1. 9
  1. 4

    I added this to the list of sister sites yesterday.

    1. 1

      Ah cool. I guess you can add https://datatau.net/ as well as it’s very similar and also been around for some time now.

      1. 1

        just had a thought: if you could somehow make it so that users of sister sites can use same identity, it would be come a federation of sites, similar to stack(math,sysadmin)overflow. Sorry this should probably go to meta topics.

      2. 2

        Hey, cool!

        1. 1

          “Error”.

          I wish webapps would start implementing better error handling to tell the user what’s wrong. It’s true that there would be times that the user wouldn’t be able to fix the issue, but some of times on the contrary.

          1. 1

            While I agree with your general sentiment, I don’t get any errors when I view the site from my browser.

            1. 1

              Unless you are responsible for fixing whatever went wrong, it’s typically better in security terms to not say. “Something went wrong, sorry, it’s been logged” is all you really need to know.

              1. 1

                Remind me to not use any system that you’ll build :P. Security by obscurity is never the solution.

                I simply disagree. Sometimes the user is able to fix things. Also some things are not working because of the user. Not telling the reason for failure is a source of frustration and nothing more.

                1. 1

                  By the way, “security by obscurity” is all about doing nothing but hiding the details. Being able to tell the difference in problems handling a request is why there are different HTTP response codes.

                  You can tell a user that they need to authenticate with a 401, but you don’t let them enumerate valid user IDs by telling them that just the password was wrong. If a database query fails, you give them a 500, and not barf out an Oracle error message that tells them they’ve likely found a SQL injection vulnerability. You log the error, and make sure that someone can figure out why the error occurred, and hopefully fix it before it gets exploited.

                  Not all users are your friends, and what you propose is like holding up a flag when a sniper just misses their target. It’s not our job to make the attacker’s job easier.