dfox (u/dfox) - Readit News

dfox commented on Avoid UUID Version 4 Primary Keys in Postgres andyatkinson.com/avoid-uu... · Posted by u/pil0u

dfox · 11 days ago

> Creating obfuscated values using integers

While that is often neat solution, do not do that by simply XORing the numbers with constant. Use a block cipher in ECB mode (If you want the ID to be short then something like NSA's Speck comes handy here as it can be instantiated with 32 or 48 bit block).

And do not even think about using RC4 for that (I've seen that multiple times), because that is completely equivalent to XORing with constant.

dfox commented on Removing XSLT for a more secure browser developer.chrome.com/docs... · Posted by u/justin-reeves

dfabulich · 2 months ago

Blame Apple and Mozilla, too, then. They all agreed to remove it.

They all agreed because XSLT is extremely unpopular and worse than JS in every way. Performance/bloat? Worse. Security? MUCH worse. Language design? Unimaginably worse.

EDIT: I wrote thousands of lines of XSLT circa 2005. I'm grateful that I'll never do that again.

dfox · 2 months ago

> Security? MUCH worse.

Comparing single-purpose declarative language that is not even really turing-complete with all the ugly hacks needed to make DOM/JS reasonably secure does not make any sense.

Exactly what you can abuse in XSLT (without non-standard extensions) in order to do anything security relevant? (DoS by infinite recursion or memory exhaustion does not count, you can do the same in JS...)

dfox commented on I spent a year making an ASN.1 compiler in D bradley.chatha.dev/blog/d... · Posted by u/BradleyChatha

Keyframe · 2 months ago

I salute your for deep dive into this. History would have it that ASN.1 was already there as both an IDL and serialization format when HTTPS certs were defined. If it were today, would it be the same or would we end up with protobuf or thrift or similar?

dfox · 2 months ago

It is not only that ASN.1 was there before SSL, but even the certificate format was there before SSL. The certificate format comes from X.500, which is the "DAP" part of "LDAP", L as in "Lightweight" in "LDAP" refers mostly to LDAP not using public key certificates for client authentication in contrast to X.500 [1]. Bunch of other related stuff comes from RSA's PKCS series specifications, which also mostly use ASN.1.

1] the somewhat ironic part is that when it was discovered that using just passwords for authentication is not enough, the so called "lighweight" LDAP got arguably more complex that X.500. Same thing happened to SNMP (another IETF protocol using ASN.1) being "Simple" for similar reasons.

dfox commented on Die shots of as many CPUs and other interesting chips as possible commons.wikimedia.org/wik... · Posted by u/uticus

potato-peeler · 2 months ago

Realistically, are these enough to replicate the chips?

dfox · 2 months ago

Mostly no. You do not see the lower layers and for anything sub 1um or so the resolution is too poor anyway.

dfox commented on Burnend alive inside a Tesla as rescuers fail to open the car's door msn.com/en-us/autos/elect... · Posted by u/dsego

gpderetta · 3 months ago

There are crash sensors to trigger air bags, pre-tension seatbelts, cut off the fuel pump and so on. You would think that some engineer must have thought about auto-unlocking doors!

dfox · 3 months ago

The reasoning behind the auto-locking feature is that when the doors are locked it adds to rigidity of the car and thus decreases the likelyhood of the passanger cabin collapsing on the occupants. Auto unlocking the doors would completely defeat the reason for that feature.

The actual mechanism of how the door works as kind of "configurable deformation zone" usually involves somewhat thick steel rod running down the middle of the door that on hinge side abbuts similar strength member in the chasis and on the latch side connects to the latch. The latch has two distinct positions depending on whether the door is just latched or locked and the only latched position is not strong enough to hold the potential impact forces..

dfox commented on Is OOXML Artifically Complex? hsu.cy/2025/09/is-ooxml-a... · Posted by u/firexcy

s20n · 4 months ago

> Why Microsoft’s Motive Wasn’t Deliberate Sabotage

I absolutely do not agree.

Not only is the standard overly complex, Microsoft also indulged in all sorts of unscrupulous activities to corrupt various National Standards Organisations to get it approved through the ISO <https://en.wikipedia.org/wiki/Standardization_of_Office_Open...>, which is clear evidence of malicious intent.

This is a quote from Richard Stallman:

> The specifications document was so long that it would be difficult for anyone else to implement it properly. When the proposed standard was submitted through the usual track, experienced evaluators rejected it for many good reasons. Microsoft responded using a special override procedure in which its money buy the support of many of the voting countries, thus bypassing proper evaluation and demonstrating that ISO can be bought.

dfox · 4 months ago

> The specifications document was so long that it would be difficult for anyone else to implement it properly.

In contrast to ODF specification that is long, complex and written in such a terse way that it really does only specify what is a valid ODF file and not in any way what it means. Good luck implementing that without just copying whatever LibreOffice does.

dfox commented on With AI Boom, Dell's Datacenter Biz Is Finally Bigger Than Its PC Biz nextplatform.com/2025/08/... · Posted by u/rbanffy

pclmulqdq · 4 months ago

I'm still not sure why anyone would buy a dell server. Supposedly xAI buys from them, which probably accounts for this, but it is generally a much more sensible choice to buy from companies that are lower-cost and less focused on selling you "enterprise support" (supermicro et al).

dfox · 4 months ago

My experience with Dell is that they are not that focused on selling enterprise support (at least compared to HPE), at most they will push for bundling hardware (cables, cable trays, front covers, PERC...) that you do not really need in order to get better volume discount.

Price-wise I don't see a meaningful difference between Dell and SuperMicro (or even "non-traditional" server vendors like Asus and Gigabyte).

dfox commented on The day Return became Enter (2023) aresluna.org/the-day-retu... · Posted by u/sohkamyung

rswail · 4 months ago

Why? The use of TTYs for computing interfaces is very different to using them as teletypes on comms links.

I thought the control characters for that sort of use were the DC1-4 characters?

RS-485 uses polling but my understanding is that the characters for polling usually involve like "FF" (hex) and some sort of device ID.

I just read a TTY model 28 manual about the stunt box and I didn't see anything specific about FS/GS/RS there.

How were messages delimited in the polled multidrop environment?

dfox · 4 months ago

Modern protocols running over RS-485 UART usually use some kind of HDLC-inspired framing scheme with flag characters and byte stuffing.

But still there is a lot of stuff that uses ASCII STX/ETX and then some kind of field separators inside otherwise human readable message. Things like industrial scales, industrial barcode readers and what not usually use something like that as default output format.

dfox commented on The day Return became Enter (2023) aresluna.org/the-day-retu... · Posted by u/sohkamyung

kps · 4 months ago

Speaking of overloading and Tab, piling on the ‘next field’ function is an endless source of pain.

dfox · 4 months ago

That is not an overloading, that is just preserving the behavior of Tab on IBM terminals.

dfox commented on F-35 pilot held 50-minute airborne conference call with engineers before crash cnn.com/2025/08/27/us/ala... · Posted by u/Michelangelo11

aidenn0 · 4 months ago

Not being able to do a touch-and-go without crashing afterwards seems like a significant flaw in the aircraft.

Isn't there an arrested-landing equipped version of the F35? Could this same problem happen with a bolter?

dfox · 4 months ago

The mishap involves doing touch-and-go twice with an arrested landing capable version of the aircraft. The report even says that they considered doing arrested landing, but it was deemed as too much risk for the pilot (apparently the actual flight manual of F-35A advises against trying that with non-centered NLG), because the ways how that could go horribly wrong do not allow for safe ejection.