|
raddevus wrote: even a person on same wifi can't see it
Correct.
If they had enough control of the network, they could see your DNS request(s) and know what site(s) you were connecting to, unless you use DNS over HTTPS[^].
They could see the IP address of the server you were connecting to. They could potentially the SNI[^] header indicating which site, unless the server uses ESNI[^].
But they would not be able to see or modify any of the request or response data, including the URLs, query strings, headers, and request bodies.
(Unless of course they had installed malware on your machine, or installed a malicious root certificate allowing them to MitM any site. But if they've done that, you've got bigger problems, and a VPN won't help you.)
raddevus wrote: You are already signed into your Google account on your laptop. When you go to a site like stackoverflow or CP that you use your google credentials and you're on the public wifi then the nefarious actor can grab your token and use it to sign into your account.
Again, assuming all the sites involved are using HTTPS, then nobody else can see the cookie / token to grab it. It would be part of the data that was encrypted.
And I doubt Google would allow any site not served over HTTPS to use their OAuth service to sign users in.
raddevus wrote: I'm hoping / guessing that the VPN would protect me from that.
If you're accessing sites which are not using HTTPS, then a VPN would prevent users on the local network from seeing or messing with your traffic. But it would not protect you if someone was inside the VPN provider's network and monitoring the traffic! All you've done is moved the point of trust from the people running your local network to the people providing the VPN.
There is also the potential of attacks against the VPN itself - for example:
Novel attack against virtually all VPN apps neuters their entire purpose | Ars Technica[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Fantastic information (and links). I really appreciate you taking your time to explain these things to me.
|
|
|
|
|
The solution to the token interception is to not use Google or Facebook for federated logins. Why would you want to let these two advertising companies know where else you go on the internet?
|
|
|
|
|
obermd wrote: solution to the token interception is to not use Google or Facebook for federated logins
Yes, you are correct, but even though I'm a "technologist" I am also a lazy human.
And I have 257 passwords in my password manager. This would mean even more.
I know that's not a great reason but I like the federated thing for sites I trust like this one (CP).
|
|
|
|
|
I opened Edge and then Copilot and ask this question: tell me about Edge's new vpn service
Here is the response:
Certainly! Microsoft Edge now offers a built-in VPN service called Edge Secure Network. Here’s how it works:
Encryption: Edge Secure Network encrypts your internet connection, making it secure and private.
Location Obscuring: It hides your location and IP address, preventing third parties and hackers from accessing your sensitive data.
Automatic Activation: The VPN activates automatically when you connect to open Wi-Fi networks or visit unsecured websites.
Limitations: Currently, it provides 5 GB of data and is not available for enterprise users.
To enable it:
Open Microsoft Edge.
Go to Settings > Privacy, search, and services.
Turn on Microsoft Edge Secure Network and choose Optimized3. Enjoy safer browsing with Edge Secure Network! 😊
It does say not for enterprise users and I couldn't find it in my settings, but I am an enterprise user. I'll try at home later and see if I can find it.
HTH
Jack of all trades, master of none, though often times better than master of one.
|
|
|
|
|
Great. All these free VPN services make it easier for the most toxic people on the Internet to evade bans at places with comment sections, including one I moderate.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
honey the codewitch wrote: make it easier for the most toxic people on the Internet to evade bans at places with comment sections, including one I moderate
Web2.0 is dead. Comments are dead. Turn off the comments. No one comments any more.
This is me, not commenting.
Long live Web3.0 You should only allow people to create NFTs which contain their comments, for upload to your site.
|
|
|
|
|
If I were a nefarious actor cruising coffee shops to steal login tokens...
I suspect it might be more successful to USB/wifi hack and directly compromise machines to dump off bits of the drive/memory content.
|
|
|
|
|
I have some article ideas (web stuff) and I've learned enough about React to be dangerously dumb about writing React code, and learning that I sort of hate React.
But React seems to be all the rage, and given one of my article ideas is implementing a sidebar menu (which I know has been done but all the example I've found are crappy) but I don't want to create another crappy article on sidebars, I want to show how to do it right, and I'm doubting whether I know enough to accomplish that.
I don't know if I know enough. And I've been using the older "class" way of creating React front-end stuff, not the newfangled "hooks" way, which honestly defies for the most part my understanding, no matter how many YouTube videos I watch. So it seems I would first have to understand hooks to appease the modern React coder.
And then, I'm pretty much loathing how React does things with state management.
And then I watch videos on what is coming down the pike with React (among other things, some major handwaving about async stuff that only a React geek would comprehend, maybe) and I get the sense that React, and its evolution over time, has been and continues to be quilt patches applied on top of fraying quilt patches, which leaves me wondering, how solid is their core architecture to begin with?
So I'm stuck - I want to write some web articles but I'm not convinced that React is where I want to continue my learning, and all of this has made me gunshy of other frameworks. No wonder I roll my own, but that's besides the point.
Suggestions?
|
|
|
|
|
I feel that same way about React specifically.
I wrote an article here that I would really appreciate you taking a look at: LibreGrid: Drop Into Your App, In 5 Minutes CRUD Your Custom JSON Data[^]
I built this thing that is custom and allows you to retrieve, display and edit data from any webapi but then I just froze on it.
The things I like about React:
1. You can add React into any current web app easily -- just replace a section with a component.
The things I don't like about React:
1. it changes a lot - one thing is I like JS classes to wrap stuff and now they have moved toward function-based stuff (I know JS functions are like classes but still different).
2. State stuff and all those add-ons Redux etc. I want basic stuff not all that other stuff
3. It is confusing to me how to create a stand-alone component even though supposedly that is what React is supposed to let you do -- I mean a component I can just "drop-in" on a web site.
I hope you'll check out my article and let me know what you think.
|
|
|
|
|
I'll definitely take a look, and I definitely have concerns about the how often it changes and the state stuff.
And weird stuff, like I've been researching how to create components dynamically (like, lets say I have metadata that says I need a datetime control, a dropdown, whatever) and stumbled across this bizarre statement that a tag in the render, if it starts with a capital letter, is what makes React "know" that it's a component, not say, I guess, an HTML element. And then there's something about the component referencing the actual component you want, and magic rendering happens.
That capital first letter thing just seems so kludgy.
|
|
|
|
|
You don't need redux at all. We use reacts in built context and it's simplified the code hugely without needing the extra weight of redux.
Functional components are the way to go, but learn the state model as it is different to classes.
As for the stand alone? The theory is you package it and the install pulls in the required react bits.
veni bibi saltavi
|
|
|
|
|
I have worked with React and have something of a love-hate relationship with it. While it has some interesting ideas, and I do like the functional-first approach to the design of React, my big problem with it is the "throwing the baby out with the bathwater" approach they take to new releases. With React, there is always a latest-and-greatest way of doing things which is the marketing equivalent of "new and improved" features which are incompatible with what was there before. Granted, this is all opt-in, but it does leave you with the impression that you're doing things the wrong way, even when this was the right way 6 months ago.
|
|
|
|
|
The struggle is real!
I don't understand most of the web frameworks these days. With their hooks and everything is promises, and the flow isn't immediately understandable.
I guess I'm kind of glad I'm not the only one - I thought maybe I was just getting less intellectually agile with time, but then I feel a bit guilty for being glad at your expense.
Check out my IoT graphics library here:
https://honeythecodewitch.com/gfx
And my IoT UI/User Experience library here:
https://honeythecodewitch.com/uix
|
|
|
|
|
Here! Here!
My firm conviction is that all web coding is just black (box) magic. You add some toe of frog and a sprinkle of rose petals (sourced from hopefully a reputable vendor) to a cauldron and pray that a useful potion is brewed without any side-effects. Oh, and if that toe of frog has nail fungus, then that potion is going to give you quite the headache in a few days/months/years down the line.
Bond
Keep all things as simple as possible, but no simpler. -said someone, somewhere
|
|
|
|
|
I just started a new job where they use React and whew. It has been a learning curve. I feel your pain. I haven't gotten to a point yet where I can see that it's worth it, but I keep thinking I will eventually. I mean, if you work with any language long enough you'll grow to like it. right? RIGHT?!?!
|
|
|
|
|
Spent most of my week so far getting an old Visual Basic 6 environment up and running on my Windows 11 laptop.
I've got it running in a VM now (which I got from the original programmer), but that VM has lots of noise and issues and doesn't work very well (it's the result of 20 years of development by someone who still prefers and uses VB6 and DBF), plus switching between VM and laptop is a pain.
The entire project spans some 40 applications, that use about as much components.
We need to replace all these applications one by one, making sure the output stays the same, so being able to easily run and debug them kind of comes in handy.
With a bit of "luck" we'll get another project which has even more applications (but running them will be a breeze now *ahem*).
So, I got VB6 running, which was only the first step (and surprisingly painless, followed How to install Visual Basic 6.0 on Windows 11 - YouTube[^]).
Then I had to restore all kinds of folders and files in specific places (like C:\Company\Files) and relative to various projects (like ..\..\Components\Component A, etc.).
Not to mention change all kinds of configurations (ini files) because they point to T:\ or specific databases.
Obviously, these files, folders and configurations are all over the place.
I've put all of it in Git, including bin and obj folders, because I can't rebuild most of this stuff and just opening a project in VB6 changes it (it mostly sets references from System32 to SysWOW64, etc.).
Even complete database files (mostly DBF files, but maybe some SQL backups too) got included in Git, because that's how the original programmer works.
I've got Git repositories larger than 1.5 GB now, but it!
I'm currently trying to figure out which OCX files have to be registered and (from) where.
A few (most?) are working, but I'm currently having some trouble with some TLB file... Can't register it, but it's referenced in the project, but I keep getting "Class is not registered" (can't find it registered on the VM either though)
I'm too old young for this sh*t.
|
|
|
|
|
That sounds so painful.
We are still using VStudio 2013 at work and that is painful enough.
But trying to get VB6 stuff going...
Sander Rossel wrote: The entire project spans some 40 applications, that use about as much components.
!!!! 😵😵
This feels kind of like the kind of work I've done in SQL to transform data from old schema to new.
What I mean is that you can start getting into it and writing some really great stuff and learning esoteric details.
Then you transform and transfer the data to the new schema and all that lovely SQL no longer has a purpose.
It's the pinnacle of glory when you get it done. You stand at the mountain top basking in the sun and looking down. But then one week later its just some mountain you climbed in the past.
Hopefully the company will just have you re-write the stuff to a modern dev platform. Good luck.
modified 15-May-24 10:16am.
|
|
|
|
|
raddevus wrote: It's the pinnacle of glory when you get it done. You stand at the mountain top basking in the sun and looking down. But then one week later its just some mountain you climbed in the past. Yeah, this feels pretty familiar
raddevus wrote: Hopefully the company will just have you re-write the stuff to a modern dev platform. Good luck. It's our job to rewrite it to something modern and since I'm the final boss we're using the latest greatest: .NET 8 with .NET MAUI (a bit of a gamble to be honest) and ASP.NET Core
|
|
|
|
|
Yeah, this is why I laugh at everyone who shouts in my face "VB6 STILL WORKS AND IS STILL A GOOD PLATFORM!"
Sure, it works. If you like propping the damn projects and COM controls up with 2x4s, chicken wire, and duct tape.
|
|
|
|
|
Yeah, it's not good and it only works after a lot of blood, sweat and tears and then you'll just have to pray it keeps working
That said, it still works
|
|
|
|
|
I had a similar journey getting my VC6 IDE running on a Windows 7 machine (no VM). Took days of porting certain files over from XP, but finally managed to get it all going. The guys in the IT department can't understand why I don't want them touching that machine.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"You can easily judge the character of a man by how he treats those who can do nothing for him." - James D. Miles
|
|
|
|
|
Aren't TLB files generated from DLL files?
It might be easier to find to original DLL and generate a new TLB file.
Best of luck in your VB6 'adventure'
|
|
|
|
|
Yeah, found that out along the way.
Never heard of TLB files before, but I did it!
|
|
|
|
|
TLB files are useful if you work with COM objects. We do so that our unmanaged Delphi code can talk to our .NET Framework code. Even though COM is old, it still is the best when you need something like this. We can even embed .NET UI components into our Delphi UI via OLE, which is also using COM/TLB at some level.
Bond
Keep all things as simple as possible, but no simpler. -said someone, somewhere
|
|
|
|
|