The first thing I need to do after creating a repo on GitHub, disable Project in repo settings.

xkcd/538 never gets old.

I did this in console:

    $('#container').style = 'display: unset'

Does anyone have the courage to perform a similar inspection on the Cloudflare homepage like the author did? On my M4 Mac mini, Safari lagged with single-digit frames per second (FPS), which scared me so much that I had to close the page as quickly as possible.

Thanks, I have being putting medium domain into dns blocklist for years.

The alternative is the amazing scribe.rip -> https://scribe.rip/@mitendra_mahto/cross-posted-from-https-s...

Wow. Thanks for this. Setting up redirects now.

Medium is terrible.

How do you set up those automatic redirects if I might ask?

In the end I just used a greasemonkey script. There are several on greasyfork.

now try this:

    cat Makefile.md | npx offmark

It's good to have a client side that does not send data to remote, improvements:

- CSP and security headers, currently this site scores D on https://securityheaders.com

- no SRI check on CSS or JavaScript files.

- by loading adsbygoogle.js which invalidates any privacy protection claims.

I have previously written a blog post on this very topic, tl;dr: deleting your keys.

https://blog.imcotton.xyz/my-ssh-folder-has-no-private-keys

I also think OAuth could be used to better serve AX in the age of agent, but before the whole industry find the PMF, shall we not leave the humans (us) behind? Thus I made one for breaking the grip of big IdPs and offer a more secure and easier authentication solutions for humans [1].

You can find its dogfooding demo on the Show HN [2].

[1]: https://sign-poc.js.org

[2]: https://news.ycombinator.com/item?id=42076063

In case one not digging into the source code, the key stretching here is PBKDF2-HMAC-SHA512 with 400,000 iterations (OWASP recommended 210,000).

The reason for not using Argon2 or scrypt is because PBKDF2 is native provide by Webcrypto yet FIPS-140 compliance.