More

pki · on Aug 25, 2016

Prod/staging environments now taken seriously

msh · on Aug 25, 2016

As if...

pki · on Aug 1, 2016

I am less curious about the year and more curious as to how the hell flip phones are rendering video. Like 64p 3GPP or something realtime transcoded?

euyyn · on Aug 2, 2016

ASCII art.

dredmorbius · on Aug 4, 2016

aalib and aaxine, baby!

https://m.youtube.com/watch?v=mGphynqDkS4

pki · on July 31, 2016

At least on Android you can generate a fake VPN-esque connection locally that passes everything through a proxy, so the proxy isn't exposed to the application

MichaelGG · on July 31, 2016

Sure but then the verification will fail since you won't be able to sign the handshake with the "pin'd" cert. (Assuming they implement TLS or other crypto in their own code.) If you aren't modifying the execution environment then it's possible for an app to be "safe".

fdsaaf · on July 31, 2016

An clever-enough emulator can just lie to an application and say, "You're running on a stock device. Everything is fine".

pki · on Aug 1, 2016

Clever-enough is the key word, with Safetynet involved, which dynamically executes signed classes and you don't know what checks will be done

pki · on June 21, 2016

Also variably checks http accept headers (<img src> produces accept of image/* iirc)

pki · on May 22, 2016

Isn't it for setting cookies not on the google.com domain?

pki · on May 16, 2016

You already proved that you have access to it. Why is that no question asked?

Normal DV certs are either "add a CNAME, upload a uniquely named html / txt file, or click a link in an email" -- you've already done one of those (automatically in caddy)

pki · on May 16, 2016

> I'd demand my money back, and contract canceled

$500 early termination fee, 8-12 weeks for a "partial refund" via cheque ;)

pki · on April 17, 2016

GCE ~= EC2

GAE ~= Elastic Beanstalk

jspaetzel · on April 17, 2016

Might as well toss the azure comparble ones in here while we're at it.

Azure Virtual Machines ~= Google Compute Engine ~= Amazon EC2

Azure Websites/App Service ~= Google App Engine ~= Amazon Elastic Beanstalk

grogenaut · on April 18, 2016

I would say more correctly GAE ~= Lambda

pki · on April 10, 2016

then we get into the whole "at what point do we stop supporting windows xp for real this time guys" argument though..

AdmiralAsshat · on April 10, 2016

There's a big difference between a 10 year-old OS and a two-year old phone, though. Especially if the unlocked model of the phone has received a Marshmallow update, but your carrier decides they don't feel like going through the cert process for that when they could easily twist your arm to getting a nice, new $750 phone instead.

JohnTHaller · on April 10, 2016

For Google Chrome the answer is: April 19

fixermark · on April 10, 2016

That decision is generally made by the app vendor. Apps in the Play Store declare a minimum OS version they compile / run against.

pki · on March 3, 2016

html5-sandbox or iframe will have you terminated from adsense, at least. don't know about the others.

aikah · on March 3, 2016

> html5-sandbox or iframe will have you terminated from adsense, at least. don't know about the others.

Really? what's the justification for that policy? You'd think ad networks would want ads to be safe for users.

AkariTakai · on March 3, 2016

Probably cross-domain abuse. I'd imagine there's a few edge cases that result in behavior Google doesn't want for ads. For example, double serving, accidental clicks, ad obscuring, etc.

Their FAQ does mention that they'll grant exceptions though.