Maybe you spoiled the story.

Maybe you min-maxed the fun out of it.

Maybe you played it SO much that eventually its tiny little flaws were all you could see.

Maybe you spent so much time excitedly modding it that, when it came time to finally play it, the fire was out.

Whatever the reason: what was the game, and how did you ruin it for yourself?

I've given this some thought and I'm still not sure if I'm expressing it the right way.

I generally don't like "dumb" entertainment. Having said that, I don't think I'm particularly highbrow or pretentious. A quote I refer to often was made in regard to videogames and it aligns very neatly with my philosophy: “If every movie were a porn movie, most people wouldn’t see movies. The majority of games are basically porn—the onus is on [designers] to make more things that are worth a reasonable person’s time.” That's equally applicable to other forms of media as well. You can even argue that various popular mainstream movies/franchises are essentially porn of another type (gun porn, trauma porn, etc.). All of that is to say that I try to look for a level of emotional maturity or sophistication that's beyond cheap gratification.

In practice, that usually means that my plan-to-watch list has a lot of stuff on the more serious side of the spectrum. However, I enjoy comedy just as much as anyone else. Generally, I like clever, witty comedy and I find that I get that mostly from standup comics, sketch shows, and the rare sitcom - not so much movies. But am I limited by my sense of humor? Does emotionally mature comedy necessarily mean "intellectual"/smart comedy? What comedic films would you present as emotionally mature?

This topic is part of a series. It is meant to be a place for users to discuss creative projects they have been working on.

Projects can be personal, professional, physical, digital, or even just ideas.

If you have any creative projects that you have been working on or want to eventually work on, this is a place for discussing those.

What have you been doing lately for your own fitness? Try out any new programs or exercises? Have any questions for others about your training? Want to vent about poor behavior in the gym? Started a new diet or have a new recipe you want to share? Anything else health and wellness related?

A fancier way is here — but either is great.

—-

For those using iOS with a bookmark on their homescreen, you may have been plagued like me with Tildes opening in a private window instead of the session where you’re logged in.

I don’t know why I didn’t think about this sooner, but it’s so easy

Shortcuts > New > Create New Tab > Open URL (remove the variable and put in https://tildes.net) > context menu next to the title of the shortcut > Add to Homescreen > Photo (left image option) > select your tildes logo that i forgot to tell you to save

… done. Now Tildes will always open Safari in an authenticated session. ezpz.

I see that in the headline from time to time. Not really sure how prevalent it is and it's pretty disappointing news.

but I also can't help but think:

1. the news articles are probably overblowing it and it's not probably not as prevalent as it's being portrayed
2. that any tech company doing that is shooting themselves in the foot. in total, I was an intern at various companies for a little under 3 years. I don't doubt that the work I did for the majority of the my co-ops were all things that could have been done by a chatBot. writing unit tests and small scripts and etc. but they were invaluable to me (1) understanding what is expected of me in a professional environment and (2) gave me a basic idea of how to code in a professional environment (2) gave me alot of perspective on what technologies and tools I should spend spare time learning cause my university very much focused on dinosaur-era languages, for the classes that did teach any coding related skills. same for the friends I went to uni with. So all I think is maybe in the short term, they are saving money on not hiring interns/co-ops/junior devs to do work that can be done by a bot but I feel like in the long terms that will reduce the number of intermediate/senior devs on the market which means they'll be in higher demand and cost more money.

I have changed my email more than once, just as part of customizing my online identity and all that.

and that obviously required me to login into any accounts I had and updating the email associated with them.

the most common workflow I have found is
login -> navigate to settings page -> edit the email field to the new email -> go to the inbox for the new email -> click confirm on confirmation email

then you can go to that website and do the forgot password, provide your email and change the password and get complete control.

I have always found that workflow weird cause it's the most prevalent one I have come across and seems so susceptible to tampering.

if someone leaves their laptop unattended for 3-4 minutes in public while visiting a bathroom (which happened often in the library of my university), there was nothing preventing me from going to their Facebook or whatever account they had open on their computer, changing the email to my own email and then clicking confirm on my inbox once I am back at my desk.

and most people don't have 2FA so that would effectively give me control of their account.
Hell, my university once had a potential data breach and they were 99.999% sure the data was not actually accessed by a malicious actor but still sent a mass email saying that they were advising everyone to change their passwords. a classmate of mine in the software systems program's attitude was basically "oh well, who cares?" and I just facepalmed internally.

there are maybe 3 websites I have come across that instead first send a confirmation email to your current inbox and after you confirm on that, then you get a confirmation email on the new email inbox. which isn't perfect but I feel like it's a bit more sensical and the best you can do without involving 2FA.

even then, that's also susceptible to the situation I described above if the user is always logged into their email.

I find it odd that websites don't prompt for a password as part of the email update process (or better yet 2FA with an app as even prompting for a password isn't a guarantee if the user has the password manager as an extension in their browser and they recently unlocked it before leaving their session unattended) to ensure that email changes are always done by the account owner.

What have you been watching and reading this week? You don't need to give us a whole essay if you don't want to, but please write something! Feel free to talk about something you saw that was cool, something that was bad, ask for recommendations, or anything else you can think of.

If you want to, feel free to find the thing you're talking about and link to its pages on Anilist, MAL, or any other database you use!

This is a recurring post to discuss programming or other technical projects that we've been working on. Tell us about one of your recent projects, either at work or personal projects. What's interesting about it? Are you having trouble with anything?

I am a big fan of Cloudflare Tunnels, it's let me muck about with quite a few low risk apps and it's been fun.

one thing that's always bothered me though is the SSL setup.

According to their website, only enterprise users are allowed to manage their own TLS private keys.

I can kinda understand the logic behind free accounts not having that perk.

But if you are someone who really doesn't like cloudflare reading your traffic or you are a business, it seems odd to me that it's not being demanded of cloudflare that they make it more available for paid users to not expose their TLS private keys to cloudflare.

Why are so many folks OK with cloudflare essentially being able to read all their traffic?

or am I overestimating how many people are using the Pro and Business account? is the majority of their users just Free or Enterprise?

Find yourself watching tons of great videos on [insert chosen video sharing platform], but also find yourself reluctant to flood the Tildes front page with them? Then this thread is for you.

It could be one quirky video that you feel deserves some eyeballs on it, or perhaps you've got a curated list of videos that you'd love to talk us through...

Share some of the best video content you've watched this past week/fortnight with us!

So I am finally starting the process of designing a personal website that can help manage and organize my finances for me.

So obviously, the security of such data is paramount and for the heck of it, I want to design a webapp where it doesn't operate by the rules of "trust me bro" even though I will be the one designing it and most likely will be the only one ever to use it. Just want that experience of proper encryption setup.

Also, even if I am the one operating it, I'd like to set it up so that even if the database is compromised, none of my information is.

skip to bottom if you want to just see my 2 question

Did some reading online, between reading when StandardNotes does encryption as well as how it does it and some basic reading into encryption

• https://www.baeldung.com/java-aes-encryption-decryption
• https://security.stackexchange.com/questions/14068/why-most-people-use-256-bit-encryption-instead-of-128-bit

and the importance of not having a local unencrypted database like Joplin does

So all that got me curious how Google encrypts the user data it has and would up reading

• https://security.stackexchange.com/questions/269341/how-does-googles-on-device-encryption-work
• https://developers.google.com/workspace/cse/guides/encrypt-and-decrypt-data

and the basic take-aways seem to be:

• utilize encryption on a field before storing it in a database so that even if the machine gets compromised, the data won't be
• if you want to go even further, take the approach of StandardNotes, where it seems even the web server itself never touched unencrypted data it seems? Looks like all the encrypting and decrypting happens locally and only encrypted data is sent to the server

1. But that got me curious. It can't be argued that Google is not secure. they have the best minds working there to ensure just that. and yet its also well known that their respect for user privacy is non-existent. Which means that they've made sure to protect the data [email, google searches, google docs, google maps history] from hackers but they can themselves decrypt at least some user data for the purpose of data collection and selling ads.
   But if Google can decrypt the data and that implies they store the keys on a server from what I can tell from my reading, how it is protected if someone malicious gains access to the database? If that person got access to the database and the keys that Google uses to decrypt the data, wouldn't that compromise the data?

2. if I decide to design my webapp so that all the encrypting and decrypting happens locally, that means that if I were to decide to create a REST API for my application, that would also have to be taking in data in encrypted format, no? Cause if that takes it in plaintext, that means that my webserver would have to be responsible for encryption, which it needs the keys to do that with and if it can encrypt with keys it has access to, then it can decrypt too, no? or are websites that deal with encrypted databases and have REST APIs that can take in plain text information generally coded to be using asymmetric encryption? meaning its different keys being used for encryption and decryption? Or is API Token the key in an encrypted format? or have I misunderstood the whole thing?

Have you watched any movies recently you want to discuss? Any films you want to recommend or are hyped about? Feel free to discuss anything here.

Please just try to provide fair warning of spoilers if you can.