Notices by Alex Savage (optimant@hachyderm.io)

@dalias I_was_there__Gandalf.txt

@dalias I’m old enough to remember drag and drop being the exciting new paradigm and not very annoying and legacy :apple_old_logo:

@ryanc @dangoodin Oh dang I forgot about enctype. Now I'm going to be thinking about poking at other URI schemes for the form action - dredged up a memory that you used to be able to do a mailto: and try to compose an email with the local client!

@dangoodin @ryanc I mean, it's a constraint for sure (e.g. the POST will be forms-encoded instead of, say, JSON like a green developer writing a service today might write code to expect) but risk will depend on the specific target. A soft target might even be susceptible to GET alone.

Car analogy: We discovered that leaving keys inside the car, even out of sight, is vulnerable because thieves can still use coat hangers to pop the locks. Non ignition-key mitigations like The Club are unaffected.

@howtophil @thomasfuchs Borg has got to smell like feet and leaky capacitors