torgard (u/torgard) - Readit News

torgard commented on With Firefox on X11, any page can pastejack you anytime (middle button paste) openwall.com/lists/oss-se... · Posted by u/jackdoe

torgard · 2 years ago

You can set clipboard.autocopy to false in about:config to disable this. It breaks the example, at least.

EDIT: I thought the behavior was preserved for textareas, as the comment box here still copied on select. But it suddenly disabled it here too. Restarting the browser is probably a safe bet :)

torgard · 2 years ago

I should say, doing this only mitigates the middle-click-paste pastejack exploit. The underlying issue - JAVASCRIPT CAN ALTER WHAT YOU HAVE SELECTED AT WILL AND WITHOUT DETECTION - remains, and I believe we'll see other exploits pop up from this.

Say you're about to copy a crypto wallet. You have it selected, and are about to press CTRL-C to copy it. It is entirely possible for malicious code to detect that. And, as it turns out, it's possible for it to change the selection to a different (invisible) string, right as you press CTRL-C.

torgard commented on With Firefox on X11, any page can pastejack you anytime (middle button paste) openwall.com/lists/oss-se... · Posted by u/jackdoe

SubiculumCode · 2 years ago

The problem is the middle paste option in Firefox. To turn it off do as follow:

    open a new tab
    type: about:config
    Accept the prompt
    type middlemouse.paste
    change value “true” to “false” (double click or switch on the rightside)
    restart firefox

--does this solve it?

torgard · 2 years ago

No, that's only for pasting specifically.

It's copy that's an exploit vector.

To disable it, set clipboard.autocopy to false.

torgard commented on With Firefox on X11, any page can pastejack you anytime (middle button paste) openwall.com/lists/oss-se... · Posted by u/jackdoe

torgard · 2 years ago

You can set clipboard.autocopy to false in about:config to disable this. It breaks the example, at least.

EDIT: I thought the behavior was preserved for textareas, as the comment box here still copied on select. But it suddenly disabled it here too. Restarting the browser is probably a safe bet :)

torgard commented on What every software developer must know about Unicode in 2023 tonsky.me/blog/unicode/... · Posted by u/mrzool

toastercat · 2 years ago

Anytime tonsky's site gets posted here, I'm reminded by how awful it is, which is ironic given his UI/UX background. The site's lightmode is a blinding saturated yellow, and if you switch into darkmode, it's an even less readable "cute" flashlight js trick. I don't know why he thought this was a good idea. Thank god for Firefox reader mode.

torgard · 2 years ago

Well, I thought it was fun.

torgard commented on Film Review: BlackBerry anarchonomicon.substack.c... · Posted by u/walterbell

torgard · 3 years ago

Glenn Howerton's performance is so good. Best performance I've seen this year, that's for sure.

torgard commented on FDA approves multiple generics of ADHD and BED treatment Vyvanse fda.gov/drugs/news-events... · Posted by u/toomuchtodo

torgard · 3 years ago

The cause of ADHD has not been confirmed yet, but it is generally claimed to be related to dopamine production and uptake.

I certainly had ADHD before being exposed to work environments. I've had my entire life. But it wasn't until I got my diagnosis, and started taking medication for it, that my square-peg of an existence began to fit in with the round-hole of reality.

Work environments have nothing to do with it for me. In fact, I love my job. Here, my ADHD is something of a benefit. I've excelled at everything I have found enjoyable, and have no qualms with working insane crunch on the stuff I like.

The key word there being like. If I don't like doing it, it's practically impossible for me to do. Or rather, if it's mundane or otherwise just "not interesting", I struggle. Strangely enough, I have an easier time accomplishing things I actively dislike doing. Not sure why.

It's like my body is controlled by an autopilot gone rogue, and the medication helps me override it.

For example, I have trouble going to the bathroom to take a piss. Not because of any phobia or anything. I just cant. Literally. I'll sit and squirm until I'm about to piss myself, and only then will I go to the bathroom. Been doing that since I was a little kid.

One way around it is to trick myself somehow, like by putting on a podcast, even though I'll only hear like 20 seconds of it. Couldn't do that as a kid, tho. Back then, I would wait until it became physically painful, because only then would my rogue autopilot allow me to go piss.

Doing laundry? Impossible. Vacuuming? No. Washing dishes? Well, now I have a dishwasher, but emptying it? No way.

That is, unless I take my medication (methylphenidate). It doesn't make mundane things any less mundane. It's still boring to brush my teeth and piss. It just makes it possible.

I didn't get my diagnosis until I was 28. My entire life I've been struggling with this. It's a primary factor in my lifelong battle with depression. It's lead me down a path of substance abuse — alcohol and cocaine in particular.

Despite all of this, I still second-guess myself on whether I truly have ADHD. What if I'm just a drug addict, and I just tricked a psychiatrist into giving me those sweet sweet drugs?

torgard commented on Email Authentication: A Developer's Guide resend.com/blog/email-aut... · Posted by u/zenorocha

crote · 3 years ago

Trademarks still aren't 100% unique, though. For example, Apple Records is easily confused with Apple Music - both have a similar name, and both use an apple as logo. It is better, but not foolproof.

torgard · 3 years ago

Yes, but Apple Records aren't going to be phishing Apple Music customers.

Phishers won't be applying for trademarks to impersonate Apple.

torgard commented on Launch HN: Twenty.com (YC S23) – Open-source CRM · Posted by u/iFelix

carstenhag · 3 years ago

To be honest, it sounds 100% like SAP / ABAP. A lot of terribly outdated stuff. But it can do everything you can imagine. If it can't, there's 1-2 recommended products that expand features on top of SAP.

The moment your business wants to do things a way that isn't SAP's way, you completely butcher everything though. See https://news.ycombinator.com/item?id=17541092

torgard · 3 years ago

My first internship was as a Dynamics AX dev. Me and another guy. Our mentor was a super-duper senior architect something something. He once asked us what we were planning on doing, career-wise, and we were kinda surprised; obviously we were working towards becoming Dynamics AX devs, and were hoping for a job at that place.

He got a somewhat wistful look in his eyes, and said (more to himself than to us) he wished he could go back and choose not to do that.

I'll never forget that. He was earning an insane amount of money, working super high-level at one of the largest IT firms in the country.

torgard commented on The HTTP status code for a web server's default “hello” front page utcc.utoronto.ca/~cks/spa... · Posted by u/ingve

jeltz · 3 years ago

But that is also an argument for 200. Because if you want to test your load balancer against your new web server you will want it to serve a 200 or else you will just see an error from the load balancer.

torgard · 3 years ago

You should set up a health endpoint for that, rather than just serving the default page.

torgard commented on The HTTP status code for a web server's default “hello” front page utcc.utoronto.ca/~cks/spa... · Posted by u/ingve

pixl97 · 3 years ago

Have you ever seen a 410 actually used IRL? This has to be one of those that's pretty high up in the code rarity list.

torgard · 3 years ago

I've used it for resources that have been permanently deleted, rather than the 404 that you'll usually see. I think it makes sense for that sort of stuff.

From a user perspective, getting a 404 after following a link that previously worked can indicate a couple of things. Like maybe the resource still exists in some other place, but they didn't set up redirects. Maybe it's been "privated" in some way, and I no longer have access to it.

A 410 makes it explicitly clear to me, that the resource has been permanently deleted. It'd also be nice if the response included some metadata as to when the resource was deleted.