Find yourself watching tons of great videos on [insert chosen video sharing platform], but also find yourself reluctant to flood the Tildes front page with them? Then this thread is for you.

It could be one quirky video that you feel deserves some eyeballs on it, or perhaps you've got a curated list of videos that you'd love to talk us through...

Share some of the best video content you've watched this past week/fortnight with us!

Server host: tildes.nore.gg (Running Java 1.21.4)
Bluemap: https://tildes.nore.gg
Playtime Tracker: https://tildes.nore.gg/playtimes.html
Tildes website extension (shows online status & location): Firefox (Desktop and Android) - Chrome
Verification site: https://verify.tildes.nore.gg
Patreon: https://www.patreon.com/TildesMC

The server operates on a soft whitelist. Anyone can log in and walk around, but you need a Tildes account to gain build access.

For those using iOS with a bookmark on their homescreen, you may have been plagued like me with Tildes opening in a private window instead of the session where you’re logged in.

I don’t know why I didn’t think about this sooner, but it’s so easy

Shortcuts > New > Create New Tab > Open URL (remove the variable and put in https://tildes.net) > context menu next to the title of the shortcut > Add to Homescreen > Photo (left image option) > select your tildes logo that i forgot to tell you to save

… done. Now Tildes will always open Safari in an authenticated session. ezpz.

I see that in the headline from time to time. Not really sure how prevalent it is and it's pretty disappointing news.

but I also can't help but think:

1. the news articles are probably overblowing it and it's not probably not as prevalent as it's being portrayed
2. that any tech company doing that is shooting themselves in the foot. in total, I was an intern at various companies for a little under 3 years. I don't doubt that the work I did for the majority of the my co-ops were all things that could have been done by a chatBot. writing unit tests and small scripts and etc. but they were invaluable to me (1) understanding what is expected of me in a professional environment and (2) gave me a basic idea of how to code in a professional environment (2) gave me alot of perspective on what technologies and tools I should spend spare time learning cause my university very much focused on dinosaur-era languages, for the classes that did teach any coding related skills. same for the friends I went to uni with. So all I think is maybe in the short term, they are saving money on not hiring interns/co-ops/junior devs to do work that can be done by a bot but I feel like in the long terms that will reduce the number of intermediate/senior devs on the market which means they'll be in higher demand and cost more money.

I have changed my email more than once, just as part of customizing my online identity and all that.

and that obviously required me to login into any accounts I had and updating the email associated with them.

the most common workflow I have found is
login -> navigate to settings page -> edit the email field to the new email -> go to the inbox for the new email -> click confirm on confirmation email

then you can go to that website and do the forgot password, provide your email and change the password and get complete control.

I have always found that workflow weird cause it's the most prevalent one I have come across and seems so susceptible to tampering.

if someone leaves their laptop unattended for 3-4 minutes in public while visiting a bathroom (which happened often in the library of my university), there was nothing preventing me from going to their Facebook or whatever account they had open on their computer, changing the email to my own email and then clicking confirm on my inbox once I am back at my desk.

and most people don't have 2FA so that would effectively give me control of their account.
Hell, my university once had a potential data breach and they were 99.999% sure the data was not actually accessed by a malicious actor but still sent a mass email saying that they were advising everyone to change their passwords. a classmate of mine in the software systems program's attitude was basically "oh well, who cares?" and I just facepalmed internally.

there are maybe 3 websites I have come across that instead first send a confirmation email to your current inbox and after you confirm on that, then you get a confirmation email on the new email inbox. which isn't perfect but I feel like it's a bit more sensical and the best you can do without involving 2FA.

even then, that's also susceptible to the situation I described above if the user is always logged into their email.

I find it odd that websites don't prompt for a password as part of the email update process (or better yet 2FA with an app as even prompting for a password isn't a guarantee if the user has the password manager as an extension in their browser and they recently unlocked it before leaving their session unattended) to ensure that email changes are always done by the account owner.

Have you watched any movies recently you want to discuss? Any films you want to recommend or are hyped about? Feel free to discuss anything here.

Please just try to provide fair warning of spoilers if you can.

Have you watched any TV shows recently you want to discuss? Any shows you want to recommend or are hyped about? Feel free to discuss anything here.

Please just try to provide fair warning of spoilers if you can.

What have you been watching and reading this week? You don't need to give us a whole essay if you don't want to, but please write something! Feel free to talk about something you saw that was cool, something that was bad, ask for recommendations, or anything else you can think of.

If you want to, feel free to find the thing you're talking about and link to its pages on Anilist, MAL, or any other database you use!

Share some digital clutter from one of your hard drives -- something from a LONG time ago. For example: a to-do list, poetry, a script you wrote, a PowerPoint presentation, etc.

Give us the date the file was created/modified.

And, if you so choose, give us context on the file (but if you'd rather let it speak for itself, feel free!).

This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

Tildes is a very serious site, where we discuss very serious matters like lego.island, 2025 iran israel war and the onion. Tags culled from the highest voted topics from the last seven days, if anyone was puzzled.

But one of my favourite tags happens to be offbeat! Taking its original inspiration from Sir Nils Olav III, this thread is looking for any far-fetched offbeat stories lurking in the newspapers. It may not deserve its own post, but it deserves a wider audience!

I am a big fan of Cloudflare Tunnels, it's let me muck about with quite a few low risk apps and it's been fun.

one thing that's always bothered me though is the SSL setup.

According to their website, only enterprise users are allowed to manage their own TLS private keys.

I can kinda understand the logic behind free accounts not having that perk.

But if you are someone who really doesn't like cloudflare reading your traffic or you are a business, it seems odd to me that it's not being demanded of cloudflare that they make it more available for paid users to not expose their TLS private keys to cloudflare.

Why are so many folks OK with cloudflare essentially being able to read all their traffic?

or am I overestimating how many people are using the Pro and Business account? is the majority of their users just Free or Enterprise?

Add awesome game deals to this topic as they come up over the course of the week!

Alternately, ask about a given game deal if you want the community’s opinions: e.g. “What games from this bundle are most worth my attention?”

Rules:

• No grey market sales
• No affiliate links

If posting a sale, it is strongly encouraged that you share why you think the available game/games are worthwhile.

All previous Save Point topics

If you don’t want to see threads in this series, add save point to your personal tag filters.

So I am finally starting the process of designing a personal website that can help manage and organize my finances for me.

So obviously, the security of such data is paramount and for the heck of it, I want to design a webapp where it doesn't operate by the rules of "trust me bro" even though I will be the one designing it and most likely will be the only one ever to use it. Just want that experience of proper encryption setup.

Also, even if I am the one operating it, I'd like to set it up so that even if the database is compromised, none of my information is.

skip to bottom if you want to just see my 2 question

Did some reading online, between reading when StandardNotes does encryption as well as how it does it and some basic reading into encryption

• https://www.baeldung.com/java-aes-encryption-decryption
• https://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit

and the importance of not having a local unencrypted database like Joplin does

So all that got me curious how Google encrypts the user data it has and would up reading

• https://security.stackexchange.com/questions/269341/how-does-googles-on-device-encryption-work
• https://developers.google.com/workspace/cse/guides/encrypt-and-decrypt-data

and the basic take-aways seem to be:

• utilize encryption on a field before storing it in a database so that even if the machine gets compromised, the data won't be
• if you want to go even further, take the approach of StandardNotes, where it seems even the web server itself never touched unencrypted data it seems? Looks like all the encrypting and decrypting happens locally and only encrypted data is sent to the server

1. But that got me curious. It can't be argued that Google is not secure. they have the best minds working there to ensure just that. and yet its also well known that their respect for user privacy is non-existent. Which means that they've made sure to protect the data [email, google searches, google docs, google maps history] from hackers but they can themselves decrypt at least some user data for the purpose of data collection and selling ads.
   But if Google can decrypt the data and that implies they store the keys on a server from what I can tell from my reading, how it is protected if someone malicious gains access to the database? If that person got access to the database and the keys that Google uses to decrypt the data, wouldn't that compromise the data?

2. if I decide to design my webapp so that all the encrypting and decrypting happens locally, that means that if I were to decide to create a REST API for my application, that would also have to be taking in data in encrypted format, no? Cause if that takes it in plaintext, that means that my webserver would have to be responsible for encryption, which it needs the keys to do that with and if it can encrypt with keys it has access to, then it can decrypt too, no? or are websites that deal with encrypted databases and have REST APIs that can take in plain text information generally coded to be using asymmetric encryption? meaning its different keys being used for encryption and decryption? Or is API Token the key in an encrypted format? or have I misunderstood the whole thing?

Main constraint: The space it needs to fit in is 7¾ in (19.7 cm) high. Width and length aren't a concern.

Primary use: Gaming. Doesn't need to be top of the line or cutting edge. Most of what I play isn't very demanding, though I would like the option to play newer stuff if I find something that interests me.

Budget: Ideally less than $1500, but I do realize that I might have to pay out a bit more because I want something both pre-built and compact. $2000 is the hard limit.

Important: I am NOT interested in building my own PC. (Yes, I have done it before, including one that was in a compact case that was HELL to get right.)

Me being uninformed: This might be a silly question, but can I lay desktop towers down on their side? Any traditional tower isn't going to fit, but some of them are thin enough that, if put in landscape instead of portrait, they would. I've read conflicting things about this online, particularly regarding liquid cooling and airflow.

If anyone has any recommendations, I'd appreciate it!

Important: This will be a noisy topic. If you do not wish to see it in your feed, please use the Ignore feature to hide it!

Tip: If the large number of comments are cluttering up the topic and you just want to see the main giveaway posts, click Collapse Replies at the top of the comments.

It’s time for annother edition of our biannual Game Giveaway topics! Share games with the community and get rid of those extra bundle keys you have lying around.

Before you participate, please make sure you read the rules below.

Rules

-Gifters

Post your available games, the platform and method of delivery, rules for your giveaways (e.g. first-come first-serve, random draw, etc.), and any additional info or requirements. Feel free to get creative!

-Giftees

Request giveaways. Please make sure you follow the gifter's posted guidelines.

-Guidelines

Anyone can choose to be a gifter, giftee, or both! Giveaway rules are set by individual gifters, but there are handful of guidelines everyone should follow:

1. No grey market keys! Only give away games from reputable sources. If you're not sure what this means, please ask.
2. Requests for games should be done in this topic, but if the gift is a key, those should be delivered by PMs only. Please don't post keys publicly in this topic, even obfuscated ones.

If you're new to these, check out previous giveaway threads to see how these usually go.

This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?