• 5 Posts
  • 254 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle
  • In general TOTP is recommended when offered. Aside from what other people are bringing up about added security when using password authentication, many sites use TOTP in the account recovery process when a password is forgotten. This is an old example, but in this case, attackers were able to do a forgot password for Gmail which sent a recovery email to an Apple email address, which the attackers were able to access. Had Mat been using MFA for Gmail, the attackers would have been prompted to provide an MFA code before the recovery email would be sent, thwarting the attack.




  • Do any of the pages in the directory link to other websites? It could be that if you link to a website that is using Google analytics, it may see that referrer header when the person using chrome opened the link. If it knew that your site didn’t have links to the third party site before, maybe that triggered a refresh.

    You could test this by making a page linking to CNN or another site which is using Google analytics, and using Firefox (without anything that would block Google Analytics) and click on the link on your site to the other site. if the Google bot checks your site within 10 seconds then you could rule out chrome as the culprit.


  • The person who boarded the flight bypassed the document check podium and a gate agent, but was fully screened at a security checkpoint at JFK, a TSA spokesperson told ABC News. That means they weren’t carrying any prohibited items and did not pose a security risk, TSA said.

    TSA showing they’re all security theater with this statement. Either they’re admitting that the document check podium isn’t necessary to identify security risks, or they’re trying to assure everyone that they’re enforcing security when they clearly aren’t.







  • The way I’ve heard it described is a lot of the NASA funding is intentionally spread out across many states, funding many jobs in those states, to get the support of many representatives to vote for the funding. This also means that trying to optimize costs would get a lot of push back, since it will cause jobs to be lost in many states. And these are states which voted for Trump: Alabama, Texas, Florida, etc.









  • Yeah, it’s unclear to me at the time if the dialogue box in the screenshot appeared when doing a select all operation, but it reads as though the OP dev didn’t understand git, discarded their work, and got upset that it was an option.

    Realistically if the dialogue box appeared, I’m not sure there would be anything else the IDE could do to prevent the dev from themselves. Perhaps reject operations affecting 5000 files? But then you’ll just have someone with the same issue for 4000 files.


  • reading through it, it sounds like they opened a project in VSCode, and it saw that there was a local git repo already initialized, with 3 months of changes uncommitted and not staged. So the options there are to stage the changes (git add) to be committed or discard the changes (git checkout -- .). I guess they chose the discard option thinking it was a notification and i guess the filename would be added to gitignore or something? Instead, it discarded the changes, and to the user, it looked like VSCode did rm -rf and not that this was the behavior of git. Since the changes were never committed, even git reflog can’t save them.