not to be confused with jq for querying json?

pleasant contradiction to betteridge's law

some apps, when allowed to run in the background, cause a multi-second delay in global hotkeys. this happened on 10 too but 11 pushes way more apps by default so it's more likely to hit. you can hunt down the culprit and remove its permission to run in the background or just deny them all (I've yet to experience a negative consequence from that)

the question was why not use encryption (sqids/hashids/etc) to secure publicly exposed surrogate keys, I don't think this reply is on point .. surrogate keys ideally are never exposed (for a slew of reasons beyond just leaking information) so securing them is a perfectly reasonable thing to do (as seen everywhere on the internet). otoh using any form of uuid as surrogate key is an awful thing to do to your db engine (making its job significantly harder for no benefit)

> You've embrittled your system.

this is the main argument for keeping surrogate keys internal - they really should be thought of like pointers, dangling pointers outside of your control are brittle. ideally anything exposed to the wild that points back to a surrogate key decodes with extra information you can use to invalidate it (like a safe-pointer!)

various engines have what's called "fast key" optimization specifically for integer sequences - if you're testing performance between an int/serial pk and a uuid the impact is profound to digusting depending on the engine.

> but could someone explain why using encryption or even an HMAC for external views of a primary key doesn't make sense?

it does make sense and it's what you should do instead of using a UUID as PK for this purpose.

after 36 years kerberos seems pretty stable, secure, and well supported finally. why do we need Entra?

One of the bigger issues is the double-hop problem. It's both an important security boundary, and one of the biggest butt-pains about the protocol.

https://techcommunity.microsoft.com/blog/askds/understanding...

It works great within a single organization hierarchy, but becomes pretty painful for anything we'd consider "SaaS"

Kerberos doesn't have a good monthly recurring revenue "story".

Kerberos doesn't work well on the web.

Citation needed. Other than throughput/reliability risks posed by the revocation check flow (which I know aren’t the reason people don’t use Kerberos on the web, since the big auth providers’ SPOFiness in this area is way worse, as proven by countless outages induced by so-and-so rickety auth component failing bringing down a major provider), Kerberos’ adoption issues on the web have more to do with network effect and monetization than technical limitations with the protocol.

seriously "kerberos doesn't work well on the web" is like saying "cars don't work well on the road"

browsers could make it easier to approve domains for spnego (chrome already makes it automatic for enterprise accounts). the market just doesn't want real security, it wants to login with its facebook profile.

an OV cert "solves" this, but you'd still have to bother to check it

True! But, the possibility exists that enough % of victims do not indeed check the OV cert. Also, are we 100% sure that every single legit company that you and I do business with, has an OV cert for their websites?

that's not true or false it's null

isn't it just http3 now?