they’ve got some decent ones on there. I just started playing Shredder’s Revenge and am having a lot of fun. Into The Breach is fantastic. They also have GTA 3, Vice City, and San Andreas, not that those are exactly new games.
they’ve got some decent ones on there. I just started playing Shredder’s Revenge and am having a lot of fun. Into The Breach is fantastic. They also have GTA 3, Vice City, and San Andreas, not that those are exactly new games.
Only 8? Those are rookie numbers
Looks like lots of people’s year end bonuses were contingent on them releasing something related to AI by the end of the year.
JavaScript is a language that runs on a user’s computer, when they visit a web page. It is often used for dynamic functionality, ie when you click “like” on a comment… JavaScript running in your web browser will make a request to the server letting it know that you liked the post, then the server will respond with a total number of people who liked it or something.
But, the server needs to know how to authenticate which user liked the comment (so you can’t like it twice etc). There are various authentication mechanisms to do this, with their own trade-offs. Over all, there’s secret information that the browser and the server have to share with each other, and we don’t want that information being accessed by the wrong people.
There’s also a common problem with web apps called “cross site scripting”. Basically somebody might craft a cleverly formatted comment that exploits a bug in the web page and causes the attacker’s code to run. One trivial example might be if every time a person read a comment thread, the attackers code caused that person to “like” a request. A more serious exploit would be one that finds out that secret authentication information I mentioned and shares it with the attacker. They can then pose as the victim user and do anything they want as that person. This would be bad.
So, on to the different approaches and their tradeoffs.
Anyhow, one common solution here is to set very short expiration dates on those bearer tokens. That way if somebody steals it, they can’t use it for long.
Another strategy is to limit what each token can do. OP needs to make it so you can like a comment using one of those bearer tokens, but more dangerous actions like purchasing things, deleting content, etc, should be guarded by a more secure mechanism. Then the damage is mitigated if the bearer token leaks.
Only 20 tickets? Sounds pretty stable
This is one of the things I talk about when people ask what the difference is between junior and senior developers.
A lot of security is just box-checking. A lot of it is hypothetical and relies on attackers exploiting a chain of multiple bugs that they probably won’t ever find…. But you still gotta fix it.
There’s no point in being so proud of your code and dismissing security concerns because you’re arrogant enough to think it can’t happen to you. Just learn to fix it and move on with your life.
famously lack class consciousness
How much money do you suppose the average OpenAI employee makes? What class do you imagine they’re part of?
Social media is not to blame. The people using it are.
I use a “real name” domain. My last name ends in the letters “in”, so I bought a .in
domain, such that the domain name is my last name with a dot in it.
Can’t honestly recommend that approach. It’s a cute gimmick, but when non-technical people ask for your email address and it doesn’t end in a TLD they recognize, their heads explode. I usually give out my gmail address.
deleted by creator
Didn’t Facebook try that for a while too?
“I could rewrite this in a week!”
~ junior dev, 3 months ago
If that’s a 16oz glass of ranch dressing, and you’re planning on drinking what’s left, I’m all for this
Congratulations on your transition. Hope you get some new photos taken soon.
console.log
counts as “a debugger”, right?
I tend to think people shit on Musk more than they should, but holy shit does it bug me when a CEO talks about engineering problems with such bravado.