Readit News logoReadit News
richardwhiuk commented on Is it possible to allow sideloading and keep users safe?   shkspr.mobi/blog/2025/08/... · Posted by u/ColinWright
creata · 5 hours ago
> it’s hardly reasonable to say that they’re not allowed to use what ever technical options they can to prevent that fraud.

Of course it's reasonable? You can give someone a job and also ask them to do it a certain way.

richardwhiuk · 4 hours ago
It's unreasonable to ask them to do a job, and then tie both their hands behind their back and tell them they have to accept being punched in the stomach and that they should be happy about this.

If you want to tax banks and pay the money directly to fraudsters, I guess that's a model you can aim for.

richardwhiuk commented on Ban me at the IP level if you don't like me   boston.conman.org/2025/08... · Posted by u/classichasclass
throwawayffffas · 6 days ago
> If you ban a residential proxy IP you're likely to impact real users while the bad actor simply switches.

Are you really? How likely do you think is a legit customer/user to be on the same IP as a residential proxy? Sure residential IPS get reused, but you can handle that by making the block last 6-8 hours, or a day or two.

richardwhiuk · 6 days ago
In these days of CGNAT, a residential IP is shared by multiple customers.
richardwhiuk commented on Spending too much time at airports   thezvi.substack.com/p/spe... · Posted by u/nsoonhui
LeafItAlone · 7 days ago
> As a free-market worshipper

Free market in a location owned by the government where the government gets to control who the vendors are and what the customers are allowed to bring in? Thats not a free market to begin with.

richardwhiuk · 7 days ago
Airports usually are privately owned I think?
richardwhiuk commented on Jim Lovell, Apollo 13 commander, has died   nasa.gov/news-release/act... · Posted by u/LorenDB
ColinWright · 23 days ago
I was lucky enough to have met and spent some time with Jim Lovell. An absolute gentleman, and it was a joy to have been in his company.

Ad Astra ...

richardwhiuk · 23 days ago
Per aspera
richardwhiuk commented on Emailing a one-time code is worse than passwords   blog.danielh.cc/blog/pass... · Posted by u/max__dev
sriku · 24 days ago
A while ago, I implemented a signin approach that looks similar to this "send a link/code" mode but (I believe) can't be exploited this way - https://sriku.org/blog/2017/04/29/forget-password/ - appreciate any thoughts on that.

Btw this predates passkeys which should perhaps be the way to go from now on.

richardwhiuk · 24 days ago
One problem is you are requiring users to trust and click on a link in an email which is historically frowned upon. So you are undercutting phishing education.
richardwhiuk commented on We shouldn't have needed lockfiles   tonsky.me/blog/lockfiles/... · Posted by u/tobr
junon · 25 days ago
You should not be editing your cargo.lock file manually. Cargo gives you a first-class way of overriding transitive dependencies.
richardwhiuk · 25 days ago
You can also do cargo update -p
richardwhiuk commented on Project Zero – Policy and Disclosure: 2025 Edition   googleprojectzero.blogspo... · Posted by u/esnard
woodruffw · a month ago
Maybe I don't understand the threat model here: what kind of public-facing services are you running that are simultaneously (1) not already access-limited, and (2) not load-bearing such that they need to be public-facing?

(And to be clear: I see the benefit here. But I'm talking principally about open source projects, not the vendors you're presumably paying.)

richardwhiuk · a month ago
Some companies might be willing to compromise functionality to avoid compromise of their networks.

There's always a usability / functionality vs security tradeoff

richardwhiuk commented on Global hack on Microsoft Sharepoint hits U.S., state agencies, researchers say   washingtonpost.com/techno... · Posted by u/spenvo
bee_rider · a month ago
You used to be able to buy Dells with Linux pre-installed, quite a while ago. Did they stop?
richardwhiuk · a month ago
No, but it's not universal across their range.
richardwhiuk commented on Global hack on Microsoft Sharepoint hits U.S., state agencies, researchers say   washingtonpost.com/techno... · Posted by u/spenvo
pumplekin · a month ago
True. But larger orgs don't buy "random laptops". The trick is to just buy laptops where you know everything works, and the company making them has a commitment to Linux.

Buy your linux laptop fleet from Framework, System76, Starlabs etc and you won't have any problems like that. You might have OTHER problems, but not that one.

richardwhiuk · a month ago
None of those companies have a logistics chain which would at all be suitable for the US federal government.

Even in corporate, there's basically two vendors - Dell, and a distant second Lenovo, with Apple having a foothold in niche usecases.

richardwhiuk commented on lsr: ls with io_uring   rockorager.dev/log/lsr-ls... · Posted by u/mpweiher
Imustaskforhelp · a month ago
Yes I just checked it after installing strace

strace -c ls gave me this

100.00 0.002709 13 198 5 total

strace -c eza gave me this

100.00 0.006125 12 476 48 total

strace -c lsr gave me this

100.00 0.001277 33 38 total

So seeing the number of syscalls in the calls directory

198 : ls

476 : eza

33 : lsr

A meaningful difference indeed!

richardwhiuk · a month ago
That's just observing there is a difference, not explaining why that's a good thing.
r

u/richardwhiuk

KarmaCake day4522October 9, 2012
About
My opinions are my own, and don't represent any employers, past, present or future.

Website: https://www.richardwhiuk.com

View Original