887
How paranoid are you?
(lemmy.world)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 02 Aug 2024
887 points (97.3% liked)
linuxmemes
21197 readers
130 users here now
Hint: :q!
Sister communities:
- LemmyMemes: Memes
- LemmyShitpost: Anything and everything goes.
- RISA: Star Trek memes and shitposts
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack members of the community for any reason.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
- These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn. Even if you watch it on a Linux machine.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.
Please report posts and comments that break these rules!
founded 1 year ago
MODERATORS
Still unsure what you're saying about https. Firefox treats insecure sites as dangerous and tries to tell the user to beware, for that one time a year you might run into that situation. And by default, insecure content in a secure page is blocked in FF and I think that was true even in IE 11. That's been pretty standard for a long time.
Regarding OS in the UA, no, rarely would you need it. I think browsers can send whatever they want there though. Are you saying that LibreWolf sends one without OS? Again to me it's a little paranoid to nitpick this but what I thought you were saying before is that UAs should not exist period, which I was disputing because I literally have been spending the last month working through safari specific bugs that would be nearly impossible to handle without a UA string to know the user is running safari. Sometimes I do need to know iPad vs iPhone, but that's not only rare but probably even more offensive to you than the UA mentioning the OS/OS family.
I only get that behavior when setting HTTPS-only. If I dont, I think it may display a warning but thats it.
No they often take Windows 10 on FF ESR
I think that is a problem of the browser isnt it? And how does a "desktop site" button work? Does it change the UA or is there a different way to switch between the site views?
I dont know why this couldnt be done with a "safari on iPadOS" vs "Safafi on iOS" or a separate value for "phone", "tablet", "desktop".
The OS is way less important than the browser and the form factor here.
Yeah that's what I said. It is your opinion that a warning is not enough but I very much don't feel that way. Users should be treated like adults by default.
I don't know what this means unless you're saying it just always reports win 10
As far as the rest of your comment... I have been building websites for 20 years now and I'm not content to do things the wrong way, so I've researched and considered the available options.
It doesn't matter if it's a "browser problem" since I don't get to tell users that iOS sucks ass, which it does.
Kind of feels dismissive the way you're hand waving away all the problems I deal with all the time. Like I said, until browsers behave consistently or at least predictably if they don't support something, UA will be needed sometimes. I haven't needed it for anything but safari in a long time but again I don't get to tell those users to get a decent browser. On iOS they don't even have that option if they were to want another browser.
Thats why there is an "accept the risk and proceed" button ;)
By default, Firefox loads Javascript from any site. The Pegasus Trojan was transmitted by hijacking 2G and 3G network connections, and using malicious HTTP redirects that wouldnt work with HTTPS.
They are zero-click, meaning just opening that site would run the code.
i think security should be normalized.
It reports to be Firefox ESR on Windows 10. Maybe Windows 11 now.
I didnt. I just find it odd that you need to know the OS to display a site for 3 different form factors. But if that is true, then a UA might be a solution.
Yeah, a lot of things seem odd until you take 20 years to understand them.