They can still deduce it from the TLS SNI unless the web server you access supports TLS 1.3 Encrypted Client Hello. https://en.m.wikipedia.org/wiki/Server_Name_Indication

Seems to be hugged to death. https://archive.is/xixuj

perfect use case for the public suffix list (https://github.com/publicsuffix/list)

e.g. add *.ext.workplace.com

related discussion (2021): https://news.ycombinator.com/item?id=27459466

If anyone wondered GIL = Global Interpreter Lock

Might have been useful to establish a paper trail instead of calling them. Have a look at the great article by patio11 for ideas how to establish one: https://www.kalzumeus.com/2017/09/09/identity-theft-credit-r...

I would be very interested in that thing :-) Do you already have something you can share or a page where we can track your progress?

No, but you can subscribe to https://thehardway.guide and I'll let you know when it comes... in addition, you get a free book :)

“BCHS is a stable, developer-oriented platform. Get used to minimalism and security”

With all the memory-safety issues you can introduce by improperly using C, is this page meant to be taken sarcastically or are they really serious about this claim?

Kristaps is an OpenBSD developer. These guys are notorious for having five heads each - two remote holes in 30 years, OpenSSH, PF, etc.

That said, the actual secret is to write simpler code. (And maybe use pledge+unveil, if your OS has it.)

Zero network services with open ports by default (not even sshd) also helps for that number.

Yes, "simpler" often means "don't do things you don't have to". A laptop doesn't really need sshd, and OpenBSD makes for an OK laptop OS.

Why wouldn’t it be serious? C has been used to write safe, stable, & portable software for decades. Compiler warnings & static analysis tools have come a long way to preventing the vast majority of safety issues in (new) C projects.

They're serious. C doesn't have to be insecure.

It's just extraordinarily difficult to make it so, and to convince yourself that you've made it so.

Often easier to convince yourself you've made it secure than to actually do so. Which is part of the problem.

If Python is considered secure yet CPython is written in C, then, perhaps, it is not that difficult?

You might want to take a few dozen hours to dig through John Regehr’s work to understand the current state of the art of C programming.

Is there a particular entry point into his work that you would recommend?

This[1] is one possible start. Bear in mind though his approach is academic so don’t expect a tidy list of what the working C programmer needs to know.

[1] https://blog.regehr.org/archives/1520

Any of his articles covering undefined behavior.

His work on fuzzing and test case reduction is really interesting too.

I don't really see a connection here. Rust doesn't magically solve all problems, it just makes lot of them less likely, which means we can successfully build larger systems.

If that’s the case then @safety” isn’t binary it’s a gradient and debating C++ vs Rust is a matter of degree instead of a moral imperative.

You don't because you are not competent enough, nothing wrong with that

C has the same tools, they however do not run with the compiler, but accomplish the same goal

Both, are still not immune to incompetence, the user is often the issue, hence the link

No, because if there was the app could either brute-force your pin or lock you out by trying it too often :-) If there was a way this would be a pretty big vulnerability from Apple’s side. Even in the unlikely event that there is some private API, there is no chance you could pass an App Store review with that in your code

If you just like the mental separation but don‘t want Chrome, you could also create Firefox profiles with different themes. You can even tweak the browser icon, so I found that sufficient for mental separation

Yea, of course.. thank you for mentioning this, never considered..