-
Slightly OT, but does this site (tedunangst.com, not lobste.rs) have an archive? I can click “random” to get to random historic posts but that seems a really cumbersome way to read the old articles.
-
(See this article.)
-
-
tedu desktop (1.8MB)
-
-
Oh, hey, soy sauce got mentioned! Some further thoughts from before about wasabi: http://www.tedunangst.com/flak/post/technical-debt-and-tacking-into-the-wind
-
I liked: Other projects use a variety of tools for this, but unfortunately none of them were invented here.
-
Like I said, the UI is terrible. :)
You are adding an exception for that one cert for that one site.
The dialog for adding a new CA cert that is trusted for all sites looks a little different. Click here to see that.
-
I wrote a longer response earlier. There’s a few links to other, mostly negative, responses but I think it’s a good article especially when it sticks to the “cult of the innovators dilemma” vs refuting the book itself.
-
A quick look at the “Newest” section (which I use as “front page”) makes me think he’s referring to someone else.
"Am I submitting too many tedunangst.com posts?"
No, you’re not submitting enough!I like the idea, by the way!
-
Is it me? Am I submitting too many tedunangst.com posts?
An alternative might be to set a threshold for mailing list posts, so you could say “don’t e-mail me until posts have X number of points”.
-
tedu
4 years ago
|
link
| on:
How to tack a command onto the end of a long-running Unix task, halfway through
On BSD, you can do a little better with kqueue to wait for arbitrary processes.
-
-
They could possibly prohibit linking to a twitter account with the same name as an existing keybase account.
This is something of a problem. For example, I’m tedunangst on twitter and tedu on github. I decide to be tedu on keybase. My evil doppelganger decides to impersonate me by signing up as keybase/tedunangst and linking with twitter/tedu and github/tedunangst. How are you to know who’s who?
By artificially imposing some uniqueness constraints, keybase could for example notice that although my keybase name is tedu, my twitter handle is tedunangst. Therefore, they would prohibit creating keybase/tedunangst. Or they would prohibit any account from linking to twitter/tedu. Or both.
There are obviously some land grab/denial of service issues here, but if they’re trying to be my “one true identity”, they need to cut down on aliases and collapse keybase/github/twitter into a single namespace.
-
-
No? I mean, I came up with a better bug that was even more plausibly deniable without even trying.
http://www.tedunangst.com/flak/post/how-to-screw-up-crypto-the-easy-way
To clarify, a broken memcpy of a sha1 hash that only copied four bytes would have been much harder to detect by code inspection, and practically impossible to detect by random fuzzing. But it would have allowed anyone with a few hundred CPU hours to throw at the problem the ability to create a cert with a partial hash collision that ios would verify.
-
That’s cool. Just a shell script to download everything would be handy. That’s actually the hard part for me, finding the link I want. I think there’s a lot of value in a tool that knows where docs are and fetches them. For example, sometimes the OpenBSD pkg for a language includes the website docs and sometimes it doesn’t. I never know if or where they’ll be. I end up keeping six tabs open to various lua/luajit pages and hoping I don’t close one by accident. (there’s another feature request: the lua manual)
I’m particularly interested in this because long ago I couldn’t find a good offline copy of the jquery docs, so I had to make my own. dated link: http://www.tedunangst.com/jquerydocs.html
-
Cool. I think I wrote about a subset of the same problem. It seemed like the logical next step from CRIME. http://www.tedunangst.com/flak/post/improving-csrf-prevention
Related attack that doesn’t even require compression: generate markov chains and search gmail for them. You can check the response length to read somebody’s inbox. Slowly. :)
Here is something that might be of interest then:
http://www.tedunangst.com/flak/post/heartbleed-in-rust