I sometimes admin. But usually not.

  • 1 Post
  • 26 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle







  • An API token is more secure than a password by virtue of it not needing to be typed in by a human. Phishing, writing down passwords, and the fact that API tokens can have restricted scopes all make them more secure.

    Expiration on its own doesn’t make it more secure, but it can if it’s in the context of loading the token onto a system that you might lose track of/not have access to in the future.

    Individual API tokens can also be revoked without revoking all of them, unlike a password where changing it means you have to re-login everywhere.

    And that’s just the tip of the iceberg. Lmk if you have questions, though.


  • Others beat me to the punch on saying this is just worse WebAuthN, but there are some specific flaws that boil down to saying that this whole thing is, at best, totally inconsiderate of real attack vectors such as phishing

    Online Login: On supported platforms, log in with your ‘Sign’ rather than your email address. The service checks for a corresponding email in their database that produces the same hash with the chosen algorithm/options. Services can eventually replace emails with ‘Signs’ for regular users.

    Enhanced Privacy: Limits the need to share email addresses, reducing spam and data breach risks.

    Huh? What does this even mean? How can you avoid sharing your email and replace it with a sign, if they need to check it against their database of… Emails?

    Real-Life Usage: In physical stores, use your QR-art ‘Sign’ when asked if you have an account/booked at table.

    Ah excellent. Someone can just look at a security camera or just snap a photo over your shoulder and steal your sign then. Because your proposal sure doesn’t note any way that these are 1-time use only. And if they were, this sounds like an awfully inconvenient way of receiving a temporary number (which sites usually only ever do as a cheap/bad 2FA method/password resets)

    Email Verification: Receive a unique link via email, confirming your email’s validity.

    Oh boy, better make sure to not get phished! Or that the link is 1 time use! Or that you aren’t being victimized by a MITM attack and getting it intercepted immediately!



  • So others have already talked about how great Star Trek is. I agree with them, but I think that literally everyone has missed the point of your question:

    https://startrek.website

    It’s its own lemmy instance. It was spawned from the migration away from reddit, and it’s stayed alive since. So combine an active former-reddit community with lemmy and a good reason to all rally around, and finally the final ingredient of federation, and the Star Trek related rooms will always be on every server, and they’ll always be populated.









  • As someone of color (Indian) who is often mistaken as being foreign/religious until they hear my accent…

    I feel the other commenters here are missing the mark. This isn’t about fixing them, or learning to “accept them as they are”: bigots should never be tolerated.

    Which is to say, your reasons for being “bigoted” towards the bigots isn’t a matter of prejudice: you’ve extrapolated a pattern.

    But you don’t want to apply this pattern unfairly to people you haven’t met, because that’d make you bigoted as well.

    Well, I have good news for you: you aren’t at any risk for that. Real bigots don’t think they’re bigots. People with prejudices don’t consider their judgement unsound. They think they’re the most unbiased, reasonable people in the world, and often try to push their opinions on others with violence, whether it’s verbal, social, or physical.

    By simply acknowledging internally that you have thoughts that you consider unideal, and unfair, you’ve done a thousand times more self-reflecting, and have more capacity for self-correcting, than someone like my parents would.

    Don’t try to beat the bad thoughts out of yourself. Acknowledge them, and pledge to act better than they’d have you.