Agree completely. Additionally, there is a massive Chromebook user base (with the default Chrome browser) that basically has a chokehold on the K12 education space. Conjecture: I think this gets students used to the model of Chrome + Google Docs that they carry forward to their computing use/experience for the future.
I would be surprised if Apple does what you suggested, but I do think it's an excellent suggestion, thank you. It just won't be a priority unless some sort of legislation forces their hand.
While it might be fashionable to hate on Google, the question "What did Google bring to my life" seems really odd. I can't believe I have to say this but search, and more importantly good/fast search, is to Google's credit. Typescript and VSCode all have, and will continue to have alternatives, but for a long time, Google was (some may argue it still is) the bleeding edge of search.
Anyway, there might be a generational thing at play here, if so, I meant no condescension.
I think I know why you are being downvoted, but I just wanted to chime in and say that I get exactly where you are coming from. On certain days, I cannot shake a similar thought from my mind as well.
Today though, I'd recommend skimming through uBlock Origin's Github readme: https://github.com/gorhill.
Note the "Free. Open source. For users by users. No donations sought." in the About section. Our industry reflects our collective condition: some good, some bad, and some in between. The oft used Mr. Rogers quote about "look for the helpers" seems particularly appropriate for uBlock Origin and its creator (and maintainers :)).
P.S. In case this comes across as a lecture, I assure you that this was just as much for myself as a reminder, as it was for the community here :).
Oh, I think I see the issue. If your post is anything to go by then people think I'm talking about tech or even just the web. That's understandable since both are frequently the target of my ire, however in this instance I am specifically talking about the advertising and marketing industry.
I think it's fair, considering the sky-high salaries at the top end of our industry are almost solely due to ad revenue. We'd all see significant downward pressure on wages without that—we're basically accountants by social status already, but losing ad revenue would put us in the same area pay-wise, too.
In case some of the community members are not fully aware of the background of the comment about mass murder: Modi was the Chief Minister of Gujarat when there were religious riots in 2002 [1]. Of course, him being a Hindu nationalist it's pretty obvious that many Muslims were persecuted/killed. Since then he's tried to clean his image internationally while systematically taking the world's largest democracy's democratic values to the brink. The Bush administration had denied him a diplomatic visa in 2005 [2] for his role in the riots. Finally, the UAPA [3] act that was referred to the parent post is a way to imprison activitsts/journalists/political opponents etc. A strategy long developed and honed by all sorts of autocrats.
He's tried to clean his image internationally to some extent, but it's obvious in India -- and to anyone who looks into the "riots" -- that he was behind a lot of it. Committing genocide is a big reason for why he was supported and got elected.
> The US backed Pakistan while it carried out the genocide of between 2.4-3 million hindus in Bangladesh in 1971.
The Western media only spews morality / secularism to portray themselves as morally superior (and especially when don't have anything to lose from their stance)
Thank you to the Firefox team, this seems like a really nice release. I am very happy about the "If you don’t have a master password set up for Firefox, Windows and macOS now requires a login to your operating system account before showing your saved passwords." change. It might seem like a small change, but it's one of those friction points (another password to remember!) that will lead to (hopefully) more people using the built-in password autofill. Thank you again!
Anyone with a security background or someone who has thought through this more: what are the implications of making the OS level authentication the default, and then only ask to make a master pwd if there are no OS level login pwds? Is one or the other more secure?
Personally, I don't like operating systems that train users to enter login credentials while using the system as this increases the chance of someone capturing those credentials via spoofing.
I used to think Firefox trying to protect the entered passwords made some sense, but I've been convinced it isn't really such a good idea. Better would be a full profile being protected (with all files encrypted), or just rely on an OS level lock screen for inactivity lockout.
I'm not sure if the current system actually prevents recovering the passwords. Do they require this authorization even to use a show password option on a website or the equivalent effect via bookmarklet-style javascript? I suspect they don't and it doesn't try to protect from intentional theft only casual viewing of passwords. This might still be valuable for some people, but it would be more valuable to fully protect the profile. I worry that people will think they are more protected than they actually are and that this effect will be increased by the use of system login credentials.
Also, IMO the list of sites that you have passwords for should be treated as just as sensitive as the passwords themselves. I think as is you can often see the sites with accounts, visit them, and have the current password autofilled into the old password field of the change password dialog.
The "generate password" option is great, even though personally I would make it 21 characters rather than 15 (there might be an option for that?). IMO, no one should ever choose a password.
If an adversary can get user access, they generally are able to also get root access (via social engineering or a local vulnerability). They'd also be able to read the memory of the web browser, or file contents. This is because on an average desktop, all the programs running as user have read/write access to each other.
On mobile OSes, capabilities are enabled by default. Even Symbian already had such. OpenBSD utilizes pledge to minimize impact.
Thanks for taking the time to pen a thoughtful response. I really appreciate the point about training users to enter login credentials, how it might be risky, and also that this could lead to a false sense of security.
That being said, I do think that these features will overall lead to better password hygiene for people who do not have access to the kinds of info we have (especially where FF warns about passwords shared across sites; that's a feature that iOS does fairly well; in KeyChain, they show a warning label next to a password shared between multiple sites).
P.S. The point about securing a list of sites that you have passwords for is fantastic as well.
This is a great feature. I always added passwords to the browser auto-fill without thinking, and was shocked to find out that these are viewable to anyone without any password by default.
I have used both Postico and Tableplus extensively, and if you are sure that you are going to be working with Postgres only, its the better, more Mac-like app.
However, both are a serious upgrade over PgAdmin :)
Thank you for a well reasoned and measured take on this situation. My parents (in their 60s and 70s, living in India) made mention of the callous attitude you refer to as well. Culturally and practically (because of population density social distancing will not be effective unless it is implemented strictly/forced upon people. Forced isolation/curfew is a hard thing for people with different cultural backgrounds to reconcile with, but is just about the only way to stem this tide in India.
