More

smallnix · 2026-01-09T09:47:04 1767952024

> no technology could recognize that.

Perhaps require monitoring of the arm muscle electrical signals, build a profile, match the readings to the game actions and check that the profile matches the advertised player

smallnix · 2026-01-02T11:24:50 1767353090

Sounds like it could be fixed by making it configurable to hide all issues without a certain tag (or auto-apply a hiding tag) for the issues "landing page".

smallnix · 2026-01-02T07:56:28 1767340588

Interesting that EU is becoming stricter than US with growing life expectancy.

Life + 70 can mean the work is protected 120 years (publish at 40, dies at 90)?

troupo · 2026-01-02T14:09:37 1767362977

It's worse. There's also the war periods for which copyright time is extended in some countries like France.

For example, lyrics to The Internationale were composed in 1871 and music in 1888. They fully entered public domain... in 2014 https://en.wikipedia.org/wiki/The_Internationale#Authorship_... Over 140 years of copyright.

quesera · 2026-01-02T14:39:22 1767364762

Some people publish meaningful works at age 20. And some people live to 100.

That could be 150 years of copyright.

toyg · 2026-01-02T14:27:08 1767364028

European laws are stricter on paper but more loosely enforced.

US laws are looser on paper but viciously enforced.

smallnix · 2026-01-01T23:49:45 1767311385

I know experts who deciphered this. But I will not tell you their names.

smallnix · 2025-12-27T09:25:13 1766827513

Agree, I finally found information via

Homepage -> blog -> docs -> "all docs" button:

https://exe.dev/docs/list

Which has an about and pricing etc.

That is very counterintuitive to just find out what this is.

smallnix · 2025-12-23T14:31:40 1766500300

Before picking this I would benchmark on my existing data using e.g. https://unit8co.github.io/darts/index.html#regression-models

smallnix · 2025-12-22T21:53:54 1766440434

> Herman

Who or what is that?

smallnix · 2025-12-22T21:49:32 1766440172

In oauth2: when I /1 associate a random uuidv4 for each new flow with my user (server side), /2 stick that uuid into the state parameter, and then /3 look up my user with this on callback-endpoint execution. Isn't PKCE in that case redundant?

gethly · 2025-12-23T00:08:14 1766448494

Oauth's PKCE verifies the continuity of the flow as it is essentially a saga(multi-step process). For example you can initiate oauth access grant request multiple times with the same data, but PKCE ensures that each of those initiations can be individually identified. Do not confuse PKCE with state field, which is for XSS and has no obfuscation.

Just to be clear, the PKCE secret can be the same for each initiation, but in the end its goal is to ensure that the first request matches with the last one. And yes, there is "plain" PKCE method but that is just for testing. SHA256 is the default one used to obfuscate the secret.

SahAssar · 2025-12-22T23:20:14 1766445614

I think one point of PKCE is that the oauth token is never sent to the client (it is exchanged on the backchannel), so it theoretically is more protected.

Of course if you trust the client (no bad browser extensions, updated browser) and have good TLS settings and no MITM risk and make sure the your IDs are single-use then it seems like that should be fine.

emadda · 2025-12-23T16:04:35 1766505875

PKCE protects the auth token from interception by making it so that only your code that started the flow can redeem it by proving they have the secret code_verifier on the redeem_token() call.

The code_challenge == sha256(code_verifier). You will share the code_challenge at the start of the flow.

ximm · 2025-12-23T06:06:26 1766469986

I also think these are very similar. The main difference in my view is that the state parameter is checked by the client, while PKCE is checked by the server.

I run an authentication server and requiring PKCE allows me to make sure that XSS protection is handled for all clients.

esseph · 2025-12-22T23:02:04 1766444524

If you can, switch to uuid v7 if you're indexing by that id. Performance improvement while still not being sequential IDs.

SahAssar · 2025-12-22T23:16:15 1766445375

For this sort of use-case v4 might be better. It has more randomness and you will probably delete the old ids as soon as they are used anyway, so the indexed space will probably be small.

esseph · 2025-12-23T06:21:31 1766470891

How small is small, and how often is that state checked?

I guess it's probably not tracking tons of IDs like tracking packet state through a network device.

Even a few million (max) UUIDv4 is probably fine then, yeah?

SahAssar · 2025-12-23T12:09:11 1766491751

Yeah, I'd say that sounds fine. Since these are supposed to be used within a short time it'd also be easy to cleanup unused ones more then 5mins old or so.

smallnix · 2025-12-20T22:20:15 1766269215

Well, I wouldn't love Batman in my apartment either.

smallnix · 2025-12-18T15:22:25 1766071345

Unlike the article, your comment, does not provide evidence beyond "sniff test". The article brings up paintings of statues, which is an interesting data point.

mikkupikku · 2025-12-18T16:02:17 1766073737

If somebody tells you there's a dragon outside, you'd need to be stupid to ask for evidence.