• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle

  • The short version is that the creators of this API are doing something more secure than what the client wants to do.

    A reasonable analogy would be trying to access a building locked by a biometric scanner vs. a guard looking for a piece of paper with a password on it. In the first case, only people entered into the scanner can get in (this is the cookie scenario). In the second case, anyone with a piece of paper with the right password on it will be let in (this is the Bearer token scenario).

    More technical version: the API is made more secure because the “HttpOnly” cookie - which, basically, means the cookie’s contents can’t be read with JavaScript in the browser - is used to hold the credentials the server is looking for.

    By allowing a third party to access the application, this means you have to allow methods that can be set “client-side” (e.g. via JavaScript in a browser). The most common method is in the “Authorization” HTTP Header - headers are metadata sent along with a request, they include things like the page you’re coming from and cookies associated with the domain. A “Bearer” token is one of the methods specified by the “Authorization” header. It’s usually implemented via passing the authorization credentials prefixed with the word “Bearer” (hence the name) and, often, are static, password-like text.

    Basically, because this header has to be settable by a script, that means an attacker/hacker could possibly inject malicious code to steal the tokens because they must, at some point, be accessible.


  • In this thread, everyone getting caught up on the first toot and not the second where he clarifies his point.

    If you step past the initial investment of buying a house, the analogy makes perfect sense. When you rent an apartment, your landlord (the provider) takes care of all the maintenance; you just live there and you get what you get. When you own a home, you take care of all of the maintenance, but you get to set the place up however you like. This isn’t that different from a lot of FOSS out there.



  • Getting repeatedly beaten in competitive multiplayer games is just kinda par for the course if you haven’t learned the meta, strategies, etc. If you lack game knowledge and your opponents have that game knowledge, you will mostly lose.

    If winning in the game is the only way you find enjoyment in them, then those kinds of games require significant investments of time and energy to “git good”.

    I say this as someone who is repeatedly shit on in every game of CoD I’ve ever played and will play in the future. That said, I don’t gain particular enjoyment from winning alone - not that it isn’t fun to win, just that I get just as much enjoyment from other aspects of the game.

    It sounds to me, mostly, that these games just don’t really appeal to your idea of what’s fun.


  • Israeli settlers have, for years now, been slowly encroaching into territory officially recognized as Palestinian lands. These people absolutely have the choice to move back out of those areas and into lands officially recognized as belonging to Israelis. On the other hand, very few people can “just move, lol” and I wouldn’t be surprised if Israel specifically chose settlers that would be burdened economically if they attempted to leave.

    To be clear, Israel has continuously acted in bad faith against Palestinians and, along with its allies, destroyed the peaceful (or, at least, less militant) groups that sought to unite the Palestinians. This is absolutely a problem of their own making and I would be surprised if there was a peaceful path forward with the current political climate in the region.