Some thoughts on what it means to be POSIX compliant and why OpenBSD deliberately fails to comply in some cases. For background, I think the POSIX standard is a bit ridiculous, but that’s more about the absurdities one encounters when super strictly interpreting a standards document. This is more about refusing to follow along with even a more even handed interpretation.
more...
I previously described the bcrypt pbkdf. The design is still the same, but yesterday djm noticed a fatal flaw in the implementation. The regress test which I created on amd64 was failing every test on i386. Obviously not good.
more...
The cool thing to do is encrypt all your network traffic. This used to be cool, but it’s even cooler now. I don’t really see much point to encrypting your nytimes.com visits, but I guess some people don’t like others knowing what kinds of news articles they read. (We all know you just read the gossip columns.) Anyway, the downside is minimal to non-existent, so go for it.
But wait! I was reading about The Dictionary of Numbers and got to the downside mentioned at the end. The browser extension was also modifying the text of a bank statement. Ordinarily, I’d say the easy thing is to only use amusing extensions on http, but not https, sites. How does that work in the brave new world of all https all the time?
Used to be https served a dual role as a signifier of serious business. Now it doesn’t, but we haven’t really replaced it. True enough, it was never a reliable signifier, and maybe the best thing to do if running with a dozen funny extensions is use a different browser (profile) for serious business.
I wonder how this affects phishing. When “https is secure, make sure your bank uses https” permeates into the general conscience, does it become “if everything is https, everything is secure“? Does the prevalence of https inspire false confidence in the web or will people learn that https was never a good signal for determining the legitimacy of a (possibly forged) web site?
Happy Canada Day! And almost 4th of July. Some shock and outrage to go with the fireworks. Don’t worry, I’m not entirely serious. The contrarian in me made me do it.
more...
I’m not sure what trickery LinkedIn uses to trick my connections into endorsing me, since they don’t seem like the kinds of people who would do so voluntarily, but LinkedIn never fails to notify me of my ever growing reputation. (I wonder if and how many people I’ve endorsed.) Today’s email was pretty sweet:
I've just endorsed you for new skills & expertise!
Amp expertise is definitely going on the resume.
Quoting from Celiac Power, “They tested the blood for gluten antibodies, expecting to see the current 1 percent rate of disease. Instead, only 0.002 percent of the airmen tested positive. Further tests showed today’s young men were 41/2 times more likely to have the illness.”
Puzzle: Arrange the numbers 0.01, 0.00002, and 20.5 in a sensible equation.
Google Glass facial recognition. “I think that makes conversation far more efficient.” For all those times I’ve had an inefficient conversation with somebody because I couldn’t read their Wikipedia article out of the corner of my eye.
There’s an article Change the World in the May 27th New Yorker. (Two kids with weird looking lollipops or something on the cover.) Covers the intersection and interaction between Silicon Valley and the world of politics. It’s an awesome article because it confirms all my opinions of the Web 2.0 tech scene. Worth reading the whole thing online, but here’s some highlights and scattered thoughts of my own.
more...
Everything that is wrong with the rest of this country, succinctly represented on one map. This one is also pretty good. I can absolutely confirm this one as well. Some people just don’t know how to talk.
Nothing too surprising for anyone who’s talked to people from different parts of the country, but this is the best visual representation I’ve seen.
A long time ago, OpenBSD added bcrypt, a function to securely (slowly) hash a password. Sometime later, a similar but more general standardized password -> hash function was developed, PKCS #5 PBKDF2. How that winner of a name caught on but bcrypt didn’t is a mystery to me.
more...