Need to let loose a primal scream without collecting footnotes first? Have a sneer percolating in your system but not enough time/energy to make a whole post about it? Go forth and be mid: Welcome to the Stubsack, your first port of call for learning fresh Awful youāll near-instantly regret.
Any awful.systems sub may be subsneered in this subthread, techtakes or no.
If your sneer seems higher quality than you thought, feel free to cutānāpaste it into its own post ā thereās no quota for posting and the bar really isnāt that high.
The post Xitter web has spawned soo many āesotericā right wing freaks, but thereās no appropriate sneer-space for them. Iām talking redscare-ish, reality challenged āculture criticsā who write about everything but understand nothing. Iām talking about reply-guys who make the same 6 tweets about the same 3 subjects. Theyāre inescapable at this point, yet I donāt see them mocked (as much as they should be)
Like, there was one dude a while back who insisted that women couldnāt be surgeons because they didnāt believe in the moon or in stars? I think each and every one of these guys is uniquely fucked up and if I canāt escape them, I would love to sneer at them.
(Semi-obligatory thanks to @dgerard for starting this)
Meanwhile, over at the orange site they discuss a browser hack: https://news.ycombinator.com/item?id=41597250 As in a hack that gave the attacker control over any user of this particular browser even if they only ever visited innocent websites, only needing to know their user ID.
This is whatās known in the biz as a company destroying level fuck-up. Iām not sure this is particularly sneerable or not but Iām just agog at how a company that calls themselves āThe Browser Companyā can get the basic browser security model so incredibly wrong.
from their Wikipedia page Iām starting to get why Iāve never previously heard of The Browser Companyās browser; itās about a year old, itās only for macOS, iOS, and Windows, and itās just a chromium fork with a Swift UI overtop and extremely boring features you can get with plugins on Firefox without risking getting your entire life compromised (til Mozilla decides thatās profitable, I suppose)
oh fuck off. so what makes something an operating system is:
Iām glad Iām not the only one who was āarc? whazzat?ā when this popped up in my feed. At first I thought it was Paul Grahamās wimpy Lisp.
a whisp if you will
Urbit, but somehow worse
Hm, I donāt really see the sneer. They wrote a nasty bug, got notified and had a patch out for it within 36h. The remediations look reasonable too: better privacy, less firebase, actual security audits; even the bounty program is probably the right call (but they result in so many shit reports, itās probably a wash).
I gotta admit Iām kind of partial to them and their browser? Itās the non-Brave one that ships with an Adblocker by default, has much nicer UI than the existing ones, and the sync thing isnāt half bad (if it doesnāt sync security badness to all your instances, ouch). Sure they sound like a cult but I guess thatās how browser dev gets funded since the 1990s.
OK I might have been a little too harsh, but the security requirements of a browser are higher than pretty much any other piece of software except perhaps for operating system code, emails, or text messages. As a serious player in the browser space it is not optional to get the basic security model / architecture right. This isnāt a matter of a bug slipping through (which can happen to anyone), but the system being designed wrong. Hopefully this company has learned their lesson, treats it with the care it deserves going forward, and bring some diversity to the browser market.
Anyway that said letās look at how this was a colossal bug:
Compare Firefox I have an extension that allows for arbitrary CSS injection, but this extension isnāt cloud based. So this class of vulnerability isnāt possible in the first place, and also it is an extension I opted into and can enable selectively on specific sites instead of globally.