Oh, #Opera already published the extension update - they seem to have improved their turnaround times, which is great. Now if I could somehow change the extension name, it's still being listed as Easy Passwords...
And once again Patricia's Aas talk states: election security is all about protecting against the very people running the election. Which is why machine voting is so complicated, falsifications have to be detected (actually detected, not merely detectable) despite compromised voting machines.
Note to future self: yes, when opening an HTML page from disk, #Chrome absolutely won't load a web worker from a file, not even a file in the same directory. And: no, this doesn't make any sense as a security mechanism because loading same file via <script> tag works just fine.
So the specialty of #VPNMentor is apparently creative email #spam? Got a mail today trying hard to look like it was sent by an unaffiliated private person when it was clearly automated. Not the first time they did it either: http://spam.tamagothi.de/2018/10/10/quick-question/
With the recent #WhatsApp security issue, many people recommend #Keybase as alternative. Personally however, I certainly prefer products that own their security issues: https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care/. And I'm not the only one who made such experience with the Keybase team. #infosec
Today I finally tried the naive approach and who would have thought: replacing textarea value from the input event produces no visible effects whatsoever! So I got rid of an 800+ lines third-party dependency and simplified my own code at the same time... #LessonLearned
A while ago I was looking for a library to do formatted input for #PfP. Most solutions would introduce an annoyance: original input replaced by formatted after a delay. So back then I settled on a library that reimplemented browser's input processing to avoid this effect.
Realized today that ES6 modules support in #Node.js is rather new and hardly usable. Somehow I'm expecting of a JS environment to be ahead of browsers and forget that it is merely an outdated version of Chrome's JS engine.
Stefan Esser on Twitter:
"The simple reality is there are so many 0-day exploits for iOS and the only reason why just a few attacks have been caught in the wild is that iOS phones by design hinder defenders to inspect the phones."
Some people had doubts. The response in the comments is plausible:
"Nobody will show you their 0-day just because you ask. But I can see how many players these days built teams/companies around iOS exploitation."
“Just install Linux on it” is the “just change the engine of your car” of tech.
Not everyone is a mechanic, not everyone wants to be a mechanic, and, if we want a world where freedom is the norm, we must stop expecting everyone to become a mechanic.
Note: this is not because these people are too dumb to be mechanics. It’s because they’re brain surgeons and space-shuttle pilots and they have three kids and they care for a loved one and they don’t have time to also be a mechanic.