Oh, #Opera already published the extension update - they seem to have improved their turnaround times, which is great. Now if I could somehow change the extension name, it's still being listed as Easy Passwords...
And once again Patricia's Aas talk states: election security is all about protecting against the very people running the election. Which is why machine voting is so complicated, falsifications have to be detected (actually detected, not merely detectable) despite compromised voting machines.
Note to future self: yes, when opening an HTML page from disk, #Chrome absolutely won't load a web worker from a file, not even a file in the same directory. And: no, this doesn't make any sense as a security mechanism because loading same file via <script> tag works just fine.
@leip4Ier I don't think that click through rate is what they are after. They rather want bloggers to link to their product. Which makes me wonder how many of the links to their site all over the web are legitimate.
So the specialty of #VPNMentor is apparently creative email #spam? Got a mail today trying hard to look like it was sent by an unaffiliated private person when it was clearly automated. Not the first time they did it either: http://spam.tamagothi.de/2018/10/10/quick-question/
@kashire I never checked out their app. This particular issue was in the browser extension. And it wasn't a big one - merely the response from the team is highly problematic and raises questions about their general approach to security.
@fallenhitokiri Sadly, email is broken for anything even remotely private. So crypto messengers have their place - if only we had some better choices.
So far I settled on #Signal. While being far from perfect, it does the job. #Threema has some appeal not having accounts bound to phone numbers, but with a paid-for client I'm afraid that I won't find anybody else willing to communicate through it. All other solutions I'm aware of have significant issues.
With the recent #WhatsApp security issue, many people recommend #Keybase as alternative. Personally however, I certainly prefer products that own their security issues: https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care/. And I'm not the only one who made such experience with the Keybase team. #infosec
Today I finally tried the naive approach and who would have thought: replacing textarea value from the input event produces no visible effects whatsoever! So I got rid of an 800+ lines third-party dependency and simplified my own code at the same time... #LessonLearned
A while ago I was looking for a library to do formatted input for #PfP. Most solutions would introduce an annoyance: original input replaced by formatted after a delay. So back then I settled on a library that reimplemented browser's input processing to avoid this effect.
Realized today that ES6 modules support in #Node.js is rather new and hardly usable. Somehow I'm expecting of a JS environment to be ahead of browsers and forget that it is merely an outdated version of Chrome's JS engine.