This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.
Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.
Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.
@postmodern Wow, where do I start…
“does Firefox keep posting new advisories almost weekly or monthly” because this is their update schedule, and at such a large, continuously evolving codebase bugs are practically inevitable? Why are Linux or Windows (or Chrome, for that matter) pushing regular security updates? Why don’t they just write perfect software? Amateurs!
“Even Pwn2Own found a new 0day” - “Even” P2O, like y’know, a competition for world-class researchers? Oh btw. Chrome got pwned there too: https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-days-exploited-at-pwn2own-2024/
“we should be seeing less not more vulnerabilities” - CVE counting has always been a bad metric because of massive selection bias (among other factors): you only know about published CVE’s, CVE’s don’t have a 1-1 relationship with bugs, CVE’s may relate to 3rd party code (see libwebp), etc. Jericho wrote a lot about this for sure, look it up!
Again, Chrome may be objectively better in terms of security, but your reasoning seems really badly informed.
@postmodern @todd_a_jacobs From the top of my head (and skimming through the Attack&Defense blog ) FF definitely employs fuzzing[1], audits their code[2] and last time I checked you could even collect bounties by running ASAN-enabled nightly builds (bug enrichment+telemetry). Edit: here’s also something[3] about the FF sandbox.
There are certainly differences between Chrome, and I mostly agree with the general point you are trying to make, but without specifics this is just FUD. Also, having a beef about an org not porting an entire browser to Rust just tells me you don’t really grasp the complexity of such a task (neither do I btw).
[1] This is just one of many examples: https://blog.mozilla.org/attack-and-defense/2021/05/20/browser-fuzzing-at-mozilla/ See also: https://bugzilla.mozilla.org/buglist.cgi?quicksearch=fuzzer [2] How is this even a question? Example: https://blog.mozilla.org/attack-and-defense/2021/11/03/finding-and-fixing-dom-based-xss-with-static-analysis/ [3] https://www.youtube.com/watch?v=StQ_6juJlZY