Hacker News new | past | comments | ask | show | jobs | submit | more definitelyauser's comments login

"Secure" is relative.

I have a system I use where you enter your email and get a one-time code.

The goal in that system is not to securely authenticate you, merely to identify you. "Good enough" for the use case.


In this case you might as well send a very long token, since it's going to be copy/pasted. TOTP codes are rather short. Or better yet, send a link to login: this can be made to work cross-device (copy/paste usually doesn't).


> but what about hardware that's already here? (I'm also Brazilian)

It's ridiculously expensive.

Very little hardware is produced domestically, and the little that is, you don't want to be running your switches on what is in essence a no-name "intelbras" brand.


BigFixedDecimal? Sounds like yet another java naming pitfall.


> how could that possibly happen?

Global singleton shared across requests, instead of request scoped.

1. [Client 1/You] Auth/write to variable (failed).

2. [Client 2/ISP] Auth/write to variable (success).

3. Verify what the result was (success)

A race condition combined with a global singleton can easily explain such behavior.


The article mentions Spring, although I couldn't see anything in the output that would tip me off (like massive java.lang.xxxException traces) ... plus I've seen other mentions of singletons in this discussion --

Are you describing some kind of server-side global object that statefully says a session/api key is "authenticated" and will then allow the request during that time frame? That seems like a bug you could drive container ships through. Yes I know saas s/w sucks out there but this would seem to at least be something an audit could easily flag.


Was the correct answer related to cache invalidation?


Main thing holding me back from even trying it is the mental overhead of having to think about "number of searches per month".

Same as an ISP with a bandwidth limit, even if it's much higher than I'm likely to need, it's not something I'm interested in having to keep track of or worry about.


Just don't think about it. Kagi keeps track of it and they do not charge for anything extra. They will tell you when you reached your limit. At first I also thought I would have to think about and not search for anything unnecessary to keep the usage low, but now I just blast away without thinking about it and I have so far never reached the monthly limit of 300 for the $5 plan.

It's refreshing to not have any ads and know there is no hidden agenda behind the search results.


You can get the unlimited plan for a cheap price and then not have to think about it.


> Streaming services tend to have garbage UI's, content that gets removed after x amount of time, and filled with ads

And forced mandatory subtitles in the wrong language. (Netflix)

Actually had to install a chrome plugin to remove subtitles.


I've tried a few dongles and have had nothing but bad experiences.

"Kinda works" for a while, with a noticeable delay when changing songs etc.

Actually pondering replacing the infotainment system itself to get wireless airplay.


I thought the audio delay was because of a crappy dongle too, but when I rented a car with built-in wireless CarPlay it was exactly the same.


The delay happens with integrated systems as well apparently. My brother's car has it built in and he confirmed my adapter is the same.


> patrolled by drones that mark targets for these smaller squads.

Surely it could be scaled better with satellite imagery? Assuming it can be updated "reasonably frequently". I imagine drones would run into maintenance problems, especially in such "remote" regions.


> I paid the mIRC license like 15 years later, by the way...

Probably not valid anymore, fairly recently he changed something requiring a new license.

Not that he doesn't deserve a new license after all these years.


Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: