Readit News logoReadit News
nmadden commented on Cloudflare outage on November 18, 2025 post mortem   blog.cloudflare.com/18-no... · Posted by u/eastdakota
groundzeros2015 · a month ago
It’s a feature, not a bug. Assert assumptions and crash on bad one.

Crashing is not an outage. It’s a restart and a stack trace for you to fix.

nmadden · a month ago
> Crashing is not an outage.

Are you in the right thread?

nmadden commented on Report: Tim Cook could step down as Apple CEO 'as soon as next year'   9to5mac.com/2025/11/14/ti... · Posted by u/achow
matwood · a month ago
APP and my AW are instant-replace products if I lose/damage them. The M-series chips have made my MBP the same.

It's hard to say Apple hasn't innovated for both regular consumer and tech enthusiasts.

nmadden · a month ago
MBP = Macbook Pro AW = Apple Watch? What is APP?
nmadden commented on A Brutal Look at Balanced Parentheses, Computing Machines, and Pushdown Automata   raganwald.com/2019/02/14/... · Posted by u/warrenm
praptak · a month ago
That's what I learnt from as part of CS curriculum at MiMUW. Can recommend: https://en.wikipedia.org/wiki/Introduction_to_Automata_Theor...
nmadden · a month ago
Not sure why you're being downvoted for recommending a classic textbook!
nmadden commented on A Brutal Look at Balanced Parentheses, Computing Machines, and Pushdown Automata   raganwald.com/2019/02/14/... · Posted by u/warrenm
userbinator · a month ago
we’ll ask, “What’s the simplest possible computing machine that can recognize balanced parentheses?”

A counter. That's the difference between theory and practice. Because in practice, everything is finite.

nmadden · a month ago
> Because in practice, everything is finite.

Indeed! https://neilmadden.blog/2019/02/24/why-you-really-can-parse-...

Posted by u/nmadden a month ago
Cryptography 101 with Alfred Menezescryptography101.ca...
nmadden commented on Claude Code can debug low-level cryptography   words.filippo.io/claude-d... · Posted by u/Bogdanp
tptacek · 2 months ago
They're not?
nmadden · a month ago
100% reproducible deterministic bugs are absolutely the easiest class of bugs.
nmadden commented on D2: Diagram Scripting Language   d2lang.com/tour/intro/... · Posted by u/benzguo
aidenn0 · 2 months ago
I love D2; I just wish ELK were the default layout engine; it is extremely rare that Dagre does a better job than ELK, and it took me a while using D2 before I discovered the layout-engine property.
nmadden · 2 months ago
The proprietary/commercial TALA engine is really excellent too. I’ve been using it to do complex dataflow diagrams, and the results are so incredibly well laid out.
nmadden commented on A modern approach to preventing CSRF in Go   alexedwards.net/blog/prev... · Posted by u/todsacerdoti
kokada · 2 months ago
If your case is just supporting browsers and not things like curl this seems fine. But when the headers are not set the CSRF protections are "disabled" exactly to support this case, that you may want to do this request using something like curl.
nmadden · 2 months ago
I guess. But it would only impact you if you’re using cookies with curl (I assume the middleware is only applied to requests with cookies?) — and it seems pretty easy to add a -H ‘sec-fetch-site: none’ in that case.
nmadden commented on A modern approach to preventing CSRF in Go   alexedwards.net/blog/prev... · Posted by u/todsacerdoti
nchmy · 2 months ago
I don't understand - the article is literally about origin/Sec-Fetch-Site
nmadden · 2 months ago
The article has a whole section about requiring those headers by forcing the use of TLS 1.3 — the theory being that browsers modern enough to support 1.3 are also modern enough to support the headers. But why not just enforce the headers?
nmadden commented on A modern approach to preventing CSRF in Go   alexedwards.net/blog/prev... · Posted by u/todsacerdoti
nmadden · 2 months ago
Enforcing TLS 1.3 seems like a roundabout way to enforce this. Why not simply block requests that don’t have an Origin/Sec-Fetch-Site header?
n

u/nmadden

KarmaCake day500June 20, 2015
About
Author API Security in Action - https://www.manning.com/books/api-security-in-action

https://neilmadden.blog/about

[ my public key: https://keybase.io/neilmadden; my proof: https://keybase.io/neilmadden/sigs/QfrQtB7H1Ni4rhaFpENFBtqqCd-VYDYXqYHKRfojHnk ]

View Original