You don't need WASM to deploy Spectre/Meltdown. Vanilla JS works just fine which is what was demonstrated in the original paper.
Didn't all the major browsers alter their timing APIs to make this impossible/difficult?
Readit NewsDeleted Comment
brobinson commented on API Shouldn't Redirect HTTP to HTTPS jviide.iki.fi/http-redire... · Posted by u/oherrala
After all this chatter, I am considering blocking all outgoing traffic to port 80 in my local firewall
This would prevent my fat fingers from ever even making the mistake.
BLOCK outgoing port 80
How bad would that be? Would I be shooting myself in the foot somehow?
Perhaps I would do it on the egress rule for where my requesting service is running like in ECS.
It would block requests to OCSP responders, for one.
brobinson commented on The best way to have complex discussions? cq2.co/blog/the-best-way-... · Posted by u/anandbaburajan
The best way IMO is still (somehow) a 4chan-style linear timeline, with heavy UI affordances to make following >-ref’s simple. This application (and HN, and Reddit) go with the “threads on threads on threads” tree, which is awful for when you want to respond to a specific subset of replies to the same parent comment at once.
How could it be improved? I say embrace the DAG nature of the beast and allow for selecting a specific set of parent nodes a comment is in reply to, and, importantly, make that set editable so when some other person comes in and replies to a comment with a topic that has already been discussed, you can link your earlier replay to that new parent without needing a “see my reply here” comment.
The 4chanx extension (userscript, run it in violentmonkey or equivalent) lets you nest comments in a chain to make following threads easy while maintaining the overall chronological state of the threads. You can also hide a reply, and it will automatically hide the entire chain of replies to that reply.
brobinson commented on DNS traffic can leak outside the VPN tunnel on Android mullvad.net/en/blog/dns-t... · Posted by u/ementally
it's true.
even bigger nightmare on iOS where 'always-on VPN' can only be configured on devices 'supervised' by an Apple-approved (documented application and telephone call with current employee required) organization's MDM solution—or you otherwise need a Mac to use the Apple Configurator app to even create a Configuration Profile containing the 'always-on VPN' key.
I _think_ iMazing can do what you want: https://imazing.com/configurator
Disclaimer: I've never used this feature. I only use it for backups and copying files to my iPhone.
brobinson commented on The dangers of single line regular expressions greg.molnar.io/blog/the-d... · Posted by u/thunderbong
In my experience `$` does reliably mean end of string for regular expressions, unless you specifically ask for "multiline" mode.
Ruby seems to be in multiline mode all the time?
$ python -c 'import re; print "yes" if re.match(r"^[a-z ]+$", "foobar") else "no"'
yes
$ python -c 'import re; print "yes" if re.match(r"^[a-z ]+$", "foo\nbar") else "no"'
no
$ python -c 'import re; print "yes" if re.match(r"^[a-z ]+$", "foo\nbar", re.M) else "no"'
yes
$ perl -le 'print "foobar" =~ /^[a-z ]+$/ ? "yes" : "no"'
yes
$ perl -le 'print "foo\nbar" =~ /^[a-z ]+$/ ? "yes" : "no"'
no
$ perl -le 'print "foo\nbar" =~ /^[a-z ]+$/m ? "yes" : "no"'
yes
$ node -e 'console.log(/^[a-z ]+$/.test("foobar") ? "yes" : "no")'
yes
$ node -e 'console.log(/^[a-z ]+$/.test("foo\nbar") ? "yes" : "no")'
no
$ node -e 'console.log(/^[a-z ]+$/m.test("foo\nbar") ? "yes" : "no")'
yes
$ ruby -e 'if "foobar" =~ /^[0-9a-z ]+$/i then puts "yes" else puts "no" end'
yes
$ ruby -e 'if "foo\nbar" =~ /^[0-9a-z ]+$/i then puts "yes" else puts "no" end'
yes
https://docs.ruby-lang.org/en/master/Regexp.html#class-Regex...
Note that Ruby also has \z which is what you generally want instead of \Z.
(\Z allows a trailing newline, \z does not)
I remember the default media player that shipped on Windows was absolutely terrible because it could only play a very limited number of file formats, none of which were actually used much by movie files found in the wild. If you wanted to actually play a video, you had to try your luck and choose among several 3p "codec packs" half of which were probably loaded with malware.
People who have always lived in a world with great software like VLC and MPV and ffmpeg underestimate how hard it was to actually play a video file on your computer back in 2000.
K-Lite Mega Codec Pack!
Getting drunk and editing production database to delete mean comments is certainly innovative CEO behavior.
Hah, I saw this:
Steve was not a big fan of authority, so he also liked the idea of a site without editors.
brobinson commented on U.S. students will take the SAT online npr.org/2024/03/05/123589... · Posted by u/lxm
I applied to Canonical a few months back and they made me write an essay describing my high school grades, extracurriculars, and test results. I've never had that experience in any other job app so it's pretty Canonical specific but it does happen.
Imagine you did all of that, received and accepted an offer, and then they made you work on snap. Grim.
I was going to point out that Bitcoin does not use encryption; but technically I think it's signature algorithm (ecdsa) can be thought of as a hashing step, followed by a public-key based encryption step.
So, in the most charitable reading, it using ecliptic curve asymmetric encryption. Presumably for the purpose of exchanging a symmetric key, as asymmetric encryption is very slow. In other words, what basically everything written this decade does. Older stuff would use non EC algorithms, that are still totally fine, but need larger keys and would be vulnerable to quantum computers is those ever become big enough.