To be honest the responses sounded copy and pasted straight from ChatGPT, it seemed like there was fake feigned interest into their non-existent youtube channel.
> Overall simple security design flaws but it's good to see a company that cares to fix them, even if they didn't take security seriously from the start
I don't think that should give anyone a free pass though. It was such a simple flaw that realistically speaking they shouldn't ever be trusted again. If it had been a non-obvious flaw that required going through lots of hoops then fair enough but they straight up had zero authentication. That isn't a 'flaw' you need an external researcher to tell you about.
I personally believe companies should not be praised for responding to such a blatant disregard for quality, standards, privacy and security. No matter where they are from.
Honestly tried it out, I wanted to like it but in its current form I found myself frustrated enough to just end the 'call' and close the app. Been learning Spanish for quite some time now so wasn't put off by the 'it always talks in X language' thing people are talking about.
The thing that put me off was the speech recognition. I am not in a loud environment and I wasn't even talking and it was picking up responses and responding to it before I even opened my mouth. It blazed through the 'preferences' set up itself making up responses. Then when I did get to talk it just simply got my answers wrong. It would often interject too at random during my sentences.
I recall not too long ago a startup advertising exactly this idea for farms. It was some box with various sensors (and output lines) that you could configure to do a multitude of tasks
To be fair it's only kinda clickbait on HN. On their actual site the thumbnail is very clearly not a real rabbit and is visible before you access the article.
Out of interest how did you get the rights to stream the music? Cool game just curious if itl stick around.
I would definitely like some sort of “decade” option if at all possible so you can stick to films of a certain era. Some of the older ones I had no ability to guess (which is fine, just would like to weed those out for my own fun).
Also as others stated, some made for the movie tracks would be nice!
Check out Photopea, it has a ton of features and is fairly performant in the browser. It also seemingly copies the UI of Photoshop but impressive nonetheless.
Spains banks (I’ve used two so far) simply use your ID number which is used in a lot of places and not considered secret and enforces a 4 digit password.
I wondered once about this, but it kind of make sense from the point of view of usability.
Unlike any webservice, you usually have very few attempts to make a successful login before getting locked out, so even if it's four digits, the odds of a successful brute force attack are very low
I guess you'd get better results if you knew the font the site uses (which in many cases you could figure it out pretty quickly) or even just override every font with your own.
Some features have still moved to TLS-only even for localhost. "Considered secure" is somewhat orthogonal to "requires TLS". You can only use HTTP/2 with TLS, for instance, whether or not you are in a "secure context".
> Overall simple security design flaws but it's good to see a company that cares to fix them, even if they didn't take security seriously from the start
I don't think that should give anyone a free pass though. It was such a simple flaw that realistically speaking they shouldn't ever be trusted again. If it had been a non-obvious flaw that required going through lots of hoops then fair enough but they straight up had zero authentication. That isn't a 'flaw' you need an external researcher to tell you about.
I personally believe companies should not be praised for responding to such a blatant disregard for quality, standards, privacy and security. No matter where they are from.