Have you used VLC on MacOS tho? Full screen video looks very slick and is tough to differentiate from native quicktime other than having support for more codecs and features.
The non full screen UI is a little more crusty but still looks better than the windows version imo.
Browsers enforce that certificates are signed by two independent CT logs. The public keys of which is shipped by the browser. So a MITM would need to compromise a trusted CA and two CT logs to be able to pull off an attack undetected. Maybe not impossible but much more difficult than just a single CA compromise.
Nothing makes life harder on yourself than making your parents hate you. It is also extremely hard to do, no your parents disagreeing with you isn't a good reason to never see them again.
There is nuance to this. Being queer and living with a homophobic family means suppressing your personality in everyday life in myriad ways, way beyond "being gay". Moving out removes this tension entirely, well without any need to abandon one's family altogether.
It is surprisingly easy to do. You clearly come from stable families, but parents can hate their children for a lot of things: being different (everything from sexual orientation to not being social), being not like them, being exactly like them, not getting the grades they hoped for, not babysitting your 5 siblings because you had to go to school, not bringing in money, costing them too much money by existing, not being a doctor in a family of doctors....
More often, it's not the children who don't want to see their parents, its the other way around.
IDK if I'm misunderstanding, but it sounds like you think LGBT youth make their parents hate them by being LGBT? In my opinion it's the duty of the parents to foster a proper loving relation with their children.
> no your parents disagreeing with you isn't a good reason to never see them again.
Browsers are just mini OSs at this point. It’s probably best just to accept it. Honestly in some respects (security, isolation, resource management) they do a better job than the operating system they run on top of.
Even as a user I don’t there’s a good reason to love cert pinning. If you’re going up against adversaries that can compromise web pki they also probably have some other exploits up their sleeve to pwn you.
Cert pinning pretty much serves to protect companies from people reversing their protocols and little else imo.
As a westerner I can only speak for others a little bit, but this is a very western perspective. Even Kazakhstan has been caught doing sketchy stuff with their CA.
If it’s managed well, certificate pinning takes the web PKI out of the implicit trust envelope for your app.
From a pure security perspective, why trust someone you don’t have to trust? The web PKI CA bundle is great for cases where it’s hard to have a unique trust root for your application - like you’re running in a browser with no privileges - but if you’re distributing code then you’ve already solved that problem.
Managed well, it should be completely transparent to users as well. Managed poorly and it can be catastrophic (your app is dead until users upgrade it).
i agree, feels sort of like "we have a walled garden dont anybody else use it cuz our stuff is super secret and secure, trust us(tm)"; it's a layer of obscurity for their "security" - in reality its the app on a users pc that both has this "secrecy" as well a the "handshake" to open it
Write access to .bashrc is plenty to very sneakily get sudo access tho.
alias sudo='./.my-evil-sudo-binary'
And wait till the next time the user authenticates, they wont see anything amiss and you just silently delete the alias after you’ve got the sudo password.
Also even without root dumping .ssh and the browser’s cookie jar is probably plenty to achieve lateral movement and you don’t need root for that.
Hahahahaha. Yeah, sure cryptocurrency never comes crashing down. It certainly would never lose 60% of its value in 6 months. That would never happen. What a perfect store of value. /s
The math used in AES (Rijndael) utilize operations in GF(2^8) tho, so you're doing operations using Galois fields whether your utilizing GCM or CBC. I don't really see how adding the GCM mode utilizing GF(2^128) on top is significantly more difficult or error prone than implementing the AES block cipher itself. You should still be familiar with operations over Galois fields regardless if you've for some reason (foolishly imo) decided you want to implement AES cryptographic primitives on your own.
Regardless there's no good reason not to use a vetted open source implementation instead, preferably with an even higher level of abstraction so your not having to worry about ciphers or modes of operation at all[1].
The library used in this Javascript widget has AES already implemented, but not GCM mode.
> Regardless there's no good reason not to use a vetted open source implementation instead, preferably with an even higher level of abstraction so your not having to worry about ciphers or modes of operation at all[1].
I think that's generally the preferred solution, yes.
The non full screen UI is a little more crusty but still looks better than the windows version imo.
reply