A full hack of every part of the service is not the only way a user’s password could get known to an attacker. Could be MiTM, could be typo-squatted, etc

If a site is that compromised no measure of auth is gonna help, so little use worrying about it.

That makes it a single point of failure yes, and the rest of the comment you’re replying to goes into detail on what it does protect from even if both passwd and TOTP are in the password manager

Depending on the security needs using hardware based security as a second factor while still requiring some other form of auth is not actually a bad idea.

It’s not actually reduced to one factor, just a single point of failure. If their password manager gets taken it’s a problem, however the generated TOTP is worthless in 1 min. So this will protect the login from cases where the password is known like a compromised website or a reused password.

And SQL injection where data gets passed as instructions due to improper handling. We figured that out long ago except for that a fix is available.

Had this once, turned out to be some driver update software for a gaming mouse (at least something like that). Sucks for non-technical people that its quite hard to figure out for them without involving the ‘family IT guy’

Except that one guy at Cloudflare who sees no issue with unwrapping.

To be fair, if most of your funding (source needed) comes from industrial customers, not supplying them is a good way to lose their patronage.

So even if it sucked for hobbyists at that moment, keeping a big player like RbP viable for the long term might not be too bad of a tradeoff.

You should go read the blog post explaining how everything works! They basically pull out a shipping container of tricks to establish a connection when necessary. (Depends heavily on firewalls/NAT on the path)

Tailscale with a subnet router running for my home network makes it so that I can just connect to 192.168.50.57 from wherever I like.

Half our ids are called ‘number’ sooo. Also our entire in-database translation system relies on guids that are not foreign keys. The only reason our ORM doesn’t flip on that is because it’s completely custom made with semi-autogenerated stored procedures resolving that translation in-database (using yet another SP).

We are at 2696 stored procedures right now, most of those are simple CRUD (can’t do straight selects on our tables because of the translations, so every select with different parameters is a SP)

I had to rewrite an iterative implementation I made for an exercise in school because the solution they prepared used recursion. I’m still mad about that. Admittedly the recursive solution was a tiny bit more elegant, but my solution worked too!

You need to level up the game and buy a rubber ducky. Go to grab a snack? Hasslehoff’d! Turn to a colleague to look at their screen for a second? Hasslehoff’d!

On my third job in the two years of my career now, and this one and the previous one both had mountains of technical debt. I am actively looking for job 4 now, but this time I’m a bit more cautious. (Job 2 counter-offered a 1000+€ raise and I turned it down for having basically the same wage at job 3 because it supposedly would be a better technical environment. It is not.)

The only common denominator between the last two is that both are small-ish and ERP software so idk. [Edit: also ‘me’, but for sure it can’t be this bad everywhere right]

And for both it was caused by a very short-term way of looking at things. (Sure we could speed up development by X2, but that would take two months and the client wants this feature now)

Not to mention if you want to watch something (only available) ‘in the future’ it’ll automatically get pulled when available.

I’m excited for the roadmap of better sharing, group management and improved ownership. Unfortunately in its current state having a shared “family” library of pictures next to personal pictures is only possible with various workarounds (and all of those have significant downsides). Until then I’m just using it for myself, but it’s been great so far.

A paid service is something that is going to have running costs on the side of the provider. E.g. the cloud backup means they need to buy/rent storage space. If they were to do something like a service for remote machine-learning (for people that do not have the hardware to properly do that) that would be a running cost of renting gpu-time.

A paywall is a feature that would work perfectly fine without any external factors, but its blocked because you didn’t pay.

Some nuance is needed of course. Often a paid service could be self-hosted (thats why I love being able to self-host the machine learning in immich, with a different design choice that could’ve totally been a paid service).

You mean you deleted App-Which-Shall-Not-Be-Named?

Edit: I’m just using the same terminology they use in their docs…

Especially dangerous because the script can change. So this stays up, gets indexed and put in the search results for people looking to do this… And then poof suddenly the script is an info stealer.

Might not even be the original poster doing this, maybe their account gets hacked and the link gets every so slightly edited.

Just bad practice.

Though I must admit I do use proxmox helper scripts… But at least that’s a somewhat trusted repo.

There’s extensions that get rid (/autoclick) of those banners. Eg “I (still) don’t care about cookies”