"Buying grants to pollute" is literally how cap-and-trade systems work, and they've been extremely effective at reducing pollution. We don't hear about "acid rain" anymore because of cap-and-trade of sulfur dioxide.
But we don't really have cap-and-trade for carbon, so the next best thing is public pressure to be net-zero rather than literally zero.
I agree with the second sentence but I don't see how it implies the first. "Leave no trace" is a principle of outdoor recreation, not the fundamental meaning of life, and generating greenhouse gases is often necessary to produce goods and services people enjoy.
When you create an app in GitHub - you are required to create a private key so that you can sign requests on behalf of your app.
Sounds reasonable.
However... to create the private key, they require you to download the private key from them. Which means they have it. So ANY APP on GitHub can be impersonated by GitHub as they have the key material for every app... so what is the point?
Well, first of all, them giving you the key doesn't prove they kept it. From all I know, it is discarded, not stored.
But even if they do keep it, github owns their own platform. If they wanted to do shit with your app, they wouldn't need the key for that, they could just skip any security that required the key. At some point, you either trust github to securely host your stuff, or you don't.
In any case, keys are for protection from 3rd parties and an audit trail of who did what, neither of which are invalidated by github having access to their own platform.
Hmm, not sure - the entire point of this sort of thing is that nobody should ever have your private key material. Whether they say they discard it is immaterial, they have had it, so they could use it, and then as far as everyone is concerned, they are you.
Because the key is sent via the web, anyone in the way can see it. In lots of companies, trusts are manipulated so that the content is visible to intermediate proxies.
With a private key that has been given to you by somebody else, it is possible to repudiate any transaction that was made with the key. Its not so much as they could skip any security - its that if they have the key, they don't have to.
keys are protection from anyone, and an audit trail isn't useful when its possible to forge/repudiate literally anything.
imagine if your card pin was also written down in the card factory - you'd be suspicious that anyone can withdraw money from your account - and the bank would say 'ah but only you know it'. In fact this did happen - the bank was only issuing 3 different pin numbers.
>Well, first of all, them giving you the key doesn't prove they kept it. From all I know, it is discarded, not stored.
Intelligence community has a maxim: evaluate adversaries on capabilities, not feelings. If you get the key from GitHub, they have the capability to escrow it. This violates the security model. End of story. Trust is a feeling, not an objective guarantee.
>But even if they do keep it, github owns their own platform. If they wanted to do shit with your app, they wouldn't need the key for that, they could just skip any security that required the key. At some point, you either trust github to securely host your stuff, or you don't.
Your "trusting" in this instance has no bearing on the security of the system. It is insecure by definition. The "Trust" you are speaking of is the same "Trust" the finance bros seek to cultivate at all costs. Which is the subjective freedom from aversion of making one's resources available to them to capitalize on.
>In any case, keys are for protection from 3rd parties and an audit trail of who did what, neither of which are invalidated by github having access to their own platform.
It is invalidated. All GitHub needs is a public key. The one and only reason to have the private key, is to be able to sign in the author's stead, which pops open the Pandora's box of malicious shadow modification; especially if all infra to do so is also hosted by GitHub as well. The private key is forbidden knowledge. The mere fact of having it taints the ultimate intentionality of the system. If it were truly meant for security, GH would never ever see the private side of that keypair.
It is very cool! I'd go as far to say it's a great browser in fact. I simply want it to exist and be such in perpetuity and lead by example like it has in the past. I see it as a follower instead of a leader these days, largely to Google, but also Safari and to some degree Edge (by simply stealing the blink renderer)
The Mozilla org continues to produce a very capable browser, but it's now 3rd or fourth fiddle on a stage their misteps helped orchestrate in their demotion.
What are the other competing browsers? There's chrome(and the derivatives), safari, firefox? safari exists only because of ios lockin. Aren't most other browsers an increasingly smaller share? Genuine question.
It's a problem. I use Firefox as my daily driver -- it used to be I ran into incompatible sites once a month or less except for YouTube which intermittently punishes users for browsing with Firefox. Now I have a serious problem every week like an online vendor or bank or something that doesn't work with Firefox.
Firefox is a little slow for an internal application we have that loads 40,000 rows of data into a grid but otherwise all our stuff works with it because I develop Firefox first and I think a few of us are all that really stands between Firefox and oblivion and probably are doing more work than a lot of the people they have on the payroll.
If you have specific sites that aren't working, please let us know and we can investigate and try to fix them.
The usual reporting channels are using https://webcompat.com or the "Report Broken Site" tool in the Firefox menu. Of course I"m also happy to take bug reports here if you (or anyone else) have them.
One difference I've seen with FF vs Chrome is when finding the events to bind to each element. In FF, the event tag on the element is clickable and gives you the name and the line number in the JS file. It makes finding the code very easy. I have not seen that in Chrome. I rarely use Chrome, so this one thing leads me to saying FF's DevTools are better, at least for me and how I use them.
In contrast, the Multi-Account Containers system is the primary reason I avoid Firefox.
While it is meant to be an alternative to Chrome's profile switching, it is more a workaround than a complete replacement. I need entirely different sets of extensions for personal, work, and school environments, something containers can't do.
Firefox's actual profile support is beyond terrible. To launch a separate instance, Firefox requires many more clicks than Chrome, all within a Windows-2000-style UI. Not to mention that there are weird glitches in their implementation.
Firefox is not usable for me until they actually spend time improving their multiple profile support.
Myself the profile support is the absolute worst thing about Chrome. I just want to log into some web site, I don't want to fight with the profiles to get things done.
For those few applications where I really would need profiles I will just open a different browser, so I still keep Edge/Chrome/Opera around for that rare situation. I don't need something that complicates my life every single click but it is the whole ideology of the Google Economy that they want you to spend 1% of attention on things that matter to you and 99% on things that don't.
1. The inability to set a specific page for new tabs to open on. That is ridiculous.
2. The mobile version sucks, specifically because bookmarks are buried under an absurd number of menu levels. And they're also broken up (without user approval or any way to stop it) into "mobile" and "desktop" bookmarks. WHY? The entire point of syncing is to have them all the same.
I want to like Firefox. I went back to Firefox for the first time in decades last year and gave it up after a couple months because #2 was that annoying. So brain-dead.
Oh yeah, and another one was that "never remember history" does, in fact, remember history. What Firefox really does is "stop adding to history." And the bug report on it resulted in several YEARS of debate over how to "fix" it. The latest I saw is that they're actually NOT going to fix it, but rather add more text (somewhere) to say basically, "This doesn't do what you think it's going to do."
If fixing a defect like that requires years of committee back-and-forth, the product is finished.
> The inability to set a specific page for new tabs to open on. That is ridiculous.
I've been using the "New Tab Override" extension for almost a decade at this point. Sure, it would probably make sense to have as a baseline feature, but I installed it so long ago and it's continued working the whole time that it's not really something I think about anymore.
Spec driven ddevelopment.. ahh yes, because the formal methods era of computer programming was so quick and successful!
Let me find my:
Requirements Specification
Requirements Analysis
...
The circle will turn once again when people re-realise that by tue time you've written what should happen in enough detail, you've written the software, and English isn't that great at avoiding ambiguity.
https://rnli.org/safety/know-the-risks/cold-water-shock
reply