I love the top gear reference, but surely May would have been the obvious choice, Hammond is just asking for a crash!

This whole episode is giving me flashbacks to the ActiveX days.

The tyranny of the default.

“Here mum, I’ve installed Firefox for you, it’s better than Chrome in every way!”
“My knitting circle website doesn’t work, I can’t download patterns, it says I need Chrome”

Internet Explorer was effectively abandon-ware for a decade after Microsoft used their OS pseudo-monopoly to crush Netscape.
It took another tech giant abusing THEIR monopoly to relegate IE to the trash heap it should have already been on.

Comforting and Terrifying.
Comferrifying?
Terriforting?

So you won’t use your banks website?
Or your utilities (gas/water/electricity/internet)?
You won’t let your kids use the portal at their school for submitting assignments?
Your government sites for renewing your drivers license or scheduling hard refuse pickup?

I can think of lots of reasons that will force me to have chrome installed if this goes ahead.

I’d sign up to Titter.

The Back to the Future trilogy is good for a re-view.

JavaScript (TypeScript) has access to cookies (and thus JWT). This should be handled by web browser, not JS. In case of log-in, in HTTPS POST request and in case of response of successful log-in, in HTTPS POST response. Then, in case of requesting web page, again, it should be handled in HTTPS GET request. This is lack of using least permissions as possible, JS should not have access to cookies.

JavaScript needs access to the cookies, they are the data storage for a given site.
To protect them, the browser silos them to the individual site that created them, that’s why developers haven’t been able to easily load cross domain content for years, to mitigate XSS attacks.
The security relies on the premise that the only valid source of script is the originating domain.
The flaw here was allowing clients to add arbitrary script that was displayed to others.
You’re dead right that only the way to fix this is to do away with JavaScript access to certain things, but it will require a complete refactor of how cookies work.
I haven’t done any web dev in a few years, this might even be a solved problem by now and we are just seeing an old school implementation. 🤷

The condescension in that makes it clear that the smug social network is whichever one the author happens to use.

I also use this.
Have had to update it in tiny ways in the last ~ 7 years?

https://lemmy.world/comment/206680

The issue was the owners choice of not federating with anything nsfw.

By moving to lemmy.world I could still post as much as I wanted to [email protected] AND upvote boobs.

The stated reason is that there’s too many bad actors coming from here, so it’s too hard to moderate:

https://beehaw.org/post/567170

Hopefully (as they state in their post), federation will resume once things settle into a new norm.

Or I forsee beehaw losing relevance as it continues to pursue an isolationist policy.

I moved from aussie.zone to lemmy.world already to get around federation issues.
Now beehaw.org has stopped federating with lemmy.world 🤷‍♂️

I don’t want to have half a dozen accounts so that I can access all the niches of this system, and yet it’s beggining to look like the dream of federation is stillborn.

I personally use a bash script triggered by cron on my server to first determine my external IP address: curl http://v4.ident.me/ then if it differed from the last check, would update one of my dns entries via the godaddy API.

This can be a simple or as complicated as you like.

Absolutely possible.
The key to simple self hosting is to have a dns record that points to your externally accessible IP, whether that be your real one or an external one hosted at a VPN provider.
If that IP changes, you’ll need to update it dynamically.

It’s becoming increasibly common to be a requirement to do so as CGNat becomes more widespread.

One of the newer ways to do that is with a Cloudflare Tunnel, which whilst technically is only for web traffic, they ignore low throughput usage for other things like SSH.