@atoponce@fosstodon.org
@atoponce@fosstodon.org avatar

atoponce

@atoponce@fosstodon.org

MSCSIA, cryptography, security, locksport, Linux, programming, mathematics, amateur radio, Buddhism, running, anime, and bibliophilia.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

atoponce, to random
@atoponce@fosstodon.org avatar

How it started: How it's going:

image/jpeg

atoponce, to coffee
@atoponce@fosstodon.org avatar

Add stains to documents.

https://ctan.org/pkg/coffeestains?lang=en

Screenshot of the second page of a PDF with a coffee stain.
Screenshot of the third page of a PDF with two coffee drip stains.
Screenshot of the fourth page of a PDF with a coffee drip stain.

atoponce, to ChatGPT
@atoponce@fosstodon.org avatar

Why large language models are not intelligent, exhibit .

atoponce, to random
@atoponce@fosstodon.org avatar

You've heard of Pop Tarts, but why aren't there any Mom Tarts?

Because of the pastryarchy.

atoponce, to random
@atoponce@fosstodon.org avatar

If your phone has a Qualcomm chipset, it might be spying on you. Unfortunately, this is happening at the firmware level, beneath iOS and Android.

https://www.nitrokey.com/news/2023/smartphones-popular-qualcomm-chip-secretly-share-private-information-us-chip-maker

atoponce, to vim
@atoponce@fosstodon.org avatar

vs

atoponce, to programming
@atoponce@fosstodon.org avatar

CAPTCHAs are getting out of hand these days.

atoponce, to privacy
@atoponce@fosstodon.org avatar

Friends don't let friends use Discord.

Message History of 600 Million Discord Users Can be Accessed For $5

https://80.lv/articles/message-history-of-600-million-discord-users-can-be-accessed-for-usd5/

atoponce, to programming
@atoponce@fosstodon.org avatar

Know your variable style conventions:

camelCase
PascalCase
snake_case
kebab-case
ceiling¯case

atoponce, to random
@atoponce@fosstodon.org avatar

This is a motherfucking website.

And it's fucking perfect.

https://motherfuckingwebsite.com/

atoponce, to random
@atoponce@fosstodon.org avatar

This is truly maddening.

https://userinyerface.com/

atoponce, to random
@atoponce@fosstodon.org avatar

Passkeys are indeed a shattered dream. Everything in this post is spot on with my experience using them.

In theory, I love the idea. In practice, it's a horrible, horrible, horrible UX.

I'll stick with + security keys/TOTP until this mess gets cleaned up.

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

atoponce, to random
@atoponce@fosstodon.org avatar

It's kind of hilarious to me how toxic the word "telemetry" has become. Don't get me wrong, the ad tracking industry has ruined it for everyone. However

Firefox users: Disable telemetry! It's an enemy to your privacy!
Mozilla: We removed a feature no one was using due to a lack of telemetry data.
Firefox users: I use it all the time! Why are you bad at this!

1Password users: I trust AgileBits to safely handle my data.
AgileBits: We added telemetry.
1Password users: Why do you hate my privacy?!

atoponce, to vim
@atoponce@fosstodon.org avatar

Bram Moolenaar, the original author, maintainer, release manager, and benevolent dictator for life of has passed away on August 3, 2023.

https://groups.google.com/g/vim_announce/c/tWahca9zkt4?pli=1

atoponce, to fedora
@atoponce@fosstodon.org avatar

is debating adding telemetry to for Fedora 40.

https://discussion.fedoraproject.org/t/f40-change-request-privacy-preserving-telemetry-for-fedora-workstation-system-wide/85320

atoponce, to debian
@atoponce@fosstodon.org avatar

12 "Bookworm" has entered the quiet period before release. Only ~100 RC bugs affect Bookworm when it releases.

https://lists.debian.org/debian-devel-announce/2023/06/msg00000.html

atoponce, to linux
@atoponce@fosstodon.org avatar

You're familiar with the sudo(8) command, but did you know it had a logo? Did you further know that it's a sandwich?

https://www.sudo.ws/about/logo/

atoponce, to random
@atoponce@fosstodon.org avatar

I've been screaming this for years. Service providers that provide authentication should do these two things at a minimum:

  1. Require at least 12 characters.
  2. Use ZXCVBN to estimate password strength and require a score of 4.

Interestingly enough, if you do those two things, you don't need stupid password complexity requirements, and you don't need a blacklist, as 12+ characters with a ZXCVBN score of 4 won't show up in password database breaches.

https://www.cc.gatech.edu/news/largest-study-its-kind-shows-outdated-password-practices-are-widespread

atoponce, to javascript
@atoponce@fosstodon.org avatar

The password generator uses a userspace generator.

Here's their :

dogenerate() -> lpCreatePass() -> get_random() -> rng_get_bytes() -> rng_get_byte() -> prng_newstate() -> ARC4init(); ARC4next()

As RC4 is insecure, you would be wise not to use their web-based password generator.

Further, it seems likely they're using the same code in their password manager. You would be wise not to use it there also.

https://www.lastpass.com/features/password-generator

Screenshot of LastPass JavaScript source code highlighting the "lpCreatePass" function.
Screenshot of LastPass JavaScript source code highlighting the "rng_seed_int", "rng_seed_time", "rng_get_byte", "rng_get_bytes", and "get_random" functions.
Screenshot of LastPass JavaScript source code highlighting the "prng_newstate", "ARC4init", and "ARC4next" functions.

atoponce, to random
@atoponce@fosstodon.org avatar

What did Master Yoda say when he saw himself in 4K?

HDMI.

atoponce, to random
@atoponce@fosstodon.org avatar

I always get a kick out of off-brands in . It's always something I'm looking for.

Here we have a "Macrosoft Winding XO" laptop with a 128-bit DES encrypted password.

Sounds about right.

image/png

atoponce, to linux
@atoponce@fosstodon.org avatar

This post by Oracle is ironic.

"Keep Open and Free—We Can’t Afford Not To"

COUGH COUGH

What a bunch of hypocrites.

https://www.oracle.com/news/announcement/blog/keep-linux-open-and-free-2023-07-10/

atoponce, to random
@atoponce@fosstodon.org avatar

Solid criticism of , specifically how Apple is rolling them out to macOS and iOS users.

TL;DR- passkeys behave like SSH keys, but without the transparency. Further, Apple iCloud can't be trusted to handle them correctly.

https://lapcatsoftware.com/articles/2023/5/1.html

atoponce, to random
@atoponce@fosstodon.org avatar

Here's a fun way to comment your C# source code: start it with "https://"

Yup. A URL.

The C# compiler sees "https:" as an unused go-to label and "//" starts a comment for the rest of the line

https://this.is.totally.a.valid.comment.in.c#

atoponce, to random
@atoponce@fosstodon.org avatar

iTerm2 now has ChatGPT integration.

https://iterm2.com/downloads/stable/iTerm2-3_5_0.changelog

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • kavyap
  • DreamBathrooms
  • cisconetworking
  • Durango
  • mdbf
  • magazineikmin
  • ethstaker
  • osvaldo12
  • rosin
  • Youngstown
  • slotface
  • everett
  • tacticalgear
  • megavids
  • thenastyranch
  • ngwrru68w68
  • modclub
  • cubers
  • normalnudes
  • InstantRegret
  • GTA5RPClips
  • tester
  • khanakhh
  • provamag3
  • anitta
  • Leos
  • lostlight
  • All magazines
    •