Pinned toot

I post about technical topics here, especially , , . My other account social.tchncs.de/@WPalant is for German-language non-technical stuff.

Does it have to be binary or will JSON-based do as well? 😀

I've created a bunch of binary formats in the past, but growing up I started to understand the advantages of well-known and human readable container formats with pre-existing parsers - such as XML or JSON.

Wow, somebody blocked me on Mastodon, that's a first. I dared to criticize PGP...

And is indeed beyond saving, I don't see secure communication over email to happen, ever. No way around establishing new protocols for encrypted communication, e.g. .

palant.de/2018/11/12/as-far-as

The scary thing: some products in need of such as password managers are being built on top of because that's supposedly easier to get right. But it's not. Looking at for example, there are definitely better way to do public key crypto.

So here you have the full picture now: doesn't work and never will. Stop recommending it, stop organizing key signing parties, you aren't helping anybody doing that. Just put it to grave instead.

latacora.singles/2019/07/16/th

Wow, so Kazakhstan is now systematically subverting HTTPS encryption? Crazy times...

bugzilla.mozilla.org/show_bug.

Great explanation. Back in 1969 it was easier to go to the moon than to fake the video coverage of the moon landing (and today it's the opposite). Not that this will convince anybody...

youtube.com/watch?v=_loUDS4c3C

Actually, Marco Rogers has a nice thread on why this kind of extreme stereotypes is very harmful.

twitter.com/polotek/status/115

I'm quite relieved that this doesn't apply to me. Even back when my social skills were far worse than they are now - my desktop background was never black. And I make pauses while typing. So I'm not *that* type of engineer.

twitter.com/skirani/status/114

This article by @slooterman@twitter.com explains a lot. Much of the available information on is so bogus that it's hard to understand how somebody who has ever interacted with an autistic person can believe it, much less call it "research." undark.org/2019/07/11/being-au

I think that this is a consequence of the increased volume. With the drastically increased number of questions, most of them will never be seen by anybody once answered. Only few answers will be seen and receive upvotes regularly, this has no impact on the median however.

Eight years ago I created a data query to see which tags attract the most upvotes: meta.stackexchange.com/a/10567. Today I updated that query and the results changed remarkably: essentially, the high end of the scale no longer exists, it's one vote for almost all tags.

In case anybody considered Amazon Echo an exception: no, Google Assistant sends audio recording to the "cloud" and now we know for sure that Google employees can listen in: twitter.com/mikko/status/11490. Big surprise.

If you ask me...

Disclosing six security issues today. Most of these aren't terribly important but demonstrate lack of attention to security-relevant details.

palant.de/2019/07/08/various-r

After some iterating, things look somewhat better now, in particular less cluttered - access keys are indicated by underlining the letter wherever possible. This is how the same screen looks now when pressing the Alt key.

Implemented access keys in , pressing Alt will show you all of them. Access keys have always been a major pain, so this time I decided to choose them automatically - seems to work reasonably well. Only few UI elements will change their access key depending on context.

Actually, combining Unicode property escapes with the heuristic above as fallback is easy enough. So in current Chrome my isLetter() function will use the more correct approach while in Firefox it will be the simple but not quite correct fallback code.

Now I only need some basic heuristic for recognizing vowels and my code should be able to make a usable access key selection automatically.

I think that I'll use the function below - a letter is something that is modified by toUpperCase() or toLowerCase(). This excludes some more exotic letter variants, and it just won't work on scripts like Hebrew or Arabic, but it should do for my use case for now.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.