Thomas Broyer
@tbroyer.ltgt.net
Web development (frontend, Web APIs), Web app security, build tools, Java, Kotlin, Gradle, etc.
Blog: https://blog.ltgt.net
Fediverse: https://piaille.fr/@tbroyer
GitHub: https://github.com/tbroyer
Blog: https://blog.ltgt.net
Fediverse: https://piaille.fr/@tbroyer
GitHub: https://github.com/tbroyer
November 11, 2025 at 9:21 PM
NIST recommends doing this (pages.nist.gov/800-63-4/sp8...; they've changed their stance over time though: pages.nist.gov/800-63-3/sp8...), and checking against Pwned Passwords it might (theoretically at least) make a difference.
NIST Special Publication 800-63B
NIST Special Publication 800-63B
pages.nist.gov
November 10, 2025 at 3:46 PM
NIST recommends doing this (pages.nist.gov/800-63-4/sp8...; they've changed their stance over time though: pages.nist.gov/800-63-3/sp8...), and checking against Pwned Passwords it might (theoretically at least) make a difference.
(oh and you were replying to the part about making it even worse? 😅)
November 8, 2025 at 5:28 PM
(oh and you were replying to the part about making it even worse? 😅)
Admins of what? The potential inadvertent spammer? 🤣
You can add comments to commits, if you want to notify someone, that's where you can do it, in a much more explicit way: it's a comment, it works like other comments. Commit messages are more like commit content than like comments.
You can add comments to commits, if you want to notify someone, that's where you can do it, in a much more explicit way: it's a comment, it works like other comments. Commit messages are more like commit content than like comments.
November 8, 2025 at 5:11 PM
Admins of what? The potential inadvertent spammer? 🤣
You can add comments to commits, if you want to notify someone, that's where you can do it, in a much more explicit way: it's a comment, it works like other comments. Commit messages are more like commit content than like comments.
You can add comments to commits, if you want to notify someone, that's where you can do it, in a much more explicit way: it's a comment, it works like other comments. Commit messages are more like commit content than like comments.
And by that reasoning, should GitHub also notify people you mention in code (including markdown files) in your commit?
November 8, 2025 at 4:48 PM
And by that reasoning, should GitHub also notify people you mention in code (including markdown files) in your commit?
If I write about @Inject or @Nullable java annotations in a commit message and GitHub notifies/spams users named inject or nullable, that's a bug, not a feature.
It'd work (maybe) on-premise or scoped to org members or project contributors, but not at github's full scale.
It'd work (maybe) on-premise or scoped to org members or project contributors, but not at github's full scale.
November 8, 2025 at 4:48 PM
If I write about @Inject or @Nullable java annotations in a commit message and GitHub notifies/spams users named inject or nullable, that's a bug, not a feature.
It'd work (maybe) on-premise or scoped to org members or project contributors, but not at github's full scale.
It'd work (maybe) on-premise or scoped to org members or project contributors, but not at github's full scale.
Should have never been a thing if you ask me.
November 8, 2025 at 4:21 PM
Should have never been a thing if you ask me.
You think you want (or are ok with / could live with) the constraints of the framework (because you think you'll go much faster) until you realize they prevent you from doing what you need to (or slow you down so much that you just lost all the speed you initially got).
November 6, 2025 at 11:03 PM
You think you want (or are ok with / could live with) the constraints of the framework (because you think you'll go much faster) until you realize they prevent you from doing what you need to (or slow you down so much that you just lost all the speed you initially got).
We have similar content in our knowledge base at work directed towards managers/sales so they don't promise/sell "just a login page" to our clients, but understand the complexity of authentication.
(we also have other docs for our developers to help them implement things "correctly", i.e. securely)
(we also have other docs for our developers to help them implement things "correctly", i.e. securely)
November 5, 2025 at 11:12 PM
We have similar content in our knowledge base at work directed towards managers/sales so they don't promise/sell "just a login page" to our clients, but understand the complexity of authentication.
(we also have other docs for our developers to help them implement things "correctly", i.e. securely)
(we also have other docs for our developers to help them implement things "correctly", i.e. securely)
Fwiw, I wrote this a couple years ago as a reaction to blog posts I was seeing every other week: blog.ltgt.net/beyond-the-l...
Beyond the login page
blog.ltgt.net
November 5, 2025 at 11:12 PM
Fwiw, I wrote this a couple years ago as a reaction to blog posts I was seeing every other week: blog.ltgt.net/beyond-the-l...