> Any TLS break delayed by more than 15 minutes would be worthless.
It sounds like you’re talking about breaking TLS’s key exchange? Why would this not have the usual issue of being able to decrypt recorded traffic at any time in the future?
Edit: If it’s because the plaintext isn’t useful, as knorker got at in a sibling comment… I sure hope we aren’t still using classical TLS by the time requiring it to be broken in 1 minute instead of 15 is considered a mitigation. Post-quantum TLS already exists and is being deployed…
What you're talking about is a property called "forward secrecy". There are new techniques which have better quantum resistance for handling key exchange, but I think the point of the person you're responding to is that if you rotate keys often enough that forward secrecy may not be as essential of a property. I would say whether it is or it isn't is largely dependent on your use case and threat model. Either way, if the symmetric keys used for the session aren't directly breakable and you are using PQC for the key exchange, you can still enforce forward secrecy in a way that is only strengthened by rotating keys often.
> Rather, an interactive window running under the user’s name has implied access to the user’s home folders, regardless of what’s been set under “Files & Folders” (which still applies for background/non-interactive processes).
No, that’s not true at all. Granting permission using the folder picker is required.
Npm and the other JavaScript package managers do generate and check lockfiles with hashes by default. This was a new release, not a republishing of an old version (which isn’t possible on the npm registry anyway).
i wasn't aware npm lockfiles check hashes by default now. my concern is more about the initial install before a lockfile exists, like in CI from a fresh clone without a committed lockfile. but you're right, once the lockfile is there the hash mismatch would be caught.
No, the comment was pointing out that the HN platform automatically replaces `--` in titles with `–`. (I don’t know if that’s true, but that was the intent. Nothing to do with AI.)
But... it's not more appropriate than an em dash for representing command line arguments? I don't see how either is any more incorrect than the other. There's a uniquely correct answer here and the em-dash is not it. Period.
It’s about the top-level comment’s horror that ”--” was substituted with “an en dash, not even an em dash”. If you’re picking a substitution for “--”, en dash makes more sense. The comment you originally replied to had already agreed “that it should be left as a double hyphen”.
> If you’re picking a substitution for “--”, en dash makes more sense.
No, it doesn't? This seems like crazy talk to me, like "If you're picking a substitute for saffron, blood plasma makes more sense than monocrystalline silicon". Like, what?
It makes zero sense to substitute this at all. It's exactly what it says it is, the "--hard" command line option to "git reset", and you write it in exactly one way.
Nobody is confused or disagrees about the `--hard` part. It was a minor tangent about contexts where these ASCII substitutions are established, like LaTeX (`` -> “, '' -> ”, -- -> –, --- -> —, etc.)
People are using Firefox intentionally, vs. using IE because it was preinstalled. Firefox is a maintained browser. IE was hard to support, and Firefox is not. There are a lot of differences.
Not that that isn’t a practical concern, but that’s not the level at which the network claims to be decentralized. Your account was banned by one participant in the hypothetical decentralized network.
Agreed, in theory all participants are equal and being banned by one participant shouldn't lock you out of a decentralized network.
In practice, the vast majority of handles (98.9% as of 2024) are under bsky.social [1]. Yes, alternative PDS providers exist, but if the default onboarding funnels everyone into one provider, and the average user doesn't even know what a PDS is, then decentralization is an implementation detail, not a user-facing reality.
If and when the asian community decides to reappropriate "yellow" as a way of self identification, then given a few decades, it will not be seen as racist anymore.
In the mean time, "yellow" is a racist adjective for asians, "black" is not a racist adjective for black people.
> In several Gallup measurements over the next three decades, including the most recent in 2019, the large majority of Black Americans have said the use of Black vs. African American doesn't matter to them.
Not caring is not acceptance. The term is literally racist both and origin. Unfortunately they were denied being called simply Americans due to historical reasons. African American is sadly also a misnomer given that there’s barely any connection to Africa for the people generally referred to as “black”.
Notice how everyone else is called by nationality or origin.
Black is absolutely accepted as an accepted adjective. Especially with the capital-b, Black is used to refer to the unique Black culture and heritage in the United States. Black history is one where people were taken from their nations or places of origin, transported to a foreign land, and put in bondage. As you say in your own comment, many black or African-American people (whichever label you prefer) have little connection to Africa; it wouldn't make sense to them to refer to them by nationality or origin, when Black culture is its own thing.
Don't get it twisted: I agree that the history of African-Americans in the US is one marred by slavery, segregation, racism, and the constant struggle to attain and retain equality. But out of that came something unique that many black people celebrate to this day.
this is true, "black" has been used in racist ways, but it got rehabbed and reclaimed in the 60s and 70s.
but more to the point, it is not currently used in a racist manner by the vast majority of the US, and certainly does not carry the same connotations as "yellow", so not really comparable imo
There's not really a black community either, it's a demographic. There are many communities of black people, but we really need to stop equating demographics with communities (not just this case).
It sounds like you’re talking about breaking TLS’s key exchange? Why would this not have the usual issue of being able to decrypt recorded traffic at any time in the future?
Edit: If it’s because the plaintext isn’t useful, as knorker got at in a sibling comment… I sure hope we aren’t still using classical TLS by the time requiring it to be broken in 1 minute instead of 15 is considered a mitigation. Post-quantum TLS already exists and is being deployed…
reply