hwb's recent activity

  1. Premature session cookie expiration?

    I've noticed that, even when I choose the "Keep me logged in" option, I usually have to re-log in to Tildes at least once or twice per day. Under what circumstances might the session cookie expire...

    I've noticed that, even when I choose the "Keep me logged in" option, I usually have to re-log in to Tildes at least once or twice per day. Under what circumstances might the session cookie expire on such a short time scale? I can see that the Max-Age is set to one year, so I'm not sure what might be causing that.

    Has anyone else encountered this issue? It's entirely possible that some of my add-ons are interfering (although I don't see how), which is the reason I ask.

    I have to pull up my Tildes password and my TOTP generator in each case, which is just enough pain to encourage me to navigate to another tab instead.

    4 votes
  2. Comment on Firefox will start deprecating TLS 1.0 and 1.1 with Firefox 74, releasing on March 10, 2020 in ~tech

    hwb
    Link
    I run into this error quite a bit in the Firefox Beta builds, actually -- maybe 3 to 5 per day. The most common offenders for me are academic and research-related sites, especially those related...

    I run into this error quite a bit in the Firefox Beta builds, actually -- maybe 3 to 5 per day. The most common offenders for me are academic and research-related sites, especially those related to academic conferences or university websites. The IEEE, surprisingly, is a common offender, even for conferences related to network security!

    My hope is that once this change percolates out more, these services will be encouraged to invest the time to actually update their server configs, and we can live with it in the meantime by enabling permission versions.

    1 vote
  3. Comment on Should there be a way to turn off replies for a comment? in ~tildes

    hwb
    Link Parent
    I think this solution is sufficient (and possibly preferable) the proposed change, because it allows discussion to continue while also mitigating the impact of group-think as a chilling effect on...

    I think this solution is sufficient (and possibly preferable) the proposed change, because it allows discussion to continue while also mitigating the impact of group-think as a chilling effect on potentially-controversial comments.

    That being said, I think to succeed it also needs an active moderation team to enforce some clearly stated community norms, to prevent a descent into "I will say whatever I want without consequence." (in other words, to prevent contentious flame-war threads). Does such a thing already exist here?

    11 votes
  4. Comment on Too many of America’s smartest waste their talents in ~life

    hwb
    Link
    I think this article is based on a fundamentally flawed assumption: I don't think that's accurate -- a meritocracy simply defines that the selection process for the future working elite is based...

    I think this article is based on a fundamentally flawed assumption:

    "The idea of meritocracy is that education both identifies and cultivates the future working elite — after the smart kids get good educations, they will go on to occupy the social roles where their talents are most needed, whether in business, academia or government."

    I don't think that's accurate -- a meritocracy simply defines that the selection process for the future working elite is based on education and/or talent, and not class or family or skin color, etc.

    If you wanted to craft an argument that the best and brightest aren't going into underpaid, unfulfilling jobs (whether they're needed there or not), then you should really be arguing against capitalism, not against meritocracy.

    I don't think any argument encouraging people to act against their own best interests will get any traction. If you don't want them to become rentiers, that's fine; just change the financial or legal system to shift the incentives such that they will choose to do something else.

    Edit: If you want to read the article and don't have a Bloomberg account, you can view the cached Google version here.

    7 votes
  5. Comment on <deleted topic> in ~food

    hwb
    Link Parent
    Thanks! It seems that using starch instead of cellulose does have a positive effect on the uptake of vitamins (in goats...) -- I wonder what considerations were made in the selection of...

    Starch, potato-starch or corn-starch

    Thanks! It seems that using starch instead of cellulose does have a positive effect on the uptake of vitamins (in goats...) -- I wonder what considerations were made in the selection of anti-caking agents?

    1 vote
  6. Comment on <deleted topic> in ~tech

    hwb
    Link Parent
    This is the crucial ambiguity: The device key is used to perform E2E encryption, always. However, if iCloud Message backups are enabled, copies of the conversation keys are uploaded to Apple. This...

    This is the crucial ambiguity:

    [...] there’s no way for Apple to decrypt the content of your conversations when they are in transit between devices.

    The device key is used to perform E2E encryption, always. However, if iCloud Message backups are enabled, copies of the conversation keys are uploaded to Apple. This is so that you can, for example, pick up a conversation where you left off on a different device. If they were using private keys located only on the involved devices, you wouldn't be able to see old messages on other devices, which naturally would have different private keys.

    From here: https://support.apple.com/en-us/HT202303

    Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.

    Of course, if Apple has a backup of your keys, then they can read your messages (edit: or provide those keys to third parties which request them). They just can't read them while in transit, only at rest on the server.

    3 votes
  7. Comment on <deleted topic> in ~food

    hwb
    Link Parent
    I believe the parent's preference would be for no anti-caking agents at all. Some assert it affects the taste, texture, and/or melting properties of the cheese, and therefore prefer to freshly...

    I believe the parent's preference would be for no anti-caking agents at all. Some assert it affects the taste, texture, and/or melting properties of the cheese, and therefore prefer to freshly grate cheese from a block when necessary.

    Out of curiosity, do you know what anti-caking agent is used in Germany? A quick search didn't produce any results.

    5 votes
  8. Comment on A watershed moment for protein structure prediction in ~science

  9. Comment on <deleted topic> in ~tech

    hwb
    Link
    For those interested in maximizing their privacy, you should disable iCloud backups, as well as Messages integration with iCloud. Finally, set up encrypted local backups. This will establish full...

    For those interested in maximizing their privacy, you should disable iCloud backups, as well as Messages integration with iCloud. Finally, set up encrypted local backups. This will establish full end-to-end encryption for all your data, without sharing any of the keys with Apple (they say).

    4 votes