Giooschi @ Giooschi @lemmy.world

Posts

0

Comments

108

Joined

2 yr. ago

Well, but then you're basically just pushing the mutability onto the container

That's the point, when programming with immutable structures you always pass the mutability onto the enclosing structure.

It's a good strategy at times though. Like say you're working in a language where strings are immutable and you want a string you can change. You can wrap it in a list along the lines s=['foo'] and pass references to the list around instead. Then if you go s[0]='bar' at some point, all the references will now see ['bar'] instead.

A list is an antipattern here IMO. Just wrap it in some dedicated object (see e.g. Java's StringBuilder).

What you need here is not the stability in memory (i.e. of pointers, which you lose when you recreate an object) but instead just the stability of an identifier (e.g. the index into a list).

FYI there is an open source reimplementation of Flash from scratch called Ruffle that should solve all the security issues that Flash had. It runs on WASM so it's compatible with modern browsers. The New York Times is using it to bring back some old interactive/animated pages that relied on Flash.

You keep the recovery codes unexposed to the internet or obfuscated in some way, unlike your usual password.

How is a strong password I used exclusively for Bitwarden "exposed to the internet"? I do see the value of this for people that don't care about security and reuse the same password everywhere. In that case you would need something like phishing to expose the 2FA code or the recovery code, just a leak of the email-password combination from another website would not be enough. But what's the point if I'm already using a unique strong password specifically for Bitwarden?

yes, that's the whole point, to recover your account if you lose your MFA device. what are you even trying to say?

If you can login without the second factor then what's the point?

The fact that no widely used LLM is open source is not a good reason to change its meaning.

From the wikipedia link you posted:

Account recovery typically bypasses mobile-phone two-factor authentication

It also lists more advantages than disadvantages.

Why can't I keep my password in a secure location then?

Sounds like a second password then.

It's not open-source, stop spreading disinformation. The core of the product are the model weights and no source is provided for them, making them irreproducible. This is as open source as distributing a single exe file because after all you can read the assembly code, no?

Insanity is when you lose or can't access your 2FA device and you're locked out of your account.

Not really, portals give you shortcuts in 3D space, they don't allow you to interact with a whole different dimension. If you have Minecraft there's a really nice custom map called "The Hypercube" which sorts of emulates a 4th dimension, it felt much more confusing than Portal (2) for me.

50 years ago people thought everyone would be able to program using BASIC, now you think everyone will be able to program using AI. It seems nothing has changed in 50 years.

Sorry, by looking more into it I realized webview is actually a different thing than what I was thinking about.

This would be so good. As someone who fully switched to Firefox on Android I hate that chrome webview is a thing.

Why does that bother you? There's also a Firefox Webview you can use system-wide. I think only Google apps insists on opening Chrome's webview.

banning patients

Did you mean patents?

Do you apply the same reasoning for software that use javascript, the JVM, the CLR or some other kind of VM?

These are server CPUs, not something you wanna put in your laptop or desktop.

write only medium

I guess you meant "write once"?

Anyway, this won't prevent attacks that somehow swap the CD being read, or the backend logic for where to read the data from.

You cited Git as an example, but in Git it's possible to e.g. force-push a branch and if someone later fetches it with no previous knowledge they will get the original version.

The problem is the "with non previous knowledge" and is the reason this isn't a storage issue. The way you would solve this in git would be to fetch a specific commit, i.e. you need to already know the hash of the data you want.

For the Wayback Machine this could be as simple as embedding that hash in the url. That way when someone tries to fetch that url in the future they know what to expect and can verify the website data matches the hash.

This won't however work if you don't already have such hash or you don't trust the source of it, and I don't think there's something that will ever work in those cases.