I agree in theory. But in practice that specific caller's code bug was so widespread and Timsort broke so much existing code that it warranted offering a "-Djava.util.Arrays.useLegacyMergeSort=true" option. The specific…
And then 3 years later we have [0] and 6 years after that we have [1]. I appreciate Masters of the Universe types like Bloch and Lea contributing wickedly-efficient code, but somehow it's always mere mortals who end up…
Apparently I was wrong about how podcast chapters are embedded: It's not in the RSS feed itself but encoded as ID3v2 tags in the MP3 file. Apple Podcasts added support in iOS 12, here's a Google Sheet of the rest:…
Dynamic Ad Insertion wreaks havoc with this. Podcast eps can have different lengths and segments can have different start times depending on the ad profile of the listener. And that's just at a single point in time:…
Overcast is an interesting case study on optimizing for listeners vs. creators. The app developer, Marco Arment, is also co-host of Accidental Tech Podcast. One cool feature in Overcast is chapter markers: You can embed…
> The identity "Me while I'm visiting nytimes.com" is distinct from the identity "Me while visiting cnn.com". Trying to solve this through purely technical means is futile. If you block it at the user-agent, sites will…
Without knowing more about the "sophisticated anti-piracy system" employed by the app author, it's hard to determine if Google's claim of malicious behaviour is valid. This could be something as simple as bytecode…
I agree 100%, perhaps I could have phrased that better. I try to use it as a teachable moment: "Hey, instead of using base64decode.org did you know you could use atob and btoa in a web inspector?" Security-related…
Still too dangerous, and I don't trust new developers to make that determination. Once you get into the habit of pasting development details into random website textboxes hosted who-knows-where with who-knows-what ad…
I had a junior dev show me a neat site where you can paste in a Java thread dump and it performs an analysis. After explaining why it's a bad practice to send diagnostic details to an un-trusted third party I think he…
A person in the middle can see the hostname via SNI. But if you're terminating TLS on behalf of a customer, you can see everything. e.g. https://new.blog.cloudflare.com/terminating-service-for-8cha... > Among other…
I agree in theory. But in practice that specific caller's code bug was so widespread and Timsort broke so much existing code that it warranted offering a "-Djava.util.Arrays.useLegacyMergeSort=true" option. The specific…
And then 3 years later we have [0] and 6 years after that we have [1]. I appreciate Masters of the Universe types like Bloch and Lea contributing wickedly-efficient code, but somehow it's always mere mortals who end up…
Apparently I was wrong about how podcast chapters are embedded: It's not in the RSS feed itself but encoded as ID3v2 tags in the MP3 file. Apple Podcasts added support in iOS 12, here's a Google Sheet of the rest:…
Dynamic Ad Insertion wreaks havoc with this. Podcast eps can have different lengths and segments can have different start times depending on the ad profile of the listener. And that's just at a single point in time:…
Overcast is an interesting case study on optimizing for listeners vs. creators. The app developer, Marco Arment, is also co-host of Accidental Tech Podcast. One cool feature in Overcast is chapter markers: You can embed…
> The identity "Me while I'm visiting nytimes.com" is distinct from the identity "Me while visiting cnn.com". Trying to solve this through purely technical means is futile. If you block it at the user-agent, sites will…
Without knowing more about the "sophisticated anti-piracy system" employed by the app author, it's hard to determine if Google's claim of malicious behaviour is valid. This could be something as simple as bytecode…
I agree 100%, perhaps I could have phrased that better. I try to use it as a teachable moment: "Hey, instead of using base64decode.org did you know you could use atob and btoa in a web inspector?" Security-related…
Still too dangerous, and I don't trust new developers to make that determination. Once you get into the habit of pasting development details into random website textboxes hosted who-knows-where with who-knows-what ad…
I had a junior dev show me a neat site where you can paste in a Java thread dump and it performs an analysis. After explaining why it's a bad practice to send diagnostic details to an un-trusted third party I think he…
A person in the middle can see the hostname via SNI. But if you're terminating TLS on behalf of a customer, you can see everything. e.g. https://new.blog.cloudflare.com/terminating-service-for-8cha... > Among other…