• 4 Post
  • 135 Comment
Joined 1Y ago
Cake day: May 28, 2020


Good post, even if dated, things are still very relevant.

MS is still using BOMs and UCS-2 for most things (including queries and strings in SQL Server!), Java uses UCS-2 for strings in memory. Rust uses UTF-8 as the main string type and can convert them to 32bit Unicode code points and back.

I sometimes get CP-1252 encoded events from Windows 2019 Server that I have to convert to UTF-8 before storing in logs DB! I also have lots of old emails encoded in who knows what sequence of encodings.

Plan 9 is all UTF-8 as it is where it was first created/used. Most FLOSS is now using UTF-8 by default or is compatible.

Also same as with HTML the email body can contain encoding header, make sure it is sent before Subject header or things may not render correctly.

A: No, the companies are.

Yes, I and hope the “the day of the Linux desktop” never comes due to this :D Well, you can see what happens where this two does not hold with Linux, just looks at Android and ChromeOS. Would the community jump on the mitigations/sandboxing side of things same way Google did?

Linux is secure thanks to they way it is used and developed. If you change the way it is used the whole security model changes and it would not be as secure as for example Android in the same use cases.

Yeah, would be nice to have some of the mitigations in Linux but in practice these are not needed when you don’t run malware on your system by default and keep the attack surface small. And if you do run malware or have the system full of crazy bloat (just look at the MSHTML exploit) then no amount of sandboxing or hardening is going to help you.

[ytdl_hook] ERROR: Video unavailable
[ytdl_hook] This video contains content from Current TV LLC, who has blocked it in your country on copyright grounds.


Well, they had 10 0-days this year already…

I love how they claim the web to themselves: "an increase in these checks would result in a slower web. "

When you start naming you security oriented data structures “MiraclePtr” hahahahaha… what is next a PrayerPtr, BlessingPtr and then the ArmagedonPtr? :D “Friends at Mozilla” realised that C++ is unfixable a decade ago…

Google pushes to get web apps to be able to get parity with native apps (auto-away in XMPP clients circa 15 years ago?). This will inevitably lead to more security and privacy issues. Google has to do it though as they work they way to get Microsoft down to a role of web browser host where Google owns the web - you don’t need native app any more if you can just use stuff in your browser the same way. So expect more stuff like this…

I use it on my work PC and on VPSes. You can deeply understand the boot process in just few hours of reading the man pages, scripts and even the source code of runit (there is not much of it!) which is very empowering for an advanced user/admin. XBPS is very fast and lean, making your own packages is easy and the templates for that are clean, the process is well documented. Updates are safe to run and having it rolling means that you can avoid doing large migrations; software is fresh and security updates are prompt. People on IRC are helpful and nice. For documentation the basics are on the website, everything else is already documented on Gentoo and Arch wikis anyway. So if you have some skills and want to be in control of your own computing experience there is no better distro than Void Linux IMHO.

Apparently this is how Google Chromecast was supposed to pair with your phone. Also how ads on TV or radio can be tracked from an app.


Have a look at https://www.lyx.org/ for inspiration. It is a content editor with LaTeX for doing the styling and rendering. It is quite complicated and you need to learn some LaTeX if you want to use it to full potential. But if you have to write a research doc or a thesis there is no better tool IMHO.

Yeah, I would say it only makes sense to use a trusted VPN after you did all you could to protect from tracking on your devices. Mullvad did some work on using TPM to create cryptographic prove on what is running on their servers… so there may be a way to have extra transparency on the VPN providers but we are not yet there. So using VPN moves your trust from ISP to the VPN provider. It will also make some sites/services to block you or require extra validation.

Also nobody learned anything from NSO Group/Pegasus apparently… sad.

You would have to be an idiot to use cloud services for such “material”. This is not a move to “save the children” but some political action on part of Apple. Nobody by now should have an illusion that any for-profit company will keep their data safe and private.

Hahaha this is getting ridiculous :D But you got to keep your virtual economy going I guess… Meanwhile China is getting their real economy strong, not sure on what side of conflict I would rather be if it comes to that.

I have been using Void for few years now. For me the best thing is that you can learn how startup/services work and how to build your own packages in just few days. This makes me feel very much in control of the system.

We are doomed in so many ways that it is not funny any more :/

Finally some progress on this front.

Any form of surveillance used by any government will be used primarily for political reasons, against non-criminals. There is no such thing as Good Spyware.

An uncensored interview between the Russian OSINT and REvil operator has popped up in one of the hacking forums today. This is an unedited interview, which was originally released on October 23, 2020, by the Russian OSINT on their YouTube channel…

Intel 11th Gen Intel Core vPro CPUs with support for the Hardware Shield and TDT features will be able to detect ransomware attacks at the hardware level, many layers below antivirus software. …

Website as a document vs an application and the risks related to running the latter on your device…