Firefox on Debian stable is so old that websites yell at you to upgrade to a newer browser. And last time I tried installing Debian testing (or was it debian unstable?), the installer shat itself trying to make the bootloader. After I got it to boot, apt refused to work because of a missing symlink to busybox. Why on earth do they even need busybox if the base install already comes with full gnu coreutils? I remember Debian as the distro that Just Wroks™, when did it all go so wrong? Is anyone else here having similar issues, or am I doing something wrong?

  • 9488fcea02a9@sh.itjust.works
    link
    fedilink
    arrow-up
    62
    arrow-down
    1
    ·
    4 months ago

    My bank used to complain that my browser was out of date. I wrote an email to customer service explaining to them that:

    A) debian’s “out of date” browser actually includes all up to date security patches. B) simply reading the browser agent isnt really security. I had simply been spoofing my browser agent to get around their silly browser “security” policy

    They removed the browser check 2 weeks later. Not sure if it was because of me

    • efstajas@lemmy.world
      link
      fedilink
      arrow-up
      25
      arrow-down
      1
      ·
      4 months ago

      simply reading the browser agent isnt really security

      It’s not for their security, but for that of genuinely clueless people that are just running an actually outdated browser that might have known and exploitable security flaws.

      • LeFantome@programming.dev
        link
        fedilink
        arrow-up
        7
        arrow-down
        1
        ·
        4 months ago

        It is not about security at all. They do not want to test or support old browsers. So, they set a minimum version and tell you that you need to upgrade to that.

        If they only support one browser, it is going to be Chrome. Chrome has more zero-day vulnerabilities than any other project I can think of. It is not about security.

        • SpaceCowboy@lemmy.ca
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          Yeah if it were about security they’d check the version of HTTPS, SSL, TLS and all that stuff.

          • efstajas@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            4 months ago

            Doing that would tell you nothing about whether the browser might have un-patched, known vulnerabilities elsewhere.

        • efstajas@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          edit-2
          4 months ago

          How do you know this? Of course there are lots of reasons for why they’d want to enforce minimum browser versions. But security might very well be one of them. Especially if you’re a bank you probably feel bad about sending session tokens to a browser that potentially has known security vulnerabilities.

          And sure, the user agent isn’t a sure way to tell whether a browser is outdated, but in 95% of cases it’s good enough, and people that know enough to understand the block shouldn’t apply to them can bypass it easily anyway.