[chromacity]

I discussed this in more detail in one of my earlier comments, but I think the article commits a category error. In commercial settings, most of day-to-day infosec work (or spending) has very little to do with looking for vulnerabilities in code.

In fact, security programs built on the idea that you can find and patch every security hole in your codebase were basically busted long before LLMs.

[Muromec]

Commercial infosec is deleting firefox from develop machines, because it's not secure and explaining to muggles why they shouldn't commit secret material to the code repository. That and blocking my ssh access to home router of course.

[chromacity]

I mean, often, yep. The real reason why they are unhappy with you having an unsupported browser is simply that it's much harder to reason about or enforce policies across bespoke environments. And in an enterprise of a sufficient scale, the probability that one of your employees is making a mistake today is basically 1. Someone is installing an infostealer browser extension, someone is typing in their password on a phishing site, etc. So, you really want to keep browsers on a tight leash and have robust monitoring and reporting around that.

Yeah, it sucks. But you're getting paid, among other things, to put up with some amount of corporate suckiness.

[gerdesj]

"The real reason why they are unhappy with you having an unsupported browser"

I tend to encourage Firefox over Cr flavoured browsers because FF (for me) are the absolute last to dive in with fads and will boneheadedly argue against useful stuff until the cows come home ... Web Serial springs to mind (which should finally be rocking up real soon now).

Oh and they are not sponsored by Google errm ... 8)

I'm old enough to remember having to use telnet to access the www (when it finally rocked up and looked rather like Gopher and WAIS) (via a X.25 PAD) and I have seen the word "unsupported" bandied around way too often since to basically mean "walled garden".

I think that when you end up using the term "unsupported browser" you have lost any possible argument based on reason or common decency.

[direwolf20]

> Web Serial

why in the absolute fuck would I want random web pages to be able to control all the devices connected to my computer?

[venzaspa]

It's essentially for programming microcontrollers, ESP32's and the like. It's really handy. You have to confirm the connection every time.

[direwolf20]

I have an idea - what if a webpage could just run arbitrary code? With a confirmation every time. Then you wouldn't need a WebX for every X.

[GuB-42]

The thing that kills me every time is how IT treat development machines the same way as the rest of the corporate network.

Developers usually need elevated privileges, executing unverified arbitrary code is literally their job. Their machines are not trustworthy, and yet, they often have access to the entire company internal network. So you get a situation where they have both too much privilege (access to resources beyond the scope of their work) and too little (some dev tools being unavailable).