Same. I learned Tcl recently for /usr/bin/expect. I wasn't happy to be forced into using yet another esoteric language, but Tcl itself is strangely fun: it's like a more expressive and functional Lua.
WireGuard is extremely easy to setup. It's difficult to manage if you have hundreds of nodes or dynamic endpoints: that's what Tailscale and Netmaker helps with. OpenBSD's wg documentation is straightforward. It maps…
You would also be locked out if you ran OpenSSH on Tailscale's autoconfigured WG interface. Setup WireGuard manually, or enable serial console login, or make sure your servers are dispensible. Tailscale (and Nebula)…
I wore mine while riding a hardtail XC mountain bike (on safeish trail segments) and the transparency mode failed after 7 months. After that, the non-ANCed speaker and microphone worked fine. Weirdly durable for…
I'm more tempted to stop running again. I am less skilled at mountain biking today since I moved to a 1:3 weekly schedule (4h running and 6-16 hours riding). Our insane single friend who XCs from summit to summit 7-14…
I don't think that's reasonable at all. I ride and trail run regularly, and the amount of time that it subtracts from my nerd hobbies is *immense*. Other poster is right, the 99th percentile regular non-professional…
Common gear ratios for MTB (and gravel) do favor steep inclines much more. It doesn't matter how exhausted you are, if you have a granny gear 46-52t cassette and 30-36t chainring setup, you're solid.
Nice! I didn't know about miniroot*.img. It's actually just bsd.rd, boot, MBR+PBR, and bootx64.efi. Nothing that can't be safely overwritten while the ramdisk kernel is running.
QEMU most likely is not required. OpenBSD's installer is inside a single 4.5 MiB [1] ramdisk kernel image. Chainload or netboot it, or download the ramdisk to ffs on sd0 and run installboot [2]. Once the ramdisk kernel…
There are extended stay hotels with stovetops and ovens (and outdoor grills) with low-grade used (ugh!) cookware included. It's usually not much more expensive than regular midtier hotels: possibly cheaper, if you can…
The last occasions that I stayed at $200/night hotels, someone triggered the building fire alarms at 2:00 and 4:30 AM. Everyone was forced to evacuate until the fire department arrived (the alarm sirens were agonizingly…
> CF says they now no longer allow previously used nameservers to be used again. The only problem with this is if someone swaps CF accounts hundreds/thousands of times and "runs out" of custom names. It’s not necessary…
I might misunderstand something here, but essentially, the authoritative DNS provider should only need to: (1) check for existing NS records upon registration, (2) never reassign a name server matching #1, and (3)…
It doesn't. It could hypothetically cost PIR $0. 501(c) organizations are not prohibited from collecting and spending profits, they are prohibited from unreasonably distributing such earnings to private shareholders and…
In theory, S/MIME and SMIMEA. In reality, normal users demand account data recovery in cases of lost encryption keys and passwords. So key escrow is required, which isn't E2EE. ProtonMail tells forgetful users to shove…
Zero cost TLS certificates might be what Let's Encrypt is known for, but it wasn't the first entity to offer them. LE also disrupted the CA market because of IdenTrust's initial cross-signing, and ACME's development and…
The entire consumer registrar industry is untrustworthy. I can't think of a worse category of online services, ranked by security and sleazebaggery, with the possible exception of the VPN market.
Sadly there's tons of code-based Java build tools, but possibly zero concise (toml/yaml- like) declarative build tools. If you're currently using Groovy or Kotlin scripts for building Java projects however, then Java…
If a single remote service can lock you out of your 2FA accounts then you failed with your backup policy. I don't use it, but Apple Passwords makes TOTP secret backups possible, via bulk export and initial key setup.
For athletes and co., sustainability isn't even an idea thought about. Like, I've built quite a few bikes and I've rode with some of the world's best MTBers/cyclists: not once has someone proposed, "How can we make this…
SMS 2FA is one thing. Bad, but ineffective. SMS-based account recovery is far worse. Every time a major website asks me for a phone number "in case you lose access to your email account" I freak out internally before…
I didn't say I never use it, just that it's not always the core feature. This will depend heavily on your field, but in my past work, the features that were way more essential are: scripting (+ IR lifting), xrefs, CFGs,…
Decompilation is often the least important (and least reliable) part of IDA/Ghidra, so comparing the two is unfair. That said, the scene is perpetually starved for good C decompilers, so more attempts are always…
Sure, to be clear, I also think Valve's response was over the top. Conspiring to extradite a foreigner, as a private corporation, is straight out of cyberpunk fiction. Axel's a very lucky person, all things considered.…
Yes. HL2 is how Axel became known to gamers, but it's nearly irrelevant. He also created the most popular open source malware framework (Agobot) in existence at the time. Millions of systems were enlisted in botnets…
Same. I learned Tcl recently for /usr/bin/expect. I wasn't happy to be forced into using yet another esoteric language, but Tcl itself is strangely fun: it's like a more expressive and functional Lua.
WireGuard is extremely easy to setup. It's difficult to manage if you have hundreds of nodes or dynamic endpoints: that's what Tailscale and Netmaker helps with. OpenBSD's wg documentation is straightforward. It maps…
You would also be locked out if you ran OpenSSH on Tailscale's autoconfigured WG interface. Setup WireGuard manually, or enable serial console login, or make sure your servers are dispensible. Tailscale (and Nebula)…
I wore mine while riding a hardtail XC mountain bike (on safeish trail segments) and the transparency mode failed after 7 months. After that, the non-ANCed speaker and microphone worked fine. Weirdly durable for…
I'm more tempted to stop running again. I am less skilled at mountain biking today since I moved to a 1:3 weekly schedule (4h running and 6-16 hours riding). Our insane single friend who XCs from summit to summit 7-14…
I don't think that's reasonable at all. I ride and trail run regularly, and the amount of time that it subtracts from my nerd hobbies is *immense*. Other poster is right, the 99th percentile regular non-professional…
Common gear ratios for MTB (and gravel) do favor steep inclines much more. It doesn't matter how exhausted you are, if you have a granny gear 46-52t cassette and 30-36t chainring setup, you're solid.
Nice! I didn't know about miniroot*.img. It's actually just bsd.rd, boot, MBR+PBR, and bootx64.efi. Nothing that can't be safely overwritten while the ramdisk kernel is running.
QEMU most likely is not required. OpenBSD's installer is inside a single 4.5 MiB [1] ramdisk kernel image. Chainload or netboot it, or download the ramdisk to ffs on sd0 and run installboot [2]. Once the ramdisk kernel…
There are extended stay hotels with stovetops and ovens (and outdoor grills) with low-grade used (ugh!) cookware included. It's usually not much more expensive than regular midtier hotels: possibly cheaper, if you can…
The last occasions that I stayed at $200/night hotels, someone triggered the building fire alarms at 2:00 and 4:30 AM. Everyone was forced to evacuate until the fire department arrived (the alarm sirens were agonizingly…
> CF says they now no longer allow previously used nameservers to be used again. The only problem with this is if someone swaps CF accounts hundreds/thousands of times and "runs out" of custom names. It’s not necessary…
I might misunderstand something here, but essentially, the authoritative DNS provider should only need to: (1) check for existing NS records upon registration, (2) never reassign a name server matching #1, and (3)…
It doesn't. It could hypothetically cost PIR $0. 501(c) organizations are not prohibited from collecting and spending profits, they are prohibited from unreasonably distributing such earnings to private shareholders and…
In theory, S/MIME and SMIMEA. In reality, normal users demand account data recovery in cases of lost encryption keys and passwords. So key escrow is required, which isn't E2EE. ProtonMail tells forgetful users to shove…
Zero cost TLS certificates might be what Let's Encrypt is known for, but it wasn't the first entity to offer them. LE also disrupted the CA market because of IdenTrust's initial cross-signing, and ACME's development and…
The entire consumer registrar industry is untrustworthy. I can't think of a worse category of online services, ranked by security and sleazebaggery, with the possible exception of the VPN market.
Sadly there's tons of code-based Java build tools, but possibly zero concise (toml/yaml- like) declarative build tools. If you're currently using Groovy or Kotlin scripts for building Java projects however, then Java…
If a single remote service can lock you out of your 2FA accounts then you failed with your backup policy. I don't use it, but Apple Passwords makes TOTP secret backups possible, via bulk export and initial key setup.
For athletes and co., sustainability isn't even an idea thought about. Like, I've built quite a few bikes and I've rode with some of the world's best MTBers/cyclists: not once has someone proposed, "How can we make this…
SMS 2FA is one thing. Bad, but ineffective. SMS-based account recovery is far worse. Every time a major website asks me for a phone number "in case you lose access to your email account" I freak out internally before…
I didn't say I never use it, just that it's not always the core feature. This will depend heavily on your field, but in my past work, the features that were way more essential are: scripting (+ IR lifting), xrefs, CFGs,…
Decompilation is often the least important (and least reliable) part of IDA/Ghidra, so comparing the two is unfair. That said, the scene is perpetually starved for good C decompilers, so more attempts are always…
Sure, to be clear, I also think Valve's response was over the top. Conspiring to extradite a foreigner, as a private corporation, is straight out of cyberpunk fiction. Axel's a very lucky person, all things considered.…
Yes. HL2 is how Axel became known to gamers, but it's nearly irrelevant. He also created the most popular open source malware framework (Agobot) in existence at the time. Millions of systems were enlisted in botnets…