Readit NewsMyself, I shower most days, but that's largely because I'm either in the gym or cycling most days. Sometimes, that means 2x showers, because I'll hit the gym in the AM and cycle in the PM.
The problem with Firefox currently is the organizational structure; the way that they need to monetize; the fact that you can't pay for Firefox development. The problem with forks is that they are all "Firefox plus this" or "Firefox without that".
On the set up: First, there are 3 major engines, and even if Gecko dies there will be two. Second, both users and developers want a more capable web. Don't blame browser vendors for giving it to them. The web is wildly successful because of its continued evolution, and if it stopped evolving, native mobile apps would have beaten the web back even more.
WASM could indeed make for a simple, yet powerful, web-like platform, and I hope to see this! But a lot of the new web capabilities would still need to be there. All of the I/O bits of the modern web: networking protocols, GPU, USB, MIDI, local storage, filesystem, etc. WASM doesn't make the need for that go away. Those things still need to be there as WASI services or similar.
And I hope that such a WASM-based browser would not throw out a markup document completely. Flutter did this and it just isn't the web anymore. Documents and links are critical to being able to build useful services on top of the web.
I want to keep the web web-like, not just have Flutter but WASM instead of Dart.
Careful what you wish for. WASM-rendered pages could spell the end of ad-blockers and other extensions that modify or read page content. You'll have only binary blobs being downloaded rendering something on a canvas surface.
eg. Was client software compromised? Did the multisig keyholders succumb to social engineering? Were the signers using airgapped machines / hardware devices?
https://blockworks.co/news/bybit-hack-raises-security-questi...
"Bybit ETH multisig cold wallet just made a transfer to our warm wallet about 1 hr ago. It appears that this specific transaction was musked, all the signers saw the musked UI which showed the correct address and the URL was from @safe . However the signing message was to change the smart contract logic of our ETH cold wallet. This resulted Hacker took control of the specific ETH cold wallet we signed and transfered all ETH in the cold wallet to this unidentified address."
[yes, it says 'musked', assuming they meant masked. @safe is https://safe.global/wallet]
Unfortunately most hardware wallets can't interpret EVM smart contract transactions and asks you to sign a big binary blob that is supposed to match what you see on your computer screen (it's literally called blind signing). He said in the tweet and later on a live stream that they verified that the URL was correct, and there were several signers in different locations on different machines.
Logically the UI must have been manipulated for all of them, which I can think of a few different ways to do:
- The signing link was replaced somehow over whatever medium they sent it to each other, pointing to something that either looks like the original UI (perhaps IDN homograph domain) or is the actual site if it has some weakness that allows script injection to manipulate the page
- The server side was exploited to serve a manipulated page
- Client side malware that injects something in the browser to manipulate the page
- Some kind of network/DNS attack combined with mis-issued TLS certificate (or injected CA)
It points to some level of sophistication and long-term observation of their internal systems to know what the process looks like and devising an attack.
Will be interesting to read when/if they release a full analysis.
My concern is if I jump on another startup and it doesn't go well, I will have even less chance to land a decent gig afterwards. Who knows what AI capabilities will be five years down the line?
I have some friends that work in government that could help me get a job there where you are basically unfireable and even get a pension, but the work is not very technically interesting. They all say it's soul-killing but stay for the stability and benefits.
Is a large tech company a better bet? I consider my self a very good developer but not sure if I can pass through all filters and the leetcode gauntlet either.
Deciding which road to go down is giving me more anxiety than ever before.