Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)W

who

@ who @feddit.org

Posts
10
Comments
192
Joined
8 mo. ago

  • Most privacy respecting lemmy instance?

    Jump

  • This is mostly true.

    However, it's worth noting that your home instance is uniquely positioned: it can see not only everything you send out into the fediverse, but also everything you read or subscribe to, so its privacy practices can still matter.

    With that in mind, I suggest avoiding instances that run behind Cloudflare, which can see (and even change) every interaction you have with the instance.

    You might also want to disable off-site images in your web browser (if you use Lemmy's web interface) and prefer an instance with a large image cache, because loading images that are hosted on other instances will leak your reading habits to those instances.

  • have some standards

    Jump

  • What is 2k, other than a game publisher?

  • I refuse to by a new mouse

    Jump

  • I just about always prefer repair to replacement. Even if I'm not in love with the thing, less expense and pollution is worth a little effort.

  • Power Loss but Still Online with Fiber Connection

    Jump

  • Does anyone know why my new Fiber connection does this but my old system which was bonded DSL did not? I know back in the early days of DSL I could do this, but some where along the way it stopped being power outage resistant.

    DSL is just as capable of this as fiber optic. As long as both ends of the connection have power, your comms are fine, as you noticed in the early days.

    My guess is that your more recent DSL service relied on a loop extender located near enough to your home that it was affected by local power outages.

  • After about 8 months, I love this Android browser. Not Chrome, FF, or Edge based.

    Jump

  • Yes.

  • Is there still any hope for privacy phones? 2025 and beyond

    Jump

  • Adult game developer’s PayPal funds held for over a month despite being legitimately sold on Steam [80k GBP]

    Jump

  • Correcting the bad headline: The funds were not sold on Steam. They were earned from game sales on Steam.

  • Everyone knows what an email address is, right? (Quiz)

    Jump

  • I don’t validate emails, I test them.

    Hooray! You get a gold star.

    OK, maybe I do some light validation first,

    I hope your "validation" does nothing more than show a warning that the user is allowed to ignore.

    I have seen too many systems built by people who think they know what's valid or not before and after the @ sign*, and they are almost always dead wrong. In the worst cases, such systems accept an unusual-looking address and claim to send the expected verification message, but never actually send it. Of course, these systems won't work for some people, and since none of their online docs or support staff know why, those people will be locked out of using the system and funneled into bottomless pit of misery if they try. Please don't build broken garbage like this.

    *Fun fact: Not so terribly long ago, even the @ sign didn't have to be present. Some email addresses were bang paths. I'm not sure if any of these are still in use, but it wouldn't shock me to learn that they are.

  • Everyone knows what an email address is, right? (Quiz)

    Jump

  • Use a library

    Please, no. If someone wrote email address "validation" complex enough to warrant a library, then their code is almost certainly wrong.

    or check for only the @ and then send an email confirmation.

    Yes. Do that.

    If your boss demands a more detailed check at input time, then make it display warnings, not errors, and continue to the confirmation sending step if the user chooses to ignore the warning.

  • Blog post where someone used Python quirks to evaluate false == true

    Jump

  • That change is about True and False, not true and false. If OP was thinking of the former pair, it would seem my "different identifiers" guess was correct.

  • Blog post where someone used Python quirks to evaluate false == true

    Jump

  • Python doesn't have true or false keywords, nor any other primitives by those names.

    So either you're thinking of a different language, or different identifiers, or someone assigned equal values to variables with those names and then blogged about it.

  • Been there, done that, would not recommend

    Jump

  • It's refreshing to see someone on social media who doesn't dismiss code as "outdated" just because of its age.

  • Destroy a Microphone

    Jump

  • micefrone

    BTW, Lemmy lets you edit titles, so you can fix errors like that.

  • The Math Hack You Didn’t Know Was in Your Credit Card

    Jump

  • You typical Node project

    Jump

  • I didn't think I would have to spell this out, but when I wrote "as much as possible", I was acknowledging that some libraries are either too complex or too security-sensitive to be reasonably homebrewed by the unqualified. (Perhaps "as much as reasonably possible" would have been better phrasing.) Where the line lies will depend on the person/team, of course, but the vast majority of libraries do not fall into that category. I was generalizing.

    And yes, some third-party libs might get so much public scrutiny as to be considered safer than what someone would create in-house, depending on their skills. But safety in numbers sometimes turns out to be a false assumption, and at the end of the day, choosing this approach still pushes external risks (attack surface) onto users. Good luck. It hardly matters to the general point, though, because most libs do not have this level of scrutiny.

    Let's also remember that pinning dependencies is not a silver bullet. If I didn't trust someone to follow "best practices", I don't think I would trust their certification of a third-party library hash any more than I would trust their own code.

    With all that said, let me re-state my approach for clarity:

    • I minimize dependencies first. Standard libraries are great for this.
    • When something more cannot reasonably be avoided, I choose very carefully, prioritizing the safety of my users over my own convenience.
    • Sometimes that means changing my original design, or spending my time learning or building things that I hadn't planned to. I find the results to be worth it.

  • CSS Gardening

    Jump

  • You typical Node project

    Jump

  • This applies to developers, too.

    External dependencies put end users at risk, so I avoid them as much as possible. If that means I have to rethink my design or write some boring modules myself, then so be it.

  • VIC-20 cassette stash - what's worth backing up?

    Jump

  • Seconded. Old stuff that seems worthless sometimes turns out to be sorely missed years later when it can no longer be recovered.

  • Getting ready for a good old-fashioned LAN party

    Jump

  • What's a rage room?