let's not forget the og itty.bitty.site [0]

[0]: http://about.bitty.site/

Yes, this was the one I was thinking of!

https://www.vanillabreeze.dev/ (by the author of this post)

While I appreciate Repl.it's move to a mobile-friendly editor and the eagerness to push new (yet hurried, apparently from the document) features to provide a better development environment, I question their decision to use CodeMirror 6, a version of the CodeMirror "project (that) is in the beta phase—there's a stable interface, but small breaking changes might still happen".

>network restrictions on top of the two -factor authentication

That is exactly what I thought was the case too until I recently entered the code Google Authenticator gave me although my mobile was not connected to the internet. And it worked.

If you can even reach the login screen, in spite of a network control that's supposed to exist, then your network controls aren't working.

TOTP is supposed to work without a network connection.

>canvas.reset()

took you long enough

How practical would this method of recognising your fingerprint with CSS be?

This, and also the power of tracking comes from being able to share data/track across domains. So the best way to mitigate this is not to dumb down our browsers but to fight cross domain access to this data. This can be done either by regulation (see GDPR) or technical measures (disabling cross-site scripting, cookies etc)

They can simply exchange the data server side, no?

In theory yes, but they can't use the data for legitimate business while also complying with the regulations.

box-shadow: none;