this post was submitted on 23 Jun 2024
462 points (88.2% liked)

linuxmemes

27806 readers
424 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
  • Don't get baited into back-and-forth insults. We are not animals.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn, no politics, no trolling or ragebaiting.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
  • 5. πŸ‡¬πŸ‡§ Language/язык/Sprache
  • This is primarily an English-speaking community. πŸ‡¬πŸ‡§πŸ‡¦πŸ‡ΊπŸ‡ΊπŸ‡Έ
  • Comments written in other languages are allowed.
  • The substance of a post should be comprehensible for people who only speak English.
  • Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
  • 6. (NEW!) Regarding public figuresWe all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.
  • Keep discussions polite and free of disparagement.
  • We are never in possession of all of the facts. Defamatory comments will not be tolerated.
  • Discussions that get too heated will be locked and offending comments removed.
  • Β 

    Please report posts and comments that break these rules!


    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

    founded 2 years ago
    MODERATORS
     

    Firefox on Debian stable is so old that websites yell at you to upgrade to a newer browser. And last time I tried installing Debian testing (or was it debian unstable?), the installer shat itself trying to make the bootloader. After I got it to boot, apt refused to work because of a missing symlink to busybox. Why on earth do they even need busybox if the base install already comes with full gnu coreutils? I remember Debian as the distro that Just Wroks(TM), when did it all go so wrong? Is anyone else here having similar issues, or am I doing something wrong?

    you are viewing a single comment's thread
    view the rest of the comments
    [–] 9488fcea02a9@sh.itjust.works 61 points 1 year ago (2 children)

    My bank used to complain that my browser was out of date. I wrote an email to customer service explaining to them that:

    A) debian's "out of date" browser actually includes all up to date security patches. B) simply reading the browser agent isnt really security. I had simply been spoofing my browser agent to get around their silly browser "security" policy

    They removed the browser check 2 weeks later. Not sure if it was because of me

    [–] efstajas@lemmy.world 22 points 1 year ago (1 children)

    simply reading the browser agent isnt really security

    It's not for their security, but for that of genuinely clueless people that are just running an actually outdated browser that might have known and exploitable security flaws.

    [–] LeFantome@programming.dev 6 points 1 year ago (2 children)

    It is not about security at all. They do not want to test or support old browsers. So, they set a minimum version and tell you that you need to upgrade to that.

    If they only support one browser, it is going to be Chrome. Chrome has more zero-day vulnerabilities than any other project I can think of. It is not about security.

    [–] SpaceCowboy@lemmy.ca 3 points 1 year ago (1 children)

    Yeah if it were about security they'd check the version of HTTPS, SSL, TLS and all that stuff.

    [–] efstajas@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

    Doing that would tell you nothing about whether the browser might have un-patched, known vulnerabilities elsewhere.

    [–] efstajas@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

    How do you know this? Of course there are lots of reasons for why they'd want to enforce minimum browser versions. But security might very well be one of them. Especially if you're a bank you probably feel bad about sending session tokens to a browser that potentially has known security vulnerabilities.

    And sure, the user agent isn't a sure way to tell whether a browser is outdated, but in 95% of cases it's good enough, and people that know enough to understand the block shouldn't apply to them can bypass it easily anyway.

    [–] deathbird@mander.xyz 21 points 1 year ago

    The hero we need rn tbh