• 0 Posts
  • 38 Comments
Joined 1 year ago
cake
Cake day: August 25th, 2023

help-circle

  • That assumes that an adversary has control of the browser

    No it doesn’t, if they intercept an encrypted password over HTTPS they can resend the request from their own browser to get access to your account

    The big reason you don’t want to send passwords over https is that some organizations have custom certs setup

    What is the problem with that? The password is secure and only shared between you and the site you are intending to communicate with. Even if you sent an encrypted password, they wrote the client side code used to generate it, so they can revert it back to its plaintext state server side anyways

    It is better to just not send the password at all.

    How would you verify it then?

    If not sending plaintext passwords was best practice then why do no sites follow this? You are literally posting to a site (Lemmy) that sends plaintext passwords in its request bodies to log-in






  • lol. Did this in my old building - the dryer was on an improperly rated circuit and the breaker would trip half the time, eating my money and leaving wet clothes.

    It was one of the old, “insert coin, push metal chute in” types. Turns out you could bend a coat hanger and fish it through a hole in the back to engage the lever that the push-mechanism was supposed to engage. Showed everyone in the building.

    The landlord came by the building a month later and asked why there was no money in the machines, I told him “we all started going to the laundromat down the street because it was cheaper”










  • There are like 10,000 different solutions, but I would just recommend using what’s built in to python

    If you have multiple versions installed you should be able to call python3.12 to use 3.12, etc

    Best practice is to use a different virtual environment for every project, which is basically a copy of an existing installed python version with its own packages folder. Calling pip with the system python installs it for the entire OS. Calling it with sudo puts the packages in a separate package directory reserved for the operating system and can create conflicts and break stuff (as far as I remember, this could have changed in recent versions)

    Make a virtual environment with python3.13 -m venv venv the 2nd one is the directory name. Instead of calling the system python, call the executable at venv/bin/python3

    If you do source venv/bin/activate it will temporarily replace all your bash commands to point to the executables in your venv instead of the system python install (for pip, etc). deactivate to revert. IDEs should detect the virtual environment in your project folder and automatically activate it