wsj.com/articles/olympus-to-ex is a bummer. I like my O-MD E-M5 micro four thirds camera and I don't think Panasonic will be able to keep the format alive by itself.

@gudenau You can delete *recent* history (in case you accidentally, uh, open up a site that shouldn't be in your history) but there's no way to say "only remember history for N days" as far as I know

I feel like I could just do this myself with some DELETE statements in SQLite without involving this whole awful JavaScript extension API, but the schema in places.sqlite is bonkers.

Show thread

I keep forgetting how terrible "Places" is in . Any interaction with history or bookmarks blocks the main thread, and if, say, you want to auto-delete history after a time period, you (a) need an extension, and (b) should expect it to take *literally hours* with a moderately-sized history (e.g., my places.sqlite is 50MB and firefox has been spinning for about 10 minutes at 100% CPU trying to delete around 1000 records).

@gudenau Oh, we never had expiration or any other dumb stuff. This is just length and complexity.

Aww yeah removing most of our customers' password requirements at work over the advice of myself and every other IC because we want to chase after the absolute worst customers who can't be bothered to make a password that isn't "password" and because we've decided to hand the keys to all technical decisions over to a bunch of PMs with no technical background. This is going to end super-well.

@gudenau I would usually say that you should avoid implementing your own crypto at all and use a system that already provides this (like TLS, which has identification via long-lived server RSA or ECDSA keys, session negotation with forward secrecy using ECDHE, and then session keys that are short-lived symmetric keys)

@gudenau It depends on your threat model! RSA2048 and 25-bit EC asymmetric ciphers (ECDSA/Eddsa/Ed25519) are considered "secure" for commercial purposes (e.g., by PCI-DSS), but both are believed to be extremely susceptible to quantum computers if anyone ever builds one that can run Shor's algorithm. NIST Suite B requires 3072-bit RSA and 384-bit EC keys for classified materials; same issue.

For longer-term security, Google is experimenting with PQC algorithms for TLS; see imperialviolet.org/2018/04/11/ .

Who is marc and why does ze get all the email in the default config?

I bought a baby monitor (yes, I know, at least it's not internet-accessible) and the website for it is amazingly awful. None of the images specify aspect ratios so on a widescreen monitor, everything looks... neat...

infantoptics.com/dxr-8/

/ / has had an almost-total global outage of public network connectivity for the last 35 minutes. Insane. How do you even design a public-Internet network in a way that it can go down simultaneously worldwide?

Okay, so the AddTrust CA expiry thing is real. It's fucking absurd that nobody is backporting fixes to OpenSSL 1.0.x and is just saying that you need to upgrade to OpenSSL 1.1.1 (and re-link literally your entire system) to fix this. Does anyone know for certain whether removing AddTrust from the CA anchor list fixes?

Unlikely, but does anyone know why webtatic stopped doing backport for last year? The author (Andy Thompson) seems to have just dropped off the Internet in October.

In related news, I'm now many hours into backporting an up-to-date PHP since the webtatic one from October is... way behind...

Has anyone noticed that the multitasking UI is totally broken on 13.5? Half the time I can't swipe between cards, and going home from the card switcher with a second swipe up never works (need to go back to an app and do a long-swipe instead). Very annoying!

Converted an ext4 filesystem from 32-bit extent groups to 64-bit today. Why does it take 10 minutes of 100% user time to convert an empty filesystem? What are you doing, e2fsprogs?

This brought to you by the requirement for a User Story and set of Product-Manager-approved Acceptance Criteria for every commit and bug.

Show thread

If your company decides to aggressively embrace *any* project management methodology in all aspects of your work (doesn't matter which one), just run. Don't look back.

Show more
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!