In this case you might as well send a very long token, since it's going to be copy/pasted. TOTP codes are rather short. Or better yet, send a link to login: this can be made to work cross-device (copy/paste usually doesn't).
> but what about hardware that's already here? (I'm also Brazilian)
It's ridiculously expensive.
Very little hardware is produced domestically, and the little that is, you don't want to be running your switches on what is in essence a no-name "intelbras" brand.
The article mentions Spring, although I couldn't see anything in the output that would tip me off (like massive java.lang.xxxException traces) ... plus I've seen other mentions of singletons in this discussion --
Are you describing some kind of server-side global object that statefully says a session/api key is "authenticated" and will then allow the request during that time frame? That seems like a bug you could drive container ships through. Yes I know saas s/w sucks out there but this would seem to at least be something an audit could easily flag.
Main thing holding me back from even trying it is the mental overhead of having to think about "number of searches per month".
Same as an ISP with a bandwidth limit, even if it's much higher than I'm likely to need, it's not something I'm interested in having to keep track of or worry about.
Just don't think about it. Kagi keeps track of it and they do not charge for anything extra. They will tell you when you reached your limit. At first I also thought I would have to think about and not search for anything unnecessary to keep the usage low, but now I just blast away without thinking about it and I have so far never reached the monthly limit of 300 for the $5 plan.
It's refreshing to not have any ads and know there is no hidden agenda behind the search results.
> patrolled by drones that mark targets for these smaller squads.
Surely it could be scaled better with satellite imagery? Assuming it can be updated "reasonably frequently". I imagine drones would run into maintenance problems, especially in such "remote" regions.
I have a system I use where you enter your email and get a one-time code.
The goal in that system is not to securely authenticate you, merely to identify you. "Good enough" for the use case.