不发烧也经常做循环梦~

叫狗可以，但是全称得加上吧？

奋斗狗？细狗？没有形容词光有一个狗，不明白想表达啥

得手动指定 tag 吧，你这个 latest 表意不明确呀？还有如何回滚呢

youtube 这个付费才有，想要但是舍不得花钱

乐观锁即可

LZ 已经掌握了股市的精髓，韭菜长大了就该割了

确定了是 Wifi 干扰，慢速下载会卡。

看了下，再过几天，就是加入 V2EX 10 周年了，时间过得真快啊

要能卡住，就要求两边都有一块凸起。但是设备接口凸起，这是多难受的设计。影响设备形状、难看不说，到处磕磕碰碰，还容易划伤人。

很难想象手机接口是一块凸起

工作才三年，后面会升职加薪，压力不大~

第一季感觉没啥看点，仅有的应该就是呈现下游戏中的三体世界了吧

@LxExExl rsshub 的 chrome 插件

@xiaokongwu 合肥呀

去年让转 LRP ，我没转，现在有点后悔

为什么我买的时候是 6.15 ， 后来 15 年调整过一次之后就是 4.9 了

@twl007 另外并没有说过不信任 HTTPS ，是不能绝对信任。有更高的安全需求的场景，应该在应用层做额外的安全措施。

有些行业场景下，升级的安全举措是监管强制要求做的，你不做就是不符合安全标准，是不可以展业的。

@twl007 理由就是 plain text 传输只要攻击者做了 HTTPS 中间人就是无差别攻击，做了任何形式的二次加密就是为了抵抗无差别攻击。（当然最好的方式是用 bcrypt 这种计算量大的， 撞密码不友好 hash 算法，但是只限于密码这种无需解密原文的场景）

就算别人是针对你的网站做了逆向，也是增加了相当的难度。而且我觉得你是低估了逆向的难度，看个爬虫教程就能让破解了，是开发者能力不足。

如果觉得微博垃圾，也可以看看 Facebook 登录的加密。更不要说券商、银行等金融机构了。

@twl007 我并不是推崇微博的技术，我只是反对把 HTTPS 当银弹。

安全是个体系——这句话应该为啥感觉是我应该说的呢。HTTPS 是体系，RSA over HTTPS 是奇技淫巧？

@twl007 为什么我看到最高赞的回答恰恰是支持我的观点的 😂

This is an old question, but I felt the need to provide my opinion on this important matter. There is so much misinformation here

The OP never mentioned sending the password in clear over HTTP - only HTTPS, yet many seem to be responding to the question of sending a password over HTTP for some reason. That said:

I believe passwords should never be retained (let alone transmitted) in plain text. That means not kept on disk, or even in memory.

People responding here seem to think HTTPS is a silver bullet, which it is not. It certainly helps greatly however, and should be used in any authenticated session.

There is really no need to know what an original password is. All that is required is a reliable way to generate (and reliably re-generate) an authentication "key" based on the original text chosen by the user. In an ideal world this text should immediately generate a "key" by salting then irreversibly hashing it using an intentionally slow hash-algorithm (like bcrypt, to prevent Brute-force). Said salt should be unique to the user credential being generated. This "key" will be what your systems use as a password. This way if your systems ever get compromised in the future, these credentials will only ever be useful against your own organisation, and nowhere else where the user has been lazy and used the same password.