until then, it provides value
-
-
Replying to @sirdarckcat @homakov and
it shifts the industry to promoting a bad solution, and away from fixing bugs.
2 replies 0 retweets 1 like -
Replying to @kkotowicz @sirdarckcat and
Just curious: do you have the same view of ASLR and low-level mitigations?
3 replies 0 retweets 1 like -
Replying to @arturjanc @sirdarckcat and
No, b/c those are well-aligned. CSP is not, that's why it's cumbersome.
1 reply 0 retweets 0 likes -
Replying to @kkotowicz @arturjanc and
CSP is sadly doc-specific, w/ messy syntax and try-to-address-all attitude.
2 replies 0 retweets 0 likes -
Replying to @kkotowicz @arturjanc and
All above are fixable, but I think it's better to just start anew.
3 replies 0 retweets 0 likes -
Replying to @kkotowicz @arturjanc and
Unless we want to do it UK style we should define the new approach before
#CSPexit1 reply 0 retweets 1 like -
Replying to @johnwilander @kkotowicz and
If nonces are the way to go it's easy to build a new mechanism to enforce them
1 reply 0 retweets 0 likes -
Replying to @arturjanc @johnwilander and
And the only way to see if they really work is to use them with current CSP
2 replies 0 retweets 0 likes -
Replying to @arturjanc @johnwilander and
I do not disagree re nonces. So,
#casualcspexitkeepthenameifyouwant?1 reply 0 retweets 0 likes
If you convince all vendors to ship the new thing, Google will switch today :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.