laggyluke's comments

laggyluke | 5 years ago | on: Rebuilding our tech stack for the new facebook.com

> Duct tape on top of abstractions on top of duct tape in order to make a document platform behave like an application platform. Isn't it time to just replace web browsers with something that doesn't suck?

Be careful what you wish for. You just described native mobile apps.

laggyluke | 6 years ago | on: First look at Apple/Google contact tracing framework

> Once covid19 goes away (if ever), and a new virus appears, NO ONE will have that app turned on, and by then, the new virus will have spread just like covid19.

Devil's advocate: so why not just keep the app running forever in the background?

If there's no virus to report - that's fine.

But the moment a new outbreak starts, the data is already there, you just have to report that you're sick.

laggyluke | 6 years ago | on: Let's Encrypt certificate issuance was down

Is your cron, by any chance, configured to run on every first day of month at midnight?

laggyluke | 7 years ago | on: AMP pages displaying your own domain

But if the comment was, say, digitally signed, on the other hand... ;)

laggyluke | 7 years ago | on: The creation of the io.latency block I/O controller

What would you do instead?

laggyluke | 7 years ago | on: The Illustrated TLS 1.3 Connection: Every Byte Explained

Hopefully efforts like this will make further ossification harder:

https://www.ietf.org/mail-archive/web/tls/current/msg26385.h...

laggyluke | 7 years ago | on: Tell HN: Using Gmail? You will be force logged into Chrome

> Is that hurting anyone?

It's actually hurting me: I'd like to be able to sign into YouTube on an untrusted device without signing into Gmail at the same time.

laggyluke | 7 years ago | on: Microsoft has sunk a data centre in the sea to investigate energy efficiency

I doubt they're going to use fans if they are pumping the air out of the thing.

laggyluke | 7 years ago | on: Insider Attack Resistance

What problem would it solve?

laggyluke | 8 years ago | on: GrayKey iPhone unlocker poses serious security concerns

If you're not trusting your phone, is there a different kind of computing device that you trust?

laggyluke | 8 years ago | on: Termux: terminal emulator and Debian-style userland as an Android app

I have a complete opposite feelings: mobile apps are actually sandboxed, modern phones have secure elements in hardware and the attack surface itself is pretty limited.

On the other hand, there's virtually no sandboxing on your laptop. As software developers, we pull random code from the internet all the time and it's generally trivial to steal every secret that your user has access to (https://xkcd.com/1200/)

Personally I'm not worried about baseband processor (or Intel ME) owning my device. I'm more worried about some random malware installing a keylogger and/or stealing my whole LastPass database. This would be virtually impossible on mobile, but is relatively trivial on laptop.

laggyluke | 8 years ago | on: Node v8.1.2

You do realize that implementing promises is a prerequisite for async/await, right?

laggyluke | 9 years ago | on: Cyanogen services shutting down

The only model released with CyanogenOS was OnePlus One.

laggyluke | 9 years ago | on: Webcams used to attack Reddit and Twitter recalled

I can imagine having a vulnerable webcam is a huge privacy risk too.

laggyluke | 9 years ago | on: Chinese CA WoSign faces revocation after possibly issuing fake certificates

I believe this is done by not accepting any certificate issued past date X. This way the old certificates keep working, while the new ones don't.

laggyluke | 9 years ago | on: Curl and http/2 on Mac

For those who came here looking for the actual brew commands:

    brew install curl --with-nghttp2 --with-openssl
    brew link curl --force

You can also use --with-libressl instead of --with-openssl if you prefer LibreSSL.

laggyluke | 9 years ago | on: The future is fewer people writing code?

Text can be version controlled and diffed.

laggyluke | 10 years ago | on: I stayed in a hotel with Android lightswitches and it was as bad as you'd think

If it's a true IoT, people might not really have a choice ;)

laggyluke | 10 years ago | on: UBlock Origin

You might like these options: https://cloudup.com/cJeKg7Zljwa

laggyluke | 10 years ago | on: Show HN: Kvpbase – a new way for developers to store data

You might want to reconsider your Node.js callback API. The standard way of returning errors is via the first argument :

    callback(err, data)

while you suggest doing it like this:

    callback(data, err)

Apart from being an eyesore, it breaks compatibility with a ton of third-party libs like `caolan/async`.