1. 16

    To quote https://news.ycombinator.com/item?id=18697824, “one of the reasons we decided to end EdgeHTML was because Google kept making changes to its sites that broke other browsers, and we couldn’t keep up”.

    It’s not paranoia if they’re really out to get you.

    1. 16

      Nothing in this story is about technically breaking IE6 users, and one of the recommended alternatives was IE8. I don’t think it’s very relevant to that discussion.

      1. 5

        This is literally about a conspiracy to kill IE6. I think it is relevant, because it is a proof (a very good one) that such conspiracy existed, which makes existence of conspiracy to kill Firefox more likely.

        1. 11

          An engineer-level conspiracy to get people to upgrade IE6 to IE8 that did not have leadership buy-in, because they felt they couldn’t fail such a large user base. It might indeed be relevant, come to think about it.

          1. 2

            A conspiracy to kill support for a certain version of a program is not the same thing as a conspiracy to kill the software itself. The former type of conspiracies is quite common in software. If that’s the kind of line of argumentation you’re okay with using, then I guess you should agree that firefox conspired to kill the extensions it supported before firefox quantum. Please reconsider your argumentation. A lot of us are scared of the power Google has over the internet, though framing it from a conspiracy theorist’s point of view puts a bad light on the rest of us that are arguing for a less monopolized internet based on facts and not on fallacies.

      1. 5

        Custom storage format? CLA?

        No thanks.

        1. 3

          Not all CLAs are created equal. If you want to offer GPL+Commercial you have to require a CLA, otherwise you have no right to grant a commercial license. But there is no need to require a copyright transfer or to take away any rights or ownership from the original author.

          For example, I do not really understand individual authors that object to the Google CLA, but not to contributing to a MIT licensed project under the GitHub ToS.

          1. 2

            grant a commercial license

            Since the GPL doesn’t prohibit commercial activity, there should be no need to “grant a commercial license”.

            1. 2

              Please read that as “grant a more permissive license on commercial terms”, which is what the README is saying.

          2. -3

            I wonder if the CLA is “the bigger companies are doing it”. That said, a possibly valid reason to require such a document is to make all code being to the project, requiring the original author to give up those rights. I believe the MPL-2.0 is both freer than the GPL and solves this.

          1. 12

            As it’s very directly relevant, plugging my mkcert project, a CLI tool that manages and installs the CA for you.

            https://mkcert.dev

            https://lobste.rs/s/yygbfz/mkcert_valid_https_certificates_for

            1. 1

              I came to the comments to suggest mkcert. It is surprisingly easy to set up and nicely replaced half a dozen scripts I cobbled together years ago.

            1. 2

              I was reading the Elligator paper last night, and it really does look like magic. Lots of algebraic manipulation without much conceptual motivation describing how it was derived.

              1. 10

                Curve25519 and Poly1305 are even worse. The bit clamping masks are presented as foregone conclusions, with no explanation of why they are as they are. I’ve watched a team of outstanding cryptographers spend days reverse engineering what exactly clamping accomplishes in Curve25519. At the end, they came up with something better, Ristretto! Now you have to wonder how quicker that improvement could have come if only Curve25519 was documented.

                1. 1

                  Sadly, people learned two different lessons from “you are not expected to understand this.”

              1. 65

                This is terrible general security advice, as well as a failure in threat modeling.

                The point of the (very usable!) built-in password manager is to fight phishing and password reuse, which are each orders of magnitude bigger problems than endpoint compromise, which is the attacker position this article relies on. That alone makes this dangerous advice.

                But even if you are somehow focusing on endpoint compromise, on desktop systems the malware can just wait for you to type the password manager master passphrase, and exfiltrate the entire vault. Not 12 lines of code, but maybe 120. In fact, there’s a better argument for calling the latter approach “security by obscurity”; I wouldn’t call using SQLite an attempt at obscurity at all.

                In practice, the passwords that matter are the system FDE one for encryption at rest (which protects the browser passwords as well as the rest), and the sync password to protect the contents from the cloud provider, which the browsers correctly implement.

                The only thing requiring a master password to be typed to unlock the vault locally would do for most users is degrade UX, reducing adoption, and provide a false sense of security (because again if the endpoint is compromised, it will fall to keyloggers or memory inspection).

                1. 11

                  Its annoying how so much of this “security advice” is about stuff where you have already been compromised and there are already 100 other ways to get the data or its about such insane things like “Out of office emails are a security risk” because someone might send you and email and then know they can launch an attack while you are on holiday..

                  1. 1

                    In practice, the passwords that matter are the system FDE one for encryption at rest (which protects the browser passwords as well as the rest), and the sync password to protect the contents from the cloud provider, which the browsers correctly implement.

                    Firefox doesn’t implement the second properly: passwords are encrypted using a key which is a simple function of the password (which means that Mozilla can attempt to crack them, and will be successful for simple password like ‘open sesame.’

                    Worse, they don’t even have to do that: they sometimes prompt for Firefox passwords on web pages, which means that they can just steal your plaintext password there.

                    Sadly, Firefox used to have a password storage system which really was secure against Mozilla being malicious.

                    I think that Chrome is very slightly better here, because the password-encryption password is never shared with Google.

                    I completely agree with everything else you write, though.

                    1. 5

                      +1. Everyone else seems to love GnuCash.

                      1. 4

                        I recently switched from GnuCash, which did work but felt unpolished and unreliable in edge cases, to Beancount, and why did I not do that sooner. I feel at home in my editor with autocomplete, regex search, bean-check for linting, bean-format for formatting and git for tracking (!!). Refactoring is as easy as with code, while it was the most manual and painful thing in GnuCash. Python plugins are a breeze and I already made a few while I never surpassed the inertia of automating GnuCash. The web UI makes reports more intuitive than anything in GnuCash, and there’s an SQL language for custom stuff. And finally, I can assert more things I care about and leave flexible more things I don’t. Try Beancount (or any other ledger port I suppose, but yay Python plugins).

                      2. 2

                        why not use sqlite or something?

                        1. 3

                          Because plain text is much simpler than SQL. You can just open up the file in $EDITOR and start editing, instead of having to run SQL over it to modify.

                          1. 1

                            But then if you want to do even the simplest things like sum by month you need to write a text parser first. I get that awk and stuff lets you do things with “tricks” but sqlite would let you do it without worrying about whitespace.

                            I can understand text-based input, but if you’re trying to track the flow of money by sources in a “real” way it seems pretty logical to use relations

                            EDIT: this isn’t necessarly pro-SQL, but it is pro-“structured data instead of worrying about escape characters in the format you defined”

                            Plain text is nice when you have an underspecified format but if you want to actually operate on it, it’s kinda gnarly

                            1. 5

                              EDIT: this isn’t necessarly pro-SQL, but it is pro-“structured data instead of worrying about escape characters in the format you defined”

                              Actually the data is very tightly structured. Here’s what Beancount allows. Any deviations are reported as errors.

                              But then if you want to do even the simplest things like sum by month you need to write a text parser first.

                              Generally the tool you’re using takes care of it. I’m using Beancount+Fava and it shows me pretty much every single metric that’s interesting out of the box. For everything else, it allows me to query the “database” using a SQL-like interface.

                              If you’re interested, I wrote a blog post on exactly this topic last week which could be relevant.

                      1. 1

                        There is no way in heck that linus will merge some DIY home rolled crypto code into the kernel

                        1. 11

                          It seems like you may not recognize the author. I would typically agree with you on first glance, but given who it is and what it is I wouldn’t be surprised if it got merged.

                          1. 8

                            That’s a good point but missing key detail. I’ll add author did WireGuard which has had good results in both formal verification and code review.

                          2. 7

                            Where else is kernel crypto code rolled?

                              1. 2

                                High praise from linus!

                              2. 2

                                Why not? How would Linus even know if some crypto code was DIY nonsense?

                                (The subtext of these commits from Jason is that the existing kernel crypto APIs are not particularly good, IMO.)

                              1. 3

                                While OP does not make it clear anywhere, it only applies to searching in settings.

                                Background: https://code.visualstudio.com/blogs/2018/04/25/bing-settings-search

                                Disable with "workbench.settings.enableNaturalLanguageSearch": false.

                                1. 0

                                  While OP does not make it clear anywhere, it only applies to searching in settings.

                                  Maybe. Maybe not. How do you know for sure, have you checked? And if you have, how do you know it will always be that way?

                                  Personally I see no reason to trust this company at their word about anything given their long history of ignoring user’s privacy, and ignoring privacy settings, and immediately closing privacy related issues.

                                1. 2

                                  Definitely not applicable to all use cases, but I realized at some point that I didn’t actually need a web UI for my personal git repositories, and have been much happier since I stopped trying to deploy them in favor of simply using ssh:// remotes.

                                  1. 1

                                    That’s true but it doesn’t make your code very accessible to outsiders and that seems to go against the spirit of free, open source code. True, it is possible to find the code still, but it makes it harder for someone to find.

                                  1. 6

                                    The word secure is somewhat meaningless without enough context. Also, HTTPS doesn’t immediately translate to secure and adding “not secure” to the url bar doesn’t achieve much either. AFAIR chrome still mistreats the “target = _blank” property…

                                    1. 15

                                      This is a common argument that I never understood the utility of. HTTPS is table stakes of online security, as there’s no security to be had if anyone on the network path can modify the origin contents.

                                      There’s plenty of actual research and roadmaps on indicators like Not Secure, and the eventual goal is indeed to mark the insecure option Not Secure instead of marking HTTPS as Secure. The web is a complex slow moving beast, but this is exactly a step in that direction!

                                      Anyway, if there’s one thing experience showed us is that trying to convey “context” on the security status of a TLS connection to users is a losing proposition.

                                      1. 4

                                        There’s plenty of actual research and roadmaps on indicators like Not Secure, and the eventual goal is indeed to mark the insecure option Not Secure instead of marking HTTPS as Secure. The web is a complex slow moving beast, but this is exactly a step in that direction!

                                        Not that I don’t believe you, but mind pointing me at this research?

                                        Anyway, if there’s one thing experience showed us is that trying to convey “context” on the security status of a TLS connection to users is a losing proposition.

                                        This is exactly my concern, it seems that sprinkling “security” hints to non-technical users usually leads to them making the wrong assumptions.

                                        1. 1

                                          I am focusing on a specific point in your post

                                          there’s no security to be had if anyone on the network path can modify the origin contents.

                                          This can be addressed by adding signatures rather than encrypting the whole page. There are useful applications such as page caching especially in low bandwidth situations which are defeated by encryption everywhere.

                                      1. 1

                                        After working in the space for a while, George Tankersley and I put together a list of projects that would use (even a little) money well towards Internet freedom and infrastructure.

                                        It comes with direct links, proportions and explanations: https://donating.tech

                                        1. 22

                                          Sigh, no please. Crypto means cryptography, not Internet money.

                                          1. 6

                                            If you use crypto implementations in the standard library you are pretty much back to square one, as they copy key material. https://github.com/golang/go/issues/21865

                                            1. 5

                                              I share the longing for simpler (and more secure) access to simple text. Javascript off, a good content blocker, and HTTPS Everywhere in block mode helped, but I always wanted the option to just pass some domains through an Instapaper or Readability-like service. This seems to be an attempt at doing that!

                                              However, the TLS security cost is just too high. The Go stack is good, but it’s a different beast from a browser one. No revocation, no CT, no HSTS, no HPKP, right off the top of my head. This is probably doable in an extension though, and there would be no such issue.

                                              1. 1

                                                Depends. If you’re using chrome, there’s no revocation. HSTS still works, it passes right through. HPKP is dead, though. But the interception is configurable, so you don’t have to push all traffic through it.

                                                Or do what I do. Use a different browser (nonproxy) for important sites.

                                              1. 2

                                                GODEBUG=netdns=go should be enough as a mitigation for Go binaries: https://golang.org/pkg/net/#hdr-Name_Resolution

                                                1. 1

                                                  Unless you actually need to use the system resolver, presumably.

                                                1. 2

                                                  Here’s the Go API:

                                                  // Plaintext to be encrypted
                                                  pt := []byte("Hello, world!")
                                                  
                                                  // Nonce to encrypt it under
                                                  n := miscreant.GenerateNonce(c)
                                                  
                                                  // Associated data to authenticate along with the message
                                                  // (or nil if we don't care)
                                                  ad := nil
                                                  
                                                  // Create a destination buffer to hold the ciphertext. We need it to be the
                                                  // length of the plaintext plus `c.Overhead()` to hold the IV/tag
                                                  ct := make([]byte, len(pt) + c.Overhead())
                                                  
                                                  // Perform encryption by calling 'Seal'. The encrypted ciphertext will be
                                                  // written into the `ct` buffer
                                                  c.Seal(ct, n, pt, ad)
                                                  

                                                  That… still seems too complicated, I guess? I wouldn’t expect to have to compute the overhead myself, or wonder what the “associated data” is or should be.

                                                  1. 2

                                                    If you don’t compute the overhead you can’t provide the output slice and the function would have to allocate. Additional data can just be nil. Also, this matches cipher.AEAD.

                                                  1. 11

                                                    I think I’ll pass. I kind of like the ability to edit binaries when I feel like it. (Regardless of the legal status of enforcement of such measures.)

                                                    1. 7

                                                      You probably know, but this EULA only applies to their binaries you download from caddyserver.com. So you can totally pass on the build server at caddyserver.com, pretend it didn’t exist (like it doesn’t for 99% of open source projects), and carry on using Caddy, building your binaries, modifying them, and anything you like.

                                                      1. 12

                                                        I don’t know, man… Technically the EULA forbids trying to discover the source code, so once you download the binary version, you’re not allowed to go back and download the source. Maybe that’s not what they meant, but I think they should have picked their words with more care.

                                                        3.1 You SHALL NOT, and shall not allow any third party, to: (a) decompile, disassemble, or otherwise reverse engineer the Software or attempt to reconstruct or discover any source code, underlying ideas, algorithms, file formats or programming interfaces of the Software by any means whatsoever (except and only to the extent that applicable law prohibits or restricts reverse engineering restrictions);

                                                        1. 6

                                                          I’m so sure that’s not what they meant that I’ll ping them your comment. :)

                                                          (And I’ll eat my hat if it’s ever enforced or attempted to, but I see that’s not the point for you.)

                                                          1. 11

                                                            (This sounds like I’m really angry, but I’m not. Just kinda annoyed.)

                                                            Seems like only yesterday Equifax was caught trying to trick users into agreeing to arbitration. Of course, their excuse was that it was only boiler plate and never meant to be enforced, yada yada. Maybe people should read their shitty contract language before asking people to agree to it. Wouldn’t that be nice?

                                                            What does the EULA even accomplish? Anybody willing to pay $50/month for a web server isn’t going to be futzing around with IDA trying to edit the binary. The free crowd is going to build from source. “Please don’t remove the banner without paying.” would be just as effective, and far less dickish.

                                                            It’s like a pawn shop with giant iron bars and a revolving mantrap front door. It signals to me that their clients are generally murderous thieving rats, so maybe I’ll just move along.

                                                            1. 4

                                                              They explicitly say that if you don’t like the header, you should compile it yourself.

                                                              Well, we think our sponsors are pretty awesome. But we’re huge proponents of preserving and expanding individual freedom. If you object to any of our sponsors being named in an invisible response header on your personal website, you may freely compile Caddy from source without that header.

                                                              The whole point of the sponsors header is to cover their free build service. If you don’t use that, you don’t need the header.

                                                              1. 2

                                                                Contract law can be complicated. I can put a table out on the sidewalk and give away free tacos, but if I get you to sign a contract that says “I will not eat Ted’s tacos” then you can’t have any tacos, even though there’s a sign that says “free tacos” right there on the table.

                                                    1. 8

                                                      You can just use target-cpu=native if you don’t want to figure out or hardcode your architecture.

                                                      1. 1

                                                        This is interesting! Anyone know if Go has any way to do something similar?

                                                        1. 0

                                                          https://dave.cheney.net/2013/10/12/how-to-use-conditional-compilation-with-the-go-build-tool

                                                          Through build tags. The standard library uses that a lot for system calls; I’m sure there’s optimizations for architectures somewhere in there as well

                                                          1. 5

                                                            Not really. All architecture optimizations in Go (except the ones controlled by GOARM) are activated at runtime. The idea is that binaries should run everywhere. Also, the compiler does not do auto-vectorization like LLVM.

                                                            1. 2

                                                              To expand on this, go binaries can contain instructions that the current architecture does not support (like say AES acceleration). Support for those instructions is detected at runtime using CPUID. https://golang.org/src/crypto/internal/cipherhw/asm_amd64.s

                                                              Works out reasonably well for core stdlib stuff that has been optimized like crazy like byte searching. Unfortunately it doesn’t really solve the problem of making arbitrary go source code leverage cpu features.

                                                        1. 10

                                                          For the same observation but accompanied by investigation instead of ranting, watch George Tankersley’s GopherCon 2017 lightning talk: https://www.youtube.com/watch?v=7y2LhWm04FU&list=PL2ntRZ1ySWBfhRZj3BDOrKdHzoafHsKHU&index=11

                                                          1. 4

                                                            To be fair, the article on lemire.me did not seem like ranting. And I’m a plush-gopher-on-my-desk fan of Go :-)