Posted: Apr 18, 2017 6:25 pm
by VazScep
crank wrote:
VazScep wrote:In formal verification, where you build unhackable systems by presenting a mathematical proof that your system is as secure as mathematics itself, there is a well-known concept called "Pollack-consistency." A Pollack-inconsistency is a proof that's presented, but you did something like fuck up the theorem display code so that it makes out that you proved something you didn't.

Out-of-the-box, HTTPs is Pollack inconsistent.

Remember the problem we discussed about links in gmail would just die in chrome, turns out it was conflicts with HTTPS Everywhere and Ghostery. They both were trying redirects and this caused conflicts.

HTTPS is still a good idea though, it might not be foolproof, but every bit of extra protection helps, one more hurdle for the exploits to deal with.
Don't get me wrong. I like my HTTPs (nudge, nudge,