Not only is “Googling” one of my most important job skills, now that I’m doing professional services, my entire job basically consist of “Learn product ${FOO} faster than the customer’s employees can.” Which of course primarily consists of knowing what to search for, how to find it, and how to interpret and use what I find.
The answer is obviously to require all users to change their passwords and make them stronger. 26 minimum characters; two capitals, two numbers, two special characters, cannot include ‘_’, ‘b’ or the number ‘8’, and most include Pi to the 6th place.
The modern direction is actually going the other way. Tying identity to hardware, preventing access on unapproved or uncompliant hardware. It has the advantage of allowing biometrics or things like simple pins. In an ideal world, SSO would ensure that every single account, across the many vendors, have these protections, although we are far from a perfect world.
Effectively, the other option is passwords, and people are really, really, bad at passwords. Password managers help, but then you just need to compromise the password manager. Strong SSO, backed by hardware, at least makes the attack need to be either physical, or running on a hardware approved by the company. When you mix that with strong execution protections, an EDR, and general policy enforcement and compliance checking, you get protection that beats the pants off 30 different passwords to 30 different sites, or more realistically, 3 passwords to 30 different sites.
Great! Now when I brute force the login, I can tell my program to not waste time trying ‘_’, ‘b’ and ‘8’ and add Pi to the 6th place in every password, along with 2 capitals, 2 numbers and 2 other special characters.
Furthermore, I don’t need to check passwords with less than 26 characters.
C is so old, it has a way to work around that! In case your 198x keyboard was not set to ASCII you know. Not sure if Morse covers all the characters needed for the replacement trigraphs though.
It’s all about context. If you write a convenience function and put it in zshrc, scripts you run from the cli will not have access to the function as defined in zshrc. Same with aliases added by zsh plugins etc.
If you need “the thing” on the command line, zshrc. If you also need it in scripts you run from the cli, toss it in the profile file.
ETA: I personally keep the functions I want to access from scripts in .zshenv as I recall reading that this file is ALWAYS sourced.
What kind of functions do you write which you share between your scripts? Generally if I’m wanting to reuse a non-trivial function, I extend the functionality of the first script instead.
All of the repos for my GitHub sourced vim plugins live under one parent directory. I symlink to them from ~/.vim
One example is a simple function that pushes the top level repo directory onto my dir stack and then runs a loop where it pushes each subdir into the stack, runs “ggpull” then pops back to the top level repo directory. ggpull is an alias added by the zsh git plugin. After all repos have been updated it pops back to my original pwd.
I run this as part of my “update all the things” script but sometimes I also want to run it in demand from the cli. So I want this function in all scopes and I want it to have access to “ggpull” in all of those scopes.
I also “misuse” timewarrior a bit and use it to time things like “how much time do I spend waiting for salt to run”. That has its own timewarrior db and a wrapper function for pointing the command at said db. I use this in both login and non login shell contexts.
zshenv’s selling point isn’t necessarily that your typical functions are available across scripts (though that can be neat, too – I source aliasrc as well as an utils script file in my shell config) – it’s that it’s there for non-interactive shells too, whereas zprofile is only applied for login shells (and zshrc only for interactive ones).
So for example, I could open a command in my editor of choice (Helix’s :sh for me), and if I define stuff using the zshenv, all of my aliases etc. are right there. I just have to avoid naming conflicts for script function names if it’s the default shell, but that’s pretty easily done.
I’m appalled that classes representing visual styles are still a thing. I thought everyone already figured that it was a bad idea back in bootstrap days. But then I recently had an opportunity to work on project that uses Vuetify and saw quite long poems about flexboxes in class names…
Well, there’s not exactly a class training you have to take before writing CSS, so everyone starting out with it gets to make all those same mistakes for themselves before they know how to use classes sensibly. I myself am some backend guy, who has to write CSS far too often.
It certainly also does not help that various CSS frameworks out there do exactly that…
It certainly also does not help that various CSS frameworks out there do exactly that…
Bootstrap (as of v5) being one of them. div class="d-flex gap-2 my-3 align-items-center flex-nowrap justify-content-between
I was annoyed at this at first, but I’ve since noticed that I write hardly any CSS any more, because most rules really are “just add some space, vertically align, be red”.
I had to look up what these do, so they might not be precisely correct translations, but hopefully, you get the idea. It’s mostly like using inline styles, and like not using classes.
In some scenarios, these frameworks might simplify certain things, like how my applies two CSS rules. And they reduce the visual clutter of inline styling somewhat.
But overall, it feels like people are dissatisfied with semantic classes, but don’t want to lead the discussion for using inline styles, so they grab these CSS frameworks to pretend that they’re not using inline styles.
It is fundamentally a difficult discussion to lead, because inline styles feel great, while you’re writing them. They’re less great for maintenance.
But semantic classes definitely have long-term problems, too.
“Figured it was a bad idea” actually means that some people were against it because they believed semantic class names were the solution, I was one of them. This was purely ideological, it wasn’t based on practical experience because everyone knew maintaining CSS was a bitch. Heck, starting a new project with the semantic CSS approach was a bitch because if you didn’t spend 2 months planning ahead you’d end up with soup that was turning sour before it ever left the stove.
Bootstrap and the likes were born out of the issues the semantic approach had, and their success and numbers are a testimony to how real the issue was, and I say this as someone who never used and despised bootstrap. Maintaining semantic CSS was hard, starting was hard, the only thing that approach had going for it was this idea that you were using CSS the way it was meant to be used, it had nothing to do with the practicality. Sure, your html becomes prettier to look at, but what good is that when your clean html is just hiding the monstrosity of your CSS file? Your clean html was supposed to be beneficial to the developer experience, but it never succeeded in doing that.
Either you understand that the consensus is that naming things is hard and you just want to elevate yourself above everyone else by arguing against it, or you’re unaware that it is the consensus, in which case your opinion doesn’t really matter because you most likely underestimate the issue.
It’s such a truism that I’d suggest googling "naming things is hard*.
There are only two hard things in Computer Science: cache invalidation and naming things. – Phil Karlton
We had a class in the first semester of uni where we had to create a static html page based on a screenshot.
There was this one textbox at the top of the site, where the only way you could recreate the screenshot was by using a <br/> in the middle of the text.
The prof was very picky about your HTML being semantically thorough and correct, so that was super weird that that was necessary.
You can style your whole webpage with divs, but using main, nav, footer or whatever blocks is semantically more correct, because you group elements together that have a certain purpose.
A HTML Tag in the middle of a sentence is not wrong per se, but when parsing it a line break could signify two sentences where one has missing punctuation, instead of a complete sentence as your original intention was.
I don’t really care how the design you want is achieved to be honest, but I don’t get why the prof didn’t argue against.
Well, it is hindsight 20/20… But also, it’s a lesson many people have already learned. There’s a reason people use canary deployments lol. Learning from other people’s failures is important. So I agree, they should’ve seen the possibility.
I saw one rumor where they uploaded a gibberish file for some reason. In another, there was a Windows update that shipped just before they uploaded their well-tested update. The first is easy to avoid with a checksum. The second…I’m not sure…maybe only allow the installation if the windows update versions match (checksum again) :D
The kernel driver should have parsed the update, or at a minimum it should have validated a signature, before trying to load it.
There should not have been a mechanism to bypass Microsoft’s certification.
Microsoft should never have certified and signed a kernel driver that loads code without any kind signature verification, probably not at all.
Many people say Microsoft are not at fault here, but I believe they share the blame, they are responsible when they actually certify the kernel drivers that get shipped to customers.
Not too surprising if the people making malware, and the people making the security software are basically the same people, just with slightly different business models.
programmer_humor
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.