I often see how people make security decisions based on pure intuition.
Can I store TOTP in my password manager?
Should I use a local password manager or is a remote one OK?
Is it OK to configure multiple second factors?
I'll try to answer these questions by describing the underlying Information Security Theory, so you'll have a _decision framework_ to make educated choices.
Enjoy and stay safe!
And let me know what you think :)
I often see how people make security decisions based on pure intuition.
Can I store TOTP in my password manager?
Should I use a local password manager or is a remote one OK?
Is it OK to configure multiple second factors?
I'll try to answer these questions by describing the underlying Information Security Theory, so you'll have a _decision framework_ to make educated choices.
I really want to like Zed editor, but:
1. It's developed by a for-profit VC-backed company
2. They require developers to sign Contributor License Agreement
So there's an obvious risk that it'll run out of funding, start introducing paid/noisy/crappy features and eventually relicense the whole thing to lock it behind a paywall before vanishing out of the existence. The open-source license won't help, like it didn't with Atom (the previous project by the same authors).
I really want to like Zed editor, but:
1. It's developed by a for-profit VC-backed company
2. They require developers to sign Contributor License Agreement
So there's an obvious risk that it'll run out of funding, start introducing paid/noisy/crappy features and eventually relicense the whole thing to lock it behind a paywall before vanishing out of the existence. The open-source license won't help, like it didn't with Atom (the previous project by the same authors).
I'm working on an "info-station" project: an e-ink display attached to a microcontroller (ESP32-C3) showing weather and local transport info. One of the challenges is to translate "smart symbol" code (e.g., 24) returned from a weather provider API into an image.
I found a repo with all the images in SVG format, and spent some time setting up building scripts in Rust to create an automated conversion pipeline.
Rendering an SVG into raster turns out to be surprisingly difficult. Luckily, there's the `resvg`crate, which handles it nicely. A quote from its README is worth mentioning:
> SVG is a very complicated format with a large specification (SVG 1.1 is almost 900 pages). You basically need a web browser to handle all of it. But the truth is that even browsers fail at this.
Then, an e-ink screen only supports black and white colors, no shades of gray. To emulate "grayish" color Floyd-Steinberg dithering can be applied. Luckily, the `image` create ships with the implementation, so the whole pipeline is tiny in terms of LoC written by me. Thank you, Rust community <3
On the screenshot:
0: original SVG image
1: SVG rendered into 40×40 raster image
2: Alpha channel replaced with white
3: BMP conversion (useless)
4: Luma8 conversion
5: Dithering
I'm working on an "info-station" project: an e-ink display attached to a microcontroller (ESP32-C3) showing weather and local transport info. One of the challenges is to translate "smart symbol" code (e.g., 24) returned from a weather provider API into an image.
I found a repo with all the images in SVG format, and spent some time setting up building scripts in Rust to create an automated conversion pipeline.
@yosh, sorry for the direct ping, but you're the only air quality geek I know, and I need advice 😅
What mask/respirator are you using?
I'm looking for something to use daily for bacterial protection during the commute. I'd prefer reusable masks, which are made in Europe and passed at least FFP2 certification.
After doing my research, I ended up with just two options: Airinum Air Light 2 or a Vogmask.
Do you happen to know if these are viable options? Did I miss something?
@yosh, sorry for the direct ping, but you're the only air quality geek I know, and I need advice 😅
What mask/respirator are you using?
I'm looking for something to use daily for bacterial protection during the commute. I'd prefer reusable masks, which are made in Europe and passed at least FFP2 certification.
I would really, **really** like people to understand this simple thing: there's no such thing as "support for a totalitarian government". If the government would have the support of the majority, it wouldn't need to be totalitarian, it would fit into democracy just fine.
But when it doesn't have the majority, it shuts down mass media, journalists, opposition, and then starts convincing everyone internally and externally that its support is unanimous. Don't ever fall for that.
Sure, there are individuals inside such countries who will pledge the allegiance to it, BUT please remember that probably at least one of the following is true:
* They might support anyone currently in power, not just this particular government
* They want to stay safe and to "belong" to the imaginary major group of supporters
* They are scared
All of these are natural, and completely normal reactions given the circumstances.
I would really, **really** like people to understand this simple thing: there's no such thing as "support for a totalitarian government". If the government would have the support of the majority, it wouldn't need to be totalitarian, it would fit into democracy just fine.
But when it doesn't have the majority, it shuts down mass media, journalists, opposition, and then starts convincing everyone internally and externally that its support is unanimous. Don't ever fall for that.
Now every time I see someone mentioning gallons, I'm gonna come right into their comments and like "ARE THESE INTERNATIONAL OR US??? Do I have to find out where you live to know this?"
#TIL: The first known variation of Cinderella fairytail is called Rhodopis and dates sometime between 7 BC and AD 23. It's about a Greek slave girl who marries the king of Egypt.
I've never backed anything on Kickstarter before, but there's a graphic novel prequel to Legacy of Kain. It's the first official product being released in the last 20 years.
A successful camping will probably be a good push towards game remakes, so if you have a couple of bucks to throw in, please do! Only ~1.5 days left 🥹
I managed to recover a list of my RSS subscriptions, which was gone together with my server in 2020. A good friend of mine powered up the storage and I extracted an old backup, which luckily includes MySQL data directory. Finally I got my precious list of feeds back!
Yesterday I spent hours importing it, and OMFG the Internet has changed so much since 2020.
Lots of resources are just gone. Small blogs I used to read now have their domain name on sale. A big project I was involved with is now closed. One project I used to believe in turned out to be a scam, but they try to cover it up and the website is just a placeholder nowadays.
Dilbert comics is gone. Mr. Lovenstein no longer has a feed. The same is true for several other web comics.
The Russian segment of the internet (a.k.a. runet) is pretty much devastated. Lots of local activist movements are no longer there. The biggest IT media Habr.com is overtaken by corporations doing their SMM. Even in pop science news aggregators there are occasional unjustified praises to Russian weapons and condemning of Ukrainian/NATO's. The online Hacker journal publishes ads of Astra Linux 🤦
In all this despair, I was pretty happy to find that some projects I loved are doing amazingly well, most of them TTRPG-related.
Not sure what's the take away here, but at least praise the Internet Archive 🤷♂️
I managed to recover a list of my RSS subscriptions, which was gone together with my server in 2020. A good friend of mine powered up the storage and I extracted an old backup, which luckily includes MySQL data directory. Finally I got my precious list of feeds back!
Yesterday I spent hours importing it, and OMFG the Internet has changed so much since 2020.
I'm still puzzled why mead is such a niche drink. Normally you won't find it in any restaurant or bar.
Yet, it's extremely simple to make, and there's so much variety to it! Unlike wine, mead can be made entirely of local ingredients, giving it a unique regional flavor.
In the photo is my new 25 liter bottle with mead on rose petals and tea 🤤 Previously I've used a 5L demijohn, but the output was only about 4L, so my plans on aging some bottles for a couple of years were not going to materialize 😅
I'm also trying new experimental Wyeast 4184 Sweet Mead liquid yeast, which is supposed to leave slightly more sweetness in the end product, let's see if I can get away without back sweetening 🤔
I'm still puzzled why mead is such a niche drink. Normally you won't find it in any restaurant or bar.
Yet, it's extremely simple to make, and there's so much variety to it! Unlike wine, mead can be made entirely of local ingredients, giving it a unique regional flavor.
In the photo is my new 25 liter bottle with mead on rose petals and tea 🤤 Previously I've used a 5L demijohn, but the output was only about 4L, so my plans on aging some bottles for a couple of years were not going to materialize 😅
I get triggered really hard when somebody (usually a manager) tries to end The Language Discussion saying "It's just a tool!".
I mean, the point is valid, it's a tool, but as any tool it has a huge impact on the end result. If you give a professional wood crafter a drill from Lidl/Walmart, you will worsen the end product. If you give a rookie a highly advanced CNC machine, you will not get any product at all.
A tool must be suitable to the wielder and to the job, and not having this discussion means working against both.
I get triggered really hard when somebody (usually a manager) tries to end The Language Discussion saying "It's just a tool!".
I mean, the point is valid, it's a tool, but as any tool it has a huge impact on the end result. If you give a professional wood crafter a drill from Lidl/Walmart, you will worsen the end product. If you give a rookie a highly advanced CNC machine, you will not get any product at all.
What confused me about most games in which you face vampires, is that all the characters I know prefer to do so in a very straightforward way: "ME HIT THY HEAD HARD".
But if you think about this for a second, you would never approach a cunning immortal creature like this. Learn, infiltrate, study its weakness, abuse their fears and desires...
A hitman-like game could give an interesting perspective on how the bloodsucker's castle functions. Some undeads might rely on slave labor, some could utilize their magic, others could build intricate mechanisms.
Learning your way around, talking to locals, finding a breach in castle defences, locating the coffin, collecting the appropriate weapons... This could be a fun puzzle-like adventure 🤔
What confused me about most games in which you face vampires, is that all the characters I know prefer to do so in a very straightforward way: "ME HIT THY HEAD HARD".
But if you think about this for a second, you would never approach a cunning immortal creature like this. Learn, infiltrate, study its weakness, abuse their fears and desires...
Gregory's Server
