Hacker News new | past | comments | ask | show | jobs | submit | more rmac's comments login

[edit]

Fixed twitter perms. FC farcaster

I also emailed you


Twitter says "@maceip can't be messaged." I don't know what you mean by fc. What's another way to reach you?


Any HR/Recruiter remote positions available?


increasingly my mac has critical issues that are undebuggable due to apple services (family sharing, etc)

For about 3 months my mac had 1second network delays when opening any new connections, but only sometimes? The console wasn't much help as the failing services were all secret apple things with error/failures but no usable logs.

good luck


>For about 3 months my mac had 1second network delays when opening any new connections, but only sometimes?

This sounds like the primary configured DNS server was unreachable, but the secondary was reachable.


sick style!


Keep writing

Love your style and the comprehension ease


I'm on Android Chrome 116 and I scrolled all the way to the bottom and wow that was a responsive component!

Super fast and buttery smooth animation. I'm impressed


Android 13 Chrome 117 here and it did not work for me. Menu popped open on the long press, but moving my thumb up or down resulted in the whole page scrolling. Ditto on Firefox 117. (Is that weird that both my browsers are on the same version number?)


There's some speculation that it's because of "trying to compete in the minds of users who actually think they can compare two totally different software applications by comparing their version numbers."

https://superuser.com/a/303531


it's unfortunate that the sour response to this impressive privacy work (https://github.com/WICG/turtledove/blob/main/FLEDGE_k_anonym...) will likely lead to people turning it off, and buried inside is the switch for Private State Tokens (https://github.com/WICG/trust-token-api/blob/main/README.md)


wonder why they didn't implement something like privacy pass (private access tokens / private state tokens)


Wrong layer. Privacy pass is for HTTP


How does this article not mention nostr, given that Dorsey also funded nostr (https://github.com/nostr-protocol/nostr)


It does!

A couple weeks ago I wrote about Nostr too: https://notes.ghed.in/posts/2023/nostr/


my bad! somehow I missed the mention! Please write on your thoughts on bluesky vs nostr! (no dog in the fight, just interested)


Tbh, none of them really attract me right now. They are too clunky and don't have many people to interact with. I'm slightly annoyed by Nostr's proposition and total lack of moderation controls. Even if its developers are well-meaning, I see this as a dangerous, undesirable position to take.

I'm really comfortable with Mastodon/ActivityPub. My personal profile is in a public instance[0], and for my Portuguese-written site I'm hosting a Microblog[1]. It's just great.

[0] https://hachyderm.io/@ghedin [1] https://social.manualdousuario.net


I met a guy in a Hawaiian shirt at a coffee shop; I awkwardly laid out thousands of USD on the small table between us. We made small talk waiting for block confirmations.

Thanks localbitcoins ♥


  % bzgrep "BEGIN PRIVATE KEY" \*.bz2
  disk.tar.bz2:Binary file (standard input) matches
  drive.tar.bz2:Binary file (standard input) matches
  extsearch.tar.bz2:Binary file (standard input) matches
  ...


People check in fake private keys to git repos all the time for testing. My own tests have private keys too. They're just sample, unused, publicly advertised private keys I found online. They're useful to make sure your code is working end to end with some private key.

EDIT: For example, here: https://ospkibook.sourceforge.net/docs/OSPKI-2.4.7/OSPKI-htm...

or here: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSpher...

or: https://www.ietf.org/archive/id/draft-bre-openpgp-samples-01...


It could also be a script that imports a private key and searches for the string BEGIN PRIVATE KEY.

Likewise if someone searched HN for this string he'd find your comment (:


Checked in private keys are fine if they're just used in tests, local development, etc.


Technically fine yes but from a habits and practice standpoint it's safest to stick to a "not ever" rule and work around the limitations.


Checking in fake private keys is fine for testing. Why is it bad, out of principle, just in case you check in bad private key? I think that's a bad argument because there are a lot of benefits to being able to run end-to-end tests with some key.


Care to explain? Keeping private keys inside the repo sounds fine for me as long as these keys are only used for local development, they are rotated regularly and are only valid for localhost (in case of TLS certs).


Not GP: If you make it normal to check in credentials and keys, then the risk of accidentally checking in prod secrets increases. It's basically making it comfortable for devs to deal with keys in repos and I think that's inherently dangerous.


You should be using automated checks to keep credentials out of your repo, not relying on individual developers. And those checks can have explicit exceptions for known safe/public/test keys, just like you might explicitly allow testing or fake credit card numbers.


yolo


Nothing surprising. The development culture was shit back there.

Though I would expect these keys to be just some stub config values which allowed engineers to quickly run the shit locally.


Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: