Le lien redirige vers la page de connexion de la CNIL afin de déposer facilement des plaintes.

(via https://firefish.imirhil.fr/notes/a21vfsld53ku037t)

On single-purpose pages containing forms.

Such as login, signup, password reset or 2FA pages.

There are some cases to avoid such as a login form with the use of social logins (Google, GitHub, and the like) and you don't know which one they'll use don't add an autofocus.

There are many approaches.
One solution is to set the color-schema CSS property color-scheme: light dark; then use the light-dark function.

But did you know that you can also set the media attribute to conditionally load and apply CSS based on user preferences? Such as media="(prefers-color-scheme: light)"

This media attribute can also be set in JS too, in order to load the proper stylesheet.

Instead of hash functions to store password, use Password-Based Key Derivation Functions (PBKDF) such as Argon2id.

bcrypt should be avoided due to its huge footgun: it truncates inputs longer than 72 characters. Okta AD/LDAP was vulnerable because of it.

Checksum functions such as CRC32 and xxh3 are optimized for pure speed and don't provide any security guarantees about their output, and it's easy to find collisions for a given checksum.

In 2024 based on I/O speed, a hash function with a throughput of 1 GB / s / core is considered fast enough for most use cases.

I skip the speed part because it is not relevant for me: 100MB/s or 1GB/s does not make much difference.

SHA3 and the BLAKE family which produced secures hash functions that are also misuse resistant.

A strength >= 128 bits is considered secure. The security agencies recommendation are a bit different. Hash length ranges from 256 (NIST) to 512 (ECRYPT-CSA).

SHA3 has many functions, SHA2 is vulnerable to length extension attacks (secret || message) but BLAKE3 has none of these issues.

Post-Quantum security from Grover's algorithm divides by 2 the preimage and 2nd-preimage resistance. The BHT algorithm predicts however that a quantum computer can find a collision in $2^{\mathrm{<mfrac><mtext>n</mtext><mtext>3</mtext></mfrac>}}$ operations instead of 2^n/2

So SHA2 for convenience or BLAKE for the rest. There is only C and Rust that have official support for BLAKE though.

Essentially [Carrier-Grade Network Address Translations] allow the ISP to assign a single IPv4 address to multiple customers.

[A CGNAT] creates challenges trying to remotely access resources on my home network externally

You can usually tell if you're behind a CGNAT if your IP address is in a private IPv4 address range. [] ... Another method is running traceroute with your public facing IP address. [...] If there's more than one hop, then you're likely behind a CGNAT.

If you're unfortunate enough to be behind a CGNAT, you can sometimes request a static IP from your ISP (usually at a cost). However, there are options to access resources on your home network, such as using a Cloudflare Tunnel.

Un outil alternatif à SNCFConnect pour connaître les horaires des trains, et des trajets possibles.

Le site fonctionne avec plusieurs pays, dont la France.

Des calendriers des prix des trains SNCF

Instead of an isOpen class, why not using aria-expanded="true" (except for <details)?

A partir du 1er janvier, les expérimentations du RSA conditionné à 15 à 20 heures d’activités doivent se généraliser à l’ensemble du pays.

Mais la cotisation pendant le travail ouvre le droit au RSA, c'est donc un droit non? Alors pourquoi le RSA serait conditionné à 15 à 20h d'activités ? Il y aura donc moins d'agents et plus de contrôle. Quelle est alors l'utilité de Pôle Emploi? Depuis son renommage en France Travail, j'y vois un tout autre objectif.

28.6% de taux d'emploi avec ette mesure après 6 mois. Il faut ensuite voir quel emploi, si la personne travaille comme intérimaire pour quelques semaines, s’il s’agit d’un CDD de quelques mois ou d’un CDI. Un autre dispositif d’accompagnement sans conditions ni sanctions a été mis en place, un allocataire sur trois était en emploi après six mois.

Un autre effet s'applique: un « décrochage » dû à la multiplication des démarches administratives et à la peur des contrôles.

De ce que laisse entrevoir la communication gouvernementale et les quelques retours d’expériences, il s’agirait de multiplier les démarches de recherche d’emploi, de participer à des ateliers de rédaction de CV ou de « coaching », de suivre des stages, des formations ou des cours de langues… Voire de l’obtention du permis de conduire ou de rendez-vous médicaux. Les témoignages de personnes ayant expérimenté le RSA conditionné soulignent la difficulté des déplacements, leur coût non défrayé ou le temps passé à justifier de leurs activités.

Pendant ce temps là, on ne contrôle surtout pas l'évasion fiscale entre autres qui représente pourtant des milliards.

In js, asserts can be used with console.assert(<condition as expression>, error message)

It is great for prototyping or use defensive programming inside a function.

Assertions often come in pairs.
Whenever you assert something, think about which distant part of the code base relies on the assertion you just wrote, and add an equivalent assertion there.
This is worth doing even in the trivial case, where the two parties are a function and its caller.
But be on lookout for more interesting cases, where the two halves of an assertion pair are separated by different implementations, or a process and time boundary.

Why and caveats of aria-labelledby a tag in the node content.

There are good reasons to point aria-labelledby within an element. For example, to give an accessible name to a region based off of the heading within it.

Diagram with large number (following semantic versioning): 2.7.123
First “2” is commented: Proud version. Bump when you are proud of the release
Second “7” is commented: Default version. Just normal/okay releases
Third “123” is commented: Shame version. Bump when fixing things too embarrassing to admit

A progressive enhancement with view-transition

Instead of

const Thing = struct {
   checksum: u128,
   number: u32,
   flag: u8,
};

use

const SoA = struct {
   checksum: []u128
   number: []u32,
   flag: []u8,
};

in certain circumstances:

• Reduced memory usage due to amortized padding. As flag is a byte, it requires some padding to align with larger fields like checksum.
• Better memory bandwidth utilization for batched code. If a loop needs to process all things, but the processing doesn't require all fields (at least for the majority of objects), then an array-based representation reduces the amount of data that needs to be loaded.