I sometimes admin. But usually not.

  • 1 Post
  • 60 Comments
Joined 2 years ago
cake
Cake day: June 17th, 2023

help-circle








  • OP, this title is stupidly misleading and incorrect, you should change it immediately.

    The Taliban seized the DOMAIN, aka the ownership of the queer.af name that people could type into their browsers, and their system would resolve into an IP address.

    As the Taliban control Afghanistan, (see where the domain comes from), this was inevitable and the instance owners were already planning to retire the instance as they didn’t want to give money to the Taliban to keep it up.

    The INSTANCE, aka the physical server, was not in Afghanistan, and still has its IP address(es), and so has had absolutely nothing happen to it.






  • The FDA regulation on Net Weight is found in 21 CFR 101.105. In this regulation FDA makes allowance for reasonable variations caused by loss or gain of moisture during the course of good distribution practice or by unavoidable deviations in good manufacturing practice. FDA states that variations from the stated quantity of contents should not be unreasonably large.

    While FDA does not provide a specific allowable tolerance for Net Weight, this matter could come under FTC jurisdiction. FTC has proposed regulations that would unify USDA and FDA Net Contents labeling and incorporate information found in the National Institute of Standards & Technology (NIST) Handbook 133.

    NIST Handbook 133 specifies that the average net quantity of contents in a lot must at least equal the net quantity declared on the label. Plus or minus deviation is permitted when caused by unavoidable variation in weighing and measuring that occur in good manufacturing practice. The maximum allowable variance for a package with a net weight declaration of 5 oz is 5/16 oz. Packages under-filled by more than this amount are considered non-compliant.

    http://www.foodconsulting.com/q&a.htm




  • An API token is more secure than a password by virtue of it not needing to be typed in by a human. Phishing, writing down passwords, and the fact that API tokens can have restricted scopes all make them more secure.

    Expiration on its own doesn’t make it more secure, but it can if it’s in the context of loading the token onto a system that you might lose track of/not have access to in the future.

    Individual API tokens can also be revoked without revoking all of them, unlike a password where changing it means you have to re-login everywhere.

    And that’s just the tip of the iceberg. Lmk if you have questions, though.



  • Others beat me to the punch on saying this is just worse WebAuthN, but there are some specific flaws that boil down to saying that this whole thing is, at best, totally inconsiderate of real attack vectors such as phishing

    Online Login: On supported platforms, log in with your ‘Sign’ rather than your email address. The service checks for a corresponding email in their database that produces the same hash with the chosen algorithm/options. Services can eventually replace emails with ‘Signs’ for regular users.

    Enhanced Privacy: Limits the need to share email addresses, reducing spam and data breach risks.

    Huh? What does this even mean? How can you avoid sharing your email and replace it with a sign, if they need to check it against their database of… Emails?

    Real-Life Usage: In physical stores, use your QR-art ‘Sign’ when asked if you have an account/booked at table.

    Ah excellent. Someone can just look at a security camera or just snap a photo over your shoulder and steal your sign then. Because your proposal sure doesn’t note any way that these are 1-time use only. And if they were, this sounds like an awfully inconvenient way of receiving a temporary number (which sites usually only ever do as a cheap/bad 2FA method/password resets)

    Email Verification: Receive a unique link via email, confirming your email’s validity.

    Oh boy, better make sure to not get phished! Or that the link is 1 time use! Or that you aren’t being victimized by a MITM attack and getting it intercepted immediately!