Erik Sturcke
@erik
- 21 Followers
- 181 Following
- 138 Posts
Ben Tsai
@dpp this is so cool. I jumped straight to the section on temperature special handling and was very happy.
Graham Sutherland / Polynomialsecurity advice, 1996: writing your passwords down in a notebook is a very bad idea and nobody should do it
security advice, 2026: writing your passwords down in a notebook is one of the most secure storage methods for most users
(fun how threat models change over time, eh?)
@b0rk I would appreciate if you can broadcast out what you find. I hear about “best practices” not to do it, but what are the attacks? Now if you try to do something like reflect the origin back so that you can send headers, that’s a different story :)
@b0rk yeah this trips me up too! reads are more closely guarded than writes in some sense.
@b0rk yeah interesting. I don’t know that it is a problem. cookies/credentials can’t be sent (as part of the header) by browsers with the wildcard allow origin so you typically wouldn’t set that when you required an authenticated request.
@b0rk the mental modal is tricky to me and feels backwards. Usually a good mental model is that backend does enforcement, but CORS is the backend helping the browser do enforcement. Another tricky thing is that newer things like WebSockets don’t have the same legacy to deal with and so there enforcement is on the server side.
@b0rk yes please I would buy this in an instant! The way the web evolved a lot of this stuff seems backwards and unintuitive. I’ve been doing this for over a decade and am not happy about my mental models or how to articulate the what and why.
I think we need a new framework to understand the software development life cycle. We have correlated writing code "manually" with some base level of design, architecture, debugging, and understanding of the system you are building. But when the whole system gets spit out from an LLM, those things didn't happen. At least not nearly in the same way. So we risk shipping code that is provides value at an unprecedented cost of quality, maintainability, security.
Wendy NatherRE: https://mastodon.online/@ferrix/115866040924740382
One of my favorite German words: Sollbruchstelle. And as my spouse used to say, “Sollbruchstelle heißt nicht unbedingt Wollbruchstelle.”