Agreed.
Join me in double-dash em proximates. Shows you manually typed it out with total disregard token count and technical correctness.
Just yesterday I saw Claude.ai use double dashes in its responses for the first time...
Readit Newssudahtigabulan commented on New accounts on HN more likely to use em-dashes marginalia.nu/weird-ai-cr... · Posted by u/todsacerdoti
sudahtigabulan commented on KDE's new Plasma Login Manager is tightly bound to systemd forums.FreeBSD.org/thread... · Posted by u/voxadam
> PAM is indeed a minefield.
I'd not label it such, but as "critical infrastructure". The problem in your case actually was not in PAM but in pacman. For example, apt and yum/dnf checks whether the checksum of the file being changed is different from the original (provided by the package). In standard configuration, apt asks what to do, dnf just puts the file with .rpmnew extension to prevent these kinds of problems.
pacman's "I don't care, this is the new file and I overwrite what I see" is very dangerous behavior.
Pacman does check for changes in configuration files, and adds .pacnew files instead of overwriting them:
sudahtigabulan commented on cURL removes bug bounties etn.se/index.php/nyheter/... · Posted by u/jnord
An entry fee that is reimbursed if the bug turns out to matter would stop this, real quick.
Then again, I once submitted a bug report to my bank, because the login method could be switched from password+pin to pin only, when not logged in, and they closed it as "works as intended", because they had decided that an optional password was more convenient than a required password. (And that's not even getting into the difference between real two-factor authentication the some-factor one-and-a-half-times they had implemented by adding a PIN to a password login.) I've since learned that anything heavily regulated like hospitals and banks will have security procedures catering to compliance, not actual security.
Assuming the host of the bug bounty program is operating in good faith, adding some kind of barrier to entry or punishment for untested entries will weed out submitters acting in bad faith.
> I've since learned that anything heavily regulated like hospitals and banks will have security procedures catering to compliance, not actual security.
Sadly, yeah. And will do anything only if they believe they can actually be caught.
An EU-wide bank I used to be customer of until recently, supported login with Qualified Electronic Signatures, but only if your dongle supports... SHA-1. Mine didn't. It's been deprecated at least a decade ago.
A government-certified identity provider made software that supposedly allowed you to have multiple such electronic signatures plugged in, presenting them in a list, but if one of them happened to be a YubiKey... crash. YubiKey conforms to the same standard as the PIV modules they sold, but the developers made some assumptions beyond the standard. I just wanted their software not to crash while my YubiKey is plugged in. I reported it, and they replied that it's not their problem.
sudahtigabulan commented on I set all 376 Vim options and I'm still a fool evanhahn.com/i-set-all-37... · Posted by u/todsacerdoti
That's because you should've fixed the foundation instead.
For example,
> I frequently opened this by running q: instead of :q, and didn’t know what I had done. Now I know:
But you still haven't fixed the typo-prone keybinds! And you still haven't set up a way to get this information so that next time something unexpected happens you can open your log of commands and see exactly what you've done and decide on the spot if you need to fix it. So you'd need to wait for the next chapter of the "let's read all the manuals" quest to when discover the issue
> Digraphs are an obscure feature for typing obscure characters. For example, you can enter “½” in Insert mode with CTRL-K 1 2. There’s a big list in :digraphs. I don’t use this much, except for typing fractions, but I use this more than I thought I would.
Of course, why would you commit that big list of obscure chars to memory??? The proper interface would be an avoidable visual feedback character picker so that if yo don't remember the "1 2" sequence you can even search for "fractions" But at this point, why bother with a bad vim component when you can invest in a more general symbol input solution and use it in vim and everywhere else.
> But you still haven't fixed the typo-prone keybinds!
Which key bindings are you referring to?
It's not a trap, I promise! Just fishing for ideas.
sudahtigabulan commented on Confer – End to end encrypted AI chat confer.to/... · Posted by u/vednig
Or, he took a barely niché messaging app plugin (OTR), improved it to provide forward secrecy for non-round trips, and deployed the current state-of-the art end-to-end encryption to over 3,000,000,000 users, as Signal isn't the only tool to use double-ratchet E2EE.
>broken SGX metadata protections
Citation needed. Also, SGX is just there to try to verify what the server is doing, including that the server isn't collecting metadata. The real talking is done by the responses to warrants https://signal.org/bigbrother/ where they've been able to hand over only two timestamps of when the user created their account and when they were last seen. If that's not good enough for you, you're better off using Tor-p2p messengers that don't have servers collecting your metadata at all, such as Cwtch or Quiet.
>weak supply chain integrity
You can download the app as an .apk from their website if you don't trust Google Play Store.
>a mandate everyone supply their phone numbers
That's how you combat spam. It sucks but there are very few options outside the corner of Zooko's triangle that has your username look like "4sci35xrhp2d45gbm3qpta7ogfedonuw2mucmc36jxemucd7fmgzj3ad".
>and agree to Apple or Google terms of service to use it?
Yeah that's what happens when you create a phone app for the masses.
>>broken SGX metadata protections
>Citation needed.
https://en.wikipedia.org/wiki/Software_Guard_Extensions#List...
sudahtigabulan commented on Remember when you owned stuff? doctorow.medium.com/https... · Posted by u/7777777phil
Isn’t it ironic that it’s posted on medium?
It looks this way at first glance, but at the end of the article is a link to the original:
> If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
> https://pluralistic.net/2026/01/14/sole-and-despotic/#world-...
This is a case of Publish on your Own Site, Syndicate Elsewhere - https://indieweb.org/POSSE
Deleted Comment
> Maybe I missed something but I don’t know what you’re quoting or paraphrasing.
They're quoting the image's title text. Every xkcd comic has one. On desktop you can see it by hovering over the image. On mobile you generally can't see it. You can go to the mobile subdomain (https://m.xkcd.com/3172// and tap on the image, then it pops up underneath.
Firefox for Android, for one, shows the alt text at the top of the context menu that pops up when you long press an image.
If it's too long, it gets truncated, though.
sudahtigabulan commented on Awk Technical Notes (2023) maximullaris.com/awk_tech... · Posted by u/signa11
Well, sure. I said it did character ranges so you don't have to use fields.
What were you expecting? That your character ranges in ls would match mine?
> What were you expecting? That your character ranges in ls would match mine?
I would expect the command to work in any directory. Try a few different directories on your computer and you'll see that it won't work in some of them.
The proposed solution:
> Instead of loading secrets from a file, you use a wrapper script that fetches secrets from a secure store and injects them as environment variables into your process
Now they sit "on disk" as plaintext, in /proc/self/environ, still readable by any process running as your user.