Web Development

Just noticed that Stackoverflow has a new front end in Beta. I do not like it, however I slowly begin to fear im just another boomer. :( What do people on here think about it?

I think the beta looks just like any other weekend project with cookie cutter elements. There is nothing to differentiate it from other sites that are made after 2020. Current design is also way more concise Im not sure when we started using the whole widescreen for a website. Sure wasted screen estate is unfortunate but long mouse travel times are also uncool.

I'm putting together an API for a project, and one of the requirements is MFA. I'm using TOTP and that all works. I also have facilities to clear the MFA token and regenerate / re-enroll the secret, but I'm wondering what the best practice is for invoking that.

Essentially I need a "forgot password" but for their MFA method (e.g. if they lose their phone or MFA secret).

Would a valid password + validation email be sufficient? Or should I require the user to contact the administrators to reset the MFA? Or something else?

Implementation Notes:

• MFA is required for a password reset, so if their email is compromised, the attacker wouldn't necessarily be able to set a new password
• A valid email address is required and verified at signup.
• If they lose access to their email and MFA, they will have to contact the application administrators for assistance.
• This isn't a "high stakes" application (e.g not banking, healthcare, etc) but I do want to make sure accounts are reasonably secure.

cross-posted from: https://lemmy.bestiver.se/post/946712

Comments

I come with a seemingly simple question: should outbound links be styled differently than intra-site links? For example, the way Wikipedia does it with an icon after the text of the link. Do users care? Did anyone done any research on that?

I’m thinking of situations where you might have a sentence like ‘I’ve written about this before, and recent events around ACME corporation only made me entrenched in my opinion.’ where ‘written about this before’ would be a link to another page on the website and ‘recent events around ACME corporation’ would be link to external site.

cross-posted from: https://lemmy.bestiver.se/post/928726

Comments

Pay per crawl is a new feature to allow content creators to charge AI crawlers for access to their content.

Pay per crawl grants domain owners full control over their monetization strategy. They can define a flat, per-request price across their entire site. Publishers will then have three distinct options for a crawler:

1. Allow: Grant the crawler free access to content.
2. Charge: Require payment at the configured, domain-wide price.
3. Block: Deny access entirely, with no option to pay.

Although this is old news, I still found it interesting. Also, I like the "AI Labyrinth" feature of Cloudflare to block AI bots.

cross-posted from: https://lemmy.bestiver.se/post/913717

Comments

By leveraging WebRTC for direct browser-to-browser communication, it eliminates the middleman entirely. Users simply share a unique URL to establish an encrypted, private channel. This approach effectively bypasses corporate data harvesting and provides a lightweight, disposable communication method for those prioritizing digital sovereignty.

Features include:

• P2P
• End to end encryption
• Forward secrecy
• Post-quantum cryptography
• Multimedia
• Large file transfer
• Video calls
• No registration
• No installation
• No database
• TURN server

*** The project is experimental and far from finished. It's presented for testing, feedback and demo purposes only (USE RESPONSIBLY!). ***

This project isnt finished enough to compare to simplex, briar, signal, etc... This is intended to introduce a new paradigm in client-side managed secure cryptography. Allowing users to send securely encrypted messages; no cloud, no trace.

Technical breakdown: https://positive-intentions.com/blog/p2p-messaging-technical-breakdown

Demo: https://p2p.positive-intentions.com/iframe.html?globals=&id=demo-p2p-messaging--p-2-p-messaging&viewMode=story