• 2 Posts
  • 63 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle



  • Partially. The summary isn’t quite in line with the detail:

    Android is the only operating system that fully immunizes VPN apps from the attack because it doesn’t implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks.


  • The thing with football is that there is a specific goal (pun very much intended). It’s ok to have a mindset that you’re going to play in a way that makes it unlikely (in the beginning) you’ll achieve that goal (eg play left footed), but if that player never improved, would you still think it’s ‘working’)?

    I worked in an industry for many years that was obsessed with goal-setting, and that mindset never appealed to me. I eventually found a book called Goal Free Living by Stephen M. Shapiro. It was a bit of an eye-opener for me, and the phrase “Carry a compass not a map” stayed with me until today. I’ve done several different things since then but I’ll never be famous for any of them as I still keep changing direction.





  • It’s a great analysis, and I don’t disagree with anything you said (mostly because you’re better informed than I am). But you nailed it with “Why would I need this? I don’t know yet.” It should all be driven by need—the fact their are more options is great, but doesn’t mean they should be used just because they’re there… For many hobbyists, ease of access and speed to get started is the main driver, and for those cases, pre-built boards are the answer.

    I remember talking to a car manufacturer in the early 2000s who said it would be relatively easy to make cars to a custom length / load space. But they tend to make specific models because if you give people too much choice, they get paralysed and don’t choose anything.

    I suspect it’s not quite that simple but the principle seems sound.





  • Despite the breach, LastPass has been pretty solid for me for over a decade. Syncs across devices, easy sharing between family members, etc. If your master pw and iteration counts are in the green, even them losing your data is relatively low risk, apart from exposing the sites you have accounts for, which is equal parts privacy & security issue. If I wasn’t so invested in LP, I would probably go elsewhere but since the horse has bolted…

    I’ve also heard good things about Bitwarden and KeePass but can’t speak to how easy they are to set up.




  • We’ll of course it depends on the scale of the changes. Depending on how your calling them, the version could be in the url, such as zooms api including /v2/ in the urls. Then you can introduce /v3 with many changes whilst leaving /v2 in place for some amount of time.

    If /v3 also means a complete change of database and other underlying infrastructure (eg removing the concept of a zoom meeting), then you’ve got different challenges. Those are probably about overall design, not api.


  • One approach I’ve seen (from a user pov, not dev, so I’ve no idea of the code bloat it might cause) is to pass the API version number in the call. Then your api can be backwards compatible for 2 or 3 versions, giving other users time to upgrade their code. It de-couples things to give you all a bit of slack for both rapid iteration and stability.

    But it also depends on the ‘contract’ between you and the users so be very clear how long / how many versions will be available. Probably will involve a ‘use by’ date.