Boof

  • 0 Posts
  • 11 Comments
Joined 2 years ago
cake
Cake day: June 16th, 2023

help-circle


  • Hashing on client side is both more private, and secure. All the user ever submits is a combined hash (auth/pubkey) of their username + password.

    If the server has that hash? Check the DB if it requires 2FA, and if the user sent a challenge response. If not, fail the login.

    Registering is pretty much the same. User submits hash, server checks DB against it, fail if exists.

    Edit: If data is also encrypted properly in the DB, it doesn’t even matter if the entire DB is completely public, leaked, or secured on their own servers.




  • Your password could also just be a long, unique sentence, without any excessive special characters. Maybe even a poem.

    Like "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum eu leo eu nibh efficitur viverra. Integer lacinia tortor est, quis aliquet tortor varius sed. Sed dapibus vel turpis at suscipit. Nulla consequat orci in nibh dapibus sodales. Phasellus at arcu ac dolor suscipit pretium. Curabitur sit amet justo sit amet ipsum scelerisque accumsan ac ac nulla. Nullam accumsan lorem sagittis iaculis varius. Nullam convallis nisi ante, id congue diam tincidunt vel. Aliquam sed iaculis mauris. Nam leo nisi, consequat sed sodales non, tempor vel ante. Nunc eleifend vulputate turpis bibendum bibendum. Morbi nec massa in mi sagittis lacinia id ut metus. Maecenas gravida mi vitae lorem laoreet sagittis. "

    That’s alot of common characters and words; yet, it’ll take centuries to crack.


  • That’s a misunderstanding of DDoS. 0 byte packets are actually worse than large packets.

    Which is why most DDoS (at least was) is extremely slow 0 byte requests until the server throttles/crashes under the number of requests.

    E: Consider this. Are you more likely to throttle a bandwidth of terabytes/petabytes with couple million 1gb requests; or break it entirely by sending >4294967295 0 byte requests that effectively never stop being requested from the server?



  • dog@suppo.fitoProgramming@programming.devIs software getting worse?
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    2
    ·
    1 year ago

    I’d say no. While yes for example in game development we’ve had new tech come up that wasn’t there 10-30 years ago, the “how” to do it was on paper decades earlier. It just wasn’t feasible to implement with current technology.

    Due to IDE’s etc, it’s significantly easier to just create stuff these days, which for indie etc is extremely good.

    It does however also mean that the implementation of tech X will be sub-optimal in most situations, because people don’t really understand the underlying tech.

    That can be solved in non-corporate situations by asking for help/advice online, or looking it up; but in corporate that’d likely get you branded “overqualified”, and they’d fire your ass for focusing development time on improving/fixing something instead of just pushing, pushing, and pushing.

    'course there are also programming fields specifically targeting to improve gaps left by IDE’s etc, to make them even easier and efficient to use.

    So basically: Fuck big corpo, fuck “education” that prepares you for corporate rather than teaches you the fundamentals.


  • dog@suppo.fitoProgramming@programming.devIs software getting worse?
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    13
    ·
    1 year ago

    Yes, software is getting worse, as education and corporate are getting worse.

    Where employees needed to know what they actually were doing in the past, now is mostly auto-filled by IDE’s and languages that target other languages, so employees need to know less and less fundamentals.

    Which in turn means when a low-level error occurs, either no one knows how to fix it, or the corporate refuses to hire someone who knows how to fix it because they’re “over-qualified”, and therefore would “cost them too much”.