https://github.com/avodonosov/
http://avodonosov.blogspot.com/
- Have you found this stuff useful during the many years since you learned it? Or you don't mean you mastered it enough to judge its usefulness?
- Dumb tools are more robust.
- Far from everything
- Why exceptions were difficult without the builtin support? Sttange to hear that.
- I used to delete them on old Android version.
- No, I dont want to clear storage - there is data I downloaded into the app and work with that I dont want to lose. But the app also accumulates some temp files there.
- Android doesn't even let you access your files. It has famously blocked acess to the subfolders of /Android/data/ - every app has a subfolder there where it stores files. And you can not visit these subfolders since Android 11.
A buggy app accumulates gigabytes (literaly, i am not exagregating) of temp files there, but i cant visit the folder to delete them.
Google explains that "it's for you safety".
I have to call it with the strong word "idiotic".
There are apps now where storing files in a shared, accessible folder is a payed option.
Not only that is outrageous, I belive that violates the existing "right of access" laws like GDPR. I am condidering even submitting Subject Access Request to Google about my /Android/data/ subdirectories.
- > The goal they are trying to achieve is good, but the execution is just stupid and will make everyone, including and maybe especially the people they want to protect, less safe online.
If so, the best way to stop that is to sugest a good way to achieve the good goal.
How would solve these good goals?
- Everyone knows what model is. Almost noone knows what is controller.
- And capcha forces users to train neural networks for free, planning to then replace the users with those neural networks :)
Moreover, website ovners even pay for capcha. It should be other way around - people participated in training the neural nets should share profit and owhership of the networks, at the very least.
- Ha-ha.
Android doesn't even let you access your files. It has famously blocked acess to the subfolders of /Android/data - every app has a subfolder there where it sfores files. And you can not visit these subfolders since Android 11.
A buggy app accumulates gigabytes (literaly, i am not exagregating) of temp files there, but i cant visit the folder to delete them.
Google explains that "it's for you safety".
I have to call it with the strong word "idiotic".
There are apps now where storing files in a shared, accessible folder is a payed option.
And in this world you want to own your hardware.
- Thank you for the comment. I mean fences.
Haven't ever heard of barriers as a counter-like primitive (sounds like a semaphore or CountDownLatch)
- Than you.
- > ‘Oceanic Boundlessness’ (OBN)
LOL
- Thank you
- Thank you
- * for not.
for now
- Thank you very much.
I can not give you thi final feedback at the moment, I only breefly looked through the articles for not.
The first ones are very accessible (given my prior lnowledge of lamport clocks and happens before as in Java memory model), the later ones I am currently not sure are very clear.
But are easier than the docs I used when first approached this topic in the past, like Documentation/memory-barriers.txt and the Doug Lea's texts.
- Can anyone suggest a good explanation of memory barriers?
- I am sarcastic because this discussion is about a different attack. Not about fishing.
(The OP says one time codes are worse than passwords. In case of fishing passwords fail the same way as one time codes.)
I was also sarcastic/provocative even in the prev comment, saying the GOOD site always includes a warning with the code making the attack impossible. A variation of the attack is very widely used by phone scammers: "Hello, we are updating intercomm on your appartment block. Please tell us your name and phone number. Ok, you will receive a code now, tell it to us". Yet many online services and banks still send one time codes without a warning to never share it!
The fishing point may also be used in defence of one time codes: if the GOOD service was using passwords instead of one time codes, the BAD could just initiated fishing attack, redirecting the user to a fake login page - people today are used to "Login with" flow.
- I do not believe that receiving such a message you will not notice the phrase.
And more so if you receive them constantly.
But of course, you are entitled to your opinion, even if it's wrong.
- Ok. When they need the code they will have to scan through a message like
and will read the words, because they read left to right.Do not share the code 3456The code should be in the same font as the rest of the text.
- There are common properties of phycology shared by people. UI design and ergonomics rely on such properties. In psrticular, how people read text.
But I am speaking of myself only. From experience receiving well designed message comparing to the experience with badly designed messages.
I am a data point of evidence supporing my view. The opinion that "people don't read" is a complete speculation, without convincing evidence.
The real problem that many services simply not include the warning in the message.
- I know from experience that well designed messages with secure code are very understandable and make it virtually impossible to miss the warning.
On what grounds you say people dont read? Any evidence?
- /s tag?
Peope do read, if the email is short
- Tuesday follows Monday
- The scheme is impossible, because the GOOD site says in the email "NEVER SHARE THIS ONE TIME CODE WITH 3RD PARTY APPS OR INDIVIDUALS"
Its so easy, like a breeze!