Readit News logoReadit News
danielparks commented on There are two types of dishwasher people   theatlantic.com/family/ar... · Posted by u/JumpCrisscross
dfxm12 · 4 months ago
I used to be uptight about how to load the dishwater until I put away a load that was packed by my partner, "like a raccoon on meth", and noticed there wasn't a difference in the cleanliness.

Now I just worry about buying new bowls. Will the bowls fit nicely given pitch and angle of the of the dealies on the rack? The bowls I inherited from my grandmother fit so nicely in any dishwasher I've loaded them into, but now they're starting to crack...

danielparks · 4 months ago
Similarly, I used to stress about loading the dishwasher when I was a teen. I would spend so much time loading it that I have myself a neck ache from leaning over and I could have saved time by washing the dishes by hand.

I still try to be somewhat efficient about loading the dishwasher, but… if I notice myself stressing I just say “screw it”, run it, and wash the rest by hand.

The other thing I’ve realized is that sometimes things don’t get clean if you load them properly. For example, tall glasses that had smoothies in them. It’s a little gross if you don’t notice it until you’re about to use it, but… you can just look at them and wash them by hand when you unload the dishwasher.

I guess this is all to say that sometimes the best optimization is to not think about it too much.

danielparks commented on Show HN: Transductive regular expressions for text editing   github.com/c0stya/trre... · Posted by u/c0nstantine
andrewla · 7 months ago
I feel like this is very underspecified, The very first example:

    $ echo 'cat' | trre 'c:da:ot:g'
    dog
Feels strange. What is happening here; the grammar says

    TRRE    <- TRRE* TRRE|TRRE TRRE.TRRE
    TRRE    <- REGEX REGEX:REGEX
What is the parse tree here? Why is "c" not being replaced with "da"? Or why isn't c being removed and "da" being replaced by "ot"?

I do like the idea of having a search/replace semantic that is more intuitive than grouping operators; back in MS-DOS days you could do "ren .log .txt" and this would work which feels bananas to my modern bash-minded way of thinking, but it's very obvious looking at this what it is supposed to do.

danielparks · 7 months ago
This is a matter of operator precedence and tokenization. Tokens are single characters in this language, and there is an invisible operator between them.

If the operator were explicit (let’s call it ~), the example would look like this:

    $ echo 'cat' | trre 'c:d~a:o~t:g'
    dog
With unnecessary parentheses:

    $ echo 'cat' | trre '(c:d)~(a:o)~(t:g)'
    dog

danielparks commented on Show HN: Transductive regular expressions for text editing   github.com/c0stya/trre... · Posted by u/c0nstantine
danielparks · 7 months ago
Cool, I’m interested to see where you go with this.

I found the operator precedence unnatural, and it looks like a lot of other folks in this thread did too. I would naturally assume `cat:dog` would be equivalent to `(cat):(dog)` rather than `ca(t:d)og`.

danielparks commented on 0-click deanonymization attack targeting Signal, Discord, other platforms   gist.github.com/hackermon... · Posted by u/hackermondev
LWIRVoltage · 7 months ago
Hold on, someone else in this thread noted this does exist

" You can disable the auto-download. Settings > Data and storage > Media auto-download, you can choose what to auto download for mobile data/wifi/roaming."

So, that part is there, but my question is, it's still aissue when they manually download the image, right? Unless something never accepts images from someone they aren't expecting, who 's number or unique created ID has never been seen before

danielparks · 7 months ago
Oh, nice. I looked under Settings > Privacy and didn’t see anything. For me it was under Settings > Data Usage.

Yes, this still an issue if you manually download an attachment, but that’s a lot better than automatically when you open a conversation.

danielparks commented on 0-click deanonymization attack targeting Signal, Discord, other platforms   gist.github.com/hackermon... · Posted by u/hackermondev
gobip · 7 months ago
"Signal instantly dismissed my report"

"Telegram, another privacy-focused application, is completely invulnerable to this attack"

"Discord […] citing this as a Cloudflare issue other consumers are also vulnerable to"

"Cloudflare ended up completing patching the bug"

I wish Signal would react differently. I still remember the bubble color controversy when they changed their mind after the backlash and not before. :-)

danielparks · 7 months ago
I just sent a feature request[1] to Signal with the following text:

    I understand that Signal does not consider this
    https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117 to be
    a valid security bug, but it would be helpful to at least be able to
    mitigate it.

    Please add an option in settings to disable automatically downloading
    attachments.

    That should be enough to change the attack from 0-click (just opening the
    conversation) to 1-click (click the attachment). Most people won’t care
    about this, but for some every little bit of privacy is important.
[1]: https://support.signal.org/hc/en-us/requests/new

danielparks commented on Muxfs – a mirroring, checksumming, and self-healing filesystem layer for OpenBSD   sdadams.org/blog/introduc... · Posted by u/ciprian_craciun
ikiris · 3 years ago
i can't find "zfs" mentioned once in this guy's doc so my first question is... why not?
danielparks · 3 years ago
From the page:

> I decided it was finally time to build a file server to centralize my files and guard them against bit-rot. Although I would have preferred to use OpenBSD due to its straightforward configuration and sane defaults, I was surprised to find that none of the typical NAS filesystems were supported.

OpenBSD does not support ZFS.

danielparks commented on Vijayanagara – The Last Emperors of South India [audio]   podcasts.apple.com/us/pod... · Posted by u/startblue
danielparks · 4 years ago
They also have a YouTube channel that adds images and video to the same audio track. A lot of it is just stock footage, but I like the images of ruins and the renders of what cities might have looked like in the past. It’s especially helpful when they’re discussing artwork.

https://youtube.com/c/FallofCivilizationsPodcast

(This particular episode is not out with images yet.)

danielparks commented on 6 digit OTP for Two Factor Auth (2FA) is brute-forceable in 3 days   lukeplant.me.uk/blog/post... · Posted by u/jago_
ejb999 · 4 years ago
This article is pointless clickbait - what percent of systems don't have some sort of throttling or lockout after X number of bad guesses - damn few I would say. Even the most basic, low budget systems I have developed or worked on have throttling rules in place - many with exponentially increasing timeouts that would prevent this sort of attack.

If a website/system does not implement even the most basic security practices, then there are probably a lot of easier ways to hack into in than trying 100,000+ different passwords in a row.

danielparks · 4 years ago
Given the number of services that turned out to use plaintext or trivial password hashing (e.g. MD5), I would bet there are a bunch of services out there that do not effectively limit OTP attempts.

It’s been a long time since I did any work on a real authentication system — since before TOTP was common, anyway. I appreciated the post and found it interesting.

danielparks commented on Looking into Zig   ayende.com/blog/194404-A/... · Posted by u/GordonS
ksec · 4 years ago
Off Topic:

>He posted a follow up about error handling......

When I was reading the original blog I was thinking if he had any follow up, so I decide to click on archive and the homepage. And this article, somehow doesn't show up in both list. As a matter of fact I couldn't even find how to get to this blog post without your direct linking. Then it turns out it is a "FUTURE POSTS".

How does that work and why? Is this suppose to be some sort of preview before it is officially published?

danielparks · 4 years ago
Yeah, it’s weird. I tried stripping the key= parameter from the link when I commented, but it’s required.

The author posted the link in the comments of the original post.

danielparks commented on Looking into Zig   ayende.com/blog/194404-A/... · Posted by u/GordonS
danielparks · 4 years ago
He posted a follow up about error handling in Zig that I thought was interesting: https://ayende.com/blog/194466-A/looking-into-odin-and-zig-m...

I’ve seen the “clean up errors yourself” argument before, but, like the author, I don’t think it holds water. Often the correct response to errors is to panic() or pass it up the stack so the caller can deal with it or—more likely—panic() itself.

d

u/danielparks

KarmaCake day359January 19, 2011
About
[ my public key: https://keybase.io/danielparks; my proof: https://keybase.io/danielparks/sigs/BAJADmasofogpAm0wjgJvLcXa7d3XZl_4D1CkSMY1Us ]
View Original