I need to look it up again, but I read about a study that showed that the results improve if you tell the AI that your job depends on it or similar drastic things. It’s kinda weird.

Does anyone have resources for ADHD friendly clean-up techniques? And I don’t mean cleaning-up like in “removing dirt” but how to sort your stuff? My main chaos exists because I don’t know where to put everything.

I’d hope so too, but as there are so few platforms offering proper support for hardware keys, I wouldn’t hold my breath for it.

What you call “much smaller mini edition” is still more extensive and thorough than 99% of posts on this platform :D and I really enjoy and appreciate it!

That and also typing on a wet touch screen doesn’t work that well

Thank you again for this high quality post! It’s always a pleasure to read.

I’m happy that GOG finally added proper F2A, though I’m a little sad that they didn’t implement FIDO U2F. It’s not only way more convenient to just use a hardware token as a second factor, but if my knowledge is correct, it’s also more secure.

I seriously thought about getting a waterproof notepad for that reason

I see your point, but we have Java backends and strings there are not null terminated. Also I’m very sure that those would never be the reason for our Postgres server to run out of storage so I don’t get it why not make it more user friendly. We’re not implenting an embedded system where every byte of storage counts.

It can also be just a randomly chosen limit. I work as a software engineer on a custom management software for a big client. For whatever reason until recently, the limit for email addresses in the master data was 50 character. Why? No clue but someone had decided that randomly in the past. Now it was increased to 100. Why again? According to RFC 5321 a limit of 254 would be the most sensible one. But the people who come up with those requirements just don’t care. They decided it to be 100 from now on for no apparent reason.

Then we have many input fields, that have a limit of 255 character. Why not 256? Why such a weird number in general? The people who use this software in production are most likely not the ones who usually think in powers of two. So why not make it 250 or 300 oder whatever?

Sometimes those limits are just arbitrary with no technical or logical reason to back them up. Which doesn’t make it less stupid mind you.

That’s some weird automatic sharpening. Use the digital zoom on your phone and and take a picture of trees or hay or whatever. Then you’ll have the same artifacts. I wish there was a way to turn it off.

That resonates so well with me. Attending all the meetings, discussing feature requests and evaluating their feasibility is so exhausting. But working overtime for a few days to find and fix the bug that completly halted production? No problem!

I never tried to win any argument. Hell I was not even aware that I’m participating in one. I just wanted to share the info, that even if the vendor is absolutely trustworthy and even if you validated the script by downloading and looking at it, there’s still another hole that’s not obvious to see.

Yes it’s unlikely, but again, I never said it were. There are also arguments you can run curl with, to tell it to do the download first and then push it through the pipe afterwards, though I don’t know them by heart now.

It won’t cost you anything to set those parameters, when you insist to use curl | bash, just in the off chance that someone’s trying to do what I mentioned.

But I’m also someone who usually validates their downloads with a checksum so maybe I’m just weird. Who knows.

Oh, you’re welcome, kind person :)

It is actually a passive detection based of the timing of the chunk requests. Because curl by default will only request new chunks when the buffer is freed by the shell executing the given commands. This then can be used to detect that someone is not merely downloading but simultaneously executing it. Here’s a writeup about it:

https://web.archive.org/web/20250209133823/https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

You can also find some proof-of-concept implementations online to try it out yourself.

You shouldn’t install software from someone you don’t trust anyway because even if the installation process is save, the software itself can do whatever it has permission to.

“So if you trust their software, why not their install script?” you might ask. Well, it is detectable on server side, if you download the script or pipe it into a shell. So even if the vendor it trustworthy, there could be a malicious middle man, that gives you the original and harmless script, when you download it, and serves you a malicious one when you pipe it into your shell.

And I think this is not obvious and very scary.

They dropped the Tidal integration and I’m still heartbroken. It was the best setup for music discovery. Haven’t found a replacement yet.

There’s Betterbird, though I don’t know exactly what makes it better, except for still allowing to manually load external content in encrypted mails, which Thunderbird just removed for whatever stupid reason.