You're all following @HTTPshaming....riiiiight?
-
-
Replying to @sleevi_
@sleevi_@slightlylate And in Apple's world their code signing/DRM has been stronger than "goto fail" HTTPS stack.1 reply 0 retweets 0 likes -
Replying to @kornelski
@pornelski@sleevi_ : sorry, not buying. If you want to be resilient, you defend in depth. It has always been thus: see design of castles.1 reply 0 retweets 1 like -
Replying to @slightlylate
@slightlylate@sleevi_ sure, defense in depth is better, but that site isn't about good defense. They're fine with blind faith in HTTPS only1 reply 0 retweets 0 likes -
Replying to @kornelski
@pornelski: I think you're ascribing too much motive. Deep reading seems unwise when you can just ask. /cc@sleevi_@HTTPshaming2 replies 0 retweets 1 like -
Replying to @slightlylate
@slightlylate and I have reached out to them as soon as I've noticed their IMHO unjustified shaming post.1 reply 0 retweets 0 likes -
Replying to @kornelski
@pornelski Unjustified? WAT. Just went to http://videolan.org , was offered a binary over HTTP; SHA over same. Secure bootstrap how?4 replies 0 retweets 1 like -
Replying to @slightlylate
@slightlylate shotgun method hits some real vulns, but generates FUD/bullshit as well, which is why I don't take@httpshaming seriously.1 reply 0 retweets 1 like -
Replying to @kornelski
@pornelski : How did you get a binary that you trust from VLC? Trusting code signing? /cc@httpshaming2 replies 0 retweets 0 likes -
Replying to @slightlylate
@slightlylate you make valid point about insecurity of initial download, but that's not what@httpshaming reported.3 replies 0 retweets 1 like
@pornelski: I think what @HTTPshaming is doing is valuable, even here. VLC's problems might not be deep, but where there's smoke...
-
-
Replying to @slightlylate
@slightlylate well, they've managed to annoy VLC devs & me (Sparkle dev) with their lazy & technically invalid report. They could do better.0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.