• 30 Posts
  • 33 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle

  • Mountaineer@lemmy.worldtoMemes@lemmy.ml"~~Don't~~ be evil"
    link
    fedilink
    English
    arrow-up
    17
    ·
    1 year ago

    This whole episode is giving me flashbacks to the ActiveX days.

    Image

    The tyranny of the default.

    “Here mum, I’ve installed Firefox for you, it’s better than Chrome in every way!”
    “My knitting circle website doesn’t work, I can’t download patterns, it says I need Chrome”

    Internet Explorer was effectively abandon-ware for a decade after Microsoft used their OS pseudo-monopoly to crush Netscape.
    It took another tech giant abusing THEIR monopoly to relegate IE to the trash heap it should have already been on.



  • Mountaineer@lemmy.worldtoMemes@lemmy.ml"~~Don't~~ be evil"
    link
    fedilink
    English
    arrow-up
    59
    arrow-down
    5
    ·
    edit-2
    1 year ago

    So you won’t use your banks website?
    Or your utilities (gas/water/electricity/internet)?
    You won’t let your kids use the portal at their school for submitting assignments?
    Your government sites for renewing your drivers license or scheduling hard refuse pickup?

    I can think of lots of reasons that will force me to have chrome installed if this goes ahead.




  • It’s irrelevant to this community which is pro signal.

    Signal provides a user experience comparable to iMessage in terms of features and ease of use, but with the big plus of cross platform compatibility.
    That may not be what you personally are after, but it’s what 99.99% of potential Signal users are after.

    Signal tieing into the social graph we already have on our phones as user identifiers is a big win for 99.99% of users.
    Signal being run through a centralised location is a big win for the 99.99% of users who don’t want to host their own servers, or find someone to do it for them.
    Signal attempting to earn income through things like money transfer is a good thing for the 99.99% of users who don’t want to have themselves monetized in a different way (such as through showing users ads).

    If a nation state wants to spy on you, you better be important enough to a different nation state that they protect you.
    Because choosing to send GPG encrypted messages over XMPP isn’t going to help you.










  • Mountaineer@lemmy.worldtoLemmy Shitpost@lemmy.worldXKCD - Infrastructures
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    1
    ·
    edit-2
    1 year ago

    The annoying thing to me is that it’s taken a further 13 years to reach a point where another social network is feasible.
    I’m not saying there haven’t been attempts like diaspora and the early mastadon etc, but now we’re actually reaching a critical mass of participants where a move is worth it.

    The same is true of Signal. I’ve been using it for nearly a decade, but it’s only in the last 2 years that people haven’t rolled their eyes when I mention it’s my preferred comms app.




  • I want to be clear, that I disagree with his “federation is stupid” point, but email has problems right now.

    Theoretically it’s federated, theoretically you can spin up your own mail server and self host.

    But even if you do that absolutely perfectly (SPF, DKIM, DMARC etc), you can falsely end up on spam list, that effectively block delivery of your email to large segments of the network for days if not weeks.

    Whilst theoretically federated, email falls under the broad dominion of google, microsoft and a couple of other large players.


  • JavaScript (TypeScript) has access to cookies (and thus JWT). This should be handled by web browser, not JS. In case of log-in, in HTTPS POST request and in case of response of successful log-in, in HTTPS POST response. Then, in case of requesting web page, again, it should be handled in HTTPS GET request. This is lack of using least permissions as possible, JS should not have access to cookies.

    JavaScript needs access to the cookies, they are the data storage for a given site.
    To protect them, the browser silos them to the individual site that created them, that’s why developers haven’t been able to easily load cross domain content for years, to mitigate XSS attacks.
    The security relies on the premise that the only valid source of script is the originating domain.
    The flaw here was allowing clients to add arbitrary script that was displayed to others.
    You’re dead right that only the way to fix this is to do away with JavaScript access to certain things, but it will require a complete refactor of how cookies work.
    I haven’t done any web dev in a few years, this might even be a solved problem by now and we are just seeing an old school implementation. 🤷