Windows 10 and it’s not a good idea

Don’t use JSON for the response unless you include the response header to specify it’s application/json. You’re better off with regular plaintext unless the request header Accept asked for JSON and you respond with the right header.

That also means you can send a response based on what the request asked for.

403 Forbidden (not Unauthorized) is usually enough most of the time. Most of those errors are not meant for consumption by an application because it’s rare for 4xx codes to have a contract. They tend to go to a log and output for human readers later, so I’d lean on text as default.

I’ve also used .local but .local could imply a local neighborhood. The word itself is based on “location”. Maybe a campus could be .local but the smaller networks would be .internal

Or, maybe they want to not confuse it with link-local or unique local addresses. Though, maybe all .internal networks should be using local (private) addresses?

I’ve been using uBOLite for about a year and I’m pretty happy with it. You don’t have to give the extension access to the content on the page and all the filtering on the browser engine, not over JavaScript.

I just recently started working with ImGui. Rewrite compiled game engines to add support for HDR into games that never supported it? Sure, easy. I can mod most games in an hour if not minutes.

Make the UI respond like any modern flexible-width UI in the past 15 years? It’s still taking me days. All of the ImGui documentation is hidden behind closed GitHub issues. Like, the expected user experience is to bash your head against something for hours, then submit your very specific issue and wait for the author to tell you what to do if you’re lucky, or link to another issue that vaguely resembles your issue.

I know some projects, WhatWG for one, follow the convention of, if something is unclear in the documentation, the issue does not get closed until that documentation gets updated so there’s no longer any ambiguity or lack of clarity.

My open-source, zero dependency JS library for requesting and generating certs with dns01: https://github.com/clshortfuse/acmejs

I only coded for name.com but it is compatible with anything really. Also can run in the browser, which could be useful in a pinch.

Yeah, except for the first few bytes. PKCS8 has some initial header information, but most of it is the OCTET_STRING of the private key itself.

The PEM (human “readable”) version is Base64, so you can craft up a string and make that your key. DER is that converted to binary again:

/**
 * @see https://datatracker.ietf.org/doc/html/rfc5208#section-5
 * @see https://datatracker.ietf.org/doc/html/rfc2313#section-11
 * Unwraps PKCS8 Container for internal key (RSA or EC)
 * @param {string|Uint8Array} pkcs8
 * @param {string} [checkOID]
 * @return {Uint8Array} DER
 */
export function privateKeyFromPrivateKeyInformation(pkcs8, checkOID) {
  const der = derFromPrivateKeyInformation(pkcs8);
  const [
    [privateKeyInfoType, [
      [versionType, version],
      algorithmIdentifierTuple,
      privateKeyTuple,
    ]],
  ] = decodeDER(der);
  if (privateKeyInfoType !== 'SEQUENCE') throw new Error('Invalid PKCS8');
  if (versionType !== 'INTEGER') throw new Error('Invalid PKCS8');
  if (version !== 0) throw new Error('Unsupported PKCS8 Version');
  const [algorithmIdentifierType, algorithmIdentifierValues] = algorithmIdentifierTuple;
  if (algorithmIdentifierType !== 'SEQUENCE') throw new Error('Invalid PKCS8');
  const [privateKeyType, privateKey] = privateKeyTuple;
  if (privateKeyType !== 'OCTET_STRING') throw new Error('Invalid PKCS8');
  if (checkOID) {
    for (const [type, value] of algorithmIdentifierValues) {
      if (type === 'OBJECT_IDENTIFIER' && value === checkOID) {
        return privateKey;
      }
    }
    return null; // Not an error, just doesn't match
  }

  return privateKey;
}

I wrote a “plain English” library in Javascript to demystify all the magic of Let’s Encrypt, ACME, and all those certificates. (Also to spin up my own certs in NodeJS/Chrome).

https://github.com/clshortfuse/acmejs/blob/96fcbe089f0f949f9eb6830ed2d7bc257ea8dc32/utils/certificate/privateKeyInformation.js#L40

Edit: To be specific, PKCS8 is usually a PKCS1 (RSA) key with some wrapping to identify it (the OID). The integers (BigInts) you pick for RSA would have to line up in some way, but I would think it’s doable. At worst there is maybe a character or two of garbage at the breakpoints for the RSA integers. And if you account for which ones are absent in the public key, then anybody reading it could get a kick out of reading your public certificate.

The meme format is awesome, but JSON differentiates strings with ".

{ "key": 1337 } vs { "key": "1337" }.

You might be thinking yaml? (Though it supports ' and " for explicit string types, technically)

But integer vs float? Good luck.

There is no section 15 or 16 in GPLv3, but I did find section 7 saying:

Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or

But that’s an optional thing that you must add onto the GPLv3 license. I’ll have to keep that in mind for the future.

That would explain why what I’ve read mentioned it’s not guaranteed in GPLv3 (when comparing to MIT). I’ll have to figure out what that notice would look like.

GPL has no requirements for author attribution which is contrary to the entire point of an MIT license.

That’s why I described it as joining the Borg. You release individualism and freely give it to the collective. That’s cool, and I get the ethos behind all that, but I don’t want to add any of those constraints to my code. I just don’t want credit for my work or the others to get lost. I don’t think it’s a hard ask.

Regardless, we ended up ultimately being a full replacement for the other project.

I don’t care if people make money to use my code. I just want my name attached to it somehow, even if you make it closed sourced which is MIT and OpenBSD. I hope you do use my code and even if you heavily reference it to make something new, carry that forward so more can learn and benefit.

I also don’t understand “better for the end user” arguments either. I have a library that people want to be included in another project, but that project is GPL. They won’t merge my code unless I change my code to be GPL. So everyone who wants them merged is out of luck. I can’t merge their code either with mine. What is supposed to happen is I freely give up my name to the code and restrict it to only being GPL and for GPL projects. Essentially, assimilate and join with the Borg. No, thanks.

And while that’s from my experience, I’ve also seen good projects get traction, have excitement over it, and fall off the earth because they end up making it GPL. Everyone interested in adopting it, personal or business, just disappear. Then something with less restrictions comes along and gets adopted.

End-users move to what’s better for them, and if you have a library that is only for GPL, you can end up limiting your options with a wasteful purity test. If you want it to be free you’d give freely with no restrictions. And if you think, “You can contact me to discuss licensing” that doesn’t happen. It’s still a restriction and almost nobody actually bothers.

Phone material stopped mattering the moment camera bumps became a thing. Now, nearly everyone slaps a case to balance out the bump.

That said, I miss my completely mirrored-back Sony Xperia Z5 Premium.

AmazFit BIP series watches are pretty good. It’s amazing how horrible the Android OS is for watches but Apple set the tone saying 18 hours is enough.

Timestamp in UTC

But for time of day, use local time and store separate column with the timezone name. Don’t use timezone offsets since that doesn’t work with DST. You’re better off with something like America/New_York because God knows what 2030 will look like.

And if timezone are abolished, or DST, that’s even more reason to store the timezone name.

The entire Material Design framework in JS and Web Components in 80kb

https://clshortfuse.github.io/materialdesignweb/components/buttons.html

JS and Web Components are not the problem. Poor design is.

OP, can I get a tagged version of this so I can freely send it around while properly crediting your work?

Yeah, that’s a big simplification and I get it. But the async syntax itself syntax “sugar” for Promises. It’s not like C# or Java/Android where it will spawn a thread. If you take a JSON of 1000 rows and attach a promise/await to each of them, you won’t hit the next event loop until they all run to completion.

It’s a common misconception that asynchronous means “run in background”. It doesn’t. It means run at end of current call stack.

Prior to that, the browser had window.setTimeout and its callback for delays and animation and such - but that’s it.

And you STILL have to call setTimeout in your async executions or else you will stall your UI.

Again async is NOT background. It’s run later. async wraps Promise which wraps queueMicrotask.

Here is a stack overflow that explains it more in detail.

Preventing the ui thread from waiting on native IO is what async was created for.

Citation needed. async just a wrapper for Promises. IO isn’t related, just commonly used with it.

https://tc39.es/ecma262/multipage/control-abstraction-objects.html#sec-async-functions-abstract-operations-async-function-start

NodeJS’s IO and fetch are just promises. (And NodeJS used to use callback(err, response) before adding promises.).

Async prevents locking a thread during this wait.

That’s a very common misconception. async is just a scheduling tool that runs at the end of event loop (microtask queue). It still runs on the main thread and you can still lock up your UI. You’d need Web Workers for actual multi-threading.

async/await is just callback() and queueMicrotask wrapped up into a neat package. It’s not supposed to replace multi-threading and confusing it for such is dangerous since you can still stall your main/UI thread with Promises (which async also wraps).

(async and await are also technically different things, but for the sake of simplicity here, consider them a pair.)