Skip Navigation
InitialsDiceBear„Initials” ( by „DiceBear”, licensed under „CC0 1.0” (
Posts 0
Comments 21
It must a pain to make a Rich Textbox
  • So long as you have robust data sanitization on the backend to prevent XSS and HTML injection attacks...

    If you can get away with just using Markdown, you should definitely use that instead of full HTML.

  • wanted: e-mail provider that supplies onion email addresses and allows users to use them on clearnet
  • That mismatch between DMARC verification domain and the domain of the "from" header is called DMARC Alignment. Any modern spam filter is going to mark unaligned messages as spam. Especially if one of the domains is completely non-routable like .onion.

    And even if you sent the email and it got through with your .onion address, no one would be able to reply to you because the replying mail server can't even look up the MX record for your .onion domain.

  • wanted: e-mail provider that supplies onion email addresses and allows users to use them on clearnet
  • TL;DR you can send emails from .onion addresses if you want, but no clearnet server is going to accept them.

    So when you send an email, you can actually put whatever you want in the from header. I could send an email that says from "[email protected]". The protocol doesn't care.

    Do you know who does care? The email server you're sending messages to, because spammers and scammers love to try and send email with fake from addresses.

    So, there's an entire verification system in place that involves looking up public keys from the website that the email claims to be from. (this is a gross over simplification. Look up SPF, DKIM, and DMARC for more info). The problem is you can't even reach .onion sites from the clearnet to do the lookups. So no email servers would be able to validate your address is legitimate and so would drop it as spam.

  • Voyager 1 is sending data back to Earth for the first time in 5 months | CNN
  • For most transmissions of digital information (even those here on earth) there's a concept of a "checksum". Basically at the end of every message, there's a special number, and you can do some math on the rest of the message to get that same number. If anything happened to change or damage the message in transit, the math doesn't work out and so the checksum fails.

    I would assume Voyager works in a similar way so every time it receives a message it will compute the checksum and see whether it matches

  • I could only see one 8-letter word in todays Spelling Rule
  • All words you spell must include the central letter, adjacency doesn't matter.

    The design is a bit of a visual joke combining the concept of a "spelling bee" competition with the honeycombs of literal bees.

  • Technology has made the fundamental aspects of my life more arduous
  • The OMNY system in NY doesn't require you to install an app on your phone. It's tap to pay with any credit or debit card, even apple or Google pay. If you want you can still get a physical OMNY card and refill it, but it's not required.

    Sounds like a skill issue on the author's part tbh.

    Also fuck physical checks, online payments are 100x better. Writing all of your baking information on a slip of paper and handing it to someone is probably the least secure way to transfer money.

  • Web-based cryptography is always snake oil
  • What a brain-dead take. If your threshold for true safety is "literally no one can force you to decrypt it or affect the system in any way" then of course it's insecure, and so is everything else unless everyone writes their own crypto implementation yourself locally.

    "oh I compile my binaries from source so I'm safe"

    Someone could compromise the source repo and have it serve a compromised version to your machine. I guarantee you aren't reading the entirety of the open SSL source code before you compile it.

    Anyone that takes this article seriously should read On Trusting Trust. It's a very short essay that states the point much more eloquently than the post author that you eventually have to trust someone. Whether that's Apple or Signal or some random maintainer of your crypto implementation library, you have to trust someone that it hasn't been backdoored.

  • Receive only email server
  • You should definitely set up a DMARC record to prevent other people from using your email domain to send spam. If you don't have DMARC configured, other email servers will give any senders the benefit of the doubt and accept mail that claims to be from your domain.

    You can just set the DMARC record to reject 100% of unverified mail and call it a day. Since you aren't sending anything it won't affect you.

  • How to deploy 2FA for a small business?
  • The ideal solution is to have one identity provider and then use Single Sign-On (SSO) to authenticate your users to all of their other apps. All of the big identity providers (Microsoft, Google, Okta, etc) support security keys.

    I recognize that it might not be feasible to use SSO for all of your apps as a small business; a lot of SaaS platforms unfortunately charge extra for SSO. That being said my advice would be use SSO whenever possible for your apps and include SSO availability in your decision-making process for purchasing new software.

    For those apps that do not support SSO, my advice would be to either compensate employees for using their personal devices for work or give them corporate devices that are only used for work things.

  • Dumbo is violating the laws of physics. Where are the cops? How shall i report him?
  • According to all known laws of aviation, there is no way that Dumbo should be able to fly. Its ears are too small to get its fat little body off the ground. Dumbo, of course, flies anyway. Because Dumbo doesn't care what you think is impossible.

  • What is the term for an abstract personification? (Examples below)
  • The term is metonym. It is when you use a characteristic or associated attribute of a thing as the name of that thing. A classic example would be "the crown" when talking about the monarch or "The Whitehouse" when talking about the president.

  • Google is putting ads in gmail. WTF?
  • These ads only appear in the "promotions" section of Gmail, the section that is by definition for advertising emails. It's not great, but this is the least intrusive place to put ads.