- Doesn't a SIM swap attack impact more than just a single user account of a service? They lose access to SMS and calls from their phone. I'd argue they learn that there's a security issue earlier and cause them to take action (contact carrier or authorities).
A friend's Mom's Facebook account was recently hacked. They didn't have 2FA set. Hacker changed her email address in the Meta account. Meta did not notify her via email of the email address change. She did not use fb for a couple of months and had no idea this had happened. Then she began receiving calls from cousins and relatives saying their account was hacked after receiving a link in a message from her.
I would've advised her to use SMS 2FA. A lot of non-technical folks from an older generation don't even bother with email.
- tbf, I was spooked by the initial "turn off your adblocker" banner stuff and I signed up for the offered 3-month YT Premium trial because it's linked to my primary Google account.
In the meantime, I set up a throwaway Google and set that YT profile to have the same subscriptions. Will I pay for YT Premium? Unlikely, but they could make me a pricing offer that's tantalizing enough. I've learned more dev stuff from YT that any Udemy-esque learning service out there.
- FWIW it wasn't meant to sound critical of him, his contributions are much loved and his attempt to push to ESM was also in good spirit with his helpful gist on the issues, but ESM was no silver bullet for the wide mix of imported modules in some projects.
I remember spending a weekend simply inlining all his module code directly into a project to sidestep the type module change. Fun.
- Curious to see how this one decision plays out for nodejs IF -
- module authors increasingly adopt ESM
- TypeScript experience with Deno is butter smooth
- npm packages work with Deno
- performance characteristics are similar
- DX for beginners just works (compared to thousands of stale articles with `require('pkg')` and `npm install pkg@latest` for nodejs)
- Totally agree.
It's doubly frustrating because a standard for authoring modules across browser and server platforms such as ESM is a good thing. But it's a bit arrogant to expect module authors across TS and JS ecosystems to ship overnight. Beginners may just turn to Deno or Bun simply because hundreds of coding tutorials and snippets no longer work.
Or, when you finally get a TS config that works but then you import @aws-sdk/* or prisma seeds and then you really rip your hair out.
- The current ESM experience makes it seem like decision-makers in the node.js project were wilfully oblivious to how large the TypeScript community was and how it was being used in node modules and projects. It really does feel like the maintainers focus was on JS and harmony with TypeScript's evolution was low on the priority list.
Meanwhile anyone using an intersection of TypeScript with jest and any of sindresorhus' libraries when he flipped to ESM for his bajillion libraries immediately felt the downside and moved hard away from ESM.
Imagine the mind-boggling hours lost just to get these export/import formats to glue.
- If you're just looking to store API collections locally, an alternative I use is a VS Code plugin called ThunderClient [1].
imho, dev centric tools that care about system resource usage should just integrate with the IDE when possible. It's already running!
- I was in the midst of migrating my namecheap domain from Route53 to Cloudflare. Set up all the DNS records while ignoring the /api/ errors shown at the bottom of the Cloudflare dashboard thinking some ad block setting in my browser was messed up.
Then I realised setting the NS in Namecheap to Cloudflare's nameservers was taking an inordinate amount of time to propagate, and that's when I checked X/Twitter. Set it back to Route53.
- Do you offer wildcard certs for subdomains (i.e. *.news.ycombinator.com)? I believe I had some trouble with caddy's tls internal directive when trying to do something crazy like this. Maybe you could mention it as your differentiator too.
EDIT: I currently use mkcert with caddy and it works fine for this.
- This was my worst fear but I had opted-in to backup Authenticator with Google. Opting in to backup your data with Google is seamless and it also restores stuff like SMS messages.
But I suppose this is one more thing the anti-trust case against Google should probably be looking into. Should Google be allowed this deep integration with their cloud services?
- I faced this issue last week. I use the other user profile for Android app development. My phone was lying on the table before me as I watched it abruptly reboot to a familiar black screen that prompted me to Try to restart or Factory reset the phone (losing all data). Obviously, fearing data loss, I chose to gamble with restart, not knowing what the issue was.
Then the phone began bootlooping with the Google logo and a progress bar stuck, going back to black and repeating. The power button + vol down move to get into fastboot was really really hard to get into. It took several attempts and about 15mins of time to finally get to the Factory reset option again. I lost all my data.
As an occasional android app dev who mainly writes apps for personal use, the thought of reporting the bug to Google didn't even cross my mind because (a) it seemed like a random filesystem corruption (b) I'm pretty much used to Google ignoring even high quality bugs reports from Android devs with helpful logs, so an end-user bug report with no logs would be beyond hope.
This may be a case of grass is greener, but Samsung in recent years has been responsive to bug fixes and updates while with Pixel's you basically get what comes through Android updates. Either way, as an Android user, bugs are a way of life.
I have another 3 year old device on Android 11 no longer eligible for updates with a similar 2 user profile setup, and that also randomly reboots to the Try to restart/Factory reset prompt usually after I hit the power button and the lock screen goes wonky. Just that restarting fortunately works in that case without any data loss.
- By that logic, Ubuntu performs a connectivity check behind the scenes polling connectivity-check.ubuntu.com every few mins to detect if internet connectivity has been lost.
I do not recollect seeing any opt-in Privacy prompt enabling this feature. Surely an OS can function without the internet so it's not "essential to its functioning".
Same with Firefox's captive portal check [1] that helps determine if a Wifi network requires a web-based sign-in or acceptance of terms of use.
- This is very useful. I always end up Googling vertical align for flexbox.
In a rush, what would help me refresh flexbox knowledge is being able to drag and drop the frog, snapped to a 3x3 grid, and get the flexbox CSS code as output.
Still a very thoughtful tutorial.
(EDIT: The reason I said the above is I've personally given up on keeping up with new CSS stuff. Having written CSS off and on since IE7 days, basically I have no energy to keep css tricks in memory, having lived through hand coding vendor prefix flags and whatever the new Chrome Canary is thrusting down the pipe)
- I was about to suggest this app to a friend travelling to India but quickly backed out after checking the location of the nearest centers.
It's a connundrum whether these centers are more useful at/near airports or city centers. I would think airports, and therefore someone travelling to Mysore wouldn't need to go to your Bangalore center, but I may be wrong.
If you don't mind sharing, what's the thought that went into these locations?
- The next leg of growth for UPI is already underway with the inclusion of RuPay credit cards under UPI. Until last year, UPI transactions would directly hit your bank account balance and flood your bank statement with many small purchase entries.
Linking a RuPay [1] credit card to a UPI app provider such as Google Pay in India allows users to pay through their credit card [2].
This will in turn boost transaction volume on India's indigenous RuPay payment network, and it will probably show its impact on Visa and Mastercard.
[1] https://en.wikipedia.org/wiki/RuPay
[2] https://www.livemint.com/news/india/google-pay-brings-rupay-...
- That traceability of transactions contributes to expansion of the tax net. About ~2% of India's population pays income tax and <12% of the population files tax returns.
For the longest time, certain professionals such as doctors running neighborhood clinics earned money only in cash, allowing them to skip the tax net or claim to tax agencies that they attend to many patients on a charitable basis. This is changing quickly with patients walking into clinics insisting on paying digitally, pushing doctors to open current accounts and have billing and payment systems.
- Many companies, institutions, public bodies hire external contractors to do a one-time development of a limited-scope app. I bet a bunch of them have their Google Play Console dev account email read by people in some engineering infrastructure function who know nothing about Android development.
Updating their apps now means an internal scramble and unexpected project costs. Not saying its wrong or that we shouldn't move forward. Just saying many were complacent and contractors may have good opportunties in this space.
- I shudder to think what happens in another 5 years or so when the min target is bumped. We have an app built with about 6-8 Jetpack Compose libraries that is already flaky (even after using BOM) and only a magic combination of library versions ensures the app runs across SDK versions.
If you think developer libraries provided by Google for Android are stable, battle-tested and you feel this is akin to first-party "platform code", please be advised that it can be a hellscape with you fighting Google's build tools and the IDE/dev env on one side and zero help on SO to debug device-specific issues with lengthy stacktraces on the other. You end up landing on an Android issue-tracker where some kind soul mentioned the device name, only to find that issue in limbo asking for a working reproduction.
But any self-hosted npm registry backend (e.g. github npm registry) should serve as a private MCP Server registry?