marumari
- Karma
- 47
- Created
- August 25, 2016 (9y ago)
- Submissions
- 0
Security Engineer.
[ my public key: https://keybase.io/april; my proof: https://keybase.io/april/sigs/kNfkel8VNf5CwWpxGsWj4xZMhGcxTagssfbA0FxUpqw ]
[ my public key: https://keybase.io/april; my proof: https://keybase.io/april/sigs/kNfkel8VNf5CwWpxGsWj4xZMhGcxTagssfbA0FxUpqw ]
Safari is a lot more strict about cookies than Chromium or Firefox, it will straight up drop or ignore (or, occasionally, truncate) cookies that the other two will happily accept. I had hoped when writing this article…
Thanks for pointing that out -- I've updated the article and given you credit down at the bottom. Let me know if you'd prefer something other than "kibwen."
An unspecified "implementation detail" is essentially another way of saying that it doesn't work. I've ported my account on ActivityPub a couple time, and it's a horrendous experience -- not only do I lose all my posts…
Platform keys are only required to be v2, as far as my understanding goes.
this is a terrible time of year for interviewing, most places won’t be adding headcount until january.
I guess we just have different definitions of what "broken" means, since disconnecting Gecko sounds fairly broken to me. :)
Because huge chunks of are broken in the new browser engine, and could leave your browser in an unrecoverable state.
Both uBlock Origin and Tree Style Tabs (as well as Tab Center Redux, which I prefer) are already compatible with Firefox 57.
You can do the same in Firefox. It's under Tools -> Web Developer -> Browser Toolbox.
> If AV was so vulnerable, we'd see nothing but exploits in the wild going after AV. Yet we aren't seeing that anywhere. That's because the Linux kernel, Chrome, Firefox, etc. are installed on hundred of millions or…
On the plus side, there are sites doing really well, like GitHub (A+), HackerOne (A+), and Twitter (A). Even Facebook is doing pretty well, with a B. Hopefully sites like the Observatory help sites do better. We're…
The nice thing is that most of the security measures -- aside from Subresource Integrity -- can be done without changing any of the actual content.
It also has an invalid website certificate. Kind of a shame that it's so neglected, but it's a pretty good example of what happens to sites when they're allowed to sit for too long.
I'm the primary developer of the scanner and website, and would be happy to answer anybody's questions, should they have any. :)