Lukas
@lxgr.net
Matches my experience completely. It's pretty good at coming up with small/one-off scripts or single-page web apps, OK at working in large existing code bases, but an absolute beast at finding bugs given a detailed description of symptoms and a few pointers.
November 1, 2025 at 6:08 PM
Matches my experience completely. It's pretty good at coming up with small/one-off scripts or single-page web apps, OK at working in large existing code bases, but an absolute beast at finding bugs given a detailed description of symptoms and a few pointers.
Not all OSes allow trusting self-signed certs only for a particular set of hostnames, and if they don't, the associated private key becomes incredibly risky (since anyone getting it would be able to pose as google.com etc. to you as well).
Some OSes don't even have a system-wide trust store at all!
Some OSes don't even have a system-wide trust store at all!
October 29, 2025 at 2:35 PM
Not all OSes allow trusting self-signed certs only for a particular set of hostnames, and if they don't, the associated private key becomes incredibly risky (since anyone getting it would be able to pose as google.com etc. to you as well).
Some OSes don't even have a system-wide trust store at all!
Some OSes don't even have a system-wide trust store at all!
A real shame there’s no mechanism browsers can indicate language preferences to websites, like a request header or something.
Fortunately IP addresses map to user language preferences perfectly.
Fortunately IP addresses map to user language preferences perfectly.
September 7, 2025 at 7:26 AM
A real shame there’s no mechanism browsers can indicate language preferences to websites, like a request header or something.
Fortunately IP addresses map to user language preferences perfectly.
Fortunately IP addresses map to user language preferences perfectly.
Ah, and the other one requires an app to have verified some companion domain and then allows only that as RPID, IIRC?
Thanks for doing all of this, by the way, I hope having a great use case finally convinces Bitwarden to also support PRF :)
Thanks for doing all of this, by the way, I hope having a great use case finally convinces Bitwarden to also support PRF :)
July 16, 2025 at 2:05 AM
Ah, and the other one requires an app to have verified some companion domain and then allows only that as RPID, IIRC?
Thanks for doing all of this, by the way, I hope having a great use case finally convinces Bitwarden to also support PRF :)
Thanks for doing all of this, by the way, I hope having a great use case finally convinces Bitwarden to also support PRF :)
Speaking of that, did your explorations of using the FIDO "backend API" on macOS in CLI tools lead anywhere, or does that still require some browser-only code signing entitlement?
July 16, 2025 at 1:59 AM
Speaking of that, did your explorations of using the FIDO "backend API" on macOS in CLI tools lead anywhere, or does that still require some browser-only code signing entitlement?
It's slightly different from a smart card in that the key inevitably is revealed to the host computer with the PRF extension, but for applications that only use the smartcard for key (un)wrapping it's effectively equivalent.
July 16, 2025 at 1:58 AM
It's slightly different from a smart card in that the key inevitably is revealed to the host computer with the PRF extension, but for applications that only use the smartcard for key (un)wrapping it's effectively equivalent.
I don’t think being a majority holder of voting shares allows you to make decisions that disadvantage minority shareholders. (Otherwise, people would vote for things like “don’t pay any more dividends to these 49% of shareholders” all the time.)
July 14, 2025 at 10:21 PM
I don’t think being a majority holder of voting shares allows you to make decisions that disadvantage minority shareholders. (Otherwise, people would vote for things like “don’t pay any more dividends to these 49% of shareholders” all the time.)
You might be delighted/horrified to learn that the machine-readable zone of ICAO passports encodes all dates as YYMMDD – including the date of birth.
July 14, 2025 at 7:44 PM
You might be delighted/horrified to learn that the machine-readable zone of ICAO passports encodes all dates as YYMMDD – including the date of birth.
Excuse me but deluding myself into thinking I saved everyone some time by monologuing at an intern who didn’t ask any question whatsoever isn’t novelty, that’s a core part of my professional identity
July 11, 2025 at 1:26 AM
Excuse me but deluding myself into thinking I saved everyone some time by monologuing at an intern who didn’t ask any question whatsoever isn’t novelty, that’s a core part of my professional identity
Identity documents supporting interactive cryptographic authentication have been around for decades now (e.g. ICAO 9303 "biometric passports"), and I wouldn't be surprised if some government had a stockpile of a few hundred million ICs that can only do ECDSA and/or RSA as a result 😬
June 30, 2025 at 3:14 PM
Identity documents supporting interactive cryptographic authentication have been around for decades now (e.g. ICAO 9303 "biometric passports"), and I wouldn't be surprised if some government had a stockpile of a few hundred million ICs that can only do ECDSA and/or RSA as a result 😬
Yeah, sending stuff back to their servers would be really unfortunate, especially when newer phones are basically fast enough to just summarize locally.
It's especially weird considering that they're apparently planning to do translation offline/locally: wabetainfo.com/whatsapp-new...
It's especially weird considering that they're apparently planning to do translation offline/locally: wabetainfo.com/whatsapp-new...
WhatsApp news of the week: feature to translate messages and channel updates is available for Android | WABetaInfo
Discover WhatsApp beta news of the week for Android, iOS, and Desktop: message translations, advanced chat privacy, and channel media!
wabetainfo.com
June 24, 2025 at 3:02 AM
Yeah, sending stuff back to their servers would be really unfortunate, especially when newer phones are basically fast enough to just summarize locally.
It's especially weird considering that they're apparently planning to do translation offline/locally: wabetainfo.com/whatsapp-new...
It's especially weird considering that they're apparently planning to do translation offline/locally: wabetainfo.com/whatsapp-new...
Oh, interesting, seems like this is it: wabetainfo.com/whatsapp-bet...
Sounds like it would send stuff server-side. That would be really unfortunate if done without the sender even knowing (but then again, so are unencrypted backups).
Sounds like it would send stuff server-side. That would be really unfortunate if done without the sender even knowing (but then again, so are unencrypted backups).
WhatsApp beta for Android 2.25.19.8: what's new? | WABetaInfo
The WhatsApp beta for Android 2.25.19.8 update previews a new Writing Help feature powered by AI Meta Private Processing to enhance messages.
wabetainfo.com
June 24, 2025 at 2:44 AM
Oh, interesting, seems like this is it: wabetainfo.com/whatsapp-bet...
Sounds like it would send stuff server-side. That would be really unfortunate if done without the sender even knowing (but then again, so are unencrypted backups).
Sounds like it would send stuff server-side. That would be really unfortunate if done without the sender even knowing (but then again, so are unencrypted backups).
It’s not really summarization. You can tag “Meta AI” into any chat, which is just a regular server-side LLM and as such obviously not end-to-end encrypted. This is somewhat explained in a pop up at first use, but obviously people don’t read that.
summarization.you
June 24, 2025 at 2:35 AM
It’s not really summarization. You can tag “Meta AI” into any chat, which is just a regular server-side LLM and as such obviously not end-to-end encrypted. This is somewhat explained in a pop up at first use, but obviously people don’t read that.