• 0 Posts
  • 7 Comments
Joined 2 years ago
cake
Cake day: June 19th, 2023

help-circle


  • Of course there are unreleased 0-days, but you can’t do anything about it. Most of them are even kept secret by companies that sell spy software. However, public 0-days are way more dangerous because they are being exploited actively.

    Using a different browser until a particular issue is fixed when you are e.g. a journalist still helps with getting hacked.


  • The difference is: Microsoft never forced, they just nudged users very aggressively. They got into trouble for that multiple times and needed to adjust their practices (but keep trying). For some reason, nothing ever happened to Apple (yet). In my opinion, tech media is way too lenient on this as well.

    This is not just bad because of privacy, Safari has been slowing down progress on many web apis for years. Other browser implementations would also probably be faster and/or drain less battery. I could probably come up with even more reasons.


  • Actually it does, because you have options if a 0-day surfaces. Your logic only works if there happen to be multiple 0-days released at the same time on all major browsers which affect all recent versions for each browser (because on iOS, you can’t even downgrade to a previous version that could be unaffected). That will probably never happen.



  • My AOP Professor once said that today, we build software like medival smiths built swords: The customer would describe how he would want his sword to look and feel like, and the smith crafted each and every one individually. This led to very unique and well fit, but also very expensive products.

    He said that we should aim to build software products like the industrialization revolutionalised manufacturing: Assembling many modular parts into something, instead of hand crafting everything. In his opinion, this will lead to faster and cheaper development.