Just kidding. To me the biggest mistake was the standards' slowness in the early 2010s to provide badly needed new functionality such as a proper replacement for table layout, vertical alignment, etc. The cult of knowing specific tricks to get things working properly carried on for too long and made a lot of people annoyed at the semantic web (rip).
Pix has really spurred up small local businesses. It's so much easier to buy digitally from local stores now, or even just a person starting up a business because it required no setup, no fees or anything.
If I need to buy a gift for someone from a store at the mall, for example, I just text them, they send me pictures with the options, I pay instantly via pix and they send the product through local delivery. The whole thing takes 5 minutes of my time and the purchase shows up on my door in 30 minutes.
I saved on time, gas and parking, and meanwhile the store made a sale through a local employee instead of me buying online from their national franchise for example (if it's a franchise of course). Win win for everyone.
Yeah it still needs a malicious person to run the attack of course, but it's a different attack vector. Phishing consists of making the user believe they are in a different website than they are at.
Most of the time, that requires a convincingly-looking URL to redirect from website A to the phishing page. (e.g. micr0softlogin.com)
This attack doesn't require that, it all stays in the website A which they user may find legitimate. (or it could be a legitimate one that has been compromised)
Another aspect of this is that PWAs have a helpful anti-phishing feature which actually displays a URL bar when you navigate to a different domain. Which is entirely twisted by this because by staying in website A that's exactly when the URL bar will be hidden, letting the attacker to place a fake one there.
But agreed that there are only imperfect solutions to this sort of thing.
Nope, it's much more insidious than that. The user is already on your website, which could be a legitimate website with a malicious owner.
If you look at the screenshot, it's a perfectly valid interpretation for a non tech-savvy user to interpret that as "realhealthysnacks is asking me to install a legitimate Microsoft application".
Now change the simplified example for a real one from a SaaS product login page with several "Login with ..." buttons, and one of them triggers this.
The point about the newer Bialettis being cheaper is absolutely true. My mother has an old (>10 years) Moka that feels heavy and sturdy. A couple of years ago, after accidentally leaving it on the stove for too long, the bottom chamber and the filter basket got a permanent burnt coffee taste, and we bought a new one to replace it. That one was lighter and came with a significant thinner filter basket, which I also attributed to either being counterfeit or just they shipping cheaper versions of the product to Brazil.
Then, a couple of months ago, I was on vacation in Italy and decided to get a brand new one as a gift, directly from an official Bialetti store. To my surprise, the Mokas in the store felt exactly like the lower-quality one we had bought in Brazil. I didn't even buy the gift.
Has Nintendo ever talked about how they do software development? Can we all drop the thousands of books that have been written about software engineering in general and just figure out what they do?
Game aside, the reviews have been pointing out how the game performs well (after day 1 patch) and is not pestered with bugs, which is an impressive feat for such an open world game where most things are able to interact with everything else.
What I really like about Wordle is that the very reason that all of these fun and interesting math analysis are being done on it is due to the entire corpus being easily accessible there in the code. It's not something kept away server-side. It's so easy to cheat on it that there's no point in doing so.
In addition, if it was an ad-filled, high growth commercial venture, this approach would likely never have been chosen. (Not to mention the entire game mechanics of one word per day, instead of trying to show you a stream of ads every minute or so after each word you would have played).
I guess what I wanted to say is: thanks, open web!
A long time ago in Internet time, Justin Frankel (creator of Winamp) created a tool for live music collaboration that approached this problem in a very different way. Basically what it does is that it _adds_ delay for everyone in a way that synchronizes the musical measures, such that you play a measure while listening to everyone else's previous measure.
I never tried it because I'm not a musician (just a longtime fan of Justin and Winamp), but I always found the concept very interesting. Apparently it is still alive: https://www.cockos.com/ninjam/
The thing that boggles my mind is that the only affected users are:
(a) - Firefox users &&
(b) - who downloaded their messaging history on a buried menu option in the account page &&
(c) - in the last 7 days prior to disclosure &&
(d) - who did this on a computer where someone else has access
The number of affected people is presumably very small, and the only metric that twitter can't know here is (d). How on earth does it make sense to alert every Firefox user with a scary wall of text? Don't they have logs to cross-reference (a), (b) and (c) and e-mail these users?
I'd believe that if there's only one API endpoint that would be crucial to log to protect against major leaks, it would be this one to download all your history at once...
Just kidding. To me the biggest mistake was the standards' slowness in the early 2010s to provide badly needed new functionality such as a proper replacement for table layout, vertical alignment, etc. The cult of knowing specific tricks to get things working properly carried on for too long and made a lot of people annoyed at the semantic web (rip).