Every time there is another JWS/JWT vulnerability involving “alg“:“none” (like today, lolsob), people focus on the “none” part. But the real problem is the “alg” part.
Finding the hotel room of a target
War dial hotel WiFi login... Room number and last name login.
History of VGA cables and DDC and more
last week i got to witness an engineering department lose a full day’s work because if you put an emoji in a git commit message, Atlassian Bamboo chokes on it forever and you’re forced to rebase master, like you should NEVER DO.
I used the Right-to-Left UTF-8 character
in my info on GitHub. Makes it easy to spot automated emails (and it’s also fun to see UIs importing the data breaking)
A short reading list on voting security
The beginning of Public-key cryptography
“Can the reader say what two numbers multiplied together will produce the number 8616460799? I think it unlikely that anyone but myself will ever know”
-William S Jevons, The Principles of Science, 1874
The data structures were not initialized
/////// Initialize data structures \\\\\\\
Never comment your code. Problem solved.
HOT TAKE on the recent CPU Bugs
You weep over the side channel attacks and you curse Intel. You have the luxury of not knowing what I know; that speculative execution, while dangerous, probably saves cores. And my optimizations, while grotesque and incomprehensible to you, save cores. You don’t want in order execution because deep down in places you don’t talk about at parties, you want the most instructions per cycle.
to increment some counter on the page
node.innerText += 1 doesn’t work (0 → 01 → 011 → ⋯), but node.innerText -= -1 works fine (0 → 1 → 2 → ⋯)
you have been removed for inauthentic behavior
is the last thing you hear when the robots come for you
I ran Cypress (the JS testing tool) exactly one time ever.
Today I noticed that it put 42,471 files in ~/Library/Caches. 41% of all cache files on my machine are from that one launch. The resource consumption of modern programming tools is just reckless.
Time to the first reply literally beginning with the words “who cares“: about one hour.
Common Grammar Mistakes to Avoid
1. LESS/FEWER. This one is really embarrassing. You may think pointing out the difference between these two at every opportunity makes you CLEVER and INTERESTING. In fact, it makes you TEDIOUS.
phone thieves forcing victims at gunpoint to disable “find my iPhone”
My understanding is that “find my iPhone” has measurably reduced phone robberies. This escalation was probably inevitable, but it seems like the feature could probably be engineered to make it more difficult for thieves to force a victim to disable it on the spot.
1857 time table
In order to relieve, in some degree, this anomaly in American railroading, we present the following table of local time, compared with that of Washington, D.C.
I’ve always felt the problem with timezones is that there simply aren’t enough of them.
QuickBooks is an interesting case study in UX
QuickBooks starts so fast that it’s visible in the menu bar before my eyes can get up there. That means that I don’t see the menu bar change, which makes me think that it hasn’t actually finished launching yet. This shows how much I’ve become used to the slowness of web apps.
They tried to do the standard “tech” thing, which is to dumb it down to the lowest common denominator. It failed due to backlash, but only because there’s a huge user base with decades of time using it. New tools don’t have the benefit of that backlash. I’m looking at you, Slack!
Getting started in QuickBooks is annoying and slow. Likewise Vim, Emacs, any Unix shell, or OmniFocus. But if you need these tools then you’ll probably use them for decades. You do a disservice by valuing a 4-hour learning curve in a tool that you’ll spend 20,000 hours in.
“Dear God, remind me again why that CA is trusted?”
Every time I think I’ve seen the worst of the bad behavior by CAs, I find a new low.
Alas, few details.
How VPN Works
As you can see, the straws are perfectly secure.
FIPS mode initialized
Well that’s without doubt the most terrifying warning I’ve received on a terminal.
please don't "distrupt" my dotfiles, tech industry
You know what they say, you install someone’s code on your computer, it’s their computer now.