UUIDs: By default—no. Since UUIDs are Hex (limited charset 0-f), they have lower entropy than Base64 secrets. The threshold is tuned to sit safely above UUIDs but below API keys.
Naming: You are totally right. Currently, it focuses on "high-entropy PII" (passwords, auth tokens, session IDs) rather than names or SSNs. "Secrets Shield" might have been more precise, but naming is hard :)
You can fine-tune the sensitivity via the PII_ENTROPY_THRESHOLD environment variable.
If you consider UUIDs to be sensitive in your context (or if you are getting false positives), you can adjust the threshold. For example, standard UUIDs have lower entropy density than API keys, so slightly tuning the value (e.g. from 3.8 to 3.2 or vice-versa) allows you to draw the line where you need it.
Is there a way to tell it to just recognize UUIDs and redact those without adjusting the threshold? In our case, UUIDs is just an exception. I think all the other stuff you're doing is correct for our situation.
Currently, no — the scanner focuses on entropy and specific Key Names, not value patterns (Regex).
However, if your UUIDs live in consistent fields (e.g., request_id, trace_token, uuid), you can add those field names to the Sensitive Keys list. This forces redaction for those specific fields regardless of their entropy score, while keeping the global threshold high for everything else.
That said, "Redact by Value Regex" (to catch UUIDs anywhere) is a great idea. I'll add it to the backlog.
I got 42. I was very impressed by how it handled more and less specific categories. It also understood rotifers were a microscopic animal, which I half expected not to work. Great project.
Imho it's pretty messed up that their translation tool doesn't actually translate the page and only translates one element. For the most part the site is a lark and the text unimportant. But the banner disclaiming any affiliation with any meme coin really ought to be translated.
> Administered by the non-profit Fundació puntCAT under the oversight of ICANN, registrations are available only to individuals and organizations demonstrating use or promotion of the Catalan language and culture.
As far as I can tell, there is no rule requiring this wiki to be kept up to date (it's not run by ICANN, though they sponsor it), but I've had good luck with it. The wiki is updated fairly frequently: https://icannwiki.org/Special:RecentChanges . I wasn't able to find a list that proves it covers every TLD but there are about 9x as many articles as TLDs, so I think it's likely. Someone with better MediaWiki chops could probably figure it out. I think that information is there I just don't know how to access it.
There are 316 ccTLDs. So; it's either missing 2, or they are documented but not in the right category.
If you're looking for an authoritative source I think you should check out the PSL, but it doesn't have the right metadata to answer your question. You'd need to supplement it somehow.
One of the reasons why Rust is taking over userland is that it's getting more and more difficult to find people willing to maintain a C code base—especially an old one—while there's no shortage of kids willing and eager to hack in Rust.
C will end up in exactly the same place as COBOL: there will be applications that depend on code written in it for decades to come, but they will be maintained by very well-paid grognards simply because those are the only people who know how, and are willing (for a steep price), to maintain them.
Maybe. I think C will continue to have relevance in certain niches like embedded development, and that efforts like Fil-C will quietly carry the torch for a long time. C will also continue to have an important role in bootstrapping.
I generally I don't like the "Rust is killing C" meme because a.) I don't believe it b.) C doesn't need to die for Rust to succeed and c.) it leads to language wars and hard feelings. Rust doesn't really do what C does; it's not a lingua franca among architectures. They compete in some niches and not others.
My law of headlines is, "don't take them too seriously, don't develop too many expectations about the article, skim the article (or the comments) to know what it is about and whether it is worth your time".
Note that you and GP are talking about different values of "this." GP is talking about codeine, you're talking about morphine. The difference between the two is at the crux of this article.
> In November 2017, Twitter increased its character limit from 140 to 280 characters. In 2023, Twitter boosted the character limit for Twitter Blue subscribers. In February, it was increased to 4000. In April, it was again increased to 10,000, and in June, to 25,000.
- Wouldn't this censor UUIDs? I want UUIDs to remain in my logs.
- The never "PII Shield" makes me think this would censor entities like names or social security numbers, rather than secrets. Not a big deal though.
reply