style blades. The wood handle and the thin, textured blade. The few times I’ve tried them out, it was a wonderful vegetable cutting experience.

              1.  

                https://dtmf.io

                takes bitcoin, has a hidden service :)

                1.  

                  Totally reasonable! FWIW, I think they are working on a username-based system that allows them to avoid storing contact lists, which is a novel problem and not exactly easy.

                  1.  

                    The intention of this defaults-heavy API is to make rapid development of simple apps both easy and correct. Look at that list example - looks great! In both cases. On the web with resets, no two implementations of that pattern are going to look the same.

                    Yes, these defaults will bamboozle sometimes. The framework should provide a contextual way to disable them in a subtree when you are doing something specific, like NoDefaults {Custom(); Weird(); Layout() }

                    1.  

                      I would let OWS know; that sounds like a bug.

                      1.  

                        The project that caused me to write TFA has a Google Groups mailing list (phone number required for Google Account to join) that ~none of the members are subscribed to.

                        These days, email has fallen out of fashion. I’m not sure why.

                        1.  

                          Trying to understand Deep Learning with PyTorch for images classification and text generation. Not easy at all, lot of mathematics.

                          1.  

                            This definition sounds a bit circular to me. Software engineering is a skillset, and it allows you to work on large codebases with many others over several years. But the latter is a proxy for the former skillset, because if I asked you, “Why is not Joe here a software engineer?” you’d say, “Because he’s not working on a large codebase with many others over several years.”

                            “But why doesn’t he have a job where he does that, assuming he wants to?”

                            “He doesn’t have the necessary skills.”

                            “What are those skills called?”

                            “Software engineering!”

                            1.  

                              the increase in throughput from Python is pretty breathtaking, at least an order of magnitude and would have been far more if it weren’t constrained by the slowness of svnadmin dump. Some of that was improved optimization of the algorithms – we knocked out one O(n**2) after translation

                              This makes me wonder whether the performance improvement is due to the language or the code refactoring/improvements that happened during the rewrite. In other words, could the speed ups be achieved in python too? I guess that the parallelization and garbage collection is where go shines and those seem to be responsible for the performance bump too.

                              1.  

                                Sorry for the intrusion but what do you mean by “post-technical”? You stopped coding? 🤔

                                1.  

                                  I think certain issues still exist (AFAIK?), but hopefully will be resolved soon.

                                  1.  

                                    Signal currently requires phone numbers for all its users. It does this not because Signal wants to collect contact information for its users, but rather because Signal is allergic to it: using phone numbers means Signal can piggyback on the contact lists users already have, rather than storing those lists on its servers.

                                    On one hand, <mind_blown.gif>. On the other hand, acquiring a phone number anonymously is kind of a bottleneck. US-focused tutorials suggest jumping through a set of hoops to get a Google Voice phone number anonymously (and using Google’s services for anonymity seems… idk, kind of risky?). The set of hoops is manageable, but there’s a lot of tricky parts. I haven’t seen an EU-based guide to an anonymous phone number other than “get somebody else to register the number, dunno, pay a homeless person or something ¯\(ツ)/¯”.

                                    For the contact list piggybacking, email address would work just the same, would allow more anonymous IDs, easily easily replacing IDs or using multiple IDs to compartmentalize, wouldn’t be tied to a particular country, etc.

                                    I thought for a moment it would be less secure as identity confirmation than SMS, but then SMS is not even considered a good 2FA and reliable confirmation code would require a more involved protocol, and the same protocol could be used over email.

                                    Is there something I’m missing here?

                                    1.  

                                      So, I don’t like when foss communities use discord (or slack for that matter) either. However, what you’re describing - creating a new account via tor and then immediately sending the same message with a link to three people - sounds like exactly what most spammers I’ve seen will do. What makes you say it’s an obvious false positive (from the perspective of spam detection software)?

                                      1.  

                                        I bought a fairly cheap but amazing ceramic Chef's Knife and now have stopped using anything else. I am no knife expert but I don’t understand why ceramic knifes aren’t more popular. It seems like better technology.

                                        1.  

                                          I understand that but I barely trust engineers with making good choices when it comes to software, how am I ever going to trust software that handles a nuclear power plant?

                                          And I certainly wouldn’t live near one located in most countries in today’s world.