If your Java dev is using Jackson to serialize to JSON, they might not be very experienced with Jackson, or they might think that a Java object with a null field would serialize to JSON with that field omitted. And on another project that might have been true, because Jackson can be configured globally to omit null properties. They can also fix this issue with annotations at the class/field level, most likely .
More details: https://www.baeldung.com/jackson-ignore-null-fields
Third, a redirect is obvious
A redirect isn’t necessary if you control the DNS servers. If you control the DNS servers, you can MITM the website for any visitor because you can prove that you own the domain to a certificate authority and generate a new, trusted HTTPS cert. (Depending on specifics this may or may not foil the anti-phishing capabilities of Passkeys / U2F.)
They aren’t. From a comment on https://www.reddit.com/r/ublock/comments/32mos6/ublock_vs_ublock_origin/ by u/tehdang:
For people who have stumbled into this thread while googling “ublock vs origin”. Take a look at this link:
"Chris AlJoudi [current owner of uBlock] is under fire on Reddit due to several actions in recent past:
- In a Wikipedia edit for uBlock, Chris removed all credits to Raymond [Hill, original author and owner of uBlock Origin] and added his name without any mention of the original author’s contribution.
- Chris pledged a donation with overblown details on expenses like $25 per week for web hosting.
- The activities of Chris since he took over the project are more business and advertisement oriented than development driven."
So I would recommend that you go with uBlock Origin and not uBlock. I hope this helps!
Edit: Also got this bit of information from here:
https://www.reddit.com/r/chrome/comments/32ory7/ublock_is_back_under_a_new_name/
TL;DR:
- gorhill [Raymond Hill] got tired of dozens of “my facebook isnt working plz help” issues.
- he handed the repository to chrismatic [Chris Aljioudi] while maintaining control of the extension in the Chrome webstore (by forking chrismatic’s version back to himself).
- chrismatic promptly added donate buttons and a “made with love by Chris” note.
- gorhill took exception to this and asked chrismatic to change the name so people didn’t confuse uBlock (the original, now called uBlock Origin) and uBlock (chrismatic’s version).
- Google took down gorhill’s extension. Apparently this was because of the naming issue (since technically chrismatic has control of the repo).
- gorhill renamed and rebranded his version of ublock to uBlock Origin.
That’s still a single point of failure.
So is TLS or the compromise of a major root certificate authority, and those have no bearing on whether an approach qualifies as using 2FA.
The question is “How vulnerable is your authentication approach to attack?” If an approach is especially vulnerable, like using SMS or push notifications (where you tap to confirm vs receiving a code that you enter in the app) for 2FA, then it should be discouraged. So the question becomes “Is storing your TOTP secrets in your password manager an especially vulnerable approach to authentication?” I don’t believe it is, and further, I don’t believe it’s any more vulnerable than using a separate app on your mobile device (which is the generally recommended alternative).
What happens if someone finds an exploit that bypasses the login process entirely?
Then they get a copy of your encrypted vault. If your vault password is weak, they’ll be able to crack it and get access to everything. This is a great argument for making sure you have a good vault password, but there are a lot of great arguments for that.
Or do you mean that they get access to your logged in vault by compromising your device? That’s the most likely worst case scenario, and in such a scenario:
In other words, your only accounts that are not vulnerable in this situation solely because their TOTP secret is on a different device are the ones you don’t use on that device in the first place. This is mostly relevant if your computer is compromised - if your phone is compromised, then it doesn’t matter that you use a separate password manager and authenticator app.
If you use an account on your computer, since it can be compromised without having the credentials on device, you might as well have the credentials on device. If you’re concerned about the device being compromised and want to protect an account that you don’t use on that device, then you can store the credentials in a different vault that isn’t stored on your device.
Even more common, though? MITM phishing attacks. If your password manager verifies the url, fills the password, and fills your TOTP, then that can help against those. Start using a different device and those protections fall away. If your vault has been compromised and your passwords are known to an attacker, but they don’t have your TOTP secrets, you’re at higher risk of erroneously entering them into a phishing site.
Either approach (same app vs different app) has trade-offs and both approaches are vulnerable to different sorts of attacks. It doesn’t make sense to say that one counts as 2FA but the other doesn’t. They’re differently resilient - that’s it. Consider your individual threat model and one may be a better option than the other.
That said, if you’re concerned about the resiliency of your 2FA approach, then look into using dedicated security keys. U2F / WebAuthn both give better phishing resistance than a browser extension filling a password or TOTP can, and having the private key inaccessible can help mitigate device compromise concerns.
If you only need one factor to log into your password manager, you’re doing it wrong.
Have you looked into configuring them directly from your NVR? Or third party options? I did a quick search and saw a list of several that as far as I can tell can display Reolink streams (though I haven’t confirmed any can configure the cameras):
And some proprietary options that have native Linux builds:
The list of instances you shared was updated recently, but I tried the one url in it (the rest are onion links or i2p, and are older versions of libreddit to boot) and the page didn’t even load.
Libreddit has been discontinued for nearly a year due to not working thanks to Reddit’s API changes, though about a month ago they updated their repo to direct people to RedLib, which allegedly does work. That said, I tried the official instance and got an error. However, it’s being actively developed and looks easy to self-host. I don’t know if there’s a list of unofficial public instances.
It first showed up on Netflix in mid-2023, in the middle of the writer’s guild strike (meaning there was a dearth of new content). So basically the Netflix effect. It had been on other streaming platforms before - Prime Video and Hulu - but Netflix is still a juggernaut compared to them - it has 5 times as many subscribers as Hulu, for example, and many of the subscribers to Prime Video are incidental and don’t stream as much on average as Netflix users.
I assume Netflix funded off-platform advertising, but the on-platform advertising has a big effect, too. And given that Suits broke a record in the first week it was on Netflix and they have a spinoff coming, it makes sense that they would keep advertising.
I can’t speak to Android as a whole, but here’s how often Samsung Face Unlock will require you to re-auth with your phone’s passcode:
iPhones do something similar, but it’s after 48 hours of non-use (instead of 4) and at least weekly instead of daily. Having to enter your password daily should help most people keep it memorized pretty well, but weekly - maybe not. So you definitely have a good point there.
One thing that can make it easier to remember - and just as secure - is to use a longer pass phrase instead of random characters.
If you using the diceware approach (“correct horse battery staple”), then 5 words has 32 times / 5 bits more entropy than a 10 character mixed-case alphanumeric password (64 vs 59 bits of entropy) (4 word passphrases aren’t random enough to be recommended - they have fewer bits of entropy (51) than even 9 character mixed-case alphanumeric passwords (53), though notably 10 same-case alphanumeric characters also have only 51 bits of entropy).
The EFF has a word list that’s been improved for usability. They also have a short list, comprised of words with at most 5 characters each, where you roll 4 dice instead of 5. With 6 words from that list you get 62 bits of entropy, which is good enough to be able to recommend.
Unless you’re using a random 10+ alphanumeric passcode and are fine entering it every time you log into your phone, with a short auto-lock period, you’re much better off enabling biometrics (assuming it’s implemented competently) in combination with a longer passcode and understanding how to disable it when appropriate.
I recently replied with this comment to a Gizmodo article recommending the same thing you did for similar reasons, if you’d like to better understand my rationale: https://ttrpg.network/comment/6620188
I had a pocket TV back in 2007 or so. It had an antenna and everything. It was a bit bulky and not at all power efficient, though. IIRC it went through 8 AA batteries in about 3 hours.
I’m not sure why you’d want that over a smartphone or even just a small tablet, though.
Also, we have flying skateboards, they’re just prohibitively expensive or not yet being sold. Look up the ArcaBoard (was $20k back in 2015, doesn’t seem to be sold anymore), the Lexus Hoverboard, and the Flyboard Air. Unfortunately if you try to buy a “hoverboard” you’re just gonna end up with an electric scooter
I use Standard Notes for most of my notes. For simple todo lists, I use the Checklist note type. For project planning I generally use the SN Kanban Editor and while it has some quirks, I find it works fine on desktop and acceptably on mobile. It saves notes in markdown so I’ll sometimes swap the note type, make bulk edits, and swap back. I also use some of the other editors from https://github.com/jonhadfield/awesome-standard-notes like the MermaidJS one.
For notes that I plan to share or want to work collaboratively on, I use Hedgedoc. I tried it out because of the name and icon, thinking of it as basically a Gist tool, but then started using it for more because of how great the experience has been.
This is a very surface level overview of the frameworks it covers. The title is a bit of a reach, as it wouldn’t give anyone enough information to make a more educated decision about which framework to use.
Are you the author? I think it could be improved by including:
If you are the author, I saw your article on Typescript and would also like to say that you can configure your linter to not warn about using any. There’s even a no-implicit-any rule that you can use if you only want explicit any types but don’t want, for example, responses from API calls to have that type by default.
Is there some sort of block chain base registrars out there?
There are handshake domains, which are distributed on a blockchain, but sites that use them won’t resolve in browsers by default
From https://docs.syncthing.net/users/faq.html#what-is-syncthing (bolding mine)
We believe your data is your data alone and you deserve to choose where it is stored. Therefore Syncthing does not upload your data to the cloud but exchanges your data across your machines as soon as they are online at the same time.
I’ve been using Rallly - this looks like it might be a decent alternative.
I don’t believe that we perceive luminance in a linear fashion, but the systems of measurement aren’t straightforward coming at it as a layperson.
With sound, a 10 dB increase is 10 times more intense, but it doesn’t sound 10 times louder to the human ear - it sounds (roughly) twice as loud. So if something was 6 dB quieter (1/4th as energetic), it would sound maybe 2/3rds as loud.
The next things to ask are:
I’m Hedgehog, the poor senior dev who was assigned to review Hal’s code.
Panel 1: ✅ (PR Approved) LGTM but you’re missing the styling from the mock-ups, should be easy to add.
Panel 2: ❌ (Changes requested)
Nit: Hal, your PR failed in CI. You should have used const instead of let. Did you forget to run the linter before pushing?
Also, the useState hook isn’t doing anything. If it doesn’t need to, just leave it as an uncontrolled component. I didn’t look at the surrounding code but this is part of a form, right? If not then it should be receiving the setter/value as props.
Panel 3: ✅ LGTM, ship it.
❌ Actually wait, you still have that do-nothing state code in there. Either get rid of it or do something with it.
Panel 4: ❌ Hal, I don’t like where this is going.
Panel 5: (during stand-up) I reviewed Hal’s PR and just had a couple pieces of feedback. Shouldn’t take long, right, Hal?
Panel 6: ❌ WTF, Hal. <InputField /> is literally just passing through props to input, so you don’t need it.
Also, Hal, I recommend you look into the Styled Components library. It might better fit your needs here. You could rewrite the LoginComponent as a styled input. Of course, if you do that you should refactor the existing places where you’re using style sheets to use styled components and themes instead.
You also still have the do-nothing useState hook for some reason. Seriously, Hal, get rid of it.
This is how I’d write this without bringing in Styled Components, but if you use it make sure to test it first:
import React from ‘react’;
export const LoginForm = (props: React.ComponentPropsWithoutRef<‘input’>) => (
<input
{...props}
className={`border rounded-md p-2 focus:outline-none focus:border-blue-500 ${props.className || ‘‘}`}
/>
);
It’s largely the first one, at least according to The Man Who Killed Google Search.
See also the Hackernews discussion and this follow-up article by the same author (with links to an article with Google’s response, summaries of other discussions on the topic, etc.)