We didn't think that the intermediate CA expiring would break the signatures, because code signing generally doesn't care about expiration, but we never tested the code path until the intermediate expired and the signatures broke. That was a hard lesson to learn...
I've seen the idea floated for combatting non signing related time-based bugs, but I'm a firm believer in having at least one machine run tests with its time set artificially far in the future (e.g. 1 year) to catch these ahead of time where possible.
Don't called your project *Zilla. The copyright owners of Godzilla are known to go after everyone who tries to use the "Zilla" suffix. Mozilla learned its lesson long ago and had to negotiate a special agreement.
As an 10 year Mozilla veteran, I agree you should switch domains/project names. Mozilla was able to negotiate a deal for a number of reasons- Mitchell herself is a lawyer, the project is a NPO, and probably other reasons too, but it's not worth the effort to defend a slightly infringing name against the copyright holder in this case.
How would this even remotely relate to Godzilla or it’s copyright?
It’s not even close to a big scary nuclear fueled monster.
I’ll note that the only TM case they ever lost was against a company selling trash bags named ‘trashzilla’, partially because it did not constitute a danger to Toho’s business interests.
Edit: Uh, I missed the logo. Definitely a problem.
When you consider the most recent Godzilla film, Minus One, is the 37th in that franchise, and was not only nominated for an Oscar, and may be it's most lucrative, you can see why Toho would aggressively police that copyright.
It's pretty clear that "zilla" is a genericised word suffix, cf "bridezilla", in English.
Whilst it seems to originate with Godzilla -- which honestly also doesn't seem to associate with a particular company but instead I would say it's a now traditional monster name in stories, like Dracula -- noone is confusing this with any Godzilla franchise. These sort of attempts to own a word sten, across trademark categories, are an over-step that legislators need to rein in IMO.
Does the recent Sky trademark battle speak to this?
This comment is entirely my opinion and does not relate to my employer.
> Whilst it seems to originate with Godzilla -- which honestly also doesn't seem to associate with a particular company but instead I would say it's a now traditional monster name in stories, like Dracula
This is a really weird take. Dracula is in the public domain, while every piece of Godzilla media is still copyrighted and trademarked to Toho, one of the big four movie studios of Japan.
The most compelling reason to use Firefox Sync is that it is client-side encrypted. Mozilla stores opaque encrypted blobs that it is entirely unable to decrypt.
Law enforcement agencies request that data from time to time, hoping to obtain browsing history, only to be turned down thanks to the encryption.
Only downside to using your own sync server for your devices' Firefox Sync is that the Firefox/iOS cannot accept custom Sync server URL; with Firefox/iOS, you are stuck with Mozilla Sync server.
That sounds equally like a downside to using Apple devices as a lot of open source self-hosted applications are limited in their respective iOS version.
I strongly suggest to read the requirements fully before commenting what amounts to misinformation at best.
You can run everything locally. You don't need spanner and can use mysql instead as a database. Also, as the previous commenter already told you, you can can run sentry locally.
Let's see whether you're willing and able to walk back your comments. I'm in the same boat as you - I'd want to run everything locally and I'm very happy to see it's entirely possible.
This is a big reason to avoid Edge: They have entire categories that aren't e2ee, browsing history being one of them. Chrome, IIRC, can have e2ee but the user has to turn it on.
Brave, Vivaldi and Firefox offer complete, e2ee sync solutions.
> The crux of the difference in how we designed Firefox Accounts, and Firefox Sync (our underlying syncing service), is that you never send us your passphrase. We transform your passphrase on your computer into two different, unrelated values. With one value, you cannot derive the other. We send an authentication token, derived from your passphrase, to the server as the password-equivalent. And the encryption key derived from your passphrase never leaves your computer.
Google uses some dark patterns in the UX, yes. It's still weird to me that GP says "The most compelling reason to use Firefox Sync is that it is client-side encrypted" when that's table stakes for any browser sync engine I know of.
Because them making encryption the default rather than obscuring encryption options with dark patterns strongly signals they aren't trying to trick you into handing over private data for their profit.
Mastodon's infosec.exchange is doing genuinely well. It's not the infosec Twitter of the olden days, but it's the most promising replacement we've got.
Sops original author here. I haven't contributed to the project in a few years, but it's really cool to see that it continued to grow and gain traction outside of Mozilla. Thanks folks!
Only if your site gets picked up by archive.org though.
(That's only going to happen with static sites, not those which require login or signup, etc.)
Even then your ideas will still effectively disappear because search engines don't appear to crawl archive.org. (If they do it's incomplete - my own past content on archive.org does not get found by specific Google searches.) But perhaps search will change in future.
> I think this is position is a bit naive. Like saying "but child porn is just bits, like any other type of file".
Everything has a domain it operates in, so I believe that statement has nuance. In particular when you look at how general or specific the domain is.
From the perspective of something uploaded to S3? It sure is like any other file.
From the perspective of a website dedicated to the dissemination of child porn? It clearly is more than "just bits" in that context.
How about from the perspective of a search engine, where that site may be indexed? Welcome to the grey area that all of these debates are rooted in. Technically it's just indexed strings or ngrams, so it is like any other type of file. But there's an argument that a search engine should "know more" than just the raw data, and should be able to understand that context somehow.
Palantir is in this grey area. The software isn't built for spying. It's built for managing and understanding vast amounts of data. Can this be used for spying? Yes. It can also be used for double blind clinical trials. Or maintaining insurance systems. Or coordinating disaster relief efforts.
It operates technologically in a very general domain, but their flexible user-defined ontology makes it very powerful at operating in more specific domains. So it's a lot less cut and dry than the dissenters make it seem, IMHO.
We didn't think that the intermediate CA expiring would break the signatures, because code signing generally doesn't care about expiration, but we never tested the code path until the intermediate expired and the signatures broke. That was a hard lesson to learn...