Search results

Maybe he saw this announcement: View: https://www.reddit.com/r/ClaudeAI/comments/1qqtmct/academic_quote_extractor_cli_tool_for_pulling/ There's lots of promises of only verbatim text and no hallucination, and it does run on Claude Code. And it's very new, so it's perfect for an AI journalist...

This buckle is hand-made in America, using traditional methods. That's worth something! And some notes: 1. The picture above isn't some model, it's the gentleman who makes the buckle. 2. The belt is a $34 add-on if you buy the buckle. I'm only a naturalized Texan, who doesn't own a truck and...

I'm going to be charitable here and say that it's because Smart Card is standardized and good security. It's better than a phishable TOTP, and don't get me started on SMS codes! Smart Card is cheap, whether it's a real Smart Card on a lanyard, a Yubikey, or the TPM-protected virtual Smart Card...

The certificates aren't missing any required information. You can see the most recent bad one here: Certificate Transparency Link The reason it's almost certainly mis-issued is all the other data is wrong for Cloudflare (which owns 1.1.1.1). For instance, the organization name...

Debian is great - even when they make changes they almost never prevent you from using the old way. The only thing that changed was a line in my notes for installing new computers: From repository, install: net-tools (contains ipconfig and route, etc) cron-apt (probably - this runs a nightly...

I can't believe this part: That's the same excuse the Russians kept giving when Soyuz and Progress kept getting coolant leaks in the same place. Them pesky micrometeorites always pick on poor Roscosmos and Boeing!

And as an example of why you want something like security keys and passkeys (unphishable and strongly tied to the browser): https://krebsonsecurity.com/2024/12/how-to-lose-a-fortune-with-just-one-bad-click/ Read that and think about whether any other type of authentication mechanism would have...

If you're using an on-premises Active Directory, you should ignore passkeys and go straight to smartcards. It was the original secure auth mechanism and it's still the best. You can trust only certificates you issue and you know the private key can't be leaked. And because you issue the cards...

Wow, the extra characters don't even show up in Web Developer Tools, when looking at the response in Raw format. I had to save the file and examine it in Vim to see the extra characters. People can certainly do malicious things with this. It's worse than the punycode exploits people were...

This is pretty good! A custom Faraday cage would be a great feature for a key that you couldn't replace for whatever reason. The other thing that we should take from this is if you're a site owner, you should rate limit successful logins as well as failures. That would minimize the risk that...

However, Yubikey 4 supports U2F, the previous FIDO standard for security dongles used as a 2nd factor. That still uses elliptic curve cryptography, so is likely vulnerable to the same attacks as the Yubikey 5, which is really only permanently vulnerable to FIDO2. (If you're using them as smart...

This is really important! Don't just go somewhere to see the eclipse, go somewhere near and check the cloud cover maps the morning of the eclipse. Pack a lunch and drive to clear skies; bring a chair and hang around and relax with friends and family. I don't know if Eric is planning a...

And if all your access is through the proxy, you get a nice side benefit - HTTP-01 validation becomes trivial. Just put your acme client on the same machine as the proxy and give all port 80 requests to certbot (or else just share the port 80 /.well-known directory for all websites). You can...

It's by no means a perfect analogy but it's close enough that I don't think the decision is obvious. . In the current cases, you have a state law that purports to give an affirmative speech right allowing people to "enter" the social media platforms that are ostensibly open to the public so they...

Be careful of that argument - the Supreme Court has held that a state law (in this case the California Constitution) can allow a group to exercise First Amendment rights on private property, even though the First Amendment doesn't directly apply to the mall owner. The law is not mathematics -...

The corporate version of GPG encryption for email is S/MIME, and it's absolutely trivial today to run your own PKI for your company, cut a keypair for every employee and stick it on a Yubikey. Then everyone can sign their emails with a single button click and you will know that the email was...

Yes, please! Ars is uniquely suited to benchmarking consumer AI workloads, too, even if it means farming out a graph to Benj Edwards. I'd love to see a runtime-to-generate-barbarian-in-front-of-tv benchmark as well as what models can run on different cards and their embedded RAM.

Yes, in an era where everything is a website using a blob of Javascript, it's easy to make a widget that sends back the same number of bytes to a specific Twitch router that drops all the data it receives. If you want to be accurate, you can make people log in and make sure you only send the...

Those numbers are listed as "TickCount" in the logs. date --utc --date @1577524171 Sat 28 Dec 2019 09:09:31 AM UTC date --utc --date @1577824171 Tue 31 Dec 2019 08:29:31 PM UTC Those aren't the dates that the clock gets set to afterwards. The actual time that get set is has an epoch: date...