←back to thread

Google flags Immich sites as dangerous

(immich.app)
1281 points janpio | 3 comments | 22 Oct 25 20:53 UTC | HN request time: 0.561s | source
Show context
arccy ◴[22 Oct 25 23:30 UTC] No.45676475[source]
If you're going to host user content on subdomains, then you should probably have your site on the Public Suffix List https://publicsuffix.org/list/ . That should eventually make its way into various services so they know that a tainted subdomain doesn't taint the entire site....
replies(16): >>45676781 #>>45676818 #>>45677023 #>>45677080 #>>45677130 #>>45677226 #>>45677274 #>>45677297 #>>45677341 #>>45677379 #>>45677725 #>>45677758 #>>45678975 #>>45679154 #>>45679258 #>>45679802 #
0xbadcafebee ◴[23 Oct 25 02:02 UTC] No.45677379[source]

  In the past, browsers used an algorithm which only denied setting wide-ranging cookies for top-level domains with no dots (e.g. com or org). However, this did not work for top-level domains where only third-level registrations are allowed (e.g. co.uk). In these cases, websites could set a cookie for .co.uk which would be passed onto every website registered under co.uk.

  Since there was and remains no algorithmic method of finding the highest level at which a domain may be registered for a particular top-level domain (the policies differ with each registry), the only method is to create a list. This is the aim of the Public Suffix List.
  
  (https://publicsuffix.org/learn/)
So, once they realized web browsers are all inherently flawed, their solution was to maintain a static list of websites.

God I hate the web. The engineering equivalent of a car made of duct tape.

replies(14): >>45677442 #>>45678161 #>>45678382 #>>45678520 #>>45678922 #>>45679006 #>>45679642 #>>45680322 #>>45680711 #>>45680859 #>>45681349 #>>45682208 #>>45682457 #>>45683675 #
modeless ◴[23 Oct 25 04:24 UTC] No.45678161[source]
Show me a platform not made out of duct tape and I'll show you a platform nobody uses.
replies(2): >>45678422 #>>45678958 #
vincnetas ◴[23 Oct 25 05:25 UTC] No.45678422[source]
regular cars?
replies(2): >>45678466 #>>45681401 #
MonaroVXR ◴[23 Oct 25 05:34 UTC] No.45678466[source]
The Honda issue where setting a certain radio station, would brick the infotainment? That good enough?
replies(2): >>45678915 #>>45679494 #
1. alias_neo ◴[23 Oct 25 08:21 UTC] No.45679494[source]
> That good enough?

Not really. Does the car still drive? That sounds like a software bug; hardly indicative that the entire car is held together with duct tape, but a pretty bad bug non the less.

replies(2): >>45684167 #>>45684240 #
2. shadowgovt ◴[23 Oct 25 16:58 UTC] No.45684167[source]
The browser still drives when Google throws up a safety warning.

It's just harder to drive to one house, and the homeowner is justifiably irritated about this.

3. wredcoll ◴[23 Oct 25 17:04 UTC] No.45684240[source]
The road network is a much better analogy here.