So some dumbass in my employer's security department apparently wrote a custom secret scanner pattern for github. That just looks for anything assigning to a variable called (or presumably ending with) password, regardless of whether it's a constant or not... It tripped on some python library code (long story on why that ended up committed in the repo instead of using requirements.txt) that was passing a variable called 'password' to a named parameter called 'password' (so password=password as far as the regex was concerned). At least that made it trivial to tell that it was a false positive...
I'd hope it was only intended to fire on config files, but since it's blindly running on code with no regards to "is the input to the assignment a constant," this thing's just a noise and busywork generator more than anything else...
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
So apparently firefox released a new ESR version. And at some point in the intervening versions, "fixed" a longstanding "hover tooltips persist after window loses focus" bug. With a fucking sledgehammer. The 'solution' was to completely disable hover tooltips for unfocused windows. And then marked the issue for "uh, people have multiple screens and that now requires an extra click to see hover tooltips, then click back to what they were doing" as a WONTFIX "because none is better than stuck."
Despite the fact that this change breaks over 100 versions of behavior, and also makes firefox work differently than literally every application I know of that uses hover tooltips, and will happily display them when unfocused.
(they also added an annoying dimming affect to the tab bar without an off switch, but that's at least fixable via CSS... Still shows that they give no shits about multiple screens being a thing...)
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
Stupid idea: "Kerberos HSM" for machine credentials and service accounts. Keep the machine credentials locked up inside it, and the machine can use them, but can't extract them. Any HSM that supports the right algos with "raw" operations should work, but a specialized one can potentially handle things more "efficiently"
Also makes it possible to securely distribute service credentials to end machines, without allowing a compromised machine to exfiltrate them (it can still use them, it just can't see them, so once you identify that machine you can isolate it and reroll the service credentials)
=> More informations about this toot | View the thread
Finally got around to setting up postgres "backups." (To a different disk on the same host. rsync to my NAS is TODO) Why does postgres streaming replication not support first-class bandwidth limits... I really don't want to simply throttle the fuck out of it directly with iptables... (I really wish docsis had better upload speeds...)
(Also, it's nice that pg_combinebackup exists, which allows for maintaining a rolling "base backup" for a retention policy, which is useful on small but high-turnover DBs, while still allowing for "every backup send is incremental")
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
I may or may not have been nerd-sniped by lazy math in kyle hill's latest video and may or may not rabbit-hole into hypersonic drag curves at some point in the next 48 hours...
He was off by at least several orders of magnitude because he assumed:
=> More informations about this toot | View the thread
Stupid idea: Screw the treaties, I want a nuclear test Pascal B2. Not to test a new bomb design or anything, but just to see if that goddamn manhole cover actually made it to space.
Unfortunately we have insufficient data on the hypersonic characteristics of manhole-cover-shaped things, so napkin math is usually off by quite a bit more than a "fudge factor" due to that.
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
While looking to improve my personal VN ripper tooling (which is entirely python, with some PIL-compatible C extensions for texture formats) I discovered that the leading public tooling for this particular game is currently written in PHP. Who the fuck writes a bytecode decompiler in PHP?
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
=> More informations about this toot | View the thread
I was just reminded of Linux's monumentally stupid design decision with swap and hibernation, that could be fixed really easily if someone wanted to do it: so you hibernate to a swap partition, right? Perfectly reasonable, since swap's structure is already well-suited for that. The stupidity is how it coexists with normal swap. The partition must be active, which makes sense, but there's no way to reserve space in or 'disable' an active swap partition's use as normal swap. So if you're running Firefox, the high memory load Firefox likes to maintain for cache reasons will quickly chew through swap space, and then you suddenly can't hibernate the machine when you close the lid until you close Firefox. Which also affects "hibernate on low battery" as well.
There is a reason that windows pre-allocates an estimated-size hibernation image, and it's completely separate from the page file...
=> More informations about this toot | View the thread
Switching to a PGP key that actually has a valid-ish email (and for a domain I do control, there's a pgpdns TXT record, although the URI is junk since I don't have a site there yet)
The following if anyone wants to actually check this against my old key: (edit: code-block formatting)
Hash: SHA512
Switching PGP over to 8900D5D4DB0AB41140C4012E379261EFD5FEA871
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEE4IdrRjAm7fl1fFzpCzpMKWkT7JsFAmUBvM4ACgkQCzpMKWkT
7Js2ngf/TRVSS67M+Np9QiXy36g2D1VVmbM8DMNJXS7UqNcDb4AY/u95tyoVZmgL
Y9jsbbTdTTL+VBiqa6RgEp4UuWjIrir6HVOFRAWJfkqu+gxtykOA0Dif69mjUW6t
jvk8/A37aT+f9UGeEdrwPUlbKp0u2U2O/Z3SXFSNkguc4STGH7cZ/f6n2mywa1nP
95382k3p5+/yaGcgW2sXhWvrmyLp852qJNUswjHPMOt3euZjgAPY2MGBTpdkSl+Q
nvsTdMYrf/7qJDAx9g40d/6AMjRAHGhoR85WAF73nl0mntxkCcuOX5g1BO7VK951
A1PvC4OU7hNgJHqR/IR073zbIIVuMQ==
=> Ct1
-----END PGP SIGNATURE-----
=> More informations about this toot | View the thread
=> This profile without reblog | Go to becomethewaifu@tech.lgbt account This content has been proxied by September (3851b).Proxy Information
text/gemini