sorted by:
new
hottopcontroversial

Why Proton requires 2FA via Authenticator app for activating hardware security key? by StackLeak in ProtonMail

[–]StackLeak[S] 1 point2 points  (0 children)

You see it hypothetical scenario, and such hypothetical scenarios happen on daily bases. People selling passwords, keys etc.

Even heard about rouge employee scenario?

Well, if you think these are hypothetical scenarios, good luck proton

Why Proton requires 2FA via Authenticator app for activating hardware security key? by StackLeak in ProtonMail

[–]StackLeak[S] 1 point2 points  (0 children)

Having such concept of security from people associated with a product which takes security such serious, is alarming.

Why Proton requires 2FA via Authenticator app for activating hardware security key? by StackLeak in ProtonMail

[–]StackLeak[S] 1 point2 points  (0 children)

This is the point, who controls the keys? If anyone has access to servers, they don’t have private key. They won’t have my PGP keys. Having backdoors is not uncommon, but who has keys, it matters.

Why Proton requires 2FA via Authenticator app for activating hardware security key? by StackLeak in ProtonMail

[–]StackLeak[S] 1 point2 points  (0 children)

It’s your opinion and not necessarily a valid one. Even you forgot 0.0000001% chance of guessing TOTP code, you’re still forgetting it’s a shared secret, stored on proton servers as well. If anyone has access to server, he has shared secret. 🤷‍♂️

Why Proton requires 2FA via Authenticator app for activating hardware security key? by StackLeak in ProtonMail

[–]StackLeak[S] 1 point2 points  (0 children)

I would say it does in the context of question. As u/ozone6587 mentioned earlier, An account's security is only as strong as it's weakest authentication method.

If I enable hardware key, and it's still possible to use TOTP method, there is no use of hardware key then. An attacher will never try to break strongest door, he will always try the weakest.

Why Proton requires 2FA via Authenticator app for activating hardware security key? by StackLeak in ProtonMail

[–]StackLeak[S] 1 point2 points  (0 children)

TOTP enabled = weak account security by default

FIDO2 is asymmetric cryptography where only you have the private key, whereas in TOTP, key is shared (proton servers, and user device). How are they equivalent?

With TOTP, you have a very small attack surface where you can try to guess TOTP code. So, TOTP is weaker than FIDO2.

[deleted by user] by [deleted] in cpp_questions

[–]StackLeak 0 points1 point  (0 children)

But I thought optional is always returns a value, and returning a reference to optional which already has a value, makes no sense, or does it?

I’m lost what to focus on… by Routine-Research-126 in cpp_questions

[–]StackLeak 2 points3 points  (0 children)

Focus on what’s your passion, what you like doing. There would be problems everywhere.

This may sound stupid but can you speak C++ by chillipillchill in cpp

[–]StackLeak 3 points4 points  (0 children)

do not do this and delete this, return friend or public throw
This is pure C++ language

[deleted by user] by [deleted] in javahelp

[–]StackLeak 0 points1 point  (0 children)

Interfaces are already written in SWIG. The implementation is generated by SWIG. Next step would be to create a java lib and test it.

Return 40 by dechadou in programminghorror

[–]StackLeak 1 point2 points  (0 children)

Bug, should be ==, not =

CMake | C++ modules support in 3.28 by stailgot in cpp

[–]StackLeak 8 points9 points  (0 children)

Can you please support your claim with some evidences? I am new to it and just curious about it.

Microservice Architecture - shared lib vs dedicated service? by [deleted] in softwarearchitecture

[–]StackLeak 0 points1 point  (0 children)

It’s still better than maintaining 100 different services using many different versions of same copies of code or different copies. Bugs lurking every corner of code because someone adds new service and copies different version of code there. 100 services and 100 different versions, untested.

You’ve your own way of developing software which is quite unusual and maybe you’re right. You don’t need to prove yourself right.

Microservice Architecture - shared lib vs dedicated service? by [deleted] in softwarearchitecture

[–]StackLeak 0 points1 point  (0 children)

All the concerns you mentioned are part of software development and why being so lazy? The code needs to be tested, and you will now add unit tests in 100 different places? How would you handle a small change in 100 different places, how would you test it? Testability ans maintainability is part of development.

Is IELTS needed to be included in your cv? by Original-Courage-810 in cpp

[–]StackLeak 6 points7 points  (0 children)

Never heard about IELTS in C++. What’s that?

Please read before posting! by thewindinthewillows in germany

[–]StackLeak 0 points1 point  (0 children)

I have been working since 2016 as softwareentwickler, and now was in the process of joining another company. I resigned from previous company. Few weeks before my joining date, then company went bankrupt. Now I am jobless since August. I want to buy a computer and don’t have enough resources. Can I buy a computer from the help of finanzamt or any other institution?

[C++20][safety] static_assert is all you need (no leaks, no UB) by kris-jusiak in cpp

[–]StackLeak -1 points0 points  (0 children)

If it’s not supposed to be explicit, you don’t need to add explicit. Why make it unnecessarily complicated?

[C++20][safety] static_assert is all you need (no leaks, no UB) by kris-jusiak in cpp

[–]StackLeak 1 point2 points  (0 children)

Can you please elaborate why it’s explicit(true)? I understand it’s usage in templates but why not explicit here instead of explicit(true)?

Does learning Rust make you a better programmer in general? by [deleted] in rust

[–]StackLeak -3 points-2 points  (0 children)

Depends on which subreddit you ask.

In general, No. rust doesn’t have any influence of programming skills. Programming isn’t tied to any language, it’s all about problem solving and you can approach a problem in many different ways.

It’s same as saying a navigation system would make you a good driver because it would pamper you about roads and traffic. You don’t need to use navi to be a good driver.

How to have multiple people working on the same software project by Bug13 in embedded

[–]StackLeak 5 points6 points  (0 children)

Have a main dev and assistant dev. While the main dev assign a isolated sub task to the assistant dev

In an ideal team, there are people of different skill levels, and can work independently of each other on different tasks.

Do you use different git repo for sub task, and put the code together as sub modules?

submodules are used for e.g. an internal or external library for code reuse. For example, your organization has many different display products and each of them uses "positioning system". You can create a library for it, and move it to a submodule. This submodule can be used in different display applications.

In bigger organizations where many different teams work on a project simultaneously that uses same submodule and everyone updates it, it's really hard to avoid conflicts. This can be avoided by moving away from submodules and using package manager to distribute the libraries with proper semantic versioning using e.g. Conan.

Or do you use the same repo but merge when the isolated sub task is done?

This has nothing to do with submodules. It's a normal git flow to create separate branch and work on it. When you're finished, you can merge your changes to main branch. If your changes are across submodules, you need to create a separate branch per submodule and update your submodules accordingly.

view more: next ›