@EmeraldMagus : "Mind sending me some your Burning Wheel stuff for formatting?"
Me: *sends over 6000 words of tables...*
Me: *sends over 6000 words of tables...*
Markdown is a tool specifically designed to harm the brain of a programmer
It's 100% syntax and valuable syntactic data - but it's also it's supposed to be an informal grammar, and programmers can't handle it
It's 100% syntax and valuable syntactic data - but it's also it's supposed to be an informal grammar, and programmers can't handle it
Most people are more likely to lose authenticator tokens (their phone, their yubikey) than be hacked by a sophisticated attacker
Password manager 2FA and SMS 2FA solves the threat model that most people live in
(Organizational security has a far different threat model)
Password manager 2FA and SMS 2FA solves the threat model that most people live in
(Organizational security has a far different threat model)
@silverwizard But cloud password managers are likely to be hacked as well ๐
silverwizard likes this.
@silverwizard A second LastPass, but some SMS 2FA attack vectors donโt require you to lose your phone number, so Iโm partial.
silverwizard likes this.
Oh, no - attacking SMS 2FA is easy to just SIM hijack
I am talking about getting locked out because you accidentally lost your auth app
I am talking about getting locked out because you accidentally lost your auth app
@silverwizard Still LastPass, these days losing a *phone number* is pretty hard to do.
silverwizard likes this.
That's what I'm saying
You won't lose your phone number for SMS or password manager
Whereas losing a phone with an TOTP authenticator setup or losing a yubikey is pretty simple
You won't lose your phone number for SMS or password manager
Whereas losing a phone with an TOTP authenticator setup or losing a yubikey is pretty simple
Hypolite Petovan likes this.
So far, every service for which I've registered TOTP (Twitter, Facebook, Mastodon) has offered recovery codes in case I lose my TOTP device. Surely that mitigates @silverwizard 's loss model.
@hypolite
@hypolite
And I keep my paasword manager DB on several devices. Does that make me as weird as @silverwizard ?
@hypolite
@hypolite
@silverwizard What's TOTO? I have a KeePass TOTP plugin that I use as the truth source for all my TOTP tokens. Based on the seed it can generate a QR code that token apps can read.
Also - I am a terrible example because I have a backup yubikey to sign up two tokens
like this
Mostly I find myself weirded out by people acting like authenticator apps are high friction in comparison to SMS 2FA. The user experience of "hopefully the code arrives quickly" makes it just that bit unpleasant even when they often *do* come promptly. (Yubikeys have a very obvious $$ barrier to being the norm for individuals.)
silverwizard likes this.
Yeah, I just only have the option of Google TOTP which squicks me, or Yubico TOTP which needs a key, so uh, kinda fails the access test
But also - I am *far* more likely to lose a phone than by hit by SIM swapping (to be clear - only because I'm a dumbass)
But also - I am *far* more likely to lose a phone than by hit by SIM swapping (to be clear - only because I'm a dumbass)
Yeah, most of my TOTP tokens are mirrored across my Yubikeys largely to save headaches when changing phones. I have one on Entrust's app that I can't do that with and the couple of times I've had to move it were a pain finding the instructions again.
But using Yubico TOTP also basically primed me for "password manager TOTP is functionally the same as Google TOTP but with the convenience of device portability"
But using Yubico TOTP also basically primed me for "password manager TOTP is functionally the same as Google TOTP but with the convenience of device portability"
silverwizard likes this.
Well, the issue most people have with password manager TOTP is that then if your password manager is compromised, then your password is
And the answer to that is "it's complicated" - but yeah - in a perfect world we'd all have two security keys, and one is kept in a secure location and one is kept in a wallet/keychain - but that's not feasible (says the man with that)
And the answer to that is "it's complicated" - but yeah - in a perfect world we'd all have two security keys, and one is kept in a secure location and one is kept in a wallet/keychain - but that's not feasible (says the man with that)
@โ
w chance of bears Although for authenticator apps, the high friction comes when the device where tokens are installed disappears for some reason (repairs, theft, replacement). Then the real uphill battle starts.
silverwizard likes this.
My son asked to watch a song with a video about a train, so I put on a song about a train, and he's like "Why are there lions?"
I dummyed a variable for integration testing of our pipelines
And it turns out it silently failed *lint* in the *build stage*, not a prelinter
Pipielines were a mistake
And it turns out it silently failed *lint* in the *build stage*, not a prelinter
Pipielines were a mistake
i went absolutely apeshit on a linter two months ago:
it barfed up a message like "you are adding elements to this array in a fixed-size loop, preallocate space for it first" for some test setup code that was like,
for (int i = 0; i < 1000; i++) { vector.emplace(blah blah); }
so the guy fixing all this linter garbage typoed
vector.resize(1000);
instead of
vector.reserve(1000);
so a bunch of unit tests were now using a homogeneous pile of default-constructed elements
โฆ
it barfed up a message like "you are adding elements to this array in a fixed-size loop, preallocate space for it first" for some test setup code that was like,
for (int i = 0; i < 1000; i++) { vector.emplace(blah blah); }
so the guy fixing all this linter garbage typoed
vector.resize(1000);
instead of
vector.reserve(1000);
so a bunch of unit tests were now using a homogeneous pile of default-constructed elements
โฆ
silverwizard likes this.
โฆ
does the linter warn you about "hey, you have a big vector of identical default-constructed elements and then you added 1000 actual randomized test objects to it that none of your code will ever touch?" โ no, of course not, that's too complicated for it
ยฏ\_(ใ)_/ยฏ
does the linter warn you about "hey, you have a big vector of identical default-constructed elements and then you added 1000 actual randomized test objects to it that none of your code will ever touch?" โ no, of course not, that's too complicated for it
ยฏ\_(ใ)_/ยฏ
silverwizard likes this.
Yeah - computers can't read code - and the people writing linters suck - it's hard - I think they're a net good - but seriously - they get in the way so often
yeah, a net benefit but certainly less useful โ and, ime, less trustworthy โ than "-Wall -Werror"
silverwizard likes this.
I mean - a compiler warning and a linter is definitely similar.
But yeah - the compiler will usually say "you're an idiot, but I'll allow it' instead of "fuck off and rewrite it"
But yeah - the compiler will usually say "you're an idiot, but I'll allow it' instead of "fuck off and rewrite it"
I get why the linter said it - but - horrible - these are both *good* uses for a linter - but fuck - that shouldn't have passed review.
But - seriously - make the linter not dumb, and make it make suggestions if it has some.
Also - why the fuck are they populating a vector with a loop?!
But - seriously - make the linter not dumb, and make it make suggestions if it has some.
Also - why the fuck are they populating a vector with a loop?!
the actual code is more like
for (blah blah) {
// do some rng shit to make a funny object and maybe connect it to some other objects
vector.emplace(blah blah);
}
for (blah blah) {
// do some rng shit to make a funny object and maybe connect it to some other objects
vector.emplace(blah blah);
}
silverwizard likes this.
Reading raw HTTP requests and just finding dozens of font faces and a full copy of a PDF viewer flying by me
Hypolite Petovan likes this.
Alex P. ๐น reshared this.
https://www.youtube.com/@any_austin this youtuber is rapidly becoming a non-trivial portion of my media diet
But only the series where he does an employment survey of a video game, and then does a report on it - and - uh - what an ideal gimmick
But only the series where he does an employment survey of a video game, and then does a report on it - and - uh - what an ideal gimmick
https://www.youtube.com/watch?v=fXs4F1zUayU just slowly falling apart trying to figure out what employment means "The thieves are taking money from people... but I guess that's any job..."
Hey Google - since you're fucking morons who don't know what AI is - why don't you just buy some lawmakers and get them to fine/imprison people for making horrible shitty AI a part of an app. Kill Microsoft and take the dumb shit offline!
Lorraine Lee likes this.
Oh no! Two days ago I was the *email expert* but now I'm apparently the *not getting in the spam folder* expert - and those are way different
silverwizard likes this.
I work at a place where everyone gets hyped about AI stuff, and I go "Hey - here's some concerns around data governance" and during the same meeting, the very hype product team agreed to change directions, began brainstorming new ideas, and killed the plans that I had concerns about.
Damn, this is amazing
Damn, this is amazing
Hypolite Petovan likes this.
FoolishOwl reshared this.
Fuck prescriptivist linguistics, I believe that anything I say is what I mean and what I say means what I think it does!
It's all psychosemantic
It's all psychosemantic
like this
Jay Hannah reshared this.
Iโve had good experiences with Drains R Us. Iโve used them a few times (renovations + general plumbing support calls).
silverwizard likes this.
Muppets RPG Noodling:
So the GM is playing the character who wants the episode to work. They (secretly) set a list of segments that need to happen. Your goal is to successfully do all these scenes.
Everyone else creates a character, that character has a goal (I think 2-3 would be correct), something they want to happen in the episode. Typically this is gonna be like, flirt with a guest star, manage to do a song, or whatever.
You may generate a guest star once all this is together.
Use some sort of tooling to allow people to take the scene and control it, use a Baron Munchhausen style story-stick game, but probably with some Drama System style stuff to get the game flowing. The GM sets each scene, but then the player whose "turn" it is has *control* and needs to try to accomplish their goals or complete the scene. At the end of the scene, do some sort of Fiasco-style "success" ceremony.
At the end of the game, if the GM succeeded at making most of the scene "succeed", then you move on. Otherwise you take a cancellation point. When you have a pre-determined number of cancellation points, the campaign is over.
If a player accomplishes their goals, they get a star power, which can probably be used in the Drama System style stuff above, or just generally used for bragging points when the series is finally cancelled.
Alternate arrangement would be to use Budget in place of cancellation points.
#Muppets #TTRPG
So the GM is playing the character who wants the episode to work. They (secretly) set a list of segments that need to happen. Your goal is to successfully do all these scenes.
Everyone else creates a character, that character has a goal (I think 2-3 would be correct), something they want to happen in the episode. Typically this is gonna be like, flirt with a guest star, manage to do a song, or whatever.
You may generate a guest star once all this is together.
Use some sort of tooling to allow people to take the scene and control it, use a Baron Munchhausen style story-stick game, but probably with some Drama System style stuff to get the game flowing. The GM sets each scene, but then the player whose "turn" it is has *control* and needs to try to accomplish their goals or complete the scene. At the end of the scene, do some sort of Fiasco-style "success" ceremony.
At the end of the game, if the GM succeeded at making most of the scene "succeed", then you move on. Otherwise you take a cancellation point. When you have a pre-determined number of cancellation points, the campaign is over.
If a player accomplishes their goals, they get a star power, which can probably be used in the Drama System style stuff above, or just generally used for bragging points when the series is finally cancelled.
Alternate arrangement would be to use Budget in place of cancellation points.
#Muppets #TTRPG
EmeraldMagus likes this.
Meetings about email and DNS all morning, next it's a meeting about pentesting
I feel like i'm doing this "Hacker Lead" thing right
I feel like i'm doing this "Hacker Lead" thing right
Hypolite Petovan likes this.
Whenever I make an object in our cloud that I don't think is gonna be long lived, I just called it "DeleteMeAfterFeb2023" and it is... very nice.
I just found a random token in our environment and was like "fuuuuuuck gonna take forever to track". And then it had the comment "If you see this after April 2022, delete it"
And, thanks past me
I just found a random token in our environment and was like "fuuuuuuck gonna take forever to track". And then it had the comment "If you see this after April 2022, delete it"
And, thanks past me
reshared this
So Mastodon recently made a change where if you click on someone's profile and view it, and then click follow, you get told "fuck off to your own damn instance and just search you idiot"
Whereas the Mastodon expectation is that I've specifically viewed the profile of everyone I click the follow button for.
I'm not sure why the mastodon community has opted for maximum friction for their preferred workflow.
Whereas the Mastodon expectation is that I've specifically viewed the profile of everyone I click the follow button for.
I'm not sure why the mastodon community has opted for maximum friction for their preferred workflow.
@silverwizard I always want to check what they post before I follow them. This works when doing it from a post or comment, though you need to skip the first tow options. But from a contact request, the option isn't there as far as I can tell. I keep trying to look for them and I only run into all the wrong options there.
This entry was edited (1 year ago)
One of the things about people being bad actors with APIs is that APIs are a way to make automations more polite, and work on your terms. They are contract.
Twitter is basically WotC and the OGL right now. They want you to pay microtransactions in order to do something you can legally do, but they could, in theory, make take *slightly* more work.
Well, ok, twitter wants macrotransactions
Twitter is basically WotC and the OGL right now. They want you to pay microtransactions in order to do something you can legally do, but they could, in theory, make take *slightly* more work.
Well, ok, twitter wants macrotransactions
Hypolite Petovan likes this.
So I knew this song as a kid. And I cannot find any evidence it exists online *except this website*
I've got a memory of finding a youtube video of one person sing it
Does this weirdness live in anyone else's memory?
https://dragon.sleepdeprived.ca/songbook/songs3/S3_80.htm
I've got a memory of finding a youtube video of one person sing it
Does this weirdness live in anyone else's memory?
https://dragon.sleepdeprived.ca/songbook/songs3/S3_80.htm
silverwizard reshared this.
I describe NPC body language as giving away vibes *a lot*
Like, the PCs say a bunch and I go "She scowls and seems disbelieving but doesn't speak"
Or "She replies " that makes sense", obviously not believing that"
I realize I don't know if I see that elsewhere.
#TTRPG
Like, the PCs say a bunch and I go "She scowls and seems disbelieving but doesn't speak"
Or "She replies " that makes sense", obviously not believing that"
I realize I don't know if I see that elsewhere.
#TTRPG
reshared this
Hmm, this inspires me to put a body language cheatsheet into my GM screen!
https://www.writerswrite.co.za/cheat-sheets-for-writing-body-language/
https://www.writerswrite.co.za/cheat-sheets-for-writing-body-language/
Cheat Sheets For Writing Body Language - Writers Write
Writers Write is your one-stop writing resource. Use these cheat sheets to help you show a character's state of mind when you're writing body language.Writers Write
https://www.youtube.com/watch?v=zwBjfQPuhFA
The question on everyone's mind today
The question on everyone's mind today
Where Do They Make Balloons?
Provided to YouTube by The Orchard EnterprisesWhere Do They Make Balloons? ยท They Might Be Giants (For Kids)No!โ 2013 Idlewild RecordingsReleased on: 2002-06...YouTube
Awwwww, they shot it because they thought balloons were from the same place as spaghetti
Someone just used the words "tinder box" in the context of tech things.
And my first thought wasn't "thing that burns" but something much worse
And my first thought wasn't "thing that burns" but something much worse
silverwizard
If you wanna use WASM as a compilation target, why not use Excel? It's used in more places and serious workflows!