Render to html and then use webkit2pdf which will give you a pdf that looks exactly like the html shown in chrome. This is a million times easier than working with PDF libraries
I always think of Randal shwartz when I think of people saying, “I’m an X language programmer”. You don’t want to be the last guy on earth that’s the expert in a dead language.
I just switched off of ledger because multiple accountants and tax preparers didn’t know what to do with it even if I hand generated profit and loss reports.
Quickbooks online has gotten pretty good. I honestly wouldn’t recommend these plain text tools anymore. Quickbooks has become almost a standard.
Congrats on launching and building something. Unfortunately I think this is very bad for security. We have seen numerous accounts take overs from iMessage and sms based 2fa. This makes it even easier. I also don’t understand why password managers are starting to support storing totp. It is a terrible idea.
My view is that totp/2FA prevents someone with only your password from logging in.
Having the totp seed inside a password manager doesn't break this goal, so I'm fine with it.
Of course it means if my password manager gets hacked, there's everything to log in inside, but I'm more concerned about services leaking password hashes that get broken, or accidentally getting phished (and giving up a password + totp combo that can only be used once) instead of my password manager being hacked.
I just went round and round with my bank about needing my phone number so they can text me a TOTP. You know, for security. They just can't quite seem to wrap their head around how having the same device running their banking app that also receives the text is not secure when the device is no longer in your possession.
Doesn't the attacker still need to know the password to the banking account, or the master password to the password manager? That'd be the second factor.
Besides being able to unlock the phone in the first place obviously.
I only switched to a device with FaceID recently, so I haven't seen how often false positives are in the wild. I still have devices with ThumbID, and I can get into my tablet with rubber gloves without any issues. As far as just a password, if you're using a password manager also located on the phone... There's also people that just don't enable any of that kind of thing on their apps. So we're still fighting those fights. I'm the type that wishes every single app required authentication though.
Huh, TOTP and HOTP are pretty technical terms, and I generally don't hear them in places meant for general consumers to read (e.g. even Google Authenticator, which does TOTP and HOTP, doesn't say TOTP or HOTP). The general term, OTP is much more common, and is accurate for SMS.
Its called two step verification. Prevents someone from “guessing” the password but doesn’t stop someone who has physical access to the device with the password stored. Same as with e-mail or SMS codes, basically. I don’t think i recall any websites that detect i am using my phone and rely on a true “second factor” aside from enterprise applications where i got a hardware yubi key.
It is called 2 factor or multi-factor authentication. It should be something you know (password) and something you have (device). Storing totp with your password defeats the entire point of it.
> I also don’t understand why password managers are starting to support storing totp.
1Password's had this for many years now. In a perfect world with users who followed the rules perfectly every time, a separate TOTP gadget is clearly better. In this world, a slightly less secure TOTP system that's convenient enough that regular people actually use it is vastly better than a perfect system that gets worked around.
Analogy: NIST says to stop requiring periodic password rotations. In dreamland, users would use their password manager to create a new, ultra-strong, unique password every time. In reality, people tired of the rotation treadmill go from `SecurePassword!202406` to `SecurePassword!202407`.
As a component, a separate TOTP generator is better. As a system, an integrated one is more useful.
My home IP doesn’t change much so I just open ssh port only to my own IP. If I travel I’ll add another IP if I need to ssh in. I don’t get locked out because I use VPS or cloud provider firewall that can be changed through console after auth/MFA. This way SSH is never exposed to the wider internet.
I've recently done this for all my boxes, but tailscale over barebones wireguard. So fucking awesome. I just run tailscale at all times on all my boxes, all my dns regardless of what network i'm on goes to my internal server that upstreams over tls. It's great, and tailscale is a snap to set up.
tens of millions a day, I sometimes wonder why people take on these false "people are still using __________?" when they know that people are still using twitter and reddit and facebook. Do you have any explanation as to why one would act pseudo-shocked? Is there a point?
(Not OP) I legitimately thought reddit the site had died and gone full ghost town. My use of reddit has almost always been as a knowledge resource, and that had been totally destroyed with these API changes.
Like, very often I have a technical question, search it+reddit and find a seemingly helpful thread with most of the comments deleted. It's logical to assume that most people who also engaged with reddit like this have slowed their use considerably.
Hell, lately I'm more likely to slap "hacker news" onto my search query
Oh dear, I haven't used any FedEx APIs in a while. but when I did it was XML based (maybe SOAP) and the ordering of some of the fields mattered!! This was of course not documented anywhere.
