HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rlk

no profile record

comments

rlk
·4 maanden geleden·discuss
I couldn't find a link to the ballot initiative itself anywhere on the campaign's website, but this appears to be it:

https://sosmt.gov/wp-admin/admin-ajax.php?juwpfisadmin=false...

Linked from here if the above URL stops working: https://sosmt.gov/elections/ballot_issues/proposed-2026-ball...
rlk
·11 maanden geleden·discuss
I found a couple of fun tricks you can do with this (for some definition of "fun" anyway).

Go's http.Redirect function allows non-3xx statuses, and also renders a trivial page with a status message and link:

https://301party.com/451?url=javascript:alert(%27hello%27)

Alas not infinitely recursive but enough to make your browser give up:

https://301party.com/301?url=/301?url=/301?url=/301?url=/301...

[edit to add:] https://301party.com/0 causes a panic
rlk
·2 jaar geleden·discuss
There are a couple of differences:

1. While a password manager should associate a TOTP seed with a domain and only fill codes on that domain, the codes are still visible to you. A convincing phishing attack might trick you into manually entering a code into a fake page. Passkeys don't allow this.

2. TOTP codes are derived from a seed shared between the client and server, so an attacker who gets read access to the server's database could generate your codes. With passkeys, the server can only validate a signature, not generate them.
rlk
·4 jaar geleden·discuss
> Sex workers, who have long been censored by moderation systems, refer to themselves on TikTok as “accountants”

https://www.washingtonpost.com/technology/2022/04/08/algospe...
rlk
·4 jaar geleden·discuss
Minecraft authentication requires a Microsoft account. People may not want to have one for ideological reasons, or not want to attach a game to the account they use for other purposes.

Also, not encouraging it, but disabling authentication allows players with pirated copies of MC to play on the server