←back to thread

Google flags Immich sites as dangerous

(immich.app)
1005 points janpio | 1 comments | 22 Oct 25 20:53 UTC | HN request time: 0.208s | source
Show context
arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
replies(16): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #>>45679802 #
0xbadcafebee ◴[23 Oct 25 02:02 UTC] No.45677379[source]

  In the past, browsers used an algorithm which only denied setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this did not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites could set a cookie for .co.uk which would be passed onto every website registered under co.uk.

  Since there was and remains no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list. This is the aim of the Public Suffix List.
  
  (https://publicsuffix.org/learn/)
So, once they realized web browsers are all inherently flawed, their solution was to maintain a static list of websites.

God I hate the web. The engineering equivalent of a car made of duct tape.

replies(10): >>45677442 #>>45678161 #>>45678382 #>>45678520 #>>45678922 #>>45679006 #>>45679642 #>>45680322 #>>45680711 #>>45680859 #
lukan ◴[23 Oct 25 02:16 UTC] No.45677442[source]
"The engineering equivalent of a car made of duct tape"

Kind of. But do you have a better proposition?

replies(2): >>45677503 #>>45678251 #
gmueckl ◴[23 Oct 25 02:25 UTC] No.45677503[source]
A part of the issue is IMO that browsers have become ridiculously bloated everything-programs. You could take about 90% of that out and into dedicated tools and end up with something vastly saner and safer and not a lot less capable for all practical purposes. Instead, we collectively are OK with frosting this atrocious layer cake that is today's web with multiple flavors of security measures of sometimes questionable utility.

End of random rant.

replies(4): >>45677688 #>>45677734 #>>45677747 #>>45678076 #
Kim_Bruning ◴[23 Oct 25 04:07 UTC] No.45678076[source]
Are you saying we should make a <Unix Equivalent Of A Browser?> A large set of really simple tools that each do one thing really really really pedantically well?

This might be what's needed to break out of the current local optimum.

replies(2): >>45678831 #>>45679367 #
1. acka ◴[23 Oct 25 07:56 UTC] No.45679367[source]
Maybe it's time to revive something like the uzbl[1] project, or start something similar.

[1] https://www.uzbl.org/