Email me: adam@middle.app
> Everyone being surprised at the bridge collapsing needs to reconcile with the amount of force that struck the bridge ... I am also a bit surprised at how many people don't grasp this or grasp engineering, magnitude of…
> I've found very few projects where a bit of poking can't turn up memory safety issues. I'm working on a Rust project right now, and I'm probably one of those people who are overestimating the correctness of my code! I…
You are free to choose buildings with multiple stairways if that's a requirement for you! We're talking about easing mandatory regulations, allowing builders to meet demand. We're not saying that all buildings must only…
This is a fantastic article. Burdensome regulations on housing construction have caused costs to skyrocket. Minimum lot sizes, setback requirements, square footage minimums, floor-area ratio restrictions, overzealous…
Oh, I see the issue. The HIBP database is SHA-1 hashed with no salt. It was created from unhashed passwords. You can't download the unhashed version (you could of course compute it, if you really wanted to; but there's…
One can only implement a HIBP check when one has access to the user's unhashed password. So, at login, registration, and password reset.
Yes, same scenario, but far fewer logins are successful. 3 orders of magnitude sounds right, but I don't know precise numbers. (Can others shed light?) Three orders of magnitude is a lot!
This is true. The story as written probably didn't happen with HIBP's database. Troy Hunt's database only includes SHA-1 hashes, and passwords in your own database will be hashed with a stronger algorithm (hopefully)…
Troy Hunt is such a treasure. And for us web application developers, there is no excuse for not having protection against credential stuffing! While the best defense is likely two-factor [1], checking against Hunt's…
It is not hard and every web service really should implement this sort of check. I’m actually pretty surprised to see so many comments here that aren’t aware of it! See: https://haveibeenpwned.com/Passwords
I don’t know about criminal liability, but they’re certainly at fault for not implementing a check against known compromised passwords[1]. I believe it’s been an accepted best practice since something like 2017. 1.…
Websites should mitigate credential stuffing by checking against known cracked passwords. All you have to do is download Troy Hunt’s hashed password database, check it when someone logs in and if it’s cracked do your…
I had to deal with this problem in our product, which has a visual programming language. I opted to throw an exception if, for whatever reason, "all()" receives an empty list! I had forgotten I'd done that. There's no…
A few months ago, I did some analysis on JSON data in our platform, and discovered that more than two-thirds of bytes were field names. Two thirds! That’s a lot of potentially unnecessary extra bytes. In my case, I was…
Alpine is a trap! For a Python product, we tried to make it work for about a year before throwing our hands up and switching to a plain Ubuntu image. We’ve had no regrets.
Perspective from a CTO at a small b2b saas startup: Pricing is incredibly tough, and at my startup, we’ve had tons of hours-long conversations on pricing internally, with consultants, etc. We also have a mix of…
I had trouble finding the link to the full report; here it is! https://survey.stackoverflow.co/2023/
I haven't heard of the idea of the "hard problem of consciousness" before, but after reading this Wikipedia article, it sounds like nonsense. Like, take this passage: > For example, it is logically possible for a…
I had a really fascinating conversation with the lead architect at Frost Giant the other day. They're making the next StarCraft, basically. They don't use floating points. He didn't mention (IIRC) the possibility of…
"At one point in the harrowing footage, he appears to be stumbling toward a car, and then falling to the ground as the car drives away." This was so sad to read. I bet the driver thought Lee was a dangerous or disturbed…
"Housing prices only keep pace with inflation. America realizes it totally forgot about a few million homes it built, greatly expanding supply. Housing prices rise only 2%. Alice is much, much worse off for buying. In…
I've been slowly reading this book on cognition and neuroscience, "A Thousand Brains: A New Theory of Intelligence" by Jeff Hawkins. The answer is: Yes, yes we are basically fancy auto-complete machines. Basically, our…
I don't know! I think you might be right, but my intuition tells me it's a little more than that. Other ideas: * Is it a mind-body connection thing? Writing seems to involve a lot more fine motor control and muscle…
I 100% agree with this. If I want to fully commit to learning something, physically writing it down with my hand makes it stick better, for reasons that I don't really understand. I actually started to think about it as…
This copy is confusing. What's the actual product that I could potentially buy? From the description here, this could be "just" AWS Lambda. I'm sure it's better in some way, but, like, how exactly?
> Everyone being surprised at the bridge collapsing needs to reconcile with the amount of force that struck the bridge ... I am also a bit surprised at how many people don't grasp this or grasp engineering, magnitude of…
> I've found very few projects where a bit of poking can't turn up memory safety issues. I'm working on a Rust project right now, and I'm probably one of those people who are overestimating the correctness of my code! I…
You are free to choose buildings with multiple stairways if that's a requirement for you! We're talking about easing mandatory regulations, allowing builders to meet demand. We're not saying that all buildings must only…
This is a fantastic article. Burdensome regulations on housing construction have caused costs to skyrocket. Minimum lot sizes, setback requirements, square footage minimums, floor-area ratio restrictions, overzealous…
Oh, I see the issue. The HIBP database is SHA-1 hashed with no salt. It was created from unhashed passwords. You can't download the unhashed version (you could of course compute it, if you really wanted to; but there's…
One can only implement a HIBP check when one has access to the user's unhashed password. So, at login, registration, and password reset.
Yes, same scenario, but far fewer logins are successful. 3 orders of magnitude sounds right, but I don't know precise numbers. (Can others shed light?) Three orders of magnitude is a lot!
This is true. The story as written probably didn't happen with HIBP's database. Troy Hunt's database only includes SHA-1 hashes, and passwords in your own database will be hashed with a stronger algorithm (hopefully)…
Troy Hunt is such a treasure. And for us web application developers, there is no excuse for not having protection against credential stuffing! While the best defense is likely two-factor [1], checking against Hunt's…
It is not hard and every web service really should implement this sort of check. I’m actually pretty surprised to see so many comments here that aren’t aware of it! See: https://haveibeenpwned.com/Passwords
I don’t know about criminal liability, but they’re certainly at fault for not implementing a check against known compromised passwords[1]. I believe it’s been an accepted best practice since something like 2017. 1.…
Websites should mitigate credential stuffing by checking against known cracked passwords. All you have to do is download Troy Hunt’s hashed password database, check it when someone logs in and if it’s cracked do your…
I had to deal with this problem in our product, which has a visual programming language. I opted to throw an exception if, for whatever reason, "all()" receives an empty list! I had forgotten I'd done that. There's no…
A few months ago, I did some analysis on JSON data in our platform, and discovered that more than two-thirds of bytes were field names. Two thirds! That’s a lot of potentially unnecessary extra bytes. In my case, I was…
Alpine is a trap! For a Python product, we tried to make it work for about a year before throwing our hands up and switching to a plain Ubuntu image. We’ve had no regrets.
Perspective from a CTO at a small b2b saas startup: Pricing is incredibly tough, and at my startup, we’ve had tons of hours-long conversations on pricing internally, with consultants, etc. We also have a mix of…
I had trouble finding the link to the full report; here it is! https://survey.stackoverflow.co/2023/
I haven't heard of the idea of the "hard problem of consciousness" before, but after reading this Wikipedia article, it sounds like nonsense. Like, take this passage: > For example, it is logically possible for a…
I had a really fascinating conversation with the lead architect at Frost Giant the other day. They're making the next StarCraft, basically. They don't use floating points. He didn't mention (IIRC) the possibility of…
"At one point in the harrowing footage, he appears to be stumbling toward a car, and then falling to the ground as the car drives away." This was so sad to read. I bet the driver thought Lee was a dangerous or disturbed…
"Housing prices only keep pace with inflation. America realizes it totally forgot about a few million homes it built, greatly expanding supply. Housing prices rise only 2%. Alice is much, much worse off for buying. In…
I've been slowly reading this book on cognition and neuroscience, "A Thousand Brains: A New Theory of Intelligence" by Jeff Hawkins. The answer is: Yes, yes we are basically fancy auto-complete machines. Basically, our…
I don't know! I think you might be right, but my intuition tells me it's a little more than that. Other ideas: * Is it a mind-body connection thing? Writing seems to involve a lot more fine motor control and muscle…
I 100% agree with this. If I want to fully commit to learning something, physically writing it down with my hand makes it stick better, for reasons that I don't really understand. I actually started to think about it as…
This copy is confusing. What's the actual product that I could potentially buy? From the description here, this could be "just" AWS Lambda. I'm sure it's better in some way, but, like, how exactly?