> The only major hurdle to this is Apple continuing to treat web apps as second class citizens on iOS
If you add a site to iOS' homescreen it automatically becomes a PWA. The best example I found of a site fully leveraging this feature is Cryptee[0]. They talk about the PWA thing here: https://crypt.ee/download
I think it's convoluted relative to a Smart Banner. Smart Banners give users a clear call to action, and they're not buried in a menu somewhere.
It's hard to make this point without linking to a screenshot, but the share menu is incredibly bloated. To get to the add to home screen button a user has to know it's in the share menu (which is just an unlabeled icon), and then scroll past the following menu items:
- An options button (which leads to another menu)
- Air Drop
- Share via text message (with several different contacts listed individually to share with)
I agree it's MUCH better than it used to be (and huge credit to Jen Simmons and her team for making this possible). However Safari APIs are still WAY behind Chrome/Android and I think this is probably intentional to push developers into using the App Store so Apple can collect their 30% tax
That DMARC link talks about "From: rewriting" with a similar example using "via". I suppose this addresses the "spoofing" part of my question, thanks! I would still like to know more about this practice in transactional emails.
> Sustainability and Monetization: How can open-source projects develop sustainable business models without compromising their core principles?
GitHub has its Sponsors program[0]. You can still contribute code safe in the knowledge that you can bring home the bacon if you've managed to get people to sponsor you.
> Dependency and Corporate Support: Given the heavy reliance of big corporations on OSS
Corporations depend on OSS, but they should compensate the developers if the project is a cornerstone of their service/product. This does happen, and I've seen it happen.
> Licensing Challenges: How effective do you find the current open-source licensing models, especially in terms of commercial use? Are there ways these licenses can be adapted to better protect and benefit OSS developers?
It's important to distinguish between 'Gratis' software (free as in free beer) and free, as in 'free speech'. If it's the latter, as in the FLOSS model, developers getting compensated is often a bonus and not the main goal.
> Community Engagement: What strategies have you found effective in building and maintaining a strong, active community around an OSS project?
Do cool stuff, tell people about it. It's that simple. Social media is one way. Another is through word of mouth. If the project fills a gap in the market, people will notice.
> Comparison with Proprietary Software: In your experience, what are the key advantages and disadvantages of OSS versus proprietary software, particularly regarding innovation, quality, and user engagement?
Proprietary software is often closed source and doesn't have community eyeballs on it, so as opposed to FLOSS, it's inferior, but still often needed (I use Windows for example, because I have to, but default to Linux for everything else).
> Netflow data can be used to track network activity traffic through VPNs
Does this mean so called non-logging VPNs are handing over data? That seems unlikely depending on the provider. Mullvad seems pretty solid and seems like they don't sell 'Netflow' data. But I could be wrong?
> Does this mean so called non-logging VPNs are handing over data?
not sure why the NSA would need warrants or logs from any company though... don't they have wiretaps installed all over the world including on the ocean floors?
XP has Internet Explorer and I tried this in a VM once, and 99% of sites didn't load because they used TLS 1.2/1.3 which IE doesn't have functionality for. But plaintext HTTP sites loaded fine.
I wouldn't use XP as a daily driver if that's what you intend. There's so many exploits that have piled up over the years that getting pwned is inevitable at some stage and the attack surface of XP is massive.
I doubt anything would really happen. I connect old computers to the Internet and sometimes have a habit of forgetting to disconnect them for a bit too long. Nothing eventful has happened so far.
If you're paranoid, I'd just use your phone's hotspot.
As a rule of thumb, pay attention to crypto parameters and cipher 'suites'. Use the highest SHA, use seven word diceware phrases for the password, ensure the latest TLS version is used, use a reputable & robust RNG, etc
If you don't know what you're doing SHA-512/256 (note that's not a choice, that's the name of a single SHA-2 family member) is probably the member of the SHA-2 family to choose.
My feeling is that like in 2001 it would have been valuable to get people to switch to a non-extendable hash by default because people were freelancing their own MACs, but sometime in the intervening 2 decades people switched fully over to HMAC, so that if you're dealing with someone who is literally writing their own prefixed key hash MAC, you've got bigger problems than Merkle Damgard.
A fool is known by their words, a wise person, by their their silence. In other words, listen more, ask better questions. By all means, speak, but you will learn more simply by hearing other's point of view.
HTTPS/TLS prevents MITM attacks, but rogue certificates can be installed to sniff the plaintext, but that's exceedingly rare and hard to do. IANAC (I am not a cryptographer) and that's the best 2 cents I can manage, sorry. But things like DNS can be sniffed off the wire easily, and anything in plaintext HTTP is fair game.
If you add a site to iOS' homescreen it automatically becomes a PWA. The best example I found of a site fully leveraging this feature is Cryptee[0]. They talk about the PWA thing here: https://crypt.ee/download
[0] https://crypt.ee/