Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)N

nous

@ nous @programming.dev

Posts
0
Comments
396
Joined
3 yr. ago

  • No Microslop for me

    Jump

  • You are right. You cannot onboard a new job before you leave your old one. Accepting an offer is not part of the onboarding process though. It happens before.

    After an interview process the company makes an offer. The candidate can then accept or reject it. But that is really all informal. You can then negotiate with them for an official start date and contract. You just need to ensure you can hand in your notice and work the rest of your notice period before the start date of your new contract.

    I don't know anyone that would hand in their notice before accepting the initial offer of a company. At least here in the UK.

  • [TheGamer] Pokemon Go's Player-Taken Photos And Data Used To Train Delivery Robots

    Jump

  • Probably not the only thing they are used for considering it's ties to the CIA

  • No Microslop for me

    Jump

  • You assume they don't already have a job and we're just looking for other opportunities. Not everyone is unemployed before they apply for other jobs. If anything that is a good time to look as it gives you stronger position to negotiate from.

  • is it a security issue that All the supabase requests are coming directly from client instead of the backend ( vercel ) ?

    Jump

  • Yes it is a security issue. But almost everything is. You can make it secure enough with the right policies. However it overall increases the attack surface of your application and has a greater chance that you missed something or miss configured the policies. So many firebase apps have been hacked because of miss configured access to the database.

    So it puts more work on you to get things right.

  • What is this red Arch Linux logo?

    Jump

  • Think it is an old blackarch logo - an arch based pentesting distro.

  • Steam :: About the New York Attorney General lawsuit against Valve

    Jump

  • Valve needs to win this. Or at least stop this part:

    The NYAG also proposed to gather additional information (beyond what we normally collect in the course of processing payments) about each game user on the off-chance someone in New York was anonymizing their location to appear outside of New York, such as by using a VPN. This would have involved implementing invasive technologies for every user worldwide. Similarly, the NYAG demanded that Valve collect more personal data about our users to do additional age verification—even though most payment methods used by New York Steam users already have age verification built-in. Valve knows our users care about the security of their personal information, and we believe it’s in our and their interest to only collect the information necessary to operate the business and comply with law.

    Loot boxes are overall bad for users and should be regulated. But not by getting valve to collect personal information on everyone in the world.

  • BBC says 'irreversible' trends mean it will not survive without major overhaul

    Jump

  • Audiences watching any live TV on the likes of YouTube or streaming platforms need a TV licence, but this is apparently not well known and not effectively enforced.

    I hate this. What does it mean by live TV? Is that any live stream on YouTube? Or live shows published by the BBC. They make no attempt to clarify WTH you need a license for. I am not going to pay for a TV licence to watch someone in Australia live stream something that will never see a dime from it. Also YouTube and these other platforms have their own monitozation methods. Are they not collecting on that as well? What about people outside the UK that watch these shows through these platforms?

    The whole thing is just a mess of confusion.

    When 94% of people use the BBC each month yet fewer than 80% of households contribute,

    How the hell did they get this 94%. Seems very high number. I know many people that just don't have a TV anymore.

  • UK launches consultation asking for views on under-16s social media ban

    Jump

  • In an open letter to the prime minister, Labour MPs said "successive governments" had done "too little to protect young people from... unregulated, addictive social media platforms".

    They are focusing on the wrong thing. The problem is not young people access it, it the unregulated and addictive parts. Those affect everyone not just the young. Regulate the addictive behaviours of these platforms and protect everyone. Don't just force ages ineffective age verification that harms the privacy of everyone.

  • Is it a bad practice to replace compiler warnings with a bunch of TODO notes?

    Jump

  • I treat warning as todos. Fix them all before I release something. I would only ever disable one if I know for a fact the warning is a false positive.

    I would question why you are seeing so many warnings you are not sure about? If you keep on top of them you really shouldn't have that many. Marking them all as allowed with a Todo comment feels just like you are burying you head in the sand.

    I would leave them all there to keep nudging you to investigate and remove them. Hiding them behind a Todo will just mean you will ignore them. And warnings are important, they very likely point to a problem, even if that is just the code could be simpler. It is rare they are true false positives.

  • Why is nftables a dependency for docker?

    Jump

  • Looks like there is going to be a shift to using nftables in arch. The iptables package in core is currently for the legacy interface with an iptables-nft package for the new interface, but the core-testing iptables package is for nft interface and there is now a iptables-legacy package in core-testing.

    My guess is they are moving packages that can work with nftables to depend on that instead of iptables which looks like it is shortly going to be using the new nftables interface anyway. Probably as part of migrating to nftables by default. Looks like docker does have experimental support for nftables in version 1.29 and that is when the dependency was added to the PKGBUILD script.

    It does not look like nftables or iptables conflict with each other at a package level. And nftables can work with iptables rules.

    It is probably worth just migrating to nftables now if you rely on managing iptables yourself.

  • Don't create .gitkeep files, use .gitignore instead

    Jump

  • Why do this at all. Design your tools and systems to create directories in the repo that are needed if they don't exist.

  • US plans online portal to bypass content bans in Europe and elsewhere

    Jump

  • One source said officials had discussed including a virtual private network function to make a user's traffic appear to originate in the U.S. and added that user activity on the site will not be tracked.

    Somehow I don't believe that last part 🤔

  • Environmental protest group Extinction Rebellion says FBI is investigating it for terrorism

    Jump

  • Free speech for him, not for you.

  • You probably can't trust your password manager if it's compromised

    Jump

  • You really don't. And probably shouldn't. Remember this is the findings of a pen testing company that was working with these password managers. They found some issues. Issues that are very hard to pull off - you need the password manager servers to be completely compromised. Which is not something that happens often if at all. Vastly more common is just data exfiltration which bitwarden is secure against. Additionally the issues have already been addressed, in bitwardens article linked in that one:

    All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality.

    So you are already safer then before without having to do anything. Switching now all you are doing is switching to a provider that has not undergone this testing and may or may not have similar issues.

    Don't just jump at the first mention of things like this. You really need to look at the companies response - like Lastpasses who have given a token statement that basically says they are not going to fix these issues any time soon if at all. Stay away from companies like that. But companies like Bitwarden that actively fix issues that are found are worth sticking with.

  • You probably can't trust your password manager if it's compromised

    Jump

  • The companies responses are probably more important then the findings.

    Dashlane published a comprehensive response, thanking the researchers, and said the infoseccers' decision to test using a malicious server model represented "a useful exercise."

    The vendor also confirmed it had fixed the most serious issue

    Which is what you want to hear. The worst of the issues has been fixed and they look like they want to improve things further.

    Bitwarden, meanwhile, said in a post: "Bitwarden has never been breached and believes third-party security assessments like these are critical to continue providing state of the art security to individuals and organizations."

    Is less encouraging although not damning. Would be nicer to hear they are hardening things in case of a breach rather than just relying on not being breached. They could still be doing that though.

    A LastPass spokesperson told The Reg: "Our Security team is grateful for the opportunity to engage with ETH Zurich and benefit from their research. While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk."

    Is just terrible. Basically they don't think they have a problem and have done nothing more then a token effort to fix the easiest of things. I believe they have been breached before as well which is also a bad sign. They just don't seem to care about security at all. I would continue to recommend no one use last pass and everyone one switch away from it.

  • AI agent writes blog post to shame a developer after he refused it's code contribution.

    Jump

  • I don't fully believe this is purely an AI agent. Not after the moltbot incident raised how many humans where responsible for the posts on it. It just seems to be an attempt to make LLMs seems more autonomous then they actually are. It may have been written by an LLM, but I bet it was directed by a human trying to stir up drama.

  • How to Save Multiple Drafts in Git: A Guide to Using Stash

    Jump

  • This sounds all well and good. But I find in practice it never works very well. Too easy to gain a conflict which then messes with the stash (things remain in the stash and need to be dropped if you remember to). I always found it a pain to manage.

    These days I just commit everything to master. When I start work on one feature to realise I need something else or to refactor something else first the I do that work, patch commit the changes, create a branch and checkout a new worktree, cherry pick the changes and push that branch to create a pull request. Then continue with the previous work while I wait to get the previous work merged.

    Have a script which basically lets me do all that with a single command. And I never need to manage the stash. The only time I use the stash is with a rebase or pull etc with the --auto-stash flag. Which pops things off when it's done anyway. The stash only really works for very temporary stuff like that.

  • Why E cores make Apple Silicon fast

    Jump

  • Basically they don't. It is the scheduling pinning background processes to a subset of the cores leaving others free for foreground tasks that is what helps.

    The E cores just give a convenient way to split them. They could have done the same thing on intel macs or any other computer that does not have e cores.

    The big benefit to e cores is they are more power efficient for tasks that don't need performance.

  • Systemd Timer units

    Jump

  • Typo on my part.