webappsec-subresource-integrity
Roundcube
Our great sponsors
webappsec-subresource-integrity | Roundcube | |
---|---|---|
5 | 35 | |
69 | 5,521 | |
- | 1.9% | |
0.0 | 9.5 | |
about 1 year ago | 2 days ago | |
HTML | PHP | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
webappsec-subresource-integrity
-
JavaScript import maps are now supported cross-browser
Seeing this, it reminded me of an interesting topic: caching at browser-level the external libraries used for big performance improvements: https://github.com/w3c/webappsec-subresource-integrity/issue...
-
📦 Everything you need to know: package managers
All package managers implement strict specifications on this approach to integrity. For example, npm respects the W3C's "Subresource Integrity or SRI" specification, which describes the mechanisms to be implemented to reduce the risk of malicious code injection. You can jump directly here to the specification document if you want to dig deeper.
-
Python 3.11 in the Web Browser
One proposed solution is checksums on CDN provided javascript:
https://w3c.github.io/webappsec-subresource-integrity/
-
How Cloudflare verifies the code WhatsApp Web serves to users
It's great to hear that you want this added to browsers themselves, and you're right that browsers are more likely to implement such changes if you can show that users are deliberately installing an extension to add the missing functionality.
There has been some discussion at the W3C about extending the SRI spec in this direction[0], but it seems they are reluctant to do that unless "multiple browser vendors" choose to implement something like this.[1] Hopefully the existence and adoption of this browser extension helps to solve that bootstrapping / Catch-22 problem.
As for usability, would it be sufficient to just adopt a TOFU model, where the browser pins the first key it sees for a domain? To prevent the risk of permanently bricking a site (if the key gets lost, or the host gets temporarily compromised) you could politely warn the user that the key has changed, or just show a different colour icon representing that the code is correctly signed with an unknown key.
[0] https://github.com/w3c/webappsec/issues/449
[1] https://github.com/w3c/webappsec-subresource-integrity/issue...
-
“Outlook just asked me if I want to upgrade to bigger ads?”
Including the hash is exactly what subresource integrity does (even in a CDN context, conveniently enough), but so far people haven’t figured out a sufficiently non-leaky design to use it for caching[1,2].
[1] https://github.com/w3c/webappsec-subresource-integrity/issue...
[2] https://hillbrad.github.io/sri-addressable-caching/sri-addre...
Roundcube
-
Proton Mail says Outlook for Windows is Microsoft's new data collection service
I have tried several, and liked none of them. I'm currently on Geary, but it's lacking in functionality, and it has things like search results being a bit different upon each of my searches. Starred messages cannot be shown on top. Eyeroll.
I think Evolution and Thunderbird are the top contenders, and of the self-hosted ones, Roundcube.
https://wiki.gnome.org/Apps/Geary
https://roundcube.net/
-
Open source email pioneer Roundcube joins the Nextcloud family
The GitHub issue talking about this [1] is such a mess too. Maintainers closing the question with a vague non-answer, deleting comments left and right, etc. Sounds like someone stole the money and everyone is either complicit or too embarrassed to admit that it happened.
[1] https://github.com/roundcube/roundcubemail/issues/6030
- Solutions for selfhosted internal-only email?
-
Self-hosted multi-account mail server
https://github.com/roundcube/roundcubemail/blob/master/SQL/mysql.initial.sql Take a look at the tables an you get a idea, session for the app, users-table, contacts-table, dictionary, etc.
-
Universal Inbox / Email Client
You could try a standalone email client like Mozilla's Thunderbird, or if you're experienced running a web server, you could check out something like Roundcube. I suppose you could even run it locally if you're familiar with PHP and/or Docker.
-
Would anyone be interested in a FOSS email service?
Like... https://roundcube.net/
-
Thunderbird 115 Supernova Preview: The New Folder Pane
What I really miss is a "web companion" for Thunderbird, basically something like https://roundcube.net/ or https://www.horde.org/apps/webmail, but a bit more powerful and with better UX. I'd like to use a Google Addressbook within such app, for example (there is a completely outdated plug-in for RoundCube). Another important thing would be powerful and fast search.
-
I Want To Serve My Email Locally From My Linux Server With a Web-Based Interface
Alternatively if you want to keep what you have I wouldn't recommend using the SoGO even though it's the nicest and most modern option. Mainly because it's a full groupware client and will require a lot of configuration. Instead using Roundcube is probably your best option
-
Selfhosted webmail client for teams
Roundcube might fit the bill for you.
-
Mail-Client with Web Interface
I'd do it with a local IMAP server in conjunction with a webmail client that connects to it. Dovecot is a fantastic and easy to use IMAP server. Webmail clients are a pretty personal thing, but the last time I used Roundcube it seemed pretty good.
What are some alternatives?
mma - MMA - Musical MIDI Accompaniment. This is a mirror of the original author's code drops.
RainLoop - Simple, modern & fast web-based email client
compression-dictionary-transport
snappymail - Simple, modern & fast web-based email client
ci - NodeSecure tool enabling secured continuous integration
docker-mailserver - Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.
quickjspp
WebMail Lite - AfterLogic WebMail Lite PHP. Fast and easy-to-use webmail front-end for your existing IMAP mail server, Plesk or cPanel.
wasmtime - A fast and secure runtime for WebAssembly
Mailcow - mailcow: dockerized - 🐮 + 🐋 = 💕
download-esm - Download ESM modules from npm and jsdelivr
Mailpile - A free & open modern, fast email client with user-friendly encryption and privacy features