That is the hid mode parent is mentionning. With ykman you can configure the Yubikey to simulate being a USB keyboard (Human Interface Device) and then "type" a static password. The default setting is to type a Yubico specific OTP that can be checked by calling an API. The issue with the static password is that anybody getting near the yubikey with a device having a USB port can steal the password in seconds.

And any accidental button-press while in a chat-app or website will leak your password. I've seen many yubikey otp's accidentally pasted into irc, if you set it to password, you just posted that. I'd never recommend using that mode.

Never happened to me since I use the slot 2 and it requires a long press.

Thank you for explanation! I wasn't aware of this feature.

I used to play a lot of this with my grandmother and cousins when I was a child. Later I happened to work in the factory mentionned in the article, which was at the time rented as warehouse and office for an E-commerce company. There was a huge Dujardin logo painted on the outer wall, which was preserved when they repainted the building [0]

[0] https://maps.app.goo.gl/2HMq4m4qkCH6FtYa6

I had a similar problem with the Tecurs KB510 I got at work. The only way I found to type F1-F12 keys on Linux was to set up a hack with kbct [0] and the Super key... until I tried the configuration described in the gist you linked. Thanks a lot for that !

[0] https://github.com/samvel1024/kbct

Putting in place an infrastructure to test this kind on changes on the 5-10 most popular browser would be, I think, very cheap for a company like Google. I can't help thinking these may be deliberate moves to eat the little market shares of Chrome concurrents. I remember reading here on HN an article written by an ex-Mozilla insider relating the dissonance between the "friendly" Mozilla-Google employees exchanges and the year-long track record of very oddly recurrent "unfortunate mistakes" from Google degrading the Firefox compatibility.

I am trying to find the link, but for the moment I only find comment making, I think, references to it :

https://news.ycombinator.com/item?id=19815348 https://news.ycombinator.com/item?id=28495546

Does anybody here remember enough keywords to find it out ?

Edit: I guess it was this Twitter thread https://mobile.twitter.com/johnath/status/111687123179245568...

Edit 2: The associated HN thread https://news.ycombinator.com/item?id=19662852

Yes - they clearly don’t test the GCP console in Firefox since they “accidentally” break it on a regular basis, and there’s just no excuse for that happening at such a rich, well-staffed company.

> Putting in place an infrastructure to test this kind on changes on the 5-10 most popular browser would be, I think, very cheap for a company like Google.

The problem wasn't some web server, it's the Firefox backend services running on GCP.

Testing wouldn't have revealed anything because this didn't break with Firefox outright, it only broke when Firefox telemetry used it due to a complex series of circumstances.

This was the only free service I think. More streamlined than pagesjaunes.fr for a long time

UTF-16 can represent the full range of Unicode codepoints by using couples of surrogates

Technical amendment: UTF-16 can represent the full range of Unicode scalar values with surrogate pairs. Code points includes the surrogates U+D800–U+DFFF, scalar values don’t. Like all other Unicode encodings, UTF-16 cannot represent surrogates.

That’s where the real problem lies: almost nothing that uses UTF-16 actually uses UTF-16, but rather potentially ill-formed UTF-16.

You're right. Replace UTF-16 with UCS-2 and the comment sounds at least slightly more correct.

Sort of. Applications using UTF-16 have to be aware of pairs at the application level. Many are not.

This isn't a consequence of using UTF-16 as such - Java, .NET etc could totally have an API around UTF-16 strings that handles surrogate pairs. The problem, rather, is that those languages introduced a 16-bit type that they called "character", even though it wasn't even a Unicode codepoint. And then used that type throughout all string APIs, including strings themselves (indexing etc).

In .NET land you're now supposed to use https://docs.microsoft.com/en-us/dotnet/api/system.text.rune instead. It transparently handles surrogate pairs, so the app needn't be aware of anything - and yet the internal encoding is still UTF-16.

I had to do it when importing keys on another device

Frankly if you go with the most popular extensions: Flask-SQLAlchemy, Flask-Login and Flask-Admin you will have more or less all the features of Django with a nicer API, better documentation and more flexibility

I've been using all of them, and no, not at all. Flask-admin is a far cry from the django admin. It's also buggy sometimes.

Flask-SQLalchemy is not well integrated at all. E.G: try to play with it in the shell, the session management is annoying as hell.

As of flak-login, it doesn't have a tenth of the

Also you forgot: csrf handling, i18n, xss, click hijacking, cache backends, and so on. That's again, more plugins you have to select.

And that's a lot to configure, learn doc, then upgrade when the times come, on top of that.

All of them will, obviously, not be compatible with SQLA 2 next year, because the projects are not a whole, so it's going to be even more fun on the months to come.

I really think a beginner should not use that.

This is a good summary. Sometimes I too forget how much stuff Django provides out of the box for free. But now it is an old and boring tech, apparently. Oh well.

The rumors say that it will launch with Half-Life 3 pre-installed

The technology most suited to improve one's resume will be the one most in demand on the job market, and therefore also the most difficult skill to hire for...