Notices by Gabriel Pettier (tshirtman@mas.to)

@inthehands seems to be registered by andy meadows, who also has bl.ink another link shortener
https://www.whois.com/whois/1-gop.us

@mgorny someone probably has a project that they don’t want to migrate to a new test system, but want to use on more recent versions of python.

Software is never truly dead.

Hence we need to be careful when creating it, especially if we put it out there, if it gets even a small user base, it could have consequences for decades.

@luis_in_brief that's a really tight supply chain…

@slamr @HauntedOwlbear i found their products in a place near me, not cheap (cheese is not cheap in the first place, but you do pay more for less here), but i tried the camembert and the blue cheese and was blown away by the latter, the camembert is not bad at all, but the blue cheese is next level, really creamy and tasty. Really worth the price imho. Thanks for sharing about them!

@hongminhee there is a tsvector datatype for that https://www.postgresql.org/docs/current/textsearch-intro.html the "best" way certainly depends on your constraint, but i would evaluate that first and see if it doesn't match your need, look for solutions more specific to it.

@GossiTheDog ok, this is bad, really, but on the other hand, how are antivax conspiracy theorists going to process that information?

@tokyo_0 @cazabon yes, the "and" will ensure the result of "in" is used if needed. the code is similar to:

if not Ecryption.AES:
. . . flag = False
else:
. . . flag = "FLAG" in stream

but i commonly need to check/rethink if "not" affects the whole "and" expression 😅.

regarding compile/run time, python does most things on the latter, and doesn't optimise this kind of expressions, because the language gives you too much freedom to be able to check they are valid.

@tokyo_0 @cazabon In python, values are generally "truthy" except for:
- False
- None
- 0
- "" (empty string)
- [] (empty list)
- () (empty tuple)
- {} (empty dictionary)
- set() (empty set)

which are "falsy".

Here your test probably assumes the value is True or False, but it could be something else, like either a string containing a key, or None, or a custom object or None.

@dgar didn't vote, because i didn't listen to the full playlist yet and i don't remember where i stopped 😬 .

Busy today, but will try to give it another go.

@tokyo_0 @cazabon "and" and "or" will short-circuit if the first part is enough to know the result.

>>> def spy(value):
... print("called with", value)
... return value
...
>>> spy(True) or spy(False)
called with True
True
>>> spy(True) and spy(False)
called with True
called with False
False
>>> spy(False) and spy(True)
called with False
False

so "in" will only be called if the value before the and is "truthy", which means that bool(value) returns True.

@cazabon @tokyo_0 hm, association doesn't change the result here

>>> (not True) and True
False
>>> (not False) and True
True
>>> not (True and True)
False
>>> not (False and True)
True
>>>

I think the question is more about the common misconception of beginner than "in" does more regarding "and" that it really does.

"in" evaluates if the value before it is in the value after it, "and" checks that the value on both sides are true.

A and B in C => A and (B in C)
≠> A in C and B in C

@statsguy sms is widely considered unsecure, yes, as it's possible to fraudulently clone a simcard, and get the sms instead of you, an app generated code doesn't have this issue, as they don't need communication, the code is time + key based, and if they did, they could communicate through encryption.

@statsguy NP, regarding the "need" part, that i had forgotten to answer, of course maybe not *all* apps need it, but one should not underestimate the ability to move "laterally", from gaining access to an apparently low criticity account/app, to others, by leveraging it for say, impersonation, or digging information that could help further attacks, email is of course the most obvious failure point, everyone has all their secrets in it, but social accounts can be used to extort money from friends

@statsguy Personnally i use freeotp+ for "one time passwords" like this, unless there is a specific app to use for the service, as this one is open sources and allows me to export my config in a file to save securely somewhere, in case my phone is stolen or lost (because yes, it can be a big problem if you lose your phone).

@statsguy so it’s really better to just be safe(r) by default, and give as little as possible an attack surface so say, if a state actor is working against you, you are certainly still in trouble, but if it’s "just" a bunch of scammers, at least you are not an easy prey for them, it’ll cost them too much time/money to get you to you hope for a worthy reward.

@fj will these aerosol affect the greenhouse or reflexion properties of our atmosphere? given such interventions have been proposed? 🥹

@evan fair enough, your post just got me curious about what it was, and I still am, I'm not even necessarily against these things, they are just pretty different from the ethos I see around here, but I'm glad people are experimenting things with the protocol.

@evan ok, sure. 👍

@evan algorithmic, ad powered, paid posts, not sure how the integration will look like. And even less how welcome it'll be here 😅.

@annecavicchi Reposting with #AltText