Hacker News new | past | comments | ask | show | jobs | submit | iimpact's comments login

not the author, but when I was facing the same issue with customization, I came across: https://www.keycloakify.dev/


with Keycloakify, you can create themes in React: https://www.keycloakify.dev/


Nice! Thanks for sharing.


How do you like this? I did come across it when I was searching


Sorry for late reply if you see this at all.

I like it. I assume there isn’t an alternative so I’m forgiving of any friction or limitation as it has enough of the basics to do most things. The main thing id like is better UX with filtering/highlighting things. It does support those things though


jless looks pretty awesome.. using lnav right now, but jless has a lot more pre-built json handling from what I can tell


appreciate the info.. will check these out


you can also encrypt the db file it self (before putting it on dropbox) with something like EncFS.


I used to do that when I used purely Linux. However, once you bring iPhone and Windows into the picture it doesn't work anymore.


We tested it out at my company, and for the most part, it worked pretty good. Very Trello-like, and overall just a simple / easy to use Kanban board. Though, we did have problems 'viewing' the details of a card. Depending on how much data was in the details, it could take around 5-8 seconds to load.


password managers


Tinfoil hat time: if your password manager uses a bad generation scheme or backdoored RNG like Dual EC, then its passwords might be much easier to crack than they would appear.

https://en.wikipedia.org/wiki/Dual_EC_DRBG


I know you covered yourself with the tinfoil disclaimer, but Ima take you seriously here for a thought experiment...

I wonder if that's actually a risk? At least for people not being individually targeted?

A random Elbonian hacker who gets a dump of 117 million password hashes has (at least) three approaches she can take to make use of it - she can run oclHashcat or JtR using a good wordlist (say, Hashkiller or phpbb) and a reasonable ruleset to tweak them, which'll fairly quickly reveal common, reused, or guessable passwords in hours/days/weeks - or she can set it to enumerate through an entire $howeverymany bit password space, which is guaranteed to find all the passwords but not before the heat death of the universe... Or she could try only the selections out of that random keyspace that a flawed version of FooPasswordSafe is capable of generating. I'm not sure how long the last approach would take, but it'd have to be both a pretty flawed PRNG and a very widely used password safe for it to come anywhere near as useful as approach 1.

(If she's only cracking the hash for the sbeirwagen@gmail.com record, things are somewhat different to if she's just trying to find _any_ "useable" passwords out of 117 million... And if she _knows_ sbeirwagen uses DudPasswordSafe.exe, it's likely she knows better ways of attempting to acquire your password than hoping to crack it from publicly released credential dumps...)


This is always my concern. At some point the password managers become an interesting attack vector.

Why can't people just be nice.


I would recommend the HTTPS everywhere extensions for your fav. browser. It forces all web-pages to be loaded using HTTPS (if available).

https://www.eff.org/HTTPS-everywhere


If available, and if someone has added it to the database of more or less manually maintained rulesets for redirection;

https://www.eff.org/https-everywhere/atlas/

https://github.com/EFForg/https-everywhere/tree/master/src/c...


KB SSL Enforcer allows you to automatically build your own enforced HTTPS list.

https://chrome.google.com/webstore/detail/kb-ssl-enforcer/fl...


Yeah, this happens to me as well. ReSharper caches a lot of stuff, and with the size of our solution, the memory consumption on VS is crazy. This usually leads to a forced restart so that VS acts normally again.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: