Show more

PSA: If you pick up a call and there is nothing in the line, with a noisy background kicking in only after a few seconds - be very suspicious. They might claim to have called you, but it was actually a robot which transferred the call to a call center. Don't fall for any scams.

For reference, support for XUL on the web was completely disabled in 2010:

Components.interfaces continued causing issues for a few years longer and was eventually replaced by a shim in 2013:

From today's perspective, this was crazy. This functionality was rightfully disabled as it was inadvertently exposing internals of the browser to the web and increased the attack surface of the browser massively. But Components.interfaces is still provided, for backwards compat.

Got a notification from a Mozilla bug so old that the content type of the attachment was application/vnd.mozilla.xul+xml. Do you know that Mozilla used to allow XUL to be used on the web? Back then I even wrote an article on how you would create a <xul:tree> with a custom view.

Does it have to be binary or will JSON-based do as well? 😀

I've created a bunch of binary formats in the past, but growing up I started to understand the advantages of well-known and human readable container formats with pre-existing parsers - such as XML or JSON.

Wow, somebody blocked me on Mastodon, that's a first. I dared to criticize PGP...

And is indeed beyond saving, I don't see secure communication over email to happen, ever. No way around establishing new protocols for encrypted communication, e.g. .

The scary thing: some products in need of such as password managers are being built on top of because that's supposedly easier to get right. But it's not. Looking at for example, there are definitely better way to do public key crypto.

So here you have the full picture now: doesn't work and never will. Stop recommending it, stop organizing key signing parties, you aren't helping anybody doing that. Just put it to grave instead.

Wow, so Kazakhstan is now systematically subverting HTTPS encryption? Crazy times...

Great explanation. Back in 1969 it was easier to go to the moon than to fake the video coverage of the moon landing (and today it's the opposite). Not that this will convince anybody...

Actually, Marco Rogers has a nice thread on why this kind of extreme stereotypes is very harmful.

I'm quite relieved that this doesn't apply to me. Even back when my social skills were far worse than they are now - my desktop background was never black. And I make pauses while typing. So I'm not *that* type of engineer.

This article by explains a lot. Much of the available information on is so bogus that it's hard to understand how somebody who has ever interacted with an autistic person can believe it, much less call it "research."

I think that this is a consequence of the increased volume. With the drastically increased number of questions, most of them will never be seen by anybody once answered. Only few answers will be seen and receive upvotes regularly, this has no impact on the median however.

Eight years ago I created a data query to see which tags attract the most upvotes: Today I updated that query and the results changed remarkably: essentially, the high end of the scale no longer exists, it's one vote for almost all tags.

In case anybody considered Amazon Echo an exception: no, Google Assistant sends audio recording to the "cloud" and now we know for sure that Google employees can listen in: Big surprise.

If you ask me...

Disclosing six security issues today. Most of these aren't terribly important but demonstrate lack of attention to security-relevant details.

After some iterating, things look somewhat better now, in particular less cluttered - access keys are indicated by underlining the letter wherever possible. This is how the same screen looks now when pressing the Alt key.

Show more
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.