After using Netflix for quite some time, I have no evidence to support any hypothesis other than that their overall selection is secretly horrible and that they wish to conceal this however possible. Evidence includes…
I don't know if it's reasonable to ask this, but it would be cool to have an option to swap them around? I guess I'll always be assuming it behaves like Firefox, so I'm tripping myself up a lot. Either way, very cool…
The feature of being able to share a URL from my browser to Offline is pretty sweet. I was irate that I had to type out URLs, until I thought to try that :) Bug report: hitting the Back button takes me out of the…
Yikes. > What I am saying is that it is no longer fundamentally the same thing I was originally hired to help build nor is it compatible with my vision for the future. I've heard elsewhere that 2.0 will be an entirely…
According to Red Hat, the current best way to secure your Docker usage is to `127.0.0.1 index.docker.io` and use an alternate transport. The core "translate flags into running container options" works fine IMO, it's the…
Agreed. I try to explain sometimes that I'm merely tired of experiencing the same problem, over and over, for years. I would like to experience the next problem, please. If only for variety's sake.
Shouldn't be terribly surprising: http://dayswithoutansslexploit.com HTTPS might be better than getting a website in cleartext, but you'd have to be a madman to claim that HTTPS is safe, sane, or secure.
Which circles back to the "Javascript is hostile to cryptography" point the article makes; I welcome any expert-audited JS libraries that can accomplish secure file encryption, for example. But even assuming this…
> protection against the attack model of the passive eavesdropper My argument would be that trying to protect against passive attackers with JS adds nothing beyond what SSL already offers. Which is already required as a…
You're right to point out the difference between targeted and general attacks, but you're also misrepresenting the problem. An attack on SSL can take quite awhile to research and implement, but then can be used widely.…
> assume a somewhat determined attacker Most CVEs that come to mind assume a somewhat determined attacker. It takes a reasonably determined attacker to commit to rails without permission [1] or run a ten-line perl…
After using Netflix for quite some time, I have no evidence to support any hypothesis other than that their overall selection is secretly horrible and that they wish to conceal this however possible. Evidence includes…
I don't know if it's reasonable to ask this, but it would be cool to have an option to swap them around? I guess I'll always be assuming it behaves like Firefox, so I'm tripping myself up a lot. Either way, very cool…
The feature of being able to share a URL from my browser to Offline is pretty sweet. I was irate that I had to type out URLs, until I thought to try that :) Bug report: hitting the Back button takes me out of the…
Yikes. > What I am saying is that it is no longer fundamentally the same thing I was originally hired to help build nor is it compatible with my vision for the future. I've heard elsewhere that 2.0 will be an entirely…
According to Red Hat, the current best way to secure your Docker usage is to `127.0.0.1 index.docker.io` and use an alternate transport. The core "translate flags into running container options" works fine IMO, it's the…
Agreed. I try to explain sometimes that I'm merely tired of experiencing the same problem, over and over, for years. I would like to experience the next problem, please. If only for variety's sake.
Shouldn't be terribly surprising: http://dayswithoutansslexploit.com HTTPS might be better than getting a website in cleartext, but you'd have to be a madman to claim that HTTPS is safe, sane, or secure.
Which circles back to the "Javascript is hostile to cryptography" point the article makes; I welcome any expert-audited JS libraries that can accomplish secure file encryption, for example. But even assuming this…
> protection against the attack model of the passive eavesdropper My argument would be that trying to protect against passive attackers with JS adds nothing beyond what SSL already offers. Which is already required as a…
You're right to point out the difference between targeted and general attacks, but you're also misrepresenting the problem. An attack on SSL can take quite awhile to research and implement, but then can be used widely.…
> assume a somewhat determined attacker Most CVEs that come to mind assume a somewhat determined attacker. It takes a reasonably determined attacker to commit to rails without permission [1] or run a ten-line perl…