I only do npm install in a docker container where the project and npm cache is mounted. Gives me a bit of security regarding attacks through post install scripts. (--no-scripts is not an option since I need some of them)
- 0 Posts
- 145 Comments
Joined 2 years ago
Cake day: June 18th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
15·9 days agoSeems like some folks from the SCP foundation got loose.
Just wrap your mouth over the spout and you don’t waste a single drop.
Accompanied by “I can stop any time I want” when buying another domain.
Adding a shameless plug here: Aegis is available on f-droid and allows you to backup your 2FA secrets on your own server (e.g. own nextcloud) in case you don’t trust the default Google authenticator.
Time based one time passwords. Those (usually) six digit codes which get replaced every 30 seconds or so. During setup you copied the secret to your device (usually smartphone) and now your device and the server you authenticate at can calculate the same secret code every thirty seconds.
And the era of SMS, where you had 160 letters and had to be creative to push as much information into them to avoid paying for a second SMS.
As long as the maniac with his model planes isn’t around that should be safe.
What a wonderful phrase!
I assume OP would want to send them upstate to live on a farm or terminate the pregnancy before they are born.
Wikipedia defines it as
Advocates of vibe coding say that it allows even amateur programmers to produce software without the extensive training and skills required for software engineering.
Now if you replace some words you see how absolutely bonkers the idea in general is:
Advocates of aircraft autopilots say that it allows even amateur pilots to fly large airplanes without the extensive training and skills required for commercial pilots.
grabs golf club
That’s why I start my dangerous queries with a broken first word like
ELETE FROM table...and do a proofread before adding the D. Saves you from annoying mistakes either by stupidity or fat fingering the enter key.
Oh so we’re back at Tony Soprano memes?
Aibohphobia
If it were real, we would have proof the scientists are just fucking with us.
And suddenly we have a new super villain.
Wow, we gone full circle here. 2FA (the “protocol”, not the application mentioned in the OP) was conceived to increase security by requiring a second factor (not second secret). So we would need the password (knowledge based authentication) and the code generating hardware (possession based authentication). If we stuff all our 2FA secrets into a web service, we efficiently removed the possession factor of the authentication, making it one where two knowledge factors (password for the thing you want to login to and password for the hosted 2FA storage) are sufficient.
So you should obtain prop money for that to avoid charges for defacing. But trying to pay with prop money is probably attempted fraud.
Usually in the “lets see how this random project I cloned from GitHub works for my use case” scenario. I want to see how it works and if it would cover my use case before spending time on checking code and dependencies for security issues.