Posts by Jan Ingvoldstad

Lose your device, lose your access

This point is not quite covered, and it’s a showstopper.

What do you do when:

- someone steals your phone/yubikey?

- your phone/key dies/is factory reset?

… and so on.

Passkeys complicate things. But they are sort of better, still.

Executing arbitrary code from an LLM is such a great idea

"The right tools can give LLMs the ability to execute arbitrary code, access APIs, ..."

... and no critical eye towards what the consequences of these accesses are.

Bravo.

Good riddance to all the false positives

In my opinion, this is one of the worst blocklisting services ever.

Delisting or expiry? Forget it. Entries from 2004 hung around *forever*.

Accuracy? Don't make me laugh. The false positives abound.

A SORBS listing, if you could verify that it was recent, could have had some value as input in spam scoring, but has regrettably not been useful for making a direct yes-or-no decision.

For that purpose, I would rather have gone with Spamhaus' or Invaluement's free services, or paid for the services, combined with easy bypassing for the very few false positives.

Barbarians …

… put milk in their tea, drowning the flavors.

Ah, there’s my coat!

Too much info in too few X-Spam headers

Trevor, if I may:

The solution should have been to have a separate X-Spam header that *only* carries the black-or-white status of YES or NO, and no other information.

X-Spam-Flag, X-Spam-Is-It, or whatever.

But I'm way too late to help you :)