Skip Navigation
InitialsDiceBear„Initials” ( by „DiceBear”, licensed under „CC0 1.0” (
Posts 4
Comments 95
Voyager 1 Once Again Returning Science Data From All Four Instruments
  • ... but there is a way, and it has been proven.

    One of the more memorable physics classes I've had went into the history of discoveries that led to our understanding of relativity. The relevant story here, starts with how sound travels though air.

    Let's say you're standing at the bottom of a building shouting to your friend peeking out a window on the 5th floor. On a calm day, that friend will hear you at pretty much the same time as someone standing the same distance away, but on the street. However, if it's windy, the wind pushes around the air through which the sound of your voice is traveling, the friend up in the window will have a slight delay in receiving that sound. This can of course be verified with more scientific rigor, like a sound sent in two perpendicular directions activating a light.

    Scientist at the time thought that light, like sound, must travel though some medium, and they called this theoretical medium the Aether. Since this medium is not locked to Earth, they figured they must be capable of detecting movement of this medium, an Aether wind, if you will. If somehow the movement of this medium caused the speed of light in one direction to be faster than another due to the movement of this medium, measuring the speed in two directions perpendicular to each other would reveal that difference. After a series of experiments of increasing distances and measurement sensitivities (think mirrors on mountain tops to measure the time for a laser beam to reflect), no change in the speed of light based on direction was found.

    Please enjoy this wikipedia hole:–Morley_experiment , and please consider a bit of caution before you refer to things as facts in the future!

  • Automated CI/CD Data Snapshots
  • Not sure what you're doing, but if we're talking about a bog standard service backed by a db, I don't think having automated reverts of that data is the best idea. you might lose something! That said, triggering a snapshot of your db as a step before deployment is a pretty reasonable idea.

    Reverting a service back to a previous version should be straightforward enough, and any dedicated ci/cd tool should have an API to get you information from the last successful deploy, whether that is the actual artifact you're deploying, or a reference to a registry.

    As you're probably entirely unsurprised by, there are a ton of ways to skin this cat. you might consider investing in preventative measures, testing your data migration in a lower environment, splitting out db change commits from service logic commits, doing some sort of blue/green or canary deployment.

    I get fairly nerd-sniped when it comes to build pipelines so happy to talk more concretely if you'd like to provide some more details!

  • Meta Is Lying to You in New Quest VR Ad
  • I do this with my xreal glasses sometimes when washing dishes or whatever. Connected to phone in my pocket with a desktop mode, set a black wallpaper, and drag the video into a corner.

    It's nice for situations like that, where you're doing something with your hands and can't reasonably place a screen in a way where you wouldn't have to constantly strain your neck to look at it.

  • How is everyone handling the 2FA requirement for GitHub?
  • The two factors at an ATM are possession of your bank card + knowledge of your pin. (it also takes your photo, for good measure)

    GitHub will happily accept a smart card or whatever, if an extra plastic rectangle jives with you more than an OTP generator.

  • How is everyone handling the 2FA requirement for GitHub?
  • Your two factors shift to possession of your password vault + knowledge of the password to it. You're okay IMO.

    You also still get the anti-replay benefits of the OTPs, though that might be a bit moot with TLS everywhere.

  • How do you backup 2FA setup codes/QR codes?
  • Not a security scientist, but in my interpretation, it's the "categories" of the factors that matter. Ideally, you use some two of three of:

    • something (only) you know - generally represented by passwords
    • something (only) you have - most commonly represented by some device. you prove that you have the device by providing a token only that device can generate.
    • something (only) you are - generally represented by biometrics

    the goal then is maintaining the "only"s.

    if you tell someone your password, or they see you type it in, or they beat it out of you with a wrench, it's no longer something "only" you know, and it is compromised.

    if you use the same password on two websites, and one website is compromised, the password is compromised.

    OTPs from a key fob or yubikey or something are similarly compromised if the device that provides them is left out in public/lost/stolen/beaten out of you with a wrench.

    biometrics are again, are compromised if it's not "only" you with access to them - someone scans you face while you're asleep, or smashes your finger off with their wrench.

    having multiple factors in the same category, like having two passwords, or two otp tokens, or two finger prints, doesn't significantly improve security. if you give up one thing you remember, it's likely you'll give up more. if one fob from your keychain is stolen, the second fob on that keychain is of no additional help.

    you can start shifting what categories these things represent though.

    if you write down your password in a notebook or a spreadsheet, they become thing you have.

    OTPs can become something you know if you remember the secret used to generate them.

    knowing many different things is hard, so you can put them in a password vault. the password vault is then something you have, which can be protected by something you know. so although your OTPs and passwords are in one place, you still require two factors to get access to them.

    you still need to protect your "only"s though. and don't put yourself in situations where people with wrenches want your secrets.

  • What do you call application modules that are responsible for business logic?

    Somewhere between API resources, queue workers, repositories, clients and serializers there is a class of ... classes/modules that does the needful. Gun-to-my-head, I would call them "services" but I'm looking for a less overloaded term. Maybe capabilities? Controllers? Pick a term from the business domain? What do you call them?


    What are you all doing for android "provisioning"?

    Hi! I'm swapping my daily android phone for the nth time today and going through my set-up "check-list". As apps are updating/installing, I thought I'd check in with the hive-mind, what are you all doing to make the process easier? Maybe you know of a way to self-host some sort of android profile server? I'll post my process + list of goals & gripes below and if you have any tips or suggestions about what I can do better, I'd love to hear them!!

    Current Process

    • flash clean rom
    • walk through the setup process
    • enable developer mode + adb
    • go through default app list disabling/uninstalling crap i don't want
    • use 'fdroidcl' to install all my fdroid apps
    • adb push a gpg private key to import into OpenKeychain
    • generate a ssh keypair in Password Store, put public key on my server via ConnectBot, clone passwords repo
    • log into firefox sync
    • log into joplin
    • configure fairmail
    • configure davx
    • log in to google account
    • download play store apps I was missing
    • go through apps one by one, logging in to accounts + doing configuration
    • deal with fucking whatsapp
    • hold old phone + new phone side by side and made sure i got everything

    Goals & Gripes

    App Installation

    fdroidcl helps a LOT here, i can have a list of my minimal required packages - password management solution, browser, and notes get installed and it solves a lot of bootstrapping problems for me. I never need to do the dance of opening chrome, downloading fdroid, giving chrome install permissions, installing fdroid, etc.

    that said, it is /slow/ and obviously limited to installing apps from fdroid repositories. maybe the slowness i can solve with self-hosting an fdroid repo, but i'm still stuck with having to install a bunch of apps manually either through aurora store, or play store.

    App configuration

    If i could push in arbitrary app configurations i would be sooooo happy. certain apps have config export/import, like my launcher, but that's far from all of them. i've tried a number of "backup" options, like Titanium, but obviously they don't work without root and don't always work /with/ root, especially going across devices. I've vaguely considered using Appium for this but ... ehhhh.


    Okay, so I can probably solve the apk problem somehow... I can solve the contacts sync... but I really like android auto, and that's a non-starter without a system google account afaik.


    i've never once managed to successfully move whatsapp to another device and not lose my chat history. it starts restoring from a backup, fails, and kicks me into being logged in without any chance of a restore.

    Edit: oh and if you have any suggestion that'd make me not hate re-pairing wearos watch... 🥺


    My carryonable 3d printer

    I've posted this to reddit before, but the post has gotten lost among an automod flurry. I've got some longer travel coming up and this thing has been on my mind again, so I'm looking for some suggestions!


    Anyone have a good suggestion on how to block generated blog spam from google search results?

    An example: This Ellis Gibson person. Very good with the find/replace button.

    Maybe you know of a browser extension to hide all these?