ludbb's comments

    Traceback (most recent call last):
      File "/root/routes/game.py", line 395, in get
        audio_filepath = audioSubmission['filepath']
    TypeError: 'NoneType' object is not subscriptable

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/usr/local/lib/python3.6/site-packages/tornado/web.py", line 1467, in _execute
        result = method(*self.path_args, **self.path_kwargs)
      File "/root/routes/game.py", line 445, in get
        user=self.get_current_user().decode('utf-8'),
    AttributeError: 'NoneType' object has no attribute 'decode'

so many wrong things with this..

And I thought I was pessimistic. I must be missing something, how did we go from a faulty code, to KPIs, to Comcast paving the future of the AI?

Dates are available for some objects, see http://stackoverflow.com/a/39930978/1832154 for more details about what is/isn't available.

The issue is a different one, I believe you're considering one specific situation while there are others to ponder. What would happen if someone copy & pasted part of the hash, or had some tool that always reduced that output to the first few digits, or other situations like these, how would you be able to tell that the user was actually after the oldest commit? It seems much easier to indicate there's a problem, a conflict, and let the user solve it.

How does it compare performance-wise?

How do you apply your rules considering what's available today? Which services are you using? It sounds like it would be a big headache to orchestrate the automation among all these different providers.

And who monitors your company monitors? :)

My productivity increases so much when I shutdown chat apps I can only wish people responsible for setting them up at companies would stop for a minute and read this. Only the fact that the app is running is enough to reduce my output since I'll switch to it regularly no matter what.

I'm aware of that but it seems specially interesting that they decided to go with a specific old version of some files. I don't think this kind of decision was ever made public, was it?

The general clean up idea is mentioned all over, but selecting old versions of specific files is not.

Interestingly, looks like LibreSSL avoided the BN_mod_exp bug.

OpenSSL history for crypto/bn/asm/x86_64-mont5.pl can be seen at: https://github.com/openssl/openssl/commits/d73cc256c8e256c32...

LibreSSL is using an old version of that same file found at http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/.... LibreSSL is using a version (possibly with patches on top of it) that is at least before https://github.com/openssl/openssl/commit/cf6d55961cfaa00eb1..., which introduced the bug reported.

BoringSSL patched it here: https://boringssl.googlesource.com/boringssl/+/e701f16bd69b6...

So, why LibreSSL went with a 2+ year old version of that file?

Are the hardware specs available somewhere? Is it possible I'm confusing this with an interface for launching EC2 instances at a premium disguised as being actual dedicated hardware?

I believe the reference is coming from http://docs.ethereum-alarm-clock.com/en/latest/overview.html...:

Guarantees - Will the call happen?

There are no guarantees that your function will be called. The design of this service is meant to provide the proper motivation for calls to be executed, but it is entirely possible that certain calls will be missed due to unforseen circumstances.

About the stats: by "specially about their deployment count and usage over time" I meant the number of certs deployed by cert type (DV, OV, EV) and how has their usage progressed over time? If the second part is not clear, let's say that 5 years ago EV certs represented 2% among issued certs, and today it represents 1.4% -- I'm looking for historic data about this.

Thanks about the warranty clarification, so it only protects you if the /CA/ does something bad to you? In that case wouldn't it possible to sue the entity for, possibly, an even larger sum?

I can't wait to see how this industry will change after LE is fully running -- this is amazing. Are there any stats about the different cert types, specially about their deployment count and usage over time?

One thing I don't understand about the guarantees given by CAs is the one about the warranty, like the "$1,750,000 Warranty" from Comodo. How exactly can they provide that? Or is that some sort of MUST have if you want to partner with an insurance company?

I assume I'm jealous for a project that brings nothing new compared to so many other solutions and still grabs 76 stars (as I write this). It seems, after all, github stars are another way to say "I'm popular" and not so much that a project is good.

Right, my bad, I missed it.

Sure, that correction is correct ;) but it's not mentioned in that section of the mentioned documented. It leads me to believe that the restrictions described do not apply to them.

The more relevant part about passcodes (4 or 6 digits) is described on page 12.

It's not fully specified, but since the PDF mentions "iteration count" then Apple is using some sort of KDF after you enter your PIN to make brute force attacks harder to perform. It also mentions the following delays:

  Delays between passcode attempts
   Attempts       Delay Enforced
    1-4            none
      5            1 minute
      6            5 minutes
    7-8            15 minutes
      9            1 hour

There's also an optional setting you can enable so that after 10 failed consecutive attempts the device's data is wiped.

Is there such a thing as "moving" to another browser for development purposes? You will have to use both at some point, at least for some sanity check.

If you're developing something with React, Chrome will provide a better experience since React dev tools plugin is only available for Chrome. I'm not aware of some tool that is exclusive to Firefox, so I don't have a reason to favor it.

Hey, thank you! So, if I'm understanding this a Swiss-Style <T> is a T that is simple and effective.

Your reply starts by mentioning color palettes based on Swiss design, but is that the case here? It seems colors individually are not part of ITS, but how they are used (and therefore all colors can be used on it, as long as properties of this design philosophy are observed).

I read it as "don't bother with details, just use this thing here that does a lot of other things but happens to have a lib that might do it".

I think it's absolutely a good idea to use battle tested code, but you need at least working knowledge on what you're doing to apply it properly. Same thing applies for crypto in general: you generally don't implement it yourself, you generally use battle tested code, but you need to understand what you're doing. The idea that you can eliminate any of these steps and have something working properly is wishful thinking.