HackerTrans
TopNewTrendsCommentsPastAskShowJobs

fosefx

no profile record

Submissions

So you want to receive WhatsApp messages?

blog.bmn.dev
2 points·by fosefx·2 ปีที่แล้ว·0 comments

Ship Abandonment

en.wikipedia.org
1 points·by fosefx·3 ปีที่แล้ว·0 comments

Cannot read clipboard from service worker in a MV3 chrome extension (2020)

bugs.chromium.org
65 points·by fosefx·4 ปีที่แล้ว·51 comments

comments

fosefx
·2 ปีที่แล้ว·discuss
Just like with "golang", "FStar" is the query if choice. But don't think you'll find much, if the documentation is in the same state as it was two years ago.
fosefx
·2 ปีที่แล้ว·discuss
Aside: What makes Gitlab "AI-powered"?
fosefx
·2 ปีที่แล้ว·discuss
They were replaced by AI
fosefx
·4 ปีที่แล้ว·discuss
Tangent: Instagram managed to lock me out of their service for a week or so a couple of days ago. My browser was signed in into my account, but I have not used it for like a month.

Got logged out. I log back in (using 2FA btw). "Please give us your phone number so we can verify it's you" I enter my phone number. I don't really get the point of this because they did not have my number before, so what are they actually verifying here? Anyway, I trust Facebook with my phone number lol. I get a code, I enter it. "Your account activity is suspicious and we will limit your account for a bit" That was it. No redirect, no link to click, nothing. So I go back to instagram[.]com and have to do the same thing again?

Well maybe my browser is on a block list now or sth. So I go to my phone (where I was signed in). And the App is broken completely, looks like the session was invalidated.

I log out, log back in, do 2FA, enter the code again. Same result.

I checked back in a couple of days ago and it seems like I have access again.

It is unfathomable how this can happen. How can the front gate to your multi billion service just not work to the point where you DOS yourself?

Also this account has 0 images, and just a couple of followers, so there is literally nothing to protect.

In moments like these you really start to notice the missing communication channels to the big tech companies. Is there any other industry that has zero customer support?
fosefx
·4 ปีที่แล้ว·discuss
Can not recommend the podcast series "Rabbit Hole" (2020) from the NYT enough.

https://www.nytimes.com/2020/04/22/podcasts/rabbit-hole-prol...
fosefx
·4 ปีที่แล้ว·discuss
Why?
fosefx
·4 ปีที่แล้ว·discuss
What is cheaper? Investing into proper security for years and years without seeing anything or paying fines to regulators once you got breached?

My guess it's the latter :/
fosefx
·4 ปีที่แล้ว·discuss
Cool. Now build bus stops, so I don't need one.
fosefx
·4 ปีที่แล้ว·discuss
Well an extension can also just send your session tokens home. In the end it's software running on your computer, but people unfortunately often times underestimate the power of add-ons (read the permissions screen folks!). Mozilla requires a manual code review before allowing add-ons into the store because of this afaik.

In my example there was direct user interaction (clicking a context menu) but the service worker (background script) has no API to interact with the clipboard at all.

I guess my point is not that it's an easy thing to fix, but the fact that it looks like nobody at Google has thought about this before forcing everybody to migrate is concerning.
fosefx
·4 ปีที่แล้ว·discuss
My use case: A background script, sorry, Service Worker registers a Context Menu Entry. When the user clicks on it it fetches some stuff an copies a link to clipboard.

Using MV3 as it is this is not possible.

As someone in the thread said, it is not really feasible to try to find all ways that user interaction can trigger code that requires clipboard access. If that is the route Google want to go down it will take years of people reporting new ways the system does not work until it is usable imo.
fosefx
·4 ปีที่แล้ว·discuss
I came across this because I wanted to port an addon over to MV3. It simply used navigator.clipboard.writeText(). That by itself only works as a reaction to a user interaction (so not in bg scripts), unless you declare the "writeClipboard" permission in the manifest.

I don't know if there is a readClipboard permission as well.
fosefx
·4 ปีที่แล้ว·discuss
Interesting reply: https://twitter.com/M1ch13Lt/status/1562537209659817987/phot...
fosefx
·4 ปีที่แล้ว·discuss
https://www.bbc.com/news/world-latin-america-57398274
fosefx
·4 ปีที่แล้ว·discuss
Wait what? How does that work?
fosefx
·4 ปีที่แล้ว·discuss
I think that's because the rt server does not respond to ICMP. I use 1.1.1.1 and can access rt.com just fine (also German Vodafone customer here)
fosefx
·4 ปีที่แล้ว·discuss
Link to the talk: https://www.youtube.com/watch?v=MlIKV5qAf2I (43 min)
fosefx
·4 ปีที่แล้ว·discuss
His website states he is affiliated with popflash.site, which you probably have heard of.
fosefx
·4 ปีที่แล้ว·discuss
https://searchhut.org/search?q=js+service+worker

> List of accidents and incidents involving commercial aircraft
fosefx
·4 ปีที่แล้ว·discuss
English translation: https://www.gesetze-im-internet.de/englisch_stgb/englisch_st...

Most notable: "The pregnant woman does not incur the penalty specified in section 218 if the termination was performed by a physician after counselling (section 219) and no more than 22 weeks have elapsed since conception"
fosefx
·4 ปีที่แล้ว·discuss
Tobacco ads are generally banned on Radio, TV, Print and the Web with some exceptions. Outdoor advertising is still very much allowed, Germany is the only EU country that allows this.

Btw manufacturers (not the merchants though) are still allowed to hand out free cigarettes.