One-time passwords are generated on demand by a dedicated OATH OTP authenticator that encapsulates a secret that was previously shared with the verifier. Using the authenticator, the claimant generates an OTP using a cryptographic method. The verifier also generates an OTP using the same cryptographic method. If the two OTP values match, the verifier can conclude that the claimant possesses the shared secret.

We believe that being open source is one of the most important features of Bitwarden. Source code transparency is an absolute requirement for security solutions like Bitwarden.

But getting codes by phone turns out not to be not very secure at all. A vulnerability in SMS messaging is that crooks can reroute text messages(Opens in a new window).

Unlike the other apps listed here, Authy requires your phone number when you first set it up. We're not fans of this requirement, since we’d rather have the app consider our phones to be anonymous pieces of hardware; and some have suggested that requiring a phone number opens the app up to SIM-card-swap fraud.

2FAS doesn't need your phone number or even require you to create an online account, so it's not susceptible to SIM-swapping fraud.

The lack of interoperability among hardware and software technology vendors has been a limiting factor in the adoption of two-factor authentication technology. In particular, the absence of open specifications has led to solutions where hardware and software components are tightly coupled through proprietary technology, resulting in high-cost solutions, poor adoption, and limited innovation.

The verifier MUST NOT accept the second attempt of the OTP after the successful validation has been issued for the first OTP, which ensures one-time only use of an OTP.

The authors believe that a common and shared algorithm will facilitate adoption of two-factor authentication on the Internet by enabling interoperability across commercial and open-source implementations.

It is also used to migrate existing clients using direct authentication schemes such as HTTP Basic or Digest authentication to OAuth by converting the stored credentials to an access token.

Businesses can send message templates to up to 250 unique customers in a rolling 24-hour period

On my ZE620KL nothing worked, many tries, I waited a few days and it didn't work. Even changing the rom for an official Asus rom (without root) the app kept saying that the device is not safe. It only started to allow contactless payment after relocking the bootloader. I believe that in my case, gpay did not work by detecting the unlocked bootloader. Edit The device passed all tests, safenet, Google protect, basic, CTS (with root). but it still only worked after relocking the bootloader

Our test raises an ActiveRecord::RecordNotFound exception. We know that Rails has special handling to return a 404 status code in this case. However, the request spec still raises the exception.

Finding good names is quite difficult. Single words are also almost always better than combined names, even though one is a bit limited with single words alone. There are exceptions though. For example .each_with_index or .each_index are good names, IMO.

And, my kids learned all about the inner workings of the car in areas that are usually hidden. This was an exhilarating accomplishment, and a triumph of a homeschool project. I hope to do more with the kids over the years so that they have practical life skills, and I encourage other parents to work with their children to fix the family car.

I am not a mechanic, but I like to dabble in fixing whatever is at hand, especially when it saves our family money.

Why is it, then, that although publicly is far more common as the adverbial form of public than publically, the ratio of usage has diminished? Publically is becoming more common for the same reason that people write irregardless in place of regardless or write “diffuse the situation” instead of “defuse the situation” or “all of the sudden” rather than “all of a sudden”: evolution. Language is, in a sense, alive, and just as life itself evolves, so does language—but note that the primary definition of evolution is not “improvement”; it simply means “change.” And how does language change? The change is modeled: New words are coined, or new senses of existing words develop (or new spellings or new forms occur), because someone, somewhere acts to make it so, and the evolution goes viral.

First, dictionaries are not arbiters of highly literate writing; they merely document usage. For example, irregardless has an entry in many dictionaries, even though any self-respecting writer will avoid using it—except, perhaps, in dialogue to signal that a speaker uses nonstandard language, because that is exactly how some dictionaries characterize the word. Yes, it has a place in dictionaries; regardless of that fact, its superfluous prefix renders it an improper term.

Washington wallet-sized birth registration cards aren’t accepted

Ultra-high frequencies typically offer better range

Does the EDL/EID card transmit my personal information? No. The RFID tag embedded in your card doesn't contain any personal identifying information, just a unique reference number.

Our transactional and marketing email services allow you to send emails effortlessly.

With comprehensive drag-and-drop email builders like Mailgun's Drag-and-Drop Template Builder, or a responsive email language like MJML, you can create and change up your email marketing campaigns with ease

Code your own template with HTML, or use our markup language MJML, the only framework that makes creating responsive designs easy.

Send me the Mailjet newsletter. I expressly agree to receive the newsletter and know that I can easily unsubscribe at any time.

What are transactional emails? Typically any email that is triggered by or sent automatically from your application.

Welcome emails Actionable emails Password resets Receipts Monthly invoices Support requests App error alerts Reminders etc.

for instance, when the recipient’s address is full (a soft bounce: just wait and re-send) or worst, when it’s non-existent (a hard bounce: you need to remove the account from your list)

Don't be a lump on a log. See an issue? Have a suggestion? Want to help? Well git in there!

A Method Decorator is declared just before a method declaration.

const requiredMetadataKey = Symbol("required");

As an aside, I think I now prefer this technique to Python for at least one reason: passing arguments to the decorator method does not make the technique any more complex. Contrast this with Python: <artima.com/weblogs/viewpost.jsp?thread=240845>

When you call 'foo' in Ruby, what you're actually doing is sending a message to its owner: "please call your method 'foo'". You just can't get a direct hold on functions in Ruby in the way you can in Python; they're slippery and elusive. You can only see them as though shadows on a cave wall; you can only reference them through strings/symbols that happen to be their name. Try and think of every method call 'object.foo(args)' you do in Ruby as the equivalent of this in Python: 'object.getattribute('foo')(args)'.

def document(f): def wrap(x): print "I am going to square", x f(x) return wrap @document def square(x): print math.pow(x, 2) square(5)

einwärts ge­wand­ter Spitze

Gänsefüßchen

Unless physical stature is of relevance in a conversation, simply using a person's name is appropriate.

I am a developer, and we are developing the app for the customer, that will not publish through the google play store. But when we distribute the app to the customer, customer get that error. I want to avoid that alert of the Play stored.I want to understand, exactly which security concern has been break by my app.

The benefits of getting administrative privileges over an open-source OS like Android stands aplenty. Among them, it’s the ability to flash modules and tweaks that is at the top of the priority queue, However, this is just one side of the coin. Rooting has its own downsides as well, the primary among them is the fact that SafetyNet getting triggered.

Google has had the ability to harden SafetyNet checks using hardware-backed key attestation for several years now. The fact that they refrained to do so for 3 years has allowed users to enjoy root and Magisk Modules without sacrificing the ability to use banking apps. However, it seems that Magisk's ability to effectively hide the bootloader unlock status is soon coming to an end. It's a change that we've expected for years, but we're sad to see it finally go into effect.

The conflict of interest he now has is evident but that's not something that should be used to flame him, it's just the way it is.

Fortunately, topjohnwu has been given the green light to continue developing Magisk, but this approval is contingent on the project dropping support for its root hiding feature called MagiskHide.

For people like me, who believe that accessibility applies to all users, the following two words come to mind: Inclusive design. The British Standards Institute (2005) defines inclusive design as "The design of mainstream products and/or services that are accessible to, and usable by, as many people as reasonably possible..."

Conversations are collections of messages that all have the same Subject. When "conversation mode" is on, searches return entire conversations as results. So what should gmail search do if a conversation contains both a message that matches, and a message that does not match your search? You are probably expecting it to return conversations only if all messages in that conversation match. But that is not correct. Instead, Gmail search will return conversations even if only a single message in that conversation matches. So that means that if you do the same search above with "conversation mode" on, the results are likely to include messages that do not match your search!

I am a software engineer, canoeist, gardener and and all-round tinkerer. I got into software because of my curiosity about how things work. I kept asking “why” until I eventually found myself doing it for a job. I love the range of work I get to do as an engineer. My work often focuses on performance improvements and coaching teams in code design choices. I value thoughtful communication that amplifies marginalized voices in the workplace.

As a general practice, it seems like gems should remain compatible with current/recent versions of their dependencies. Otherwise, if you have 2 gems in your project that depend on faraday, and one of those is locked to faraday 0.17.6, and the other requires at least 2.x, then you have a problem...

Note though, that this only works when you're already using git for your dependency

It looks like we are all in agreement that command line flags should be stateless

The official Bambora Ruby library is not thread-safe. This means you will run into errors when using it with Sidekiq or Puma. This gem is a thread-safe client for the Bambora and Beanstream APIs.

Forwarding will always break emails specially in Outlook as it adds it's own code before composing. You can have a forward link on emails which takes you to a page to forward to a friend or you can go with a broken email when it's forwarded. It's harsh I know but there is no way around it.

It used to be a lot more common for people to have work and personal phones before the internet made it possible for work to take over every aspect of your day to day life.

Its outlooks rubbish filtering system. They have "AI" rules that look at the sending ip address for reputation. They score you on user reportsand lots of other bits they will not tell you about. Make sure you have SPF, DMARC, DKIM, and sign up for their JMRP and SDNS they will tell you. But it still is a game of cat and mouse. Its a slippery slope and even Microsoft trap their own mail to their own outlook users. PITA, to be honest and luckily we managed to get a mitigation to the issue. However some users in different domains still complain of email going to JUNK. Go figure. I hate having to work on issues with Outlook.com. They themselves send out spam and have the audacity to block well configured SMTP senders. I wish you luck. You will need it.

But, since they'll automatically encode in rich text if there are any HTML tags placed in the message by the device itself, putting a single space (&nbsp) in the signature via the mail app itself, and then bold/italic-izing said space makes it work.

The issue is that Mail isn't behaving as expected. If I tell it to always send messages as Rich Text I expect it to send them as Rich Text no matter what. Instead, sometimes it will send out emails as plain text. This is clearly an issue with Mail. If, for example, you tell your word processor of choice, be it Pages, LibreOffice or Word, to save all your documents as ODF files you expect it to do so no matter what and not to automatically revert to TXT files for documents that you haven't formatted yet without giving you proper notice, thereby preventing you from ever formatting those particular documents in the future.

This problem has been reported on these forums many, many times over the last few years and MS always quote the same non-answer but never get around to fixing it.

Rack::Session was moved to a separate gem. Previously, Rack::Session was part of the rack gem. Not every application needs it, and it increases the security surface area of the rack, so it was decided to extract it into its own gem rack-session which can be updated independently.

Destroys the concurrency of your ruby code using Redis.

The reason is Rails only reads and creates the session object when it receives the request and writes it back to session store when request is complete and is about to be returned to user.

Session race conditions are very common in Rails. Redis session store doesn't help either! The reason is Rails only reads and creates the session object when it receives the request and writes it back to session store when request is complete and is about to be returned to user.

As you can see from the example, the session cookie is updated on every request, regardless of if the session was modified or not. Depending on when the response gets back to the client last, thats the cookie that will be used in the next call. For example, if in our previous example, if get_current_result’s response was slower than get_quiz, then our cookie would have the correct data and the next call to update_response would of work fine! So sometimes it will work and sometimes not all depending on the internet gods. This type of race condition is no fun to deal with. The implications of this is that using cookie storage for sessions when you are doing multiple ajax call is just not safe.

A better solution would be to use a server side session store like active record or memcache. Doing so prevents the session data from being reliant on client side cookies. Session data no longer has to be passed between the client and the server which means no more potential race conditions when two ajax are simultaneously made!

If you already have an instance of your model, you can start a transaction and acquire the lock in one go using the following code: book = Book.first book.with_lock do # This block is called within a transaction, # book is already locked. book.increment!(:views) end

Event Replay: If we find a past event was incorrect, we can compute the consequences by reversing it and later events and then replaying the new event and later events. (Or indeed by throwing away the application state and replaying all events with the correct event in sequence.) The same technique can handle events received in the wrong sequence - a common problem with systems that communicate with asynchronous messaging.

As our needs become more sophisticated we steadily move away from that model. We may want to look at the information in a different way to the record store, perhaps collapsing multiple records into one, or forming virtual records by combining information for different places. On the update side we may find validation rules that only allow certain combinations of data to be stored, or may even infer data to be stored that's different from that we provide.

If you haven't seen it yet, check out the PinePhone Pro and its docking station. Much like the Steam Deck's docking station, it plugs the phone into a monitor, keyboard, and mouse to turn your phone into a PC.

When Ubuntu was confronted with making Debian user friendly, the issue was speeding up software updates. Manjaro has the opposite issue with Arch and is handling it appropriately.

B/ Mainline kernel offers many ways to increase desktop responsiveness without the need to patch or reconfig it. Many tweaks can be activated using the cfs-zen-tweaks you can download and just run but I would advise you just read the very simple code and learn how each of the tweaks impact. Don't hesitate to lower the priority of your cpu-bound processes (compilations, simulations...) and increase the priority of your interactive tasks thanks to the renice command and even change their scheduling policy using chrt Ultimately, you can always pin interrupts to dedicated cpus (setting desired values in /proc/irq/[irq_id]/smp_affinity) , having one in charge of the keyboard and the mouse, another one for the graphic adaptor a third one for the sound card and a fourth one housekeeping for all the possible remaining. Just plenty of solutions left opened without changing a byte in your distro-kernel.

Sure, eagerly failing loudly would be better also. The outcome is still the same - you wouldn’t be able to do the thing you want, you just would be informed faster.

deleting user files without being asked for is by far an "unsafe in nonzero scenarios" decision, no program should do it. The sane option is to refuse working and/or display a visible warning explaining why.

There should thus be an option to give npm a list of vulnerability IDs (CVEs etc.) that it does not need to defend because the admin has decided it does not apply to their edge case.

If the answer to this is "no" with some set of reasons, that's a perfectly reasonable outcome.

The intent of this RFC is to do that - propose a solution. I do not expect that this solution will go through unanimously and unchanged, but I'd like to get something up that can be talked about and addressed both by the ecosystem and by those thinking about Security in the registry and CLI.

There's been an interest expressed in the ecosystem of having some form of counterclaim for advisories surfaced by npm audit. There's been some discussion of a potential counterclaim mechanism for some time, but I've not seen a solution proposed.

Scaling a single VCS to hundreds of developers, hundreds of millions lines of code, and a rapid rate of submissions is a monumental task. Twitter’s monorepo roll-out about 5 years ago (based on git) was one of the biggest software engineering boondoggles I have ever witnessed in my career. Running simple commands such as git status would take minutes. If an individual clone got too far behind, it took hours to catch up (for a time there was even a practice of shipping hard drives to remote employees with a recent clone to start out with). I bring this up not specifically to make fun of Twitter engineering, but to illustrate how hard this problem is. I’m told that 5 years later, the performance of Twitter’s monorepo is still not what the developer tooling team there would like, and not for lack of trying.

In very large code bases, it is likely impossible to make a change to a fundamental API and get it code reviewed by every affected team before merge conflicts force the process to start over again.

Developers are faced with two realistic choices. First, they can give up, and work around the API issue (this happens more often than we would like to admit).

One approach to avoiding this kind of problem is regression testing. A properly designed test plan aims at preventing this possibility

As mentioned in comment by @Tyler Rick Capybara in these days have methods[ ancestor(selector) and sibling(selector)

Capybaras ancestor and sibling methods are called on an element and take the same parameters as find. They are implemented by locating all elements that match the passed in parameters and intersecting that with the set of ancestor or sibling elements respectively.

Apple can afford to make user privacy a priority AND be very strict about cookies because its revenue does not strongly depend on advertising.

Discolored doesn't answer any questions like why the color is gone, why it's your job to fix them or how you even can, or why the player should even care about fixing the color; Discolored just tells you to do it.

Premium MOC tax support. Yaay, taxes. I think this one takes the award for most effort required to implement a feature that no-one really wants.

eBay got jealous when Dan’s site began to grow in leaps and bounds and made him change his name to Bricklink two years later.

Post a publicly viewable comment on the MOC asking why you haven't received it yet

to break up methods into logical paragraphs internally.

[Episode!]! represents an array of Episode objects. Since it is also non-nullable, you can always expect an array (with zero or more items) when you query the appearsIn field. And since Episode! is also non-nullable, you can always expect every item of the array to be an Episode object.

So, when fighting, one should fix one's eyes firmly on the target with only one idea in mind, that of attacking the enemy most simply and directly.

Having excessive ideals with regard to fighting will cause one to be far too nervous. Wing Chun theory is flawless indeed if one can accomplish it absolutely, but a theory is only just a theory, never can a person reach such a state of perfection, human beings are all apt to make mistakes at some time or another.

We welcome your feedback on the accessibility of this site. If you have specific questions or feedback about this site's accessibility or need assistance using specific features, please contact us. If you have found an inaccessible area on the site, please specify the web page or element, and provide any other relevant information to help us locate the problem.  In the event a page cannot be made accessible, we will work with you to make a text version of the content available. Please contact us via telephone or email to request a specific electronic format. Additionally, please provide us with your contact information, the format you require, the web page address, and the location of the content. We welcome your questions about this accessibility statement and comments on how to improve our website's accessibility.  

Strip unsafe tags, leaving behind only the inner text. Prune unsafe tags and their subtrees, removing all traces that they ever existed. Escape unsafe tags and their subtrees, leaving behind lots of < and > entities. Whitewash the markup, removing all attributes and namespaced nodes.

It includes some nice HTML sanitizers, which are based on HTML5lib's safelist, so it most likely won't make your codes less secure. (These statements have not been evaluated by Netexperts.)

You can simulate a pre-checkout git hook:

Result of lots of searching on net is that pre-checkout hook in git is not implemented yet. The reason can be: There is no practical use. I do have a case It can be achieved by any other means. Please tell me how? Its too difficult to implement. I don't think this is a valid reason

If you want a workaround for the case where you can't just replace key with a string literal, you could write your own user-defined type guard function called hasProp(obj, prop). The implementation would just return prop in obj, but its type signature explicitly says that a true result should cause obj to be narrowed to just those union members with a key of type prop: function hasProp<T extends object, K extends PropertyKey>( obj: T, prop: K ): obj is Extract<T, { [P in K]?: any }> { return prop in obj; } and then in your function, replace key in a with hasProp(a, key): function f3(a: A) { const key = 'b'; if (hasProp(a, key)) { return a[key]; // okay } return 42; }

The variable x initially has the type unknown: the type of all values. The predicate typeof x === "number" extracts dynamic information about the value bound to x, but the type-checker can exploit this information for static reasoning. In the body of the if statement the predicate is assumed to be true; therefore, it must be the case the value bound to x is a number. TypeScript exploits this information and narrows the type of x from unknown to number in the body of if statement.

The majority of real-world software benefits from the fast warm-up and performance enhancements provided by the YJIT basic block versioning JIT compiler.

Do Not Post About Commercial Products For support of commercial themes or plugins, go to the official support channel. In order to be good stewards of the WordPress community, and encourage innovation and progress, we feel it’s important to direct people to those official locations. Doing this will provide the developer with the income they need to make WordPress awesome. Forum volunteers are also not given access to commercial products, so they would not know why a commercial theme or plugin is not working properly. Ultimately, the vendors are responsible for supporting their commercial product. If you are a vendor and observe someone asking questions about your paid plugin or theme, please direct them towards your own support resources.

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center. – Community Bot

Mailgun is primarily a developer’s tool so the best way use Mailgun is through our APIs.