Just like with "golang", "FStar" is the query if choice. But don't think you'll find much, if the documentation is in the same state as it was two years ago.
Tangent: Instagram managed to lock me out of their service for a week or so a couple of days ago. My browser was signed in into my account, but I have not used it for like a month.
Got logged out.
I log back in (using 2FA btw).
"Please give us your phone number so we can verify it's you"
I enter my phone number. I don't really get the point of this because they did not have my number before, so what are they actually verifying here? Anyway, I trust Facebook with my phone number lol.
I get a code, I enter it.
"Your account activity is suspicious and we will limit your account for a bit"
That was it. No redirect, no link to click, nothing.
So I go back to instagram[.]com and have to do the same thing again?
Well maybe my browser is on a block list now or sth. So I go to my phone (where I was signed in).
And the App is broken completely, looks like the session was invalidated.
I log out, log back in, do 2FA, enter the code again.
Same result.
I checked back in a couple of days ago and it seems like I have access again.
It is unfathomable how this can happen.
How can the front gate to your multi billion service just not work to the point where you DOS yourself?
Also this account has 0 images, and just a couple of followers, so there is literally nothing to protect.
In moments like these you really start to notice the missing communication channels to the big tech companies. Is there any other industry that has zero customer support?
Well an extension can also just send your session tokens home. In the end it's software running on your computer, but people unfortunately often times underestimate the power of add-ons (read the permissions screen folks!). Mozilla requires a manual code review before allowing add-ons into the store because of this afaik.
In my example there was direct user interaction (clicking a context menu) but the service worker (background script) has no API to interact with the clipboard at all.
I guess my point is not that it's an easy thing to fix, but the fact that it looks like nobody at Google has thought about this before forcing everybody to migrate is concerning.
My use case: A background script, sorry, Service Worker registers a Context Menu Entry. When the user clicks on it it fetches some stuff an copies a link to clipboard.
Using MV3 as it is this is not possible.
As someone in the thread said, it is not really feasible to try to find all ways that user interaction can trigger code that requires clipboard access. If that is the route Google want to go down it will take years of people reporting new ways the system does not work until it is usable imo.
I came across this because I wanted to port an addon over to MV3. It simply used navigator.clipboard.writeText(). That by itself only works as a reaction to a user interaction (so not in bg scripts), unless you declare the "writeClipboard" permission in the manifest.
I don't know if there is a readClipboard permission as well.
Most notable: "The pregnant woman does not incur the penalty specified in section 218 if the termination was performed by a physician after counselling (section 219) and no more than 22 weeks have elapsed since conception"
Tobacco ads are generally banned on Radio, TV, Print and the Web with some exceptions. Outdoor advertising is still very much allowed, Germany is the only EU country that allows this.
Btw manufacturers (not the merchants though) are still allowed to hand out free cigarettes.