fully in the rebound!
now the consensus seems to be that "if everyones implementation is broken then its not the implementation"
if you aren't developing an implementation to use secure defaults, you're not developing security.
same can be said for PGP even.
if you arent developing something that forces implementations to use sane defaults, you aren't developing security.
the difference is that even if you use the command line tool, you still have to load the gun before you can shoot yourself in the foot
see an auth error? maybe just rm that file
A Mastodon instance for info/cyber security-minded people.