Less secure that HttpOnly cookies, which are not accessible by third-party JavaScript. LocalStorage also doesn't have automatic expiration.
Tradeoff is all the edge cases of cookies, CSRF etc. It's not a simple "cookies are better"
Readit Newszsims commented on OpenAUTH: Universal, standards-based auth provider openauth.js.org/... · Posted by u/jacobrussell
zsims commented on Limbo: A complete rewrite of SQLite in Rust turso.tech/blog/introduci... · Posted by u/avinassh
That was my take when LibSQL was announced. And it still is and would be my take if LibSQL remains C-coded. But a Rust-coded rewrite of SQLite3 or LibSQL is a different story.
The SQLite3 business model is that SQLite3 is open source but the best test suite for it is proprietary, and they don't accept contributions to any of either. This incentivizes anyone who needs support and/or new features in SQLite3 to join the SQLite Consortium. It's a great business model -- I love it. But there are many users who want more of a say than even being a consortium member would grant them, and they want to contribute. For those users only a fork would make sense. But a fork would never gain much traction given that test suite being proprietary, and the SQLite3 team being so awesome.
However, a memory-safe language re-implementation of SQLite3 is a very different story. The U.S. government wants everyone to abandon C/C++ -- how will they do this if they depend on SQLite3? Apart from that there's also just a general interest and need to use memory-safe languages.
That said, you're right that there are many other projects that call for a rewrite in Rust way before SQLite3. The thing is: if you have the need and the funding, why wouldn't you rewrite the things you need first? And if SQLite3 is the first thing you need rewritten, why not?
> The U.S. government wants everyone to abandon C/C++ -- how will they do this if they depend on SQLite3?
ABI, the same way you don't need the Linux kernel to be rewritten to remove your app dependency on C/C++
zsims commented on Google's AI weather prediction model is pretty darn good theverge.com/2024/12/7/24... · Posted by u/Garbage
zsims commented on CrowdStrike Update: Windows Bluescreen and Boot Loops old.reddit.com/r/crowdstr... · Posted by u/BLKNSLVR
In terms of analysing risk factors to minimise something like this happening again, what are the factors at play here?
A Crowdstrike update being able to blue-screen Windows Desktops and Servers.
Whilst Crowdstrike are going to cop a potentially existential-threatening amount of blame, an application shouldn't be able to do this kind of damage to an operating system. This makes me think that, maybe, Crowdstrike were unlucky enough to have accidentally discovered a bug that affects multiple versions of Windows (ie. it's a Windows bug, maybe more-so than it is a Crowdstrike bug).
There also seems to have been a ball-dropped in regards to auto-updating all the things. Yes, gotta keep your infrastructure up to date to prevent security incidents, but is this done in test environments before it's put into production?
Un-audited dependence on an increasingly long chain of third-parties.
All the answers are difficult, time consuming, and therefore expensive, and are only useful in times like now. And if everyone else is down, then there's safety in the crowd. Just point at "them too", and stay the path. This isn't a profitable differentiation. But it should be! (raised fists towards the sky).
> Whilst Crowdstrike are going to cop a potentially existential-threatening amount of blame, an application shouldn't be able to do this kind of damage to an operating system.
It doesn't operate in user space, they install a kernel driver.
zsims commented on FTC sues Adobe for hiding fees and inhibiting cancellations ftc.gov/news-events/news/... · Posted by u/ChrisArchitect
Adobe has let pretty much all of the Macromedia stuff fade out
Sure Apple is to blame partially for Flash, but even now they rarely add new features to "Animate". There are other applications out there that are doing more interesting things.
Dreamweaver has been outdone by visual studio code and sublimetext, granted it was really only good for ColdFusion.
Fireworks was left to die, oddly enough it could of been the next Sketch, although Figma probably would of beaten it eventually anyway
Freehand was killed to let Illustrator be dominant
Blame for Flash? Or celebrated for killing Flash?
Flash was a security nightmare
zsims commented on Encryption at Rest: Whose Threat Model Is It Anyway? scottarc.blog/2024/06/02/... · Posted by u/chillax
Encryption at rest is great if I forget my laptop on a bus. Reduces it to a VISA problem.
But who is stealing data off of servers by taking the server?
Maybe it saves you when you dispose of the disks? Maybe a home server in a break in?
This has always seemed obvious to me.
There are other paths to the attack he mentioned. Eg you find an API that accepts ciphertext or part of. Or a cloud backup/restore flow. Likely you need another vulnerability but it does happen.
zsims commented on Apple's M4 has reportedly adopted the ARMv9 architecture wccftech.com/apple-m4-ado... · Posted by u/rbanffy
>> Maybe someone should normalise giving developers crappy laptops to develop on.
Then the developers will complain the hardware is unusable to do their job even though that this was a supercomputer back in the day. Then you say "No, it's the software please fix it."
The problem is, it's not their software. No control over Slack, Outlook etc
zsims commented on A recent security incident involving Dropbox Sign sign.dropbox.com/blog/a-r... · Posted by u/JonoBB
zsims commented on Flightradar24's new GPS jamming map flightradar24.com/blog/gp... · Posted by u/mjs
Most of these GPS-jammed zones are, obviously, near areas of active conflicts (Ukraine, Myanmar, Isreal/Palestine, Kashmir, etc).
But what's going on in Western Australia? And South-west Texas?
Western Australia could be the ongoing emu war - https://en.wikipedia.org/wiki/Emu_War