Jenna Magius @jennamagius@octodon.social
There can and should be such a thing as a free lunch.
I found the interface for putting title text on images! It's invisible unless you mouse-over so I didn't know where it was.
That could be made a little more obvious.
Wait, THAT's what comments are for.
This is FEWER THAN I WAS PROMISED.
(via https://docs.rs/termion/1.5.1/termion/color/struct.AnsiValue.html )
That's a good reason to prefer public key auth to password auth in SSH.
I am told that SSH _doesn't_ roll over and spill everything for no reason with bad host keys on public key auth.
That is very good news.
(To be clear, you extremely still do host keys. You just don't roll over & give away cleartext if someone's sloppy with 'em one time.)
I'm on my third ground-up rewrite because I keep learning fucktons of shit every time I rewrite it and it keeps getting better and better.
Also you should be able to do inline file transfers from an ssh session without reauthenticating.
And like... memory safety, I guess >.>
Also because port is -p in ssh and -P in scp and scp doesn't take flags after positional arguments, so basically burn it all to the fucking ground.
So basically I'm writing a ground up OpenSSH replacement (with my own protocol) because hanging your entire security model on "People will probably do a good job verifying TOFU host keys" is absurd when it is so possible to do very good password authenticated key exchange without storing any more password-equivalent data than hosts already do,
I'm so glad I'm never going to program C again.
Rust is... good.
Tired: "Comments are for helping other people understand your code"
Wired: "Comments are for littering your codebase with '// TODO:'s you might grep for some day."
I'm not convinced.
Wikipedia's like
"Uh.. a fucking TCP header could be AD or some shit??? 'cause like... routers need to see it?? But you want to be able to verify that nobody fucked with it???"
I understand that AEAD is sick because it makes you get your HMAC shit right. I'm all about it.
But... why... associated data? Who would associate data. When would associated data.
Just... fucking encrypt it????
"accept() first appeared in 4.2BSD" "getpeername() first appeared in 4.2BSD"
Why the fuckass does TcpListener return a (TcpStream, SocketAddr).
The remote addr is baked into the TcpStream. You can just get it... at any time.
And like, I get that this comes from the Berkeley sockets API, but why the hell was the Berkeley sockets API even like this?
I didn't find out about it until I was just reading about every crate on crates.io in most downloaded order.
IT'S SOMETHING PEOPLE SHOULD KNOW ABOUT.
