|
Wordle 1,062 5/6
⬜⬜⬜⬜🟨
⬜⬜⬜⬜⬜
⬜🟨🟩⬜⬜
🟩⬜🟩🟩⬜
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,062 4/6
🟨🟨⬛⬛⬛
⬛🟨🟨🟨⬛
🟩🟩⬛🟩🟩
🟩🟩🟩🟩🟩
Ok, I have had my coffee, so you can all come out now!
|
|
|
|
|
Wordle 1,062 5/6*
🟨🟩⬛⬛⬛
🟩🟩🟩⬛⬛
🟩🟩🟩⬛⬛
🟩🟩🟩⬛⬛
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,062 3/6
⬛⬛🟩⬛🟨
🟩🟩🟩⬛⬛
🟩🟩🟩🟩🟩
Jeremy Falcon
|
|
|
|
|
Did you know that MS Edge has a built-in VPN?
It automatically applies VPN when you are connected to a public wifi.
Here are some more details[^] which I'm reading now.
I work out of a coffee shop once a week so this is important to me.
I'm trying to figure out :
1. how to know I'm actually protected
2. how "much" i'm protected by this VPN.
It is very interesting that MS is doing this though becuase it seems like the obvious thing to do that no other browser seems to do. Others you have to pay for separate VPN.
|
|
|
|
|
Quote: ... stop third parties and bad actors from accessing your sensitive information, so you can make purchases online, fill out forms, and keep your browsing activity away from prying eyes.
Yeah, because it's still 2010, and every site on the net is still using HTTP rather than HTTPS, right?! 
Whilst there are still reasons for using a VPN[^], the MS page you linked to seems like it was written by a gibbering idiot marketing executive who doesn't understand the first thing they're talking about. 
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I've wondered about that. So if I'm on an HTTPS site, then the moment I hit SUBMIT the data is encrypted locally (using the public key of the target site) and then transfered so even a person on same wifi can't see it right?
The one thing I'm looking to be protected from which I know is a current issue is token grabbing.
Here's what I mean. You are already signed into your Google account on your laptop. When you go to a site like stackoverflow or CP that you use your google credentials and you're on the public wifi then the nefarious actor can grab your token and use it to sign into your account.
I'm hoping / guessing that the VPN would protect me from that. But I'm wondering how I could prove that it does that?? 
|
|
|
|
|
raddevus wrote: even a person on same wifi can't see it
Correct.
If they had enough control of the network, they could see your DNS request(s) and know what site(s) you were connecting to, unless you use DNS over HTTPS[^].
They could see the IP address of the server you were connecting to. They could potentially the SNI[^] header indicating which site, unless the server uses ESNI[^].
But they would not be able to see or modify any of the request or response data, including the URLs, query strings, headers, and request bodies.
(Unless of course they had installed malware on your machine, or installed a malicious root certificate allowing them to MitM any site. But if they've done that, you've got bigger problems, and a VPN won't help you.)
raddevus wrote: You are already signed into your Google account on your laptop. When you go to a site like stackoverflow or CP that you use your google credentials and you're on the public wifi then the nefarious actor can grab your token and use it to sign into your account.
Again, assuming all the sites involved are using HTTPS, then nobody else can see the cookie / token to grab it. It would be part of the data that was encrypted.
And I doubt Google would allow any site not served over HTTPS to use their OAuth service to sign users in.
raddevus wrote: I'm hoping / guessing that the VPN would protect me from that.
If you're accessing sites which are not using HTTPS, then a VPN would prevent users on the local network from seeing or messing with your traffic. But it would not protect you if someone was inside the VPN provider's network and monitoring the traffic! All you've done is moved the point of trust from the people running your local network to the people providing the VPN.
There is also the potential of attacks against the VPN itself - for example:
Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Fantastic information (and links). I really appreciate you taking your time to explain these things to me. 
|
|
|
|
|
The solution to the token interception is to not use Google or Facebook for federated logins. Why would you want to let these two advertising companies know where else you go on the internet?
|
|
|
|
|
obermd wrote: solution to the token interception is to not use Google or Facebook for federated logins
Yes, you are correct, but even though I'm a "technologist" I am also a lazy human.
And I have 257 passwords in my password manager. This would mean even more.
I know that's not a great reason but I like the federated thing for sites I trust like this one (CP).
|
|
|
|
|
I opened Edge and then Copilot and ask this question: tell me about Edge's new vpn service
Here is the response:
Certainly! Microsoft Edge now offers a built-in VPN service called Edge Secure Network. Here’s how it works:
Encryption: Edge Secure Network encrypts your internet connection, making it secure and private.
Location Obscuring: It hides your location and IP address, preventing third parties and hackers from accessing your sensitive data.
Automatic Activation: The VPN activates automatically when you connect to open Wi-Fi networks or visit unsecured websites.
Limitations: Currently, it provides 5 GB of data and is not available for enterprise users.
To enable it:
Open Microsoft Edge.
Go to Settings > Privacy, search, and services.
Turn on Microsoft Edge Secure Network and choose Optimized3. Enjoy safer browsing with Edge Secure Network! 😊
It does say not for enterprise users and I couldn't find it in my settings, but I am an enterprise user. I'll try at home later and see if I can find it.
HTH
Jack of all trades, master of none, though often times better than master of one.
|
|
|
|
|
Great. All these free VPN services make it easier for the most toxic people on the Internet to evade bans at places with comment sections, including one I moderate. 
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
honey the codewitch wrote: make it easier for the most toxic people on the Internet to evade bans at places with comment sections, including one I moderate
Web2.0 is dead. Comments are dead. Turn off the comments. No one comments any more.
This is me, not commenting. 
Long live Web3.0 You should only allow people to create NFTs which contain their comments, for upload to your site. 
|
|
|
|
|
If I were a nefarious actor cruising coffee shops to steal login tokens...
I suspect it might be more successful to USB/wifi hack and directly compromise machines to dump off bits of the drive/memory content.
|
|
|
|
|
I have some article ideas (web stuff) and I've learned enough about React to be dangerously dumb about writing React code, and learning that I sort of hate React.
But React seems to be all the rage, and given one of my article ideas is implementing a sidebar menu (which I know has been done but all the example I've found are crappy) but I don't want to create another crappy article on sidebars, I want to show how to do it right, and I'm doubting whether I know enough to accomplish that.
I don't know if I know enough. And I've been using the older "class" way of creating React front-end stuff, not the newfangled "hooks" way, which honestly defies for the most part my understanding, no matter how many YouTube videos I watch. So it seems I would first have to understand hooks to appease the modern React coder. 
And then, I'm pretty much loathing how React does things with state management.
And then I watch videos on what is coming down the pike with React (among other things, some major handwaving about async stuff that only a React geek would comprehend, maybe) and I get the sense that React, and its evolution over time, has been and continues to be quilt patches applied on top of fraying quilt patches, which leaves me wondering, how solid is their core architecture to begin with?
So I'm stuck - I want to write some web articles but I'm not convinced that React is where I want to continue my learning, and all of this has made me gunshy of other frameworks. No wonder I roll my own, but that's besides the point.
Suggestions?
|
|
|
|
|
I feel that same way about React specifically.
I wrote an article here that I would really appreciate you taking a look at: LibreGrid: Drop Into Your App, In 5 Minutes CRUD Your Custom JSON Data[^]
I built this thing that is custom and allows you to retrieve, display and edit data from any webapi but then I just froze on it.
The things I like about React:
1. You can add React into any current web app easily -- just replace a section with a component.
The things I don't like about React:
1. it changes a lot - one thing is I like JS classes to wrap stuff and now they have moved toward function-based stuff (I know JS functions are like classes but still different).
2. State stuff and all those add-ons Redux etc. I want basic stuff not all that other stuff
3. It is confusing to me how to create a stand-alone component even though supposedly that is what React is supposed to let you do -- I mean a component I can just "drop-in" on a web site.
I hope you'll check out my article and let me know what you think.
|
|
|
|
|
I'll definitely take a look, and I definitely have concerns about the how often it changes and the state stuff.
And weird stuff, like I've been researching how to create components dynamically (like, lets say I have metadata that says I need a datetime control, a dropdown, whatever) and stumbled across this bizarre statement that a tag in the render, if it starts with a capital letter, is what makes React "know" that it's a component, not say, I guess, an HTML element. And then there's something about the component referencing the actual component you want, and magic rendering happens.
That capital first letter thing just seems so kludgy.
|
|
|
|
|
You don't need redux at all. We use reacts in built context and it's simplified the code hugely without needing the extra weight of redux.
Functional components are the way to go, but learn the state model as it is different to classes.
As for the stand alone? The theory is you package it and the install pulls in the required react bits.
veni bibi saltavi
|
|
|
|
|
I have worked with React and have something of a love-hate relationship with it. While it has some interesting ideas, and I do like the functional-first approach to the design of React, my big problem with it is the "throwing the baby out with the bathwater" approach they take to new releases. With React, there is always a latest-and-greatest way of doing things which is the marketing equivalent of "new and improved" features which are incompatible with what was there before. Granted, this is all opt-in, but it does leave you with the impression that you're doing things the wrong way, even when this was the right way 6 months ago.
|
|
|
|
|
The struggle is real!
I don't understand most of the web frameworks these days. With their hooks and everything is promises, and the flow isn't immediately understandable.
I guess I'm kind of glad I'm not the only one - I thought maybe I was just getting less intellectually agile with time, but then I feel a bit guilty for being glad at your expense.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
Here! Here!
My firm conviction is that all web coding is just black (box) magic. You add some toe of frog and a sprinkle of rose petals (sourced from hopefully a reputable vendor) to a cauldron and pray that a useful potion is brewed without any side-effects. Oh, and if that toe of frog has nail fungus, then that potion is going to give you quite the headache in a few days/months/years down the line.
Bond
Keep all things as simple as possible, but no simpler. -said someone, somewhere
|
|
|
|
|
I just started a new job where they use React and whew. It has been a learning curve. I feel your pain. I haven't gotten to a point yet where I can see that it's worth it, but I keep thinking I will eventually. I mean, if you work with any language long enough you'll grow to like it. right? RIGHT?!?! 
|
|
|
|
|
Spent most of my week so far getting an old Visual Basic 6 environment up and running on my Windows 11 laptop.
I've got it running in a VM now (which I got from the original programmer), but that VM has lots of noise and issues and doesn't work very well (it's the result of 20 years of development by someone who still prefers and uses VB6 and DBF), plus switching between VM and laptop is a pain.
The entire project spans some 40 applications, that use about as much components.
We need to replace all these applications one by one, making sure the output stays the same, so being able to easily run and debug them kind of comes in handy.
With a bit of "luck" we'll get another project which has even more applications (but running them will be a breeze now *ahem*).
So, I got VB6 running, which was only the first step (and surprisingly painless, followed How to install Visual Basic 6.0 on Windows 11 - YouTube[^]).
Then I had to restore all kinds of folders and files in specific places (like C:\Company\Files) and relative to various projects (like ..\..\Components\Component A, etc.).
Not to mention change all kinds of configurations (ini files) because they point to T:\ or specific databases.
Obviously, these files, folders and configurations are all over the place.
I've put all of it in Git, including bin and obj folders, because I can't rebuild most of this stuff and just opening a project in VB6 changes it (it mostly sets references from System32 to SysWOW64, etc.).
Even complete database files (mostly DBF files, but maybe some SQL backups too) got included in Git, because that's how the original programmer works.
I've got Git repositories larger than 1.5 GB now, but ![Elephant | [mastadon]](https://www.codeproject.com/script/Forums/Images/elephant.gif) it!
I'm currently trying to figure out which OCX files have to be registered and (from) where.
A few (most?) are working, but I'm currently having some trouble with some TLB file... Can't register it, but it's referenced in the project, but I keep getting "Class is not registered" (can't find it registered on the VM either though) 
I'm too old young for this sh*t.
|
|
|
|
|
That sounds so painful.
We are still using VStudio 2013 at work and that is painful enough.
But trying to get VB6 stuff going... 
Sander Rossel wrote: The entire project spans some 40 applications, that use about as much components.
!!!! 😵😵
This feels kind of like the kind of work I've done in SQL to transform data from old schema to new.
What I mean is that you can start getting into it and writing some really great stuff and learning esoteric details.
Then you transform and transfer the data to the new schema and all that lovely SQL no longer has a purpose.
It's the pinnacle of glory when you get it done. You stand at the mountain top basking in the sun and looking down. But then one week later its just some mountain you climbed in the past.
Hopefully the company will just have you re-write the stuff to a modern dev platform. Good luck.
modified 15-May-24 10:16am.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
