WingNews logo WingNews GitHub [2]

whymarrh's comments

whymarrh | 1 year ago | on: Leaking the email of any YouTube user for $10k

I don't think this is a useful comparison. This is Google's bug with Google's software vs. Project Zero's discoveries are (as I understand them) typically in software used by multiple people and thus there's a higher urgency to fix them.

whymarrh | 4 years ago | on: LastPass users warned their master passwords are compromised

1Password's cloud offering architecture has a few important distinctions from other offerings. Namely the use of a password authenticated key exchange (PAKE) and a "Secret Key" that is never transmitted to 1Password servers. [1, 2] If you ultimately trust the app for local vaults, there's a case for extending that trust to the cloud offering.

[1]: https://blog.1password.com/what-the-secret-key-does/

[2]: https://old.reddit.com/r/1Password/comments/rp8t02/security_...

whymarrh | 4 years ago | on: Web3 is not Decentralisation – it’s a Ploy to put Crypto Bros in Charge

And what does this revocation accomplish? The app still has your unique address. This revocation is simply "don't log me in next time." You still need to use the app to delete any data, if that's even possible (highly-dependent on the app). This is no different than going to your GitHub account (in the parent comment's example and revoking https://docs.github.com/en/authentication/keeping-your-accou...).

I don't disagree that having a keypair on the client for authentication is a cool idea, but it's hardly specific to "Web3" (e.g. https://developer.apple.com/documentation/authenticationserv...).

whymarrh | 4 years ago | on: Web3 is not Decentralisation – it’s a Ploy to put Crypto Bros in Charge

> Web3 is by far the easiest way to provide auth to a web app right now

Easiest by what measure? As I understand it, few browsers (read: only one or two) have built in wallets and outside of that the UX for this auth isn’t great. It’s hard to see how this is better/easier to use than existing OIDC/"Sign In With X" solutions.

whymarrh | 4 years ago | on: Gitlab from YC to IPO

Yeah they’re similar feature-wise but the communities that exists on GitHub vs. GitLab aren’t remotely comparable.

whymarrh | 4 years ago | on: Manifest v3 Update

There could be a simple explanation for this: Mozilla has its own browser stack whereas Edge is Chrome.

whymarrh | 4 years ago | on: “I Could Rewrite Curl”

> Let's be honest here. Curl to 98% of people is http/1 requests with some post params and maybe json body, with some custom headers.

100%, that's why we see so many smaller projects pop up (on GitHub and the like) that support basically just this. No shade to those projects, improving the UI for this subset is a worthy cause, it's just not anything near cURL.

whymarrh | 5 years ago | on: How does Awk ' a[$0]++' work?

> I was surprised that "Awk '!a[$0]++'" works too (on Mac at least). If I "ls Awk" in \usr\bin, it says Awk is there. If I "ls awk" it says awk is also there—but it seems they're the same file, and it's only pretending Awk is a file. AWK also... I never noticed that before!

I presume this is a side-effect of the macOS default filesystem being case-insensitive. I'm running macOS with a case-sensitive fs and that does not work:

    $ awk
    usage: awk [-F fs] [-v var=value] [-f progfile | 'prog'] [file ...]

    $ Awk
    -bash: Awk: command not found
This default is a topic of great debate.

whymarrh | 5 years ago | on: Crypto and NFTs are a absolute disaster for so many more reasons than ecological

There are platforms that don't use PoW that are becoming quite popular. The NBA's Top Shot platform is built [on Flow](https://www.onflow.org/primer) which does not use PoW.

I'm not making _any_ claim about the worthiness/sustainability of the platform, just that it is what is being used. The list of "communities" on the Flow landing page suggests that it's being considered for a couple of high-profile platforms.

> today when you sell crypto art it's PoW.

I think more specifically when you sell crypto art on a platform that uses PoW, which makes this sentence a truism.

page 1
more