varx boosted

just heard that the CDC announced that fully vaccinated users are safe to connect to their bank's website without HTTPS

varx boosted

enki's third law: your perception of any group that you are not a part of is based almost entirely on the members of that group that other members find most annoying

varx boosted

@varx meanwhile there’s a proven safe “self driving” car technology that’s been left rotting on the vine by capitalism for years: trains.

Specifically, I'm wondering if a few celebrities getting killed by Teslas might be enough to spur some legislation against self-driving cars and quash the whole thing.

Show thread

I wonder if self-driving cars are going to have a "nuclear safety effect", where the early models are actually dangerous and then by the time safe ones are developed, it's too late -- popular perception is already established.

varx boosted

Seen on Twitter:

CDC just said fully vaccinated infosec engineers can reuse their passwords.

The UN continues to push back against the UK's occupation of the Chagos Islands:

theguardian.com/world/2021/may

I wonder if this will eventually cause disruption to the .io domain space.

...I kind of hope it does.

varx boosted
The virus knows when you're being naughty and punishes you for it by being extra infectious.

https://osf.io/preprints/metaarxiv/d64a8

varx boosted

Mood: Maybe I should just forward this entire code base to the SCP foundation.

varx boosted
varx boosted

Great thread on how to manage a team in order to make it more inclusive and welcoming to women. Yes, it’s sad but all of this is really necessary. Patricia knows what she is talking about. No, we cis men don’t.

twitter.com/pati_gallardo/stat

A decision!

If the ID has to be transformed for use, then IDs become implicitly bound to that transformation; if the protocol changes, old IDs might have to be stored differently from ones generated after the change.

That's enough to tip the balance in favor of simplicity.

Show thread

Downsides:

- Less implementor freedom; maybe in their situation case-sensitivity is always available and they can actually make shorter IDs using base64.
- Chance of incompatible base32 implementations (there are at least two variants).

Upsides:

- Less data stored and copied around for most people.
- If someone needs to unexpectedly move their data from a case-sensitive to a case-insensitive environment, less chance of bugs on move.

Show thread

Protocol design question!

There's an ID field that I *strongly encourage* implementors to generate by base32-encoding 8 random bytes, since that's 1) enough entropy and 2) broadly safe in URLs and filenames.

I could shrink some largish files by 4% if I instead specify that the 8 bytes are just stored as binary, and get base32'd before use.

Is it worth it?

varx boosted

Wow. As we don’t have enough vulnerabilities in open source projects as it is, “researchers” from University of Minnesota introduce more on purpose. To “prove” that it can be done. 🤦‍♂️

Via @rakyll@twitter.com: twitter.com/rakyll/status/1384

varx boosted
varx boosted

listen: prod broke me first. this was simply retaliation

varx boosted

The basic idea is that you prepend a zero byte to the data, then walk through the bytes (starting from the first one) and replace each zero byte with a byte indicating the distance to the next zero byte (or end of data, if you've reached it).

And then you stick a zero on the end to say "this is the end".

There's some additional detail, like chunking into 254 byte pieces when there aren't enough zeroes, and some optimizations, but that's the idea -- the zeroes turn into a linked list. 😁

Show thread

It's a way of adding framing to a stream of byte data so that you end up with an unambiguous sentinel value to mark the end of the stream. You don't have to know how long the stream is in advance, although you do have to be able to look ahead 254 bytes.

What you end up with is a stream of non-zero bytes, ending in a zero byte that means "end of stream".

Show thread
Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.