Accidentally writing a fast SAT solver

Going back (no pun intended) to the scheduling problem, the solution would be similar. Each “row” would be a class, and from each class, a section would be chosen for the class schedule. By changing is_valid to check for time conflicts instead of queens, the same code can be used to build a schedule.

To determine if a formula is satisfiable, first convert it to conjunctive normal form, then convert the new formula into a course catalog. Put this into a schedule builder, and you know the answer.

DecoPerson:

The attack pattern is:

1. User goes to BAD website and signs up.

2. BAD website says “We’ve sent you an email, please enter the 6-digit code! The email will come from GOOD, as they are our sign-in partner.”

3. BAD’s bots start a “Sign in with email one-time code” flow on the GOOD website using the user’s email.

4. GOOD sends a one-time login code email to the user’s email address.

5. The user is very likely to trust this email, because it’s from GOOD, and why would GOOD send it if it’s not a proper login?

6. User enters code into BAD’s website.

7. BAD uses code to login to GOOD’s website as the user. BAD now has full access to the user’s GOOD account.

This is why “email me a one-time code” is one of the worst authentication flows for phishing. It’s just so hard to stop users from making this mistake.

“Click a link in the email” is a tiny bit better because it takes the user straight to the GOOD website, and passing that link to BAD is more tedious and therefore more suspicious. However, if some popular email service suddenly decides your login emails or the login link within should be blocked, then suddenly many of your users cannot login.

Passkeys is the way to go. Password manager support for passkeys is getting really good. And I assure you, all passkeys being lost when a user loses their phone is far, far better than what’s been happening with passwords. I’d rather granny needs to visit the bank to get access to her account again, than someone phishes her and steals all her money.

Vibe-coding the MIT Course Catalogue

1. Go to the MIT Course Picker website
2. Copy this code into the console.

[...document.querySelectorAll(".course-name")]
.map((e) => e.closest(".course-lens"))
.map((d) => ({
  title: d.querySelector(".course-name")?.textContent,
  description: d.querySelector(".course-description")?.textContent,
  semester: d.querySelector(".course-semester")?.textContent,
  prereq: d.querySelector(`[data-ex-content=".prereqs"]`)?.textContent,
  instructor: d.querySelector(".course-instructor")?.textContent,
  units: d.querySelector(`[data-ex-content=".units"]`)?.textContent,
  level: d.querySelector(`[data-ex-content=".level"]`)?.textContent,
}));

You don’t need a complex scraper. Query selection will always get the job done.