HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ongy

no profile record

comments

ongy
·9 dagen geleden·discuss
I tried to find something definitive, but it would take more time than I have right now. So to some degree this is assumptions, though generalized.

* Does the site know who the user is: No. That's the entire purpose here.

* Does the site know who the attestor is: Yes, they need to validate asymmetric crypto on the proof, so they need a list of public keys (which they can attach attestor identity to).

* Does the attestor know what kind of content I want to visit: They should not. With the JWT you can validate without telling the attestor which user's proof you validate. OTOH, if there's some "is this one revoked" type of API one could easily re-introduce such an information channel on accident.

* does the attestor know who the user is: Yes (or at least have some bits of information about you they are willing to attest to others. In practice assume it's Google/Apple/MS with information associated with your account, or your bank or ...)

* Does the user always know site/attestor: From a technical perspective yes. From a practical human one... doubtful.

--Googler, though far removed from this project, so no internal knowledge.
ongy
·vorige maand·discuss
Gotta admit, I was expecting some hiring/Social biases topic.

This was quite interesting though. Surprised to see it work so well on a real example.
ongy
·vorige maand·discuss
I have the Framework 12".

It's hard to justify the price unless you put value to Framework's gimmicks and mission.

There's no illusion that I'm not paying extra to vote with my wallet for sustainability. And I'm on with that.
ongy
·2 maanden geleden·discuss
In my university times I wrote a library (to help with some homework we gave students) that calculated the CRC32 for ethernet.

Which worked well unless compiled with `strict-aliasing` gcc optimizations enabled...

Just writing UDP RFC compliant code doesn't protect you from running into annoying behavior with your programming language of choice...
ongy
·3 maanden geleden·discuss
I think you are talking about colocation, which is slightly different than the `jj git push` `jj git fetch` type commands.

Colocation has its uses bit is a bit finicky. The push/pull compatibility works perfectly fine (with some caveats of github being broken that can be worked around).
ongy
·3 maanden geleden·discuss
It's the third attempt of building the mono repo.

But not the 3rd mono repo on the same technology to avoid some scaling limit.
ongy
·4 maanden geleden·discuss
Crypto wise, fips is outdated but not horrible.

Actual fips compliant (certified) gives you confidence in some basic competence of the solution.

Just fips compatible (i.e. picking algos that could be fips compliant) is generally neutral to negative.

I'm not 100% up to date, so that might have changed, but AEAD used to be easier if you don't follow fips than fips compatible. Still possible, but more foot guns due to regulatory lag in techniques.

Overall, IMO the other top-level comment of "only fips if you have pencil pusher benefit" applies.
ongy
·4 maanden geleden·discuss
I'm aware. I'm worried we'll get an Aussie customer at work and I have to fix their access to our systems...

Granted, we already have US/EU/Asia as distinct regions. AUS would just make fail over even worse.
ongy
·4 maanden geleden·discuss
Smack center of Europe (southern Germany) Got >100ms pings.
ongy
·4 maanden geleden·discuss
I love fastmail, but I really wish they had servers close to me.

The high ping kills the throughput on davfs and makes their website hosting a pain to update :(
ongy
·5 maanden geleden·discuss
Your pseudo XML seems quite broken, since the supposed git style doesn't close the parent at all.

But the git directory entry contains: * a type (this one is quite limited, so I'm not sure how well that could be (ab)used * a name * a pointer to the content

Which is exaclty what an AST entry has.
ongy
·5 maanden geleden·discuss
the git server would continue to work.

The cli really isn't the greatest either way. But there's lots of infrastructure to make the sharing work reasonably well.
ongy
·5 maanden geleden·discuss
An AST is a tree as much as the directory structure currently encoded in git.

It shouldn't be hard to build a bijective mapping between a file system and AST.
ongy
·5 maanden geleden·discuss
Why do you think it has too many children? If we are talking direct descendents, I have seen way larger directories in file systems (git managed) than I've ever seen in an AST.

I don't think there's a limit in git. The structure might be a bit deep for git and thus some things might be unoptimized, but the shape is the same.

Tree.
ongy
·5 maanden geleden·discuss
That black hole behavior is a result of corporate processes though.

Not a result of git.

Business continuity (no uncontrolled external dependencies) and corporate security teams wanting to be able to scan everything. Also wanting to update everyone's dependencies when they backport something.

Once you got those requirements, most of the benefits of multi-repo / roundtripping over releases just don't hold anymore.

The entanglement can be stronger, but if teams build clean APIs it's no harder than removing it from a cluster of individual repositories. That might be a pretty load bearing if though.
ongy
·5 maanden geleden·discuss
What issues do you see in git's data model to abandon it as wire format for syncing?
ongy
·5 maanden geleden·discuss
Which either allows to use a fingerprint of the signing key to be used for the same.

Or would open the system up to the originally posted attack of providing ~an open relay.
ongy
·5 maanden geleden·discuss
Ahh. The not-quite-a-hotel. I don't think I ever used them.
ongy
·5 maanden geleden·discuss
How does that prevent the ID service from discovering which services you use it for?
ongy
·5 maanden geleden·discuss
You could do some scheme that hashes a site specific identifier with an identifier on the smart element of the id.

If that ever repeats, the same I'd was used twice. At the same time, the site ID would act as salt to prevent simple matching between services.