Good reminder that, if you need to display untrusted data, you don’t give it a subdomain of your main domain name. Yes, modern security mechanisms properly isolate subdomains from each other. But cookies aren’t modern, they are really ancient.
I suppose it is like when Starbuck was cast as a woman in the remake of BSG. There was a lot of complaining about that, but it was a great choice and I can’t imagine it any other way now. (Notwithstanding my extreme disappointment in how the writing declined in later seasons)
I intentionally stayed away from discussions about the show until after I watched the first one so didn’t know about the “controversy” until after. I am really disappointed in humanity sometimes.
I didn't need to cry this morning, but I did...
Why isn’t this guy in the #fedi instead of Twitter? “After self-hosting my #email for twenty-three years I have thrown in the towel” https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html
Why does it seem like domain names should be approaching free (like TLS certs), but rather they seem to be approaching infinity?
Mean time to incident mitigation: 20ms
A Mastodon instance for info/cyber security-minded people.