__ryan__ (u/__ryan__)

__ryan__ commented on Tell HN: Service Workers === Browser Background Tasks · Posted by u/cushpush

bheadmaster · 2 years ago

Not an experienced JS dev here - if that is the case, then what is the difference between a "service worker" and a simple async function running in the background?

__ryan__ · 2 years ago

Simple async JavaScript is still single threaded with an event loop. In other words, your async code is just a task deferred for later and only one task runs at a time, only moving onto another task when complete or explicitly yielding via “await”.

Service workers are threads. They’re basically separate JavaScript processes you communicate with with IPC, with other special privileges and capabilities allotted to them.

__ryan__ commented on How to find out if programming is for you zackproser.com/blog/first... · Posted by u/gus_leonel

karpour · 2 years ago

Your overuse of algorithm-generated images is very cringy.

__ryan__ · 2 years ago

What is it about it that makes you feel this way?

__ryan__ commented on FCC imposes record penalty against transnational illegal robocalling operation docs.fcc.gov/public/attac... · Posted by u/kimi

sh1mmer · 2 years ago

$300M is a big fine, but if they are saying this scam ring made over 500m calls did they really make anything close to this much? It would seem surprising to me if you could make anything close to $0.60/call with cold calling even if there are whales it just seems like a stunt number.

__ryan__ · 2 years ago

It was 5 billion calls to 500 million numbers over a 3 month period.

__ryan__ commented on Almost 70% of recipients mark emails as spam based solely on the subject line! · Posted by u/AndrianV

__ryan__ · 2 years ago

I report nearly all auto-generated unsolicited emails as spam. I also report nearly all follow ups to ignored cold emails. I will protect my inbox.

__ryan__ commented on Why even let users set their own passwords? devever.net/~hl/passwords... · Posted by u/hlandau

upofadown · 2 years ago

That assumes the situation where the password hashes are stored in a way that is less secure than the actual data that the attacker ultimately wants access to. That must not be a very common situation.

The passwords will not be of any use on any other system. This would eliminate password reuse.

__ryan__ · 2 years ago

Accessing a users data is not the only reason for hacking their account. Performing actions on behalf of a user is just as much of a threat.

Edit: also, if an attacker dumps all the data today then loses access to the data tomorrow, having access to my password hashes means they can access my account and data later.

__ryan__ commented on Why even let users set their own passwords? devever.net/~hl/passwords... · Posted by u/hlandau

upofadown · 2 years ago

For a login situation with extreme rate limiting (say 3 tries a day) "high entropy" might not involve a lot of randomness. A random 8 character password handed out to a user is overkill. Two random words is overkill. Heck, a single diceware word would take 7 years to guess in that environment. For 100 years you only need something like 4 base32 characters.

__ryan__ · 2 years ago

This isn’t the attack vector to be concerned about. More concerning is when there’s a data breach and an attacker gains access to hashed passwords. At that point, you attack the hash not the API.

This comment is an example of why I wouldn’t want any given website to choose my password.

__ryan__ commented on You can deactivate anyone's WhatsApp account by simply sending an email twitter.com/JakeMooreUK/s... · Posted by u/KomoD

username135 · 2 years ago

This happens with my Gmail account.

I know periods don't count, supposedly, but I still get emails for someone with the same name as mine. My email is first.last, theirs is firstlast. I wonder how much of my stuff they get erroneously?

__ryan__ · 2 years ago

You are correct that the period doesn’t count. Both email addresses belong to the same account. A possible explanation is that they have entered your email as a mistake.

__ryan__ commented on Firejail: Light, featureful and zero-dependency security sandbox for Linux firejail.wordpress.com/... · Posted by u/nateb2022

k3vinw · 2 years ago

I’ve been using this regularly on arch linux and found out the hard way that the profile included for Firefox disabled hardware acceleration. To get it re-enabled I ended up creating a custom profile that extended from the main Firefox profile. Overall I’m impressed with the level of granularity. I haven’t bothered to look more into why that profile had hardware acceleration disabled. I guess as a way to protect from crypto mining exploits using your gpu.

__ryan__ · 2 years ago

Not sure if this was their motivation, but hardware acceleration also enables increased opportunity for fingerprinting, to my knowledge.

__ryan__ commented on Why doesn't TypeScript properly type Object.keys? alexharri.com/blog/typesc... · Posted by u/alexharri

consilient · 2 years ago

> Usually the lie is in your own code or bad dependencies when an “unknown” type (including “any”) is cast to a concrete type without being validated.

Yes, but one of those bad dependencies is the standard library.

__ryan__ · 2 years ago

When does the standard library lie in this case?

__ryan__ commented on Why doesn't TypeScript properly type Object.keys? alexharri.com/blog/typesc... · Posted by u/alexharri

hellcow · 2 years ago

> Usually the lie is in your own code or bad dependencies

The lie is almost always in an external API response from fetch (hence the complaint about “any” above).

> Could you provide examples?

Off the top of my head… Go’s stdlib json.Unmarshal and Rust’s Serde derive Deserialize.

__ryan__ · 2 years ago

The lie is when your code uses* the “any” value where a concrete type is expected.

I was misunderstanding your point with the deserialize.

Edit: “using” -> “uses”

u/ryan

KarmaCake day564December 18, 2018View Original