Not that I know of. We're a pretty tech-forward country, so it's hard to imagine anyone making physical carbon copies these days.

I'm in Estonia, and my bank issues debit and credit cards that are definitely embossed.

It acted as a proxy for the real npm site, which was the one to send the request, intercepting the code when the user inserted it.

And we get back to the original point of the article (sort of). Opening a magic link should authenticate the user who opened the magic link, not the attacker who made the application send the magic link.

bcrypt, one of the more popular password hashing algorithms out there, allows the password to be up to 72 characters in length. Any characters beyond that 72 limit are ignored and the password is silently truncated (!!!). It's actually a good method of testing whether a site uses bcrypt or not. If you set a password longer than 72 characters, but can sign in using just the 72 characters of your password, they're in all likelihood using bcrypt.

Works over here.

Yes.

I'm a security researcher - no quotes. I write detailed, highly technical write-ups for all of the issues I discover, including reproduction steps, root cause analysis and suggestions for fixes. I follow all responsible disclosure guidelines + any guidelines that the company or entity might have for security disclosures.

It's disheartening when you put this amount of effort into it, it gets silently patched, and you get no recognition or even a "thank you". But I don't let it bother me too much. I'm doing this research mostly for myself and because I find it interesting. The fact that I'm disclosing the issues is me being a good citizen, but I shouldn't expect a pat on the head for every issue I disclose.

Being ignored always sucks. But it's still infinitely better than doing all of the above and being threatened with a lawsuit (which has, unfortunately, happened as well).

Thanks!

The slow startup times have usually been an xdg-desktop-portal issue for me in the past, might be worth looking into.

How have your experiences with this setup been so far? Any major pain points?

I'm not sure if I miss IRC, or the simpler times that were when I was actively on IRC. Maybe it's a bit of both. But there's definitely some niceties in modern messaging applications that you can't get in IRC.

I was curious about the same thing, and found the following from Dave:

> I had to deal with that analogy a lot in high school, and I got used to it. It is, indeed, a rather popular food in schools. My problem with people using TAYT is that they end up misspelling it as Tate. Actually my name in the USA is usually pronounced "Tot", or better, T"ah"T, but while doing i18n testing in the mid-90s, and I discovered that the correct spelling (in Estonia) was with the ä. I gleefully adopted that, so I could break all of our protocols and web tools prior to the worldwide acceptance of UTF-8, and also because I was a death metal fan. Using the umlaut also makes it impossible for an automated spellchecker to respell it as "That", however no alternative has really worked. For a while there, the IRS thought I was three different people....

> The word, in Estonian, means "Star or planet", and as the Estonians did not know what an asteroid was, I have taken it to mean "Star or planet?".

While not saying anything about roots directly, I'm guessing it has to have been the reason behind him adopting the Estonian spelling of it. Maybe from grandparents or great-grantparents. Or even further back, considering apparently Estonians didn't know what an asteroid was back then.

I don't see how the two projects are related, so there shouldn't be any confusion. The project you linked isn't even called chibi, it's called chibi-scheme. If you suggest that we should not use common words in our project names if those words have been used before, we would've run out of names long ago.

Out of curiosity, what is the answer? From your comment, it seems like the more obvious choice is the incorrect one.

EDIT: By the more obvious one, I mean letting it cool and then adding milk. As the temperature difference between the coffee and the surrounding air is higher, the coffee cools down faster. Is this wrong?