What have you been doing lately for your own fitness? Try out any new programs or exercises? Have any questions for others about your training? Want to vent about poor behavior in the gym? Started a new diet or have a new recipe you want to share? Anything else health and wellness related?

Share some digital clutter from one of your hard drives -- something from a LONG time ago. For example: a to-do list, poetry, a script you wrote, a PowerPoint presentation, etc.

Give us the date the file was created/modified.

And, if you so choose, give us context on the file (but if you'd rather let it speak for itself, feel free!).

I have changed my email more than once, just as part of customizing my online identity and all that.

and that obviously required me to login into any accounts I had and updating the email associated with them.

the most common workflow I have found is
login -> navigate to settings page -> edit the email field to the new email -> go to the inbox for the new email -> click confirm on confirmation email

then you can go to that website and do the forgot password, provide your email and change the password and get complete control.

I have always found that workflow weird cause it's the most prevalent one I have come across and seems so susceptible to tampering.

if someone leaves their laptop unattended for 3-4 minutes in public while visiting a bathroom (which happened often in the library of my university), there was nothing preventing me from going to their Facebook or whatever account they had open on their computer, changing the email to my own email and then clicking confirm on my inbox once I am back at my desk.

and most people don't have 2FA so that would effectively give me control of their account.
Hell, my university once had a potential data breach and they were 99.999% sure the data was not actually accessed by a malicious actor but still sent a mass email saying that they were advising everyone to change their passwords. a classmate of mine in the software systems program's attitude was basically "oh well, who cares?" and I just facepalmed internally.

there are maybe 3 websites I have come across that instead first send a confirmation email to your current inbox and after you confirm on that, then you get a confirmation email on the new email inbox. which isn't perfect but I feel like it's a bit more sensical and the best you can do without involving 2FA.

even then, that's also susceptible to the situation I described above if the user is always logged into their email.

I find it odd that websites don't prompt for a password as part of the email update process (or better yet 2FA with an app as even prompting for a password isn't a guarantee if the user has the password manager as an extension in their browser and they recently unlocked it before leaving their session unattended) to ensure that email changes are always done by the account owner.

I am a big fan of Cloudflare Tunnels, it's let me muck about with quite a few low risk apps and it's been fun.

one thing that's always bothered me though is the SSL setup.

According to their website, only enterprise users are allowed to manage their own TLS private keys.

I can kinda understand the logic behind free accounts not having that perk.

But if you are someone who really doesn't like cloudflare reading your traffic or you are a business, it seems odd to me that it's not being demanded of cloudflare that they make it more available for paid users to not expose their TLS private keys to cloudflare.

Why are so many folks OK with cloudflare essentially being able to read all their traffic?

or am I overestimating how many people are using the Pro and Business account? is the majority of their users just Free or Enterprise?

What have you been watching and reading this week? You don't need to give us a whole essay if you don't want to, but please write something! Feel free to talk about something you saw that was cool, something that was bad, ask for recommendations, or anything else you can think of.

If you want to, feel free to find the thing you're talking about and link to its pages on Anilist, MAL, or any other database you use!

Tildes is a very serious site, where we discuss very serious matters like lego.island, 2025 iran israel war and the onion. Tags culled from the highest voted topics from the last seven days, if anyone was puzzled.

But one of my favourite tags happens to be offbeat! Taking its original inspiration from Sir Nils Olav III, this thread is looking for any far-fetched offbeat stories lurking in the newspapers. It may not deserve its own post, but it deserves a wider audience!

Add awesome game deals to this topic as they come up over the course of the week!

Alternately, ask about a given game deal if you want the community’s opinions: e.g. “What games from this bundle are most worth my attention?”

Rules:

• No grey market sales
• No affiliate links

If posting a sale, it is strongly encouraged that you share why you think the available game/games are worthwhile.

All previous Save Point topics

If you don’t want to see threads in this series, add save point to your personal tag filters.

So I am finally starting the process of designing a personal website that can help manage and organize my finances for me.

So obviously, the security of such data is paramount and for the heck of it, I want to design a webapp where it doesn't operate by the rules of "trust me bro" even though I will be the one designing it and most likely will be the only one ever to use it. Just want that experience of proper encryption setup.

Also, even if I am the one operating it, I'd like to set it up so that even if the database is compromised, none of my information is.

skip to bottom if you want to just see my 2 question

Did some reading online, between reading when StandardNotes does encryption as well as how it does it and some basic reading into encryption

• https://www.baeldung.com/java-aes-encryption-decryption
• https://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit

and the importance of not having a local unencrypted database like Joplin does

So all that got me curious how Google encrypts the user data it has and would up reading

• https://security.stackexchange.com/questions/269341/how-does-googles-on-device-encryption-work
• https://developers.google.com/workspace/cse/guides/encrypt-and-decrypt-data

and the basic take-aways seem to be:

• utilize encryption on a field before storing it in a database so that even if the machine gets compromised, the data won't be
• if you want to go even further, take the approach of StandardNotes, where it seems even the web server itself never touched unencrypted data it seems? Looks like all the encrypting and decrypting happens locally and only encrypted data is sent to the server

1. But that got me curious. It can't be argued that Google is not secure. they have the best minds working there to ensure just that. and yet its also well known that their respect for user privacy is non-existent. Which means that they've made sure to protect the data [email, google searches, google docs, google maps history] from hackers but they can themselves decrypt at least some user data for the purpose of data collection and selling ads.
   But if Google can decrypt the data and that implies they store the keys on a server from what I can tell from my reading, how it is protected if someone malicious gains access to the database? If that person got access to the database and the keys that Google uses to decrypt the data, wouldn't that compromise the data?

2. if I decide to design my webapp so that all the encrypting and decrypting happens locally, that means that if I were to decide to create a REST API for my application, that would also have to be taking in data in encrypted format, no? Cause if that takes it in plaintext, that means that my webserver would have to be responsible for encryption, which it needs the keys to do that with and if it can encrypt with keys it has access to, then it can decrypt too, no? or are websites that deal with encrypted databases and have REST APIs that can take in plain text information generally coded to be using asymmetric encryption? meaning its different keys being used for encryption and decryption? Or is API Token the key in an encrypted format? or have I misunderstood the whole thing?

This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

tl;dr - Is it normal for 6 year olds to randomly start throwing massive tantrums. My son up to this point has been very mild mannered and not prone to getting upset. But the last few weeks have been insane.

My son (6) has been going through something that is just really challenging the heck out of me. It started a few weeks ago when we were getting ready to leave for trip to visit family a few states away. He complained that his stomach hurt and began sobbing and begging to take a bath. So we accommodated and let him take 3 baths in a single day because we figured he just wasn't feeling well. We scheduled a doctor's appointment and the doctor just suggested a bland diet for a day and see how it plays out. After that he didn't really seem to have any issues, so we went ahead with our trip.

The hours-long drive didn't seem to faze him at all and we arrived safe and sound, despite a heavy rainstorm on the way. Over the course of the trip, every time we tried to drive somewhere to meet up with family, he'd claim he was sick and if we pushed on it, he'd throw a tantrum. Which is very unlike him, to be clear. And anytime we weren't talking about a car ride, he was acting pretty normal. We thought maybe it was anxiety from the drive there? The rainstorm was very intense at times, and I can see how that could be incredibly scary for a kid.

We spent the rest of the trip hyping him up for the drive home. My wife and I both have anxiety disorders, so we tried to help him understand that we knew how he felt and offered some advice (in a 6yo friendly way, to the best of our abilities). We also maintained a relatively bland diet for him in case he actually was feeling sick. But anyway we were absolutely dreading the ride home.

Just getting him and his sister in the car proved to be the absolute worst day of my parenting life. He threw the tantrum of tantrums, which set his sister off and she kept trying to escape from the car. Meanwhile it was 90F+ outside and our car's AC doesn't really kick in until you start driving. I was hot, upset, angry, scared, frustrated and just not operating at peak parental power. There was a lot of yelling, a lot of trying to hold them into their seats so I could buckle them, and all of it obviously just made the situation worse. I really fucked it up and I'm still trying to work through it all.

Long story short, we ended up separating him and his sister, with him driving home with us and his sister driving home with my parents. Once his sister was out of the car, he calmed down and we were able to leave. The plan was to just drive off and get some gas, let them both calm down, then pick her back up.

I had to go on a work trip shortly after that trip, so I was away for most last week. In that time my wife didn't try to take the kids anywhere, for fear of having a repeat incident, but solo and outnumbered by the kids. When I got back I started trying to hype my son up for the car ride to his and his sister's 6th birthday party the next day. He tried to negotiate saying maybe we could just walk instead of drive. I explained, "no it's a short car ride, but we couldn't walk there".

When the time came to take him to the party, he threw a tantrum, but I redirected using my car's remote start fob (he really liked that) and I talked him down a bit. The ride to the party was fine, as was the return trip. Then yesterday we did a trip to Gamestop so he could pick out a birthday present for himself and again the trip both ways was fine (with zero tantrum!). Although he has yet to get in the car with his sister since we got back from our trip a few weeks back and he has specifically called out not wanting to be in the car with her.

BUT the last two nights he's started throwing the exact same type of tantrums at bedtime, claiming he can only sleep in our bed and he's sick and his legs hurt and all these other things. When told no, he screams bloody murder, starts kicking and hitting, and it's really difficult for me to handle that. The tantrums of course set his sister off and then we have two 6yo twins feeding off each other's sadness and anger like two colliding hurricanes.

Is this just normal 6 year old stuff? I know they're still learning to regulate emotions and so maybe that's it? His sister went through something like this a few months ago, but it was exclusively about bedtime. She'd throw massive tantrums at bedtime while he'd just quietly go to bed. So that kind of reinforces that this is just a growth spurt of some sort? But I'm getting concerned it's something else, but I don't know what?

What have you been watching and reading this week? You don't need to give us a whole essay if you don't want to, but please write something! Feel free to talk about something you saw that was cool, something that was bad, ask for recommendations, or anything else you can think of.

If you want to, feel free to find the thing you're talking about and link to its pages on Anilist, MAL, or any other database you use!