The README talks a lot about crypto. But the interesting bit is how you can access the passwords. Is there an API? If yes, how does it protect your passwords from malicious software? If not -- are you sure? (Have you checked for example accessibility APIs by the platform?)
Readit Newsximm commented on Show HN: What I learned building a local-only password manager (PassForgePro) github.com/can-deliktas/P... · Posted by u/can-deliktas
ximm commented on CSS sucks because we don't bother learning it (2022) idiallo.com/blog/learn-cs... · Posted by u/Brajeshwar
Yeah. If you like programming exclusively with globals and no warning when you have conflicting variable names, then CSS is for you-- it's basically programming (almost) exclusively using global mutable state.
I understand why people hate Tailwind, but it largely solved this problem for me.
I absolutely hate this argument. Everything in CSS is public (as in: can interface with HTML), not global. Think of writing CSS as designing an API.
ximm commented on 39th Chaos Communication Congress Videos media.ccc.de/b/congress/2... · Posted by u/Jommi
I can’t not see Catbert in the video player iconography. Someone tell me they did this intentionally.
It is a Maneki-neko (beckoning cat / Winkekatze). The video team started putting them on podiums so they could see when a stream was frozen. So it became kind of a mascot.
ximm commented on Things I learnt about passkeys when building passkeybot enzom.dev/b/passkeys/... · Posted by u/emadda
It does not work for me on my Linux PC with Firefox, PayPal simply refuses to enrol passkeys and Amazon tries but then gives an error. I haven't tried chromium as I don't have it installed.
I'll give it another try though. The last time was 1 year ago. I don't normally use Bitwarden so I have to set it up from scratch with vaultwarden etc.
This is probably a Linux issue. Mac OS and Windows implement the FIDO2 Platform API, which allows them to act as authenticators themselves. Linux does not. See https://github.com/linux-credentials.
ximm commented on Things I learnt about passkeys when building passkeybot enzom.dev/b/passkeys/... · Posted by u/emadda
In oauth2: when I /1 associate a random uuidv4 for each new flow with my user (server side), /2 stick that uuid into the state parameter, and then /3 look up my user with this on callback-endpoint execution. Isn't PKCE in that case redundant?
I also think these are very similar. The main difference in my view is that the state parameter is checked by the client, while PKCE is checked by the server.
I run an authentication server and requiring PKCE allows me to make sure that XSS protection is handled for all clients.
ximm commented on The immortality of Microsoft Word theredline.versionstory.c... · Posted by u/jpbryan
> For coders, visual aesthetics don’t matter. For lawyers, they are a technical requirement. While this difference may seem arbitrary on the surface, it is downstream of a critical technical difference between the two fields. Machines interpret the work of coders. Human institutions interpret the work of lawyers.
I believe this is not only infuriating, I am pretty sure it is actually illegal. If lawyers would think that visuals are more important than semantics, they would explicitly discriminate blind people.
ximm commented on Show HN: I made a spreadsheet where formulas also update backwards victorpoughon.github.io/b... · Posted by u/fouronnes3
The first example on the main page has a formula with two variables being updated from changing one value. The immediate question I have is if I change the output, where does the extra degree of freedom come from on the inputs? Does one stay locked in place? Unclear.
I am a huge fan of the concept though. It's been bugging me for years that my spreadsheet doesn't allow editing text fields after filtering and sorting them down to the subset I want. I have to go all the way back to the mess of unsorted input rows to actually edit them.
100% this. When I reached the end of that page I felt pranked because the obvious question was never answered. How are these cases resolved? Is it possible to fix some inputs and only update others? What if I sometimes want to change input A, and other times I want to update input B? All this should be explained as early as possible.
Last time I checked hyprland was pretty much despised in the wider linux developer community. See for example https://drewdevault.com/2023/09/17/Hyprland-toxicity.html. Has anything about that changed?
I don't think you & I have much disagreement here as I like the way you write about approximations and edge cases and things involving human judgement calls and "both not either" kinds of testing. The WhyAPCA document you link to also includes language to such effect with sliding scales over regions & such. Me - I'm mostly asking questions not offering answers. That said, to correct the record..
>These examples are using the WCAG2 contrast algorithm which is well known
Only one of the 4 tables shown is the thing you say is the known-to-be-flawed WCAG2 one. Some counterxamples are listed for all 4 formulas, though, 2 of which use the CIE Lightness (which, sure, is probably different, but I believe the CIE L is what APCA is based upon - in spite of so..many..words on their doc pages they often just say "lightness").
------------------------
Another point of those 4 tables, perhaps more clear when looking at the python script, is whether "numerical ratio" vs abs(difference) is better. It seems to me that color space designers, like this OKLCH, are going after "perceptual linearity" which suggests abs(diff) is far more appropriate than a "ratio" which has "near zero" troubles (and zero & one are downright seductive numbers for perceptual lightness scales).
I certainly should learn more about it, but various "click through" APCA things I've seen seem to speak in ratio terms like "10 times the contrast" (though admittedly that only assumes some scale for contrast not that it's formulated as a ratio - it's just suggestive). So, I should probably look more into it before actually offering a critique, but it still has the feeling of "cross purposes" - using some color space axis designed for [0,1] linearity differences instead for ratios within that axis. When I tried using the WCAG2 one I was kind of stunned how sensitive everything was to what should have been a kind of "arbitrary adjustment" to handle near-zero.
I might wonder what designers of color spaces actually have to say about this ratio vs. difference issue if you know of any articles. You seem knowledgeable. The spaces seem literally designed for differences to me.
There is no real difference between ratio and difference. It is just scaled with a logarithm. See https://blog.ce9e.org/posts/2022-09-10-contrast-algorithms/ for details.