The best way to handle passwords IMO, is to have the browser compute a quick hash of the password, and then the server compute the hash of that. That way the "password" that is being sent to the server is always the same length.
eu8
joined 1 year ago
Well we don't know how that website is actually storing the password. They may well be using a password hash. Also, you should use scrypt or argon over bcrypt IMO. And there should be no upper restrictions on password length. argon2 can handle hashing megabytes of data in about the same time as a short password, so there's never a need to limit the password length.
and if we really want to keep growing then we can do so without Meta.
No we cannot. This website is barely usable. The average person doesn't want to use lemmy. They want to hear what their favorite musicians and athletes are up to. They want to use a service that has a massive user base so they can learn new things from experts in various niche fields, etc. They don't want to go to a website with 1000 people who all share the same unpopular political views.
By joining with threads, we make it easier for this average person to switch over to lemmy or mastadon. There is literally no downside to federating with them. They can't shut down smaller instances.
How will they destroy it if they are literally only making it larger and more useable. The average normie today has no reason to create a mastadon account, because almost no one uses it. But if they can use a major social media platform, and use a federated free service like mastadon, then that makes mastadon much more valuable to them.
The fact that a social media service is objectively good doesn't mean anyone is going to use it. Having backing from the biggest social media company in the world, might actually get people to use it.
I disagree with the prevailing sentiment here. Meta using ActivityPub is going to help ActivityPub grow an will be good for federated platforms like lemmy, and mastadon.
Lemmy should not block threads.net. Individual users can simply opt out of using threads, but it's good if we can communicate with people using it and they can communicate with us using a decentralized, free, standard.
c/Xporn when X is not sexual. Like r/foodporn, r/earthporn, or r/animalporn.
Reddit's database was pretty poorly designed. They designed it to be really flexible so they could make changes easily early on, but it was highly inefficient. I don't know if it's still like that, but the old website's source code is public and it is very inefficient.
It is bad programming. Specifically it is very bad security (especially setting a maximum length - that is just ridiculous). I think websites should not rely too much on passwords anyway. They should be designed under the assumption that attackers will fairly commonly get access to user passwords, and therefore not let someone do too much damage from simply being able to login to your account.