It doesn’t matter what browser you’re using. Everything Google was tracking here is the stuff all browsers send in incognito mode. This lawsuit was totally frivolous

Only 8? Those are rookie numbers

That’s… why we want the labels?

Car manufacturers should get out of the dashboard design business. Just have an API standard for devices to control the car, and a USB port for users to plug in whichever device works best for them. You want a bunch of physical buttons? Cool, go down to AutoZone and buy a button panel that matches your needs. You want a big screen with carplay and a bunch of widgets? Mount your old iPad there.

The regulatory side would be the hard part. Devices would have to meet some safety standards and the car would have to refuse to drive unless an approved dashboard was connected, but it could be done.

Software receives update. INTERNET PANICS

JavaScript is a language that runs on a user’s computer, when they visit a web page. It is often used for dynamic functionality, ie when you click “like” on a comment… JavaScript running in your web browser will make a request to the server letting it know that you liked the post, then the server will respond with a total number of people who liked it or something.

But, the server needs to know how to authenticate which user liked the comment (so you can’t like it twice etc). There are various authentication mechanisms to do this, with their own trade-offs. Over all, there’s secret information that the browser and the server have to share with each other, and we don’t want that information being accessed by the wrong people.

There’s also a common problem with web apps called “cross site scripting”. Basically somebody might craft a cleverly formatted comment that exploits a bug in the web page and causes the attacker’s code to run. One trivial example might be if every time a person read a comment thread, the attackers code caused that person to “like” a request. A more serious exploit would be one that finds out that secret authentication information I mentioned and shares it with the attacker. They can then pose as the victim user and do anything they want as that person. This would be bad.

So, on to the different approaches and their tradeoffs.

• HttpOnly cookies. Basically when you log in, the server gives your browser a cookie vouching for who you are. Each subsequent request to the server will include this cookie automatically. The browser handles attaching it to the request, and the browser hides it from any JavaScript running on the page. One trade off is that it requires some authentication to happen between the user and the service (ie enter your username and password), to generate the cookie in the first place. This is likely what OP’s customers want to avoid.
• bearer tokens: basically, when JavaScript code makes a request to the server, it can optionally add some tokens in the request headers and use those to authenticate the user. I’m assuming OP’s scenario involves his company providing a service that is used by another company’s web site. They want to log in the user on their system, then forward some info along to OP’s system describing that user. They can’t just set an HttpOnly cookie for his domain, since it would be private to him; so instead they store a magic token in the browser’s local storage or somewhere and send that on every request. The down side is that JavaScript has to be able to read that token, so it enables that malicious user we talked about to steal it if they exploit some other bug.

Anyhow, one common solution here is to set very short expiration dates on those bearer tokens. That way if somebody steals it, they can’t use it for long.

Another strategy is to limit what each token can do. OP needs to make it so you can like a comment using one of those bearer tokens, but more dangerous actions like purchasing things, deleting content, etc, should be guarded by a more secure mechanism. Then the damage is mitigated if the bearer token leaks.

I can agree that this movie wasn’t suited for kids, but it’s sad that they had that kid read that scripted criticism against it.

I just want a game where I get to name my character after myself and the voice-acted NPCs use AI to dub my name into their lines instead of awkwardly avoiding using names.

Only 20 tickets? Sounds pretty stable

Ritual Night. She’s a 10 year old, barrel aged Texas funeral cake stout.

Three days later, on November 20, the Seko union, which represents postal workers, will stop delivering letters, spare parts, and pallets to all of Tesla’s addresses in Sweden.

It seems troubling that there aren’t regulations in place requiring postal workers to deliver mail indiscriminately.

What if the postal union decided not to deliver mail-in ballots they thought might support a policy they disagreed with, for example?

I use a “real name” domain. My last name ends in the letters “in”, so I bought a .in domain, such that the domain name is my last name with a dot in it.

Can’t honestly recommend that approach. It’s a cute gimmick, but when non-technical people ask for your email address and it doesn’t end in a TLD they recognize, their heads explode. I usually give out my gmail address.

Every time it shows up in search results, I’m reminded by their terrible UI that I made the right choice

“I could rewrite this in a week!”

~ junior dev, 3 months ago

Is it the employer’s responsibility to determine that somebody is or is not a spy? Like the scam here was to do the actual job and send money back, not to steal company information etc. companies have legal obligations to make sure people are authorized to work in the US etc, but the government sets those standards. If you’ve got convincing enough paperwork, it’s the governments job to enforce this stuff, not the employer.

That said, I’ve interviewed several remote people who were clearly using fake identities and also clearly didn’t have the skills for the job. Seems obvious their scam was to just collect a paycheck doing nothing, so if that’s the same group, then the employers bear some fault for hiring unqualified people… but on the other hand if the North Koreans were actually doing the jobs they were paid for, no reason the company should care.

software developers with access to GitHub’s Copilot chatbot were able to finish a coding task 56 percent faster than those who did it solo

Are these competent developers, or the kind who already take 4 or 5 times longer to do a task than their peers?

Later on when I want to look productive I’ll delete all those printfs then pay myself on the back for committing a lot of code changes that sprint and for reducing our log storage costs by 75%

Value watching is just printf; change my mind

Is gmail still considered beta?

I appreciate the quick hack, but with a little more foresight you could have just put up a blurry jpeg with that number and changed the prompt so it looks like a CAPTCHA. Nobody would have given it a second thought.