As a general rule I install none of these web conferencing things on my machine. Either the browser version works fine, as Google Meet, Zoom, Teams and even WebEx all do, or this is not a meeting I need to be on.

But the attack relied on the target using the browser version

Exactly the same. Moreover my main work machine, the one I call my "workstation", doesn't even have sound. No videos. No meetings from that one. And that's the machine to which the Yubikeys are hooked.

I've got plenty of machines, including that one shitty laptop I trust even less than the rest. Arguably the only way to operate securely is to consider that most devices in your house (and at work) are compromised and hostile, that most networks are trying to fuck you up (for example not HTTP at my home: simply none, it's not allowed) and that they're really out there to get you. And, yet, to have a setup that works.

Same things with my phones: I've got one real phone, with two apps I added to it. Country's mandatory EID app and brokerage's 2FA app. And that's it. Nothing else. Nada. Zilch. One phone, two apps. No email account. Nothing.

Then I've got another phone, with another subscription, where I've got Telegram, that app to see the targets at the shooting range (long distance shooting: there are webcams in front of targets so you can see where you hit), the home automation apps, etc. All those shitty phone apps developped by clueless devs: they go on that phone. The email? Some throwaway email account I don't care about. You can 0-day that phone: I wouldn't give a shit. And I tell people: "My name on Telegram ain't my real name" and they love it. Non-technical people: they begin to understand and they love it.

People are going to need to step up their security game big times now for I think we're in for quite a wild ride.

I know it's bad but I'm not going to say there's not some schadenfreude seeing what happens to those who were calling others "paranoid".

I mean: we're talking about people "quickly installing software (as admin/root)" on their main machine.

The road is going to be long for it's an entire shift of mindset that's now required.

Convenience vs security: you pick. Video call vs major project compromised: you pick.

The vindictive side of me hopes the cybersecurity "rug" is pulled out from underneath all these companies (new & old) who don't appreciate craftsmanship. I don't think we need regulations, but companies need to suffer when they drop the ball

Starting with > Twilio charges around $0.05–0.06 per SMS round-trip

Well - use an dedicated telecom API provider that doesn't squeeze you on pricing uselessly: https://telnyx.com/pricing/messaging

Twilio is the DataDog / Microsoft of telecom APIs. The only reason you buy them is because it's the biggest name, or you have already integrated them so deeply that you're unwilling to rip it out. Their price structure also has a huge floor because they're not a carrier so they have to buy everything from real carriers.

Telnyx is actually a registered carrier so other carriers are forced by law to peer with them at lower prices.

There are other low-cost SMS API providers but AFAIK none are actual carriers and they maintain the cost by only doing messaging and relying on enormous volume to make up for tiny margins - their profitability and therefore longevity are tenuous IMO.

> Telnyx is actually a registered carrier so other carriers are forced by law to peer with them at lower prices.

> There are other low-cost SMS API providers but AFAIK none are actual carriers and they maintain the cost by only doing messaging and relying on enormous volume to make up for tiny margins - their profitability and therefore longevity are tenuous IMO.

Depending on what you're doing, chances are you're better off ignoring everything an aggregator tells you. Measure delivery through actual user measures and cost keep active accounts with multiple providers and shift traffic where the cost/success is best for a given group of users (country/carrier/etc).

All the aggregators will tell you they have global coverage and that they use 100% direct routes, and they're all lieing.

After what twilio did to authy and almost locked me out of my 2fa (and for what benefit to them?) I wouldn't use them if they were the only option

Is it US only?

Prometheus index format is also a big-endian binary file - haven’t found any reference to why it was chosen.

grid-scale batteries are accelerating more rapidly than anyone thought a few years, it’s not really seen as an unsolvable problem anymore

Every major high-throughput database now runs as microservices, not sure why people still act like things just grind to a halt when the network is involved.

High-throughput is not the same thing as low latency. In fact, they're often at odds with each other

I really curious about what the world of archival formats is like - is there consensus? are the most-used formats actually any good and well-supported,and self documenting?

Library of Congress has some well considered recommendations for archival. https://www.loc.gov/preservation/resources/rfs/TOC.html

For web content they recommend gzipped WARC. This is great for retaining the content, but isn’t easy to search or render.

I do WARC dumps then convert those to ZIM for easier access.

the fact that you can just redefine Map in a script is mind boggling

Why? Being able to redefine anything is table stakes in dynamic languages.

You can't assign a value to false, for example, so "anything" isn't everything (Node v22.17.0).

    > false = 4
    false = 4
    ^^^^^
    
    Uncaught SyntaxError: Invalid left-hand side in assignment

Fascinatingly enough though, you can assign a value to NaN. It doesn't stick tho.

    > NaN
    NaN
    > NaN = 42
    42
    > NaN
    NaN
    >

(map behaves as described.)

So? Does being able to do something means you should?

I didn’t say you should. The comment I’m replying to expressed surprise that redefining something is even possible.

I liked Poetry until I went to contribute a bugfix to the codebase and quickly realized it was already an ossified nightmare.

Yeah I’ve added my own site along with 3 others and the PR was merged in an hour.

Honestly the hard part was that a lot of the sites I wanted to submit were already there!

I strongly prefer this sort of code:

```

    fn does_a_many_step_process():

         first_step_result_which_is_not_tied_to_details_internal_to_the_step_implementation = well_named_first_step_which_encapsulates_concerns();



        second_step_result_in_same_manner = well_named_second_step_which_encapsulates_concerns();

  ...etc

} ```

The logic of process flow is essentially one kind of information. All the implementation details are another. Step functions should not hide further important steps - they should only hide hairy implementation details that other steps don't need to know about.