• 0 Posts
  • 17 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle
  • They usually choose a subset of customers to try UI changes on before rolling it out to everyone. This way they can estimate the general reaction before committing to it. They probably also have a dozen different layouts and text for this dialog that they are testing to see what makes people most likely to click yes. Its all just statistics to them.









  • I bought a framework laptop for my significant other last year and it’s amazing. It feels super solid like a Macbook but is easy to open and change out parts. Nothing has broken but adding some ram was probably the most pleasant experience I have had working on a laptop. Plus, the main PCB can run without the rest of the laptop so perhaps a great home automation server or TV computer if we upgrade.

    My next machine is definitely going to be one of these. Way cheaper than Apple if you want more than 8G of RAM and a decent amount of disk space.






  • When you are filling out the web form with your password it’s stored plain text in the web browser and accessible via JavaScript. At that point, a JavaScript function checks the requirements like length and then does the salting/hashing/etc and sends the result to the server.

    You could probably come up with a convoluted scheme to check requirements server side, but it would weaken the strength of the hash so I doubt anyone does it this way. The down side of the client side checking is that a tenacious user could bypass the password requirements by modifying the JavaScript. But they could also just choose a dumb password within the requirements so it doesn’t matter much… “h4xor!h4xor!h4xor!” Fits most password requirements I have seen but is probably tried pretty quickly by password crackers.


  • Perhaps they validate the passwords client side before hashing. The user could bypass the restrictions pretty easily by modifying the JavaScript of the website, but the password would not be transmitted un-hashed.

    It is worth pointing out that nearly any password restriction like this can be made ineffective by the user anyway. Most people who are asked to put a special character in the password just add a ! to the end. I think length is still a good validation though and it runs into the same issue @randombullet@lemmy.world is asking about