• 0 Posts
  • 16 Comments
Joined 1 year ago
cake
Cake day: June 8th, 2023

help-circle

  • This is one of the things I talk about when people ask what the difference is between junior and senior developers.

    A lot of security is just box-checking. A lot of it is hypothetical and relies on attackers exploiting a chain of multiple bugs that they probably won’t ever find…. But you still gotta fix it.

    There’s no point in being so proud of your code and dismissing security concerns because you’re arrogant enough to think it can’t happen to you. Just learn to fix it and move on with your life.












    • Installs antivirus on servers that wrecks application performance
    • installs content filtering proxy that prevents developers from reading “hacking materials” like OWASP documentation
    • won’t let developers install anything on their own machines without filing a ticket and waiting 6 weeks
    • pushes unannounced antivirus updates that pop up OS security dialogs like “Netscan Antivirus would like to monitor all network traffic. Enter your password to approve”, and is surprised when users don’t enter their passwords.

    Your corporate IT guy





  • Pretty cool. It’s great to see so many clients on the market.

    One minor feature I wish every iOS client had is better password manager integration. Normally on login forms, the app can provide a hint to the OS of what domain you’re logging in to; then when you click the password box, the password manager can suggest to autocomplete that domain’s password. Currently every time I set up a new app, I have to type programming.dev twice. Once in the “which lemmy instance are you connecting to” box and once in LastPass’s search bar. It’s. A minor inconvenience, but I wonder if clients could pass along the lemmy URL to the password manager after I’ve typed it the first time.