More

mcosta · 2024-09-09T08:36:31.000000Z

Zscaler is not chosen, it is imposed by the corporation

mcosta · 2024-08-28T07:18:05.000000Z

Then the trust is in your silicon. Not only the CPU. The network card, hard drive, memory controller, PCI bus...

mcosta · 2024-08-20T12:15:28.000000Z

The intended purpose for a "crypto app" is to scam its users. So it checks out.

mcosta · 2024-07-30T08:03:20.000000Z

Then what is Orca useful for?

pookha · 2024-07-30T14:11:44.000000Z

Maybe replacing containers...I had a better developer experience and a better overall quality of life when I deployed war files into a servelet container (tomcat). I wasn't patching operating system vulnerabilities across a jagged sea of micro service images or patching vendor supplied images either (literally had to do that with Kafka). I deployed a fucking war file. That's it. And I'd also imagine that a WASM module\app would have a much snappier start time without having to lug around the overhead of a container...And "Alpine Linux" can go ahead and kiss my ass (no offense).

mcosta · 2024-07-26T10:32:06.000000Z

Where is that contract and when did I signed it?

Doxin · 2024-07-26T11:09:16.000000Z

"The social contract" is a very well defined and explored concept[0]. It's not a literal contract. Being intentionally obtuse about word definitions isn't going to convince anyone of anything.

[0] https://en.wikipedia.org/wiki/Social_contract

account42 · 2024-07-26T12:27:42.000000Z

I'm sure if you commit a crime the Judge will also let you go if you point out that technically you never agreed to the laws of the country you live in.

mcosta · 2024-03-20T22:21:44.000000Z

Now is Active directory + Office 365 + Teams

mcosta · 2024-03-04T09:54:46.000000Z

Roman law vs Common law

mcosta · 2024-02-21T17:57:58.000000Z

HTTPS guarantee the source, not that meta is sending you the same code as everyone else. With this, an adversary at meta must compromise Meta and Cloudflare.

cookiengineer · 2024-02-21T21:23:02.000000Z

By that logic the extension from the very same vendor is automatically compromised, too.

If a website is compromised, no extension will fix this.

Only a rollback to a specific known-to-be-legit hash in IPFS.

And meta won't embrace IPFS, ever.

dboreham · 2024-02-22T01:20:22.000000Z

The idea is you install the extension ahead of time when you do trust the source.

cookiengineer · 2024-02-22T04:28:45.000000Z

What is the difference to resource integrity and certificate pinning which is already implemented among every single Browser via the HSTS policies?

Also, do you really think meta's products will have static assets for eternity from the point of installing an extension? Absurdly unlikely.

ametrau · 2024-02-21T18:52:20.000000Z

I think you would still have big problems if you had an adversary at meta. Bigger than this.

mcosta · 2024-02-12T11:52:45.000000Z

Once again the confusion between "HTML document" and "Web App" bites again. A NYT article does not needs client side state.

mcosta · 2024-02-07T13:15:51.000000Z

> It would be good to see checks on Google's dominance in schools, currently achieved via attractively priced hardware and free proprietary platforms built for this purpose.

Is this an excuse to use Windows on schools? I mean... if you use expensive hardware on closed and paid proprietary platforms, then that problem goes away.