Thinking whether I should just pay Cloudflare $20/month or build my own solution on the free tier to get slightly better analytics I know Web Analytics exist but I don't want any client-side JS

Made a passwordless auth example with email code sign-in and passkeys! (will make the source code available soon) passwordless-example.auth.pilcrowonpaper.com

Contributed to MDN! (super tiny PR) github.com/mdn/browser-...

Deleted my Vercel account because it was faster than reviewing all my old projects lol

Any security keys that supports RS256 for FIDO2? YubiKey dropped support for it a while back and I need it for testing

I made this with cashews but I did order some really expensive Sicilian pine nuts, which should be arriving next week I also have access to really good raw Italian pistachios and hazelnuts which might be better idk

Hoooly fuck Made pesto with a pestle and mortar and it’s so much better than what I’ve had before

Holy fuck are pine nuts expensive

New tool from Thailand! I got this mainly to make pesto lol

Terrible photo but by far the best curry I’ve had in Tokyo s.tabelog.com/en/tokyo/A13...

Realizing after 10 years that I everything I thought I hated about butter was just a problem with Japanese butter

This CBOR "decoder" should be fine... I think

I want to get a decent japanese chef's knife but a lot of them look ass ngl

Thinking about how to parse CBOR on the client with the lowest possible effort (Fortunately the encoding rules for WebAuthn/CTAP2 is stricter than regular CBOR)

External security keys are completely busted on the latest version of Safari Technology Preview

Safari only supports ECDSA for getPublicKey() so I have to parse CBOR anyway if I want to support Ed25519 or RSA for security keys RSA I don't care for but not having Ed25519 kinda sucks ughh

Cryptography and camelCase are a terrible combination RSSSSA PKCS#1 v1.5 => rsassaPKCS1v15 SHA-512/256 => sha512256 SHA-3-256 => sha3256

I don't hate relational DB or anything but there's a small part of me that thinks a document DB like DynamoDB is better and more "correct"

Find it hilarious that Buzzfeed and Palantir have an office next to each other

Can we send the emperor back to Kyoto? The imperial palace takes up a lot of valuable space and should be a public park

Very tempted to buy a press and just make my own tortilla Not satisfied with the frozen ones

There’s another password hash algorithm called yescrypt that’s used in a lot of Linux distributions and might be better than both argon2 and bcrypt, but a GPU implementation doesn’t exist yet so I wasn’t able to cover it in the blog

Doing some analysis on an old password leak and 5% of the 15 million passwords or over 700,000 passwords could be be cracked in under 100,000 attempts (minimum length of 6 with a mix of letters and numbers)

I spent a while trying to calculate the theoretical hashing speeds of Bcrypt but I couldn't get something that I'm super confident in It doesn't look *wrong* tho

Nothing major but I redesigned my website!

NINTENDO FIXED IT!!!!

Wished compact preview cards were supported

tl;dr: Argon2 is overall better against GPUs, but at a lower memory config (< 64-128 MiB) the difference isn't that significant and sometimes Bcrypt is sightly better At high memory config like 256 MiB, Argon2 is undoubtedly better but this isn't realistic for web servers

Argon2 is better than Bcrypt... right? pilcrowonpaper.com/blog/14

120hz is noticeably better than 60hz on an iPhone but I'm not finding it to be a big difference on a Mac (MacBook Pro vs Studio Display)

Played Subnautica for a few hours and I don't think it's for me I'm not finding the combination of survival mechanics, underwater movement, and mystery solving to be that fun

Unfortunate that Apple only offers good screens with their expensive models but I guess that's a deliberate choice

Passkeys with no user verification provide more or less the same security as email OTP right?

The California law to require "age verification" in OS doesn't really seem to be about age verification. It just mandates OSs to allow parents to create accounts for children and for apps to use the age info of accounts

Behold my terrible keyboard finger position blue: thumb green: index yellow: middle red: ring pink: pinky

Back to WebAuthn after a year and I’m fully convinced you don’t need a library for it Well except for the crypto stuff

Implementing this in Go right now but my allergies are killing me

Passkeys are broken on the Nintendo Account's website because there's a bug in their base64url decoding lol Do you see the issue?

Email OTP is the best option for the regular user Passkeys are the best option for more tech literate users Provide both and you got a login system that's better than most apps

I need to create a browser extension that appends "in english" to all google searches because I'm fucking tired of getting japanese results for everything

I couldn’t resist It’s sooo good. It’s so much better than my Sundara. Super clean and surprisingly wide sound. Great build quality too

Had a feeling something was wrong and found some glaring issues after a few days. Super glad I didn't rush it out Very proud of this one :)

I'm seeing wildly inconsistent performance (2x) between different Hetzner instances of the same type I believe the bottleneck is the memory bandwidth

Finding a good cut of steak feels impossible in Japan. You can only find cheap stuff from Australia or really expensive wagyu that's 90% fat. I haven't seen US Prime in 4 years. Where's my dry aged or A2 wagyu?

I fucking hate LINE and PayPay sooooo much Both of them have every single thing I hate about Japanese UI/UX design distilled into them

Enjoyed the dt 1990 pro mk2 more than I thought I would Really tempted to buy one

Pretty happy with the transition to stainless steel cookware Honestly don’t miss nonstick pans

This might be the single snack I miss the most from the US Fruit sorbet/gelato isn't really a thing here, especially in supermarkets

What do I do if games with tons of options and freedom overwhelm and stress me out I loved everything about silksong except the metroidvania part lol

Finished adding passkeys with my yubikeys I mainly use iCloud Keychain but nice to have some backups