HackerTrans
TopNewTrendsCommentsPastAskShowJobs

emedchill

no profile record

Submissions

YouTube Down for Firefox?

youtube.com
3 points·by emedchill·vorig jaar·1 comments

comments

emedchill
·3 maanden geleden·discuss
Not true. "Star Trek: United" is in production (just not with Secret Hideout).
emedchill
·vorig jaar·discuss
Is anyone else getting a javascript error on Firefox? It is causing the whole site to not work for me.

"Uncaught SyntaxError: missing ) after argument list"
emedchill
·vorig jaar·discuss
left, right, up, and down?
emedchill
·vorig jaar·discuss
so... there would only be 4 possible choices for a bot to make to guess correctly?
emedchill
·2 jaar geleden·discuss
Having special characters is a good idea but having a comma just to break a CSV is dumb. This would only happen if the hacker used a bad exporter or created their own (very poorly).
emedchill
·2 jaar geleden·discuss
https://alternativeto.net/software/firefox-relay/
emedchill
·2 jaar geleden·discuss
No. Driving requires a fast reaction time and with remote having an inherent lag in the feed -- count me out.
emedchill
·2 jaar geleden·discuss
If ISP's could do it, couldn't some bad actor?
emedchill
·3 jaar geleden·discuss
> don't let the end user know that you were able to send an email.

I need to stress this is a very important point. If you happen to state the email they entered already exists in the system, the attacker now knows that is a valid account then use a known password linked to that email to gain access.
emedchill
·3 jaar geleden·discuss
- use CSRF tokens

- route throttling to something high since if they are new users they shouldn't need to hit that form more than once

- don't let the end user know that you were able to send an email. Keep it vague like "if your email exists, you should receive an email soon."

- don't use a personal email server; something like sendgrid can give you a server that is in good/neutral standing

- if you have to handle your own emails, keep up with any bounce backs and always keep an eye your server being on any blacklists to get it cleared out as soon as possible

- honeypots can be useful if the spammer(s) isn't keeping a close eye on their scripts

- put your site behind a DDoS service
emedchill
·3 jaar geleden·discuss
I've used Swagger before.
emedchill
·3 jaar geleden·discuss
Have you looked into hardware keys? like Yubikeys or the Google Titan?
emedchill
·3 jaar geleden·discuss
If you don't want someone/something from seeing your content, don't put it on the internet but if that isn't enough:

- add a disallow in your robots.txt (many people say the bots ignore this anyways)

- somehow have your pages so far down in SEO rankings that bots would deem it incorrect/irreverent

- put your content behind a login; this too has it's issues since the bot handler can just get some login credentials to crawl anyways or a user can copy the content elsewhere

- you could also try gaming the system by making your content so offensive that the current AI censorship fad blocks it

- you could try not linking a domain name to the IP, making it harder to find

- sue any AI developer that you think crawled your content
emedchill
·3 jaar geleden·discuss
They offhandedly mention 101 Dalmations and say it wasn't a success but it was profitable enough to get a squeal.
emedchill
·3 jaar geleden·discuss
Looks like they strip out the query strings.