I may be annoyed if your project provides docs online, but there's no way to search for things.

Stephan boosted

How are we past the autumn equinox already we haven't had enough summer I'm not ready for this yet I'm not equipped for any of this I want sun and light and warmth can someone please do something?!

Pro Tip: If you get a new mobile phone, make *SURE* that you have recovery keys for any 2FA you use. Or, if it's synced to another device, check whether the configured 2FA settings aren't wiped when you reset the old phone.

Stephan boosted

Ruby's performance has improved dramatically (and will continue to improve in Ruby 3.3), please update your mental models.

railsatscale.com/2023-09-18-ru

Stephan boosted

We’re evolving. Be part of that direction. Tell us how we can be a stronger, better, forward-looking source of tech know-how and learning. We look forward to your feedback. Contact improve@pragprog.com

By devs, for devs, the friend at your shoulder.

pragdave.me/thoughts/active/20

Stephan boosted

@PacMan225
On your device, open the Google Authenticator app.
Tap your profile photo.
Hit Use without an account.
Tap Continue.

Stephan boosted

This is a terrifying and sobering write-up by Retool on so many levels. It's about about a recent spear-phishing via SMS attack on employees, followed by voice phishing attack that deepfaked an employee's voice.

Retool said just one of its employees fell for it, which is of course all it takes. Here's the scary part:

"The voice was familiar with the floor plan of the office, coworkers, and internal processes of the company. Throughout the conversation, the employee grew more and more suspicious, but unfortunately did provide the attacker one additional multi-factor authentication (MFA) code.

The additional OTP token shared over the call was critical, because it allowed the attacker to add their own personal device to the employee’s Okta account, which allowed them to produce their own Okta MFA from that point forward. This enabled them to have an active GSuite session on that device. Google recently released the Google Authenticator synchronization feature that syncs MFA codes to the cloud. As Hacker News noted, this is highly insecure, since if your Google account is compromised, so now are your MFA codes.

Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option. In our corporate Google account, there is also no way for an administrator to centrally disable Google Authenticator’s sync “feature”. We will get more into this later."

retool.com/blog/mfa-isnt-mfa/

Stephan boosted

Jetzt ist die Nachricht auch in deutscher Sprache erhältlich: Das #ActivityPub Plugin für #WordPress von @pfefferle@mastodon.social hat die Version 1.0.0 erreicht und wird nun auch von der Firma hinter WordPress, #Automattic, stark promotet. Das bedeutet: 43% aller Websites weltweit haben damit einen potentiellen Anschluss ans #Fediverse.
https://www.heise.de/news/Von-WordPress-direkt-zu-Mastodon-Co-ActivityPub-Plugin-erreicht-Version-1-0-9306195.html

Stephan boosted

ruby-3.3.0-preview2 has been added to ruby-versions for ruby-install users.

$ ruby-install ruby-3.3.0-preview2

ruby-lang.org/en/news/2023/09/
#ruby #ruby_install

Stephan boosted

Nice: Cucumber 9.0 (the version of it, github.com/cucumber/cucumber-r) contains a bug fix I provided 😊: It no longer fails with an exception if you have $CUCUMBER_COLORS defined.

Stephan boosted
Stephan boosted

Happy to run the fair at the @AgileTDZone 2023 with @the_qa_guy .

Looking forward to host some awesome folks again, like @janetgregoryca , @lisacrispin , Craig Risi, Anne Kramer, Jan Jaap Cannegieter, Ash Winter, Ben Linders, Andrea Jensen, Laveena Ramchandani, Vera Baum, @emna__ayadi, Eveline Moolenaars, @TheTraveller.

Pro tip: If you're using, say, your mobile phone for 2FA, consider having a backup for that phone. The display or my (old-ish) one broke, and now I hope it will work long enough until I get a replacement (and, yes, I did set up a second device to use for 2FA 🙂)

Stephan boosted
Stephan boosted
Stephan boosted
Stephan boosted
Stephan boosted
Stephan boosted

From now on I will be addressed by my proper name, Ram-square root-bigger than or equal to-n

Show older
Software development is a social activity

A social place intended as a chill hangout place for software testers, developers, or just about anyone involved in delivering software and who is interested in both the technical as well as the social side of things.

sw-development-is.social is supported by the Association for Software Testing.

For more information about this instance,