Cool, just bookmarked it.

My blog addresses technical topics and issues, but it might contain occasional non-technical posts (they are “rare”)

I mostly address things that I might be working at a given moment and give some tips and examples on how to do something.

I don’t focus on a single topic, but I write about Security, Python, Decentralization and a few other things.

The RSS feed provides the full articles (I don’t like to bother people and force them to leave their reader app) and you can subscribe only certain topics or categories if you are not interested in all content.

The blog can be found here: https://blog.ovalerio.net

[full disclosure: I’m the Phil referenced; I’m not an SKS maintainer, but did write various wiki pages and do have patches in the codebase]

The attacks causing disks to fill are problems with specific keys breaking reconciliation and triggering transaction failures in BDB, leading to many GB of disk usage by those unable to get the broken key.

On-disk size has gone from around 6GB to 40+GB in the space of a couple of weeks, and that’s what’s knocked a bunch of SKS systems offline, repeatedly. All the decades of cruft is an order of magnitude less disk space than that caused by a couple of keys designed to break SKS.

Also, Kristian is one of the SKS developers, but is not the original developer. He, like everyone else involved, is a volunteer with a day-job unrelated to SKS.

I’ve been on the SKS devel mailing-list for probably 8 years (guess) and I’ve never seen hostility to the idea that SKS should change or to any reasonable proposal for doing so. I’ve seen various levels of resignation and annoyance at (1) people who propose changes without thinking through how to deal with the fundamental SKS reconciliation algorithm; (2) people who make demands that others do work for them, but never contribute patches themselves. The Almighty Designers who sketch out a non-viable proposal and can’t understand why others aren’t prepared to leap to do the work to make their vision a reality.

In stark contrast, in March Andrew Gallagher posted (thread “SKS apocalypse mitigation”) and took on board the points about algorithm and design issues and himself put in the effort to design something which might work. Haven’t seen code yet, but he’s demonstrated how easy it is to get a productive discussion if you’re willing to take account of engineering design constraints; so many before have instead pouted and stomped their feet and said “well that should be fixed”.

Hockeypuck has been around for a few years; it’s gained a little traction, but is not a silver bullet: it peers by using the SKS reconciliation algorithm and what’s needed is a design approach to change how reconciliation happens, not just a different codebase. SKS itself is GPLv2, Hockeypuck is AGPLv3, both are available for folks to work on and propose changes.

Do you by any chance have a MOBI (Or even EPUB) format? Would be nicer to read it from an e-reader.

Last week I started building a WebSub hub in rust, didn’t make as much progress as I wished to. This week on my free time I will continue in this endeavor. I also used to spend a small amount of time maintaining the Hawkpost service each week, this one will not be different.

Nice, I can see myself using this. Search seems to be missing.

This week on my free time (and probably on the following as well), I will try to build a WebSub Hub using rust in order to practice and improve my skills on this language.

Last week I put together the bare bones of page/feed that aggregates information about developer competitions/challenges somewhat related with “dApp” development and blockchain. Link

If any of you know more events that aren’t listed or related sources of information, would appreciate.

This week I should make a few improvements to this page on my free time, will also do a bit of work on some open-source projects I contribute to. So it seems it’s “maintenance week” :P

This week on my free time I will try to build a simple page (with the respective feeds and calendar options) aggregating all the online challenges/competitions related to blockchain, smart-contracts and dApps, that I can find on the web.

The reason I’m doing this is because I think participating in these contests is nice and fun way to learn more about the subject and the different approaches and technologies out there, and still be able to earn some tokens if the thing goes well.

Nice post (or set of posts). Did you get any response from them by now? did you try any other means of communications (other than email)?

It would be nice to have these things solved.

I started using KeePassX several years ago because I needed cross-platform compatibility. It requires more manual work than other options and I don’t have it sync’d with mobile. However, it is also reliable enough to discourage me from switching.

I agree with the author, this is a Gmail issue, even though I’m surprised Netflix doesn’t confirm email addresses upon sign up.

Good, and it is already late. Python 3 at this moment is far superior to 2.7, time to move on.

I’ve been working remotely for a couple of years and there is not much I can say that hasn’t already been said in the previous comments. Nevertheless, I will leave here a recent blog post I wrote last month, about this subject. It is about 3 aspects that I found very important during my short experience.

Here is the blog post: https://blog.ovalerio.net/archives/1352

In my personal setup, multiple “virtual desktops” (workspaces, how he calls them) work like a charm. I’m so used to them, with all the keyboard “shortcuts” that working with a single one is little frustrating.

I wouldn’t consider it “harmful”, different people work differently.

Firefox 59 (current Nightly) has a global off switch per-permission that allows whitelisting specific websites. But what I found most amazing about this, is that it was contributed by volunteer.

The internet is made of people, after all :)

A Merry Christmas to you all

Easy fix: Don’t complain about existing emails, simply convert the signup into a password reset email and if usernames aren’t public don’t complain or even ask for one until a confirmation mail has been received.

Username or Email disclosure can be very bad for privacy.

At the moment I’m reading Mastering blockchain, since I want to understand about how things work under the hood.

wow, when first saw this “post”, I wasn’t expecting this amount of responses. I’m @dethos@s.ovalerio.net btw.