Skip Navigation
InitialsDiceBear„Initials” ( by „DiceBear”, licensed under „CC0 1.0” (
Posts 0
Comments 314
  • Yeah, except for the first few bytes. PKCS8 has some initial header information, but most of it is the OCTET_STRING of the private key itself.

    The PEM (human "readable") version is Base64, so you can craft up a string and make that your key. DER is that converted to binary again:

     * @see
     * @see
     * Unwraps PKCS8 Container for internal key (RSA or EC)
     * @param {string|Uint8Array} pkcs8
     * @param {string} [checkOID]
     * @return {Uint8Array} DER
    export function privateKeyFromPrivateKeyInformation(pkcs8, checkOID) {
      const der = derFromPrivateKeyInformation(pkcs8);
      const [
        [privateKeyInfoType, [
          [versionType, version],
      ] = decodeDER(der);
      if (privateKeyInfoType !== 'SEQUENCE') throw new Error('Invalid PKCS8');
      if (versionType !== 'INTEGER') throw new Error('Invalid PKCS8');
      if (version !== 0) throw new Error('Unsupported PKCS8 Version');
      const [algorithmIdentifierType, algorithmIdentifierValues] = algorithmIdentifierTuple;
      if (algorithmIdentifierType !== 'SEQUENCE') throw new Error('Invalid PKCS8');
      const [privateKeyType, privateKey] = privateKeyTuple;
      if (privateKeyType !== 'OCTET_STRING') throw new Error('Invalid PKCS8');
      if (checkOID) {
        for (const [type, value] of algorithmIdentifierValues) {
          if (type === 'OBJECT_IDENTIFIER' && value === checkOID) {
            return privateKey;
        return null; // Not an error, just doesn't match
      return privateKey;

    I wrote a "plain English" library in Javascript to demystify all the magic of Let's Encrypt, ACME, and all those certificates. (Also to spin up my own certs in NodeJS/Chrome).

    Edit: To be specific, PKCS8 is usually a PKCS1 (RSA) key with some wrapping to identify it (the OID). The integers (BigInts) you pick for RSA would have to line up in some way, but I would think it's doable. At worst there is maybe a character or two of garbage at the breakpoints for the RSA integers. And if you account for which ones are absent in the public key, then anybody reading it could get a kick out of reading your public certificate.

  • please
  • No. Microsoft is not liable, at least when it applies to HIPAA.

    The HIPAA Rules apply to covered entities and business associates.

    Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.

    If an entity does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules. See definitions of “business associate” and “covered entity” at 45 CFR 160.103.

  • please
  • HIPAA doesn't even require encryption. It's considered "addressable". They just require access be "closed". You can be HIPAA compliant with just Windows login, event viewer, and notepad.

    (Also HIPAA applies to healthcare providers. Adobe doesn't need to follow HIPAA data protection, though they probably do because it's so lax, just because you uploaded a PDF of a medical bill to their cloud.)

  • How does OLED burn-in truly happen and why doesn't my phone show any signs of it?
  • Burn-in is a misnomer.

    OLEDs don't burn their image into anything. CRTs used to burn in right onto the screen making it impossible to fix without physically changing the "glass" (really the phosphor screen).

    What happens is the OLED burns out unevenly, causing some areas to be weaker than others. That clearly shows when you try to show all the colors (white) because some areas can no longer get as bright as their neighboring areas. It is reminiscent of CRT burn-in. LCDs just have one big backlight (or multiple if they have zones) so unevenness from burnout in LCDs is rarely seen, though still a thing.

    So, OLED manufacturers do things to avoid areas from burning out from staying on for too long like pixel shifting, reducing refresh rate, or dimming areas that don't change for a long time (like logos).

    There is a secondary issue that looks like burn-in which is the panel's ability to detect how long a pixel has been lit. If it can't detect properly, then it will not give an even image. This is corrected every once in a while with "compensation cycles" but some panels are notorious for not doing them (Samsung), but once you do, it removes most commonly seen "burn-in".

    You'd have to really, really leave the same image on your screen for months for it to have any noticeable in real world usage, at least with modern OLED TVs. You would normally worry more about the panel dimming too much over a long period of time, but I don't believe lifetime is any worse than standard LCD.

    TL;DR: Watch RTings explain it

  • Surely "1337" is the same as 1337, right?
  • The meme format is awesome, but JSON differentiates strings with ".

    { "key": 1337 } vs { "key": "1337" }.

    You might be thinking yaml? (Though it supports ' and " for explicit string types, technically)

    But integer vs float? Good luck.