☀️

  • 13 Posts
  • 10 Comments
Joined 4 years ago
cake
Cake day: February 21st, 2021

help-circle
  • It’s the other way around. Which browser you use is what directly determines whether monopoly and private companies develop the standard you use.

    No it is not, this is a myth. As you also can use free software on closed OS, which happens to be the standard. Keyword Microsoft and Windows. You also can choose to not support this, it is you and not the monopoly. If there is no alternative that is usable, people continue to use what they got. It is the underlying problem, Firefox is so bad and so unusable by default, so people switch or use something else. Nothing to do with Monopoly. The standards itself are created and dictated by monopolies, so it plays no role what you use if it anyway ends up that you must support such standards.

    You could write a standard independently of those companies, but then if everyone chooses to use browser engines from companies that don’t follow it, what’s the point?

    The point is that user generated or govt establish frameworks can b used as basis.Its useless if you build a browser surrounded by standards created by Microsoft, IBM etc alone.

    If everyone uses a particular browser then whatever that browser implements becomes the standard. It’s all about what browser you use.

    This is already the case, you can choose not to use FLoC. Nothing changes here.

    If what you want is everyone using the same basis, then what you need is to get everyone to use the same browser engine (which is what is happening already).

    Please learn the difference between Browser engine and web standards, nonsense you talk here. Your Browser engine can adopt, implement or reject standards. Irrelevant in dyding discussion anyway since you provide absolute no solutions yourself in the discussion here, like everyone else people feeding off my ideas, practical in every thread. That you cannot continue is clear, web gives a shit about Mozilla, clearly the case. Some people hold together by hopes and delusions do not represent the web. Never did.

    The discussion here is not about Browser you use, as people use whatever works best for them, and not what implements xyz, this is clearly shown in practical every thread. So enforcing your ideas will not work for the mass, better way around is to create open frameworks, documents that are actually usable and directly easily reviewable because at the end of the day your Browser runs pretty much on Android and iOS and not a open system. There exist open alternatives but they are not well funded, future unclear and the web - the main user - does not use it, they trust big corpos, they rely on their eco-system. Like Mozilla relies on money from yahoo, google etc in the past. Corpos you shit-talk.


  • Nonsense video, underlying problem is monopolies and private companies who develop the standards, not what browser you use.

    If the standards are fully open, transparent and not concerning then it would make no difference if you use chrome and firefox because everyone would use same basis.

    Also chromium team is not purchased or owned by Google, most volunteers are normal people, developers or security researchers that code on it in their free time. You can fork, modify the source as you please but that does not change the argumentation about web standards and how build or control them.





  • Why, even FOSS needs support. See OBS Studio, Wikipedia etc. Without supports good projects go to waste.

    • Developers can decide to introduce it in their apps or not. I am sure not every QT developer will adopt this.
    • People will be able to opt-in, opt-out. I am pretty sure they provide us with an option.
    • Most people do not donate, so an additional income thing could help.
    • The other option would be crypto.

    We are not talking about MS who introduce ads in Explorer which need some ad-blocking, hosts or registry hacks. Linux is more transparent and there will be options to control this.

    Do I like it, nope. But it is better than alternatives to shutdown project because lack of funding or struggling to expand because only few people are willingly to donate.








  • We have already systems to notify users.

    • Most IT Professionals are aware that Kerberos, SMB and Co. is a hole for issues, it is nothing new to them.
    • We have social media, Reddit or your linked HN Website, what makes you think people are faster submitting new stuff to GitHub, well there is no difference, if you post it on Twitter, GitHub or what, people need to find that first.
    • We already have CVE databases you can look up for years.
    • On huge events, even TV news will do.
    • People exploit the moment the ghost is out of the bottle, it is all about preventation as well as management. News alone is not enough.
    • Notify users about each new attack and leak will result that people care less because they feel helpless and think … oh okay, just another daily attack.
    • Log4j was over-hyped, like most things, most software that normal people use like Browser were never affected, using a hyped problem as example how slow something is, is seriously no real argument because IT-Professionals need time to review the findings before coming to conclusions.
    • High reputation software such as Thunderbird are less to be affected, because they patch things first, they have huge user-base. You see this in every changelog when they fix security issues.
    • Saying that SMS or what is maybe expensive is weird, if you target professionals, no professional will reg via SMS or in other words his phone number. Typical use case is RSS which is cheap.
    • There are 0-days sold on the black market that are being used for months, you never hear from them and they have much bigger impact, usually because people who code them keep their source closed or even if they sell them, people have no interest to pay a lot of money and then leak it for free to the public, in most scenarios, there are white-hats of course, they abuse it. The argumentation that just because something is out for hours is unprofessional. Google, MS etc. have disclose time between 60 and 90 DAYS before they do something.

    I like that you try to do something, but it would be better joining existent solutions instead of creating another services that might vanish into the void like half of the rest who tried. GitHub is also pretty unchill regarding malware, if you post something that can directly used to exploit GitHub or others, they will close your repo without any warning in advance.

    If your target are admins then consider making this more clear, otherwise people will use this information and use it to exploit others.

    Bugalert does not look so hot