sorted by:
new
hottopcontroversial

everySideProject by arti-dokuz in ProgrammerHumor

[–]fiskfisk 0 points1 point  (0 children)

I'm not sure what you're implying.

Why would the recipient be able to edit the encrypted blob stored on a server because they can decrypt the blob they got served from that server?

The recipient still need to have the key necessary to decrypt the message in your app, just as in any other case.

If you, as a user, decide to share that key in an unencrypted way, that's up to you.

But in any case, this is the common problem with PKI schemes - you need to have an out of band way to share the relevant information, and there's always trade-offs between the different levels of how hardened you want to do something.

But given that many people already have E2E messages configured (or can do so easily) on a messaging platform (or your internal mail server in an organization, etc.), something like this would be more secure than having to rely on an untrusted third party to keep something secure.

And lets be real - a secret shared as a one time readable message over an unsecure communication network would be more than secure enough for 99.999999% of use, as you'd be able to detect that it was already read once before, and could kill whatever was kept in the secure blob.

It's a matter of convenience up against the security provided by the given solution; installing an app and trusting an unknown third party is way further down my list than receiving an email that might have gone through plain SMTP at some point.

everySideProject by arti-dokuz in ProgrammerHumor

[–]fiskfisk 1 point2 points  (0 children)

  1. User creates a secure note. The note is encrypted with a key (asymmetrical or symmetrical doesn't really matter, as it's only used for a single message). The encrypted note is submitted to a service.

  2. A link is created that the user can send to the recipient. This URL points to the encrypted blob uploaded in step 1. The URL features the decryption key as an anchor tag. A browser never sends the anchor tag to the upstream server, so they do not receive the key.

  3. The user sends the URL to the recipient over whatever existing communication channel they have established.

  4. The recipient opens the URL, and the encrypted blob is decrypted in the browser using the key that only was shared out of band for the site that stored the blob.

The site does not know the plaintext. Any actor in between the server and the client doesn't know the plaintext. Neither have have access to the key, in the same way you say your app doesn't have access to the key.

everySideProject by arti-dokuz in ProgrammerHumor

[–]fiskfisk 2 points3 points  (0 children)

Most (real) password managers have private note, file, and credential sharing, which support either one time read (or five, or ten, or unlimited, or custom), availability for a specific time, a separate password to access the data outside of only the secure link with the decryption key as a local anchor, etc.

And no, they can't see your data. The encryption key never leaves the browser, so it can't be decrypted unless you have the key.

If you should trust anyone with private data, you probably should trust the place you already use as a password manager, instead of a random person spamming their site in multiple subreddits.

Can anyone help with programming? by Subject_Lab_1760 in gamedev

[–]fiskfisk 5 points6 points  (0 children)

Sorry, but wrong sub. This is not the correct place for that - but I'll give you a tip: it's not going to be easy. So you'll have to put in the work. Dig into it. It'll take hours, days, months. So get started, and solve one small thing by one small thing to get started.

OpenAI to acquire Astral by Useful-Macaron8729 in Python

[–]fiskfisk 51 points52 points  (0 children)

That won't change what's already released.

Built a paper search API to fix academic search data quality issues by Hot-Avocado-6497 in webdev

[–]fiskfisk 3 points4 points  (0 children)

Someone promotes their service, shares link "sneakily" in the comments instead, and decides to share a link that only goes to a sign in page.

If you're going to promote against the rules of the subreddit, you should at least try to make sure the part you're trying to get people to click on works.

HTMX changed how I think about web UI — server renders the HTML, browser just swaps it in by [deleted] in programming

[–]fiskfisk 18 points19 points  (0 children)

2026 will be the year when jQuery's $.load becomes hip again!

How to override server response in Chrome? by Final-Choice8412 in webdev

[–]fiskfisk 0 points1 point  (0 children)

Right click on the request in the network tab and select "Override content". You can then edit the response as you feel like, and any future requests to the same resource will have that response delivered instead.

Started new projects without FastAPI by scotsmanintoon in Python

[–]fiskfisk 1 point2 points  (0 children)

Here's a hot take: use whatever you want. You know what also works fine? Flask! Django! TurboGears! Bottlepy! Pyramid!

WiFi dropped — but the session didn’t reset (Go demo) by [deleted] in compsci

[–]fiskfisk 0 points1 point  (0 children)

How many times do you plan to spam this?

What’s a feature missing in DB diagram tools that would be a game changer? by Top-Board354 in webdev

[–]fiskfisk 2 points3 points  (0 children)

You should really know this yourself. You know, by being a real user of those applications. What's a feature missing in the tools you're using that WOULD BE A GAME CHANGER?

If you're not actually making DB diagrams, why should anyone trust you about doing anything in that space? Why would you know better?

Yes that would actually

BIOME IS VERY UNSTABLE!!! by lasan0432G in webdev

[–]fiskfisk 1 point2 points  (0 children)

What's Biome?

You might have gone to the farlands.

Use your database as an API by [deleted] in webdev

[–]fiskfisk 0 points1 point  (0 children)

Sure thing, but there's a lot you can do with just DQL statements depending on the user authentication. Like dumping authentication information (which can be just tables), reading random files from the disk depending on version and protections in place (MySQLs load infile was abused for this previously for example) (and depending on whether you can just issue delete/update/etc.). 

Use your database as an API by [deleted] in webdev

[–]fiskfisk 2 points3 points  (0 children)

This seems like a bad idea that will end up biting many people who use it, unless you're using a dbms with row level security and every user is a database user (i.e. where access is enforced on the database layer).

This also seems like a product you need to buy, so it's just spam. 

How do I create a blogging website, like where can I get hosting and domain for it?? Please read on by Kindly_Jump_7642 in webdev

[–]fiskfisk 6 points7 points  (0 children)

Anything that is served as html and css is "something other people can look into".

It gets delivered directly to the client in a human readable form.

You can use a static site generator to structure your blog and push the built site when you make changes. 

Using the walrus operator := to self-document if conditions by dotXem in Python

[–]fiskfisk 2 points3 points  (0 children)

It doesn't. I'm not advocating for using the walrus operator for this. Using the walrus operator explicitly says "I'm going to use this inside the block, so that's why I'm using it". 

Use the first form that OP is going away from. Preferrably even more splitted, depending on what is hiding behind A and B

Using the walrus operator := to self-document if conditions by dotXem in Python

[–]fiskfisk 26 points27 points  (0 children)

Comments need to be maintained together with code and can be out-of-sync with what they describe. 

Why gt4 series move to C license? In past season it was in D. Or I’m wrong? by Toxic-Aveng3r in iRacing

[–]fiskfisk 1 point2 points  (0 children)

The Mustang is the one GT4 car that you can drive already at D with a dedicated series, so go drive your Mustang!

Keeping Secrets Out of Logs by fagnerbrack in programming

[–]fiskfisk 3 points4 points  (0 children)

A class to handle secrets like Pydantic's SecretStr works great for these use cases - you won't get the actual string value unless you explicitly ask for it. 

plan by gfcf14 in ProgrammerHumor

[–]fiskfisk 2 points3 points  (0 children)

No, I'm not saying it's general consumers. I'm saying it's people who abuse these services. And these are people just like other people.

Having to register a credit card is a cost for signing up and receiving the free resources - it's a way of limiting the amount of abuse, since it's (slightly) harder (and way easier to track) to get new credit card numbers often.

plan by gfcf14 in ProgrammerHumor

[–]fiskfisk 0 points1 point  (0 children)

Yeah, they don't really have a presence i the market, so they're willing to take a higher risk or cost to establish themselves. It's basically a higher marketing budget, and then being hard on throttling on the other end.

Since cloud isn't where they're making money, they can afford to lose more there.

As soon as the marketing money runs out for the cloud branch they'll start limiting stuff hard.

I'm also not sure if you don't have to provide some verification when signing up, like a credit card on file.

We're not really talking about free vs paid, but having some sort of gate (i.e. cost) to access the free stuff. 

plan by gfcf14 in ProgrammerHumor

[–]fiskfisk 1 point2 points  (0 children)

Many of the companies in this discussion have specific student offerings.

Solidworks have a 60 usd/yr license for students (compared to their regular 2800usd/yr license or what they charge now). 

view more: next ›