Posts by freddy@social.security.plumbing
 (DIR) Post #AQtXzgdReMb0j0h4xU by freddy@social.security.plumbing
       2022-12-23T08:29:02Z
       
       0 likes, 1 repeats
       
       Just bought @gaz's book JavaScript for hackers. Lots of fun new and old bugs in there. If you're nerdy about JS & web security, I recommend taking a look!
       
 (DIR) Post #ARKuJZhaa8QrdNrbwu by freddy@social.security.plumbing
       2022-12-28T19:15:12Z
       
       0 likes, 0 repeats
       
       @wilander @mikewest I'd be curious enough to join. But I think there's also lots to learn and capture to make sure we don't repeat some undesirable bits from past deprecations. I'd prefer doing that first.
       
 (DIR) Post #ARKvnQ21CW36HdDKJk by freddy@social.security.plumbing
       2023-01-05T15:11:11Z
       
       0 likes, 0 repeats
       
       @ondra @mikewest @wilander I think that's a valuable point and a blind spot I admit we might have. Someone at a developer conference told me that CSP adoption is low because of CSP's young age (despite being 15 years old) and that the "typical enterprise web app" is usually much older 😞. No idea if true, but I would love to know more about the max/min/avg/median here :)
       
 (DIR) Post #ARyZEp7s0k1KHXh2G0 by freddy@social.security.plumbing
       2023-01-24T08:29:52Z
       
       1 likes, 1 repeats
       
       Python HTML Sanitizer library Bleach reaches version 6.0 and **end of life**. Why? The underlying html parser library (html5lib) is no longer maintained.https://bluesock.org/~willkg/blog/dev/bleach_6_0_0_deprecation.html
       
 (DIR) Post #AV1J2UtNeL09X5n504 by freddy@social.security.plumbing
       2023-04-25T19:19:56Z
       
       0 likes, 0 repeats
       
       @simon this is super interesting. I know very little about LLMs but a lot about injection vulnerabilities. Making the "actions" a special syntax that cannot be emitted by the quarantined model without filtering, surely would help injecting new actions. But it could still emit a secondary wordy prompt injection into the Privileged LLM that does not contain actions. I think the privileged part needs a different kind of API. Somehow separate data from instructions.
       
 (DIR) Post #AaIhEP4qQm0absb3tA by freddy@social.security.plumbing
       2023-09-30T17:57:10Z
       
       0 likes, 0 repeats
       
       @joeyh Yeah, I think we don’t maintain the debian/Ubuntu packages ourselves. I usually browse the source at searchfox.org (mozilla-central = Nightly)
       
 (DIR) Post #AbXlmneHZtlfnx6mo4 by freddy@social.security.plumbing
       2023-11-06T12:16:51Z
       
       1 likes, 0 repeats
       
       Mozilla to migrate Firefox development from Mercurial to Git for version control. https://groups.google.com/a/mozilla.org/d/msgid/firefox-dev/D1F25F62-2A51-4E72-AC7C-7D571C0BD81B%40mozilla.comI, for one, am excited about this change.
       
 (DIR) Post #Ac2L0VpJDcxvMHnEsi by freddy@social.security.plumbing
       2023-11-21T16:22:02Z
       
       0 likes, 0 repeats
       
       Firefox 120 is releasing today 🥳.Fingerprinting protection for *unknown* Canvas fingerprinters (requires using Enhanced Tracking Protection in Strict mode)! 🫆Copy URLs with tracking parameters removed!WASM GC is shipping!  ♻️`lh` and `rlh` units are now actually perceived as lengths! 📏HTTP Early Hints Preconnect!Various security fixes! 🔒https://www.mozilla.org/en-US/firefox/120.0/releasenotes/
       
 (DIR) Post #Ac2L0XzfA6R64yeXIW by freddy@social.security.plumbing
       2023-11-21T16:23:25Z
       
       0 likes, 0 repeats
       
       (Often times, people will not immediately be offered the update. We usually do a slow gradual roll-out for new updates. You can force a version check by going to Help -> About Firefox. This won't work if you get Firefox from a package manager though.)
       
 (DIR) Post #AcOXBagWy8nCXVr35M by freddy@social.security.plumbing
       2023-12-01T09:13:34Z
       
       0 likes, 1 repeats
       
       Looks like the recent security updates for some other browsers are connected by the libavif bugs seen as exploited in the wild?Firefox's use of Rust (https://github.com/mozilla/mp4parse-rust) and the fact that there is more than just this one implementation of the format saved us this time. 😌
       
 (DIR) Post #AcZWKbtlrc5jh6LNZI by freddy@social.security.plumbing
       2023-12-07T12:12:51Z
       
       0 likes, 9 repeats
       
       Annoyed that a website is doing something custom on right-click?Did you expect the browser's context menu (Back, Reload, Save Page As, View Source etc.)?Just hold the ⇧Shift key while clicking and Firefox will show the built-in context menu.
       
 (DIR) Post #AclbhkP48Niyzzasfg by freddy@social.security.plumbing
       2023-12-13T10:02:33Z
       
       1 likes, 2 repeats
       
       TIL the #Firefox translations features isn't only working for web pages. Head to `about:translations` to translate any text from your clipboard.Just like with web page translations, this is always done locally. None of the text leaves your device. Ever.
       
 (DIR) Post #Acnj7tkh5O6zWC2y8m by freddy@social.security.plumbing
       2023-12-13T17:05:58Z
       
       0 likes, 1 repeats
       
       Oh no. I have 19 days to submit to a CFP and no talk. What web/browser security talk would people be interested in? This is for a security conference.
       
 (DIR) Post #AdhrAWVnr8qUtY40MC by freddy@social.security.plumbing
       2024-01-10T07:27:14Z
       
       0 likes, 0 repeats
       
       Im Übrigen bin ich der Meinung, dass die afd zerstört werden muss.
       
 (DIR) Post #AdhrAZbENPyCTFcsjY by freddy@social.security.plumbing
       2024-01-10T12:37:33Z
       
       0 likes, 0 repeats
       
       Jut, Fediverse ist offensichtlich mainstreamig genug, dass so ein Post schon rechte Trolle anzieht. Kein Problem, in meiner Blocklist ist noch Platz. 🥱
       
 (DIR) Post #AhssT5PuXImhOfWMHw by freddy@social.security.plumbing
       2024-05-06T05:39:18Z
       
       0 likes, 0 repeats
       
       @thomasfuchs Firefox will discard or "freeze" inactive tabs such that they are no longer backed by an actual process. The tab will be restored on click.
       
 (DIR) Post #AoIRD7xlWhZjRqRqxU by freddy@social.security.plumbing
       2024-11-21T16:59:15Z
       
       1 likes, 0 repeats
       
       @sunfish wait, is this essentially "I like doing hard puzzles. Of course I don’t want to make them simple"?!
       
 (DIR) Post #Avv4a4hxpDjpsC4dU0 by freddy@social.security.plumbing
       2025-07-08T08:54:31Z
       
       0 likes, 0 repeats
       
       "Belgium is unsafe for CVD" - https://floort.net/posts/belgium-unsafe-for-cvd/ by @floort Do you want full disclosure, Belgium? This is how you get full disclosure.(cf. https://mastodon.social/@floort/114806039846236450)
       
 (DIR) Post #AyZFgjMHyvfogj93uS by freddy@social.security.plumbing
       2025-09-25T14:12:28Z
       
       0 likes, 0 repeats
       
       @0xabad1dea daughter is doing bracelets using alphabet beads and I can tell you the distribution is completely arbitrary and doesn't reflect demand. At least for our family and we have nobody called Xerxes.