Slashdot Mirror
Domain: github.io
Stories and comments across the archive that link to github.io.
Comments · 493
-
Re:More evil
The W3C spec is pretty clear about the privacy implications and how user agents should mitigate them including requiring the user to accept access to specific Bluetooth devices and to not give enough information to the Javascript to uniquely identify the device.
-
Funniest thing ever.
Donald Trump executive order generator.
http://hepwori.github.io/execo... -
Why I like Firefox: Extensions (Add-ons)Extensions are the reason Firefox is popular with me. I'm happy to have any suggestions for improvements of the list.
-
Classic Theme
Restorer
"This add-on will stop working when Firefox 57 arrives in November 2017."
https://addons.mozilla.org/firefox/downloads/latest/classicthemerestorer/addon-472577-latest.xpi?src=dp-btn-primary - Cookies
Manager+
https://addons.mozilla.org/firefox/downloads/latest/cookies-manager-plus/addon-92079-latest.xpi?src=dp-btn-primary - Ghostery
DON'T UPDATE. New versions don't allow sufficient user control.
https://addons.mozilla.org/en-US/firefox/addon/ghostery/
USE THIS: y-5.4.10-sm+an+fx.xpi Link: Version 5.4.10 - Mozilla Archive Format
http://maf.mozdev.org/ - NoScript
https://addons.mozilla.org/en-... -
Nuke Anything Enhanced
https://addons.mozilla.org/firefox/downloads/latest/nuke-anything-enhanced/addon-951-latest.xpi?src=dp-btn-primary
- Open link
in...
https://addons.mozilla.org/en-US/firefox/addon/open-link-in/ - Print Edit
https://addons.mozilla.org/fir... - Session
Manager
https://addons.mozilla.org/en-US/firefox/addon/session-manager/ - Snap Links
Plus DON'T UPDATE. New versions don't have as many features.
https://addons.mozilla.org/en-...
USE THIS: snap_links_plus-2.4.3-sm+fx.xpi Link: Version 2.4.3
Explanation:
http://cpriest.github.io/SnapL... - uBlock Origin
https://addons.mozilla.org/fir... - Video
DownloadHelper
https://addons.mozilla.org/firefox/downloads/latest/video-downloadhelper/addon-3006-latest.xpi?src=dp-btn-primary
-
Classic Theme
Restorer
-
Re:Impress presentation
Dunno if this is what you are looking for, but check out DocOnce: http://hplgit.github.io/doconc...
-
Any hope for practical HTTPS on home LAN?
So I guess the next thing to do is find a way to make HTTPS practical for a web server on a home LAN, particularly with DNS Service Discovery instead of a purchased domain. A lot of routers, NAS boxes, etc. still use cleartext HTTP because the browser publishers' Baseline Requirements forbid certificate authorities trusted by the web browser from issuing certificates for hostnames in the
Sources for threat to drop Fullscreen API: Secure Contexts: Risks associated with non-secure contexts; Secure Contexts: Restricting Legacy Features; Deprecating Non-Secure HTTP; Deprecating Powerful Features on Insecure Origins
Source for impracticality of HTTPS on home LAN: Question to Let's Encrypt rep in -
Any hope for practical HTTPS on home LAN?
So I guess the next thing to do is find a way to make HTTPS practical for a web server on a home LAN, particularly with DNS Service Discovery instead of a purchased domain. A lot of routers, NAS boxes, etc. still use cleartext HTTP because the browser publishers' Baseline Requirements forbid certificate authorities trusted by the web browser from issuing certificates for hostnames in the
Sources for threat to drop Fullscreen API: Secure Contexts: Risks associated with non-secure contexts; Secure Contexts: Restricting Legacy Features; Deprecating Non-Secure HTTP; Deprecating Powerful Features on Insecure Origins
Source for impracticality of HTTPS on home LAN: Question to Let's Encrypt rep in -
Re:The problem is what you consider useful
-
Windows 10 cmd.exe improvements
I only just recently discovered that Windows 10 has a bunch of improvements to the command line.
Most notably (at least for me) is the addition of CTRL-backspace as well as well as CTRL-C/V for copy paste. I do a lot of stuff on the command line and the added functionality looks really great.
It's just a shame I'm too scared to upgrade to Windows 10 because of all the additional telemetry that seems like a real pain in the ass to disable! (I did see this open source tool that looks like it might be worth keeping an eye on: https://modzero.github.io/fix-... ).
-
Dismissing economic or sociological aspects
In the context of applications that run on graphical computing devices and communicate through the Internet, I must respectfully disagree with your dismissal of "the economic or sociological aspects of the problem." If one considers only technical metrics, such as runtime and memory efficiency, an assembly language program can theoretically beat a C++ "native compiled desktop application" because practical compilers miss some opportunities for optimization. For example, my assembly code for the 8-bit 6502 processor routinely outperforms the output of the most popular C compiler for that processor.
It's just that assembly language doesn't see a lot of use for mass-market applications because end users demand rapid iteration of features and compatibility with existing hardware more than runtime and memory efficiency. The widespread use of C++ rather than assembly language for native application is thus caused by "economic or sociological aspects". And when rapid iteration and compatibility pressures are even more intense, said aspects drive developers to cross-platform compromises, such as the Java virtual machine, the Common Language Runtime, and the JavaScript virtual machine.
-
Re:Bugs
-
Re:Oh yeah, just what I need.
I find it incredibly difficult to believe that we don't have the hardware resources necessary to perform local speech-to-text and text processing inside your house without ever touching the internet.
We do, feel free to use Pocket Sphinx or Julius.
Jasper will let you use multiple backends including the 2 above plus Google and AT&T.
Some remote server listening in on everything I say, filtering every word, analyzing each sentence, etc.
Why not just assume the NSA is always listening unless you take steps to avoid it? NSA is more than welcome to listen to my son's requests for Kids Bop and how many timers I set in the Kitchen. It's also not that difficult to get out of range of Alexa or go offline.
Planning a terrorist attack? Go to a college bar. Good luck getting any SST to work in there. Or outside, or a car or any number of a million places where you can avoid being listened to. Do you think the founding fathers cut themselves off from everyone to make their plans? They smiled went along their normal daily routine unless they knew they could talk freely. This is no different.
Between free image hosting, VPNs, steganography and multiple of end to end encryption services it shouldn't be difficult to plan any thing you want without authorities being notified.
And if you really want to hide in the noise, hire your own 'Navajo' talkers in the form of 15 year old gamers. You should be able to pass anything you want through comments about someones mother.
-
Re:It's on topic (not 'spam') & you can't
* QUESTION: What've YOU personally done better that works vs. ads & numerous other threats online?
I use RequestPolicy because it's a whitelist and not a blacklist (that means threats are blocked by default, and not part of an evergrowing list of "bad" domains/IPs). I also use NoScript. For YouTube, I use youtube-dl and see no ads. That takes care of pretty much all my needs.
All those are much better than downloading proprietary software from some spammer on Slashdot.
-
Re: Oracle
-
Built with what?
I doubt he did everything from scratch.
Lucida from the University of Michigan looks to be a good self hosted solution to a backend and Jasper a good voice front end.
Home Assistant integrates well with both Google Home and Amazon Echo.
He had to tell the system four times to turn the lights off before it got dark."
Then again, it sounds like he might have. Echo+HASS is much more consistent than that.
-
Routers have massive security issues #1/20
See subject & these links proof of sad truth on routers (hosts = better. See 'p.s.' below & links there too for proof):
http://hardware.slashdot.org/story/15/11/26/1541216/900-embedded-devices-share-hard-coded-certs-ssh-host-keys/
http://it.slashdot.org/story/08/01/14/1319256/Most-Home-Routers-Vulnerable-to-Flash-UPnP-Attack/
http://it.slashdot.org/story/10/07/16/122259/Millions-of-Home-Routers-Are-Hackable/
http://it.slashdot.org/story/12/04/26/1411229/backdoor-found-in-arcadyan-based-wi-fi-routers/
http://blog.emaze.net/2013/08/huawei-b153-3gumts-router-wps-weakness.html/
http://blog.ptsecurity.com/2015/12/critical-vulnerabilities-in-3g4g-modems.html/
http://blogs.pcmag.com/securitywatch/2008/06/new_malware_silently_changes_r.php/
http://ea.github.io/blog/2013/10/18/tenda-backdoor/
http://hardware.slashdot.org/story/13/01/14/2049241/remote-linksys-0-day-root-exploit-uncovered/
http://hardware.slashdot.org/story/15/01/29/2256236/d-link-routers-vulnerable-to-dns-hijacking/
http://hardware.slashdot.org/story/15/08/20/1319253/bruce-schneier-on-cisco-rommon-firmware-exploit-this-is-serious/
http://it.slashdot.org/story/13/04/17/2228258/researchers-hack-over-a-dozen-home-routers/
http://it.slashdot.org/story/13/10/14/0120221/d-link-router-backdoor-vulnerability-allows-full-access-to-settings/
http://it.slashdot.org/story/14/03/19/1619222/security-industry-incapable-of-finding-firmware-attackers/
http://it.slashdot.org/story/14/08/12/1917257/study-firmware-plagued-by-poor-encryption-and-backdoors/
http://it.slashdot.org/story/14/10/23/1345230/cisco-fixes-three-year-old-telnet-flaw-in-security-appliances/
http://it.slashdot.org/story/15/01/09/1349229/asus-wireless-routers-can-be-exploited-by-anyone-inside-the-network/
http://it.slashdot.org/story/15/01/09/1936214/lizard-stresser-ddos-for-hire-service-built-on-hacked-home-routers/
http://it.slashdot.org/story/15/02/19/1445251/duplicate-ss -
Re:Welcome to Trump's America Inc.
I pay $50/month for 50 Mbit unlimited xfer and ~$10 month for a seedbox and usenet. Installed Sonarr,CouchPotato, and SABnzb locally, rtorrent runs on the seedbox. A nice script I wrote rsyncs those in for unraring. SAB even has Pushover notifications, so I get a nice alert when something new is ready to watch.
We play all our home stuff with summaries, ratings, and whatnot with the excellent Infuse app for iOS and AppleTV.
We have an HD antenna on our old satellite mast on the roof. Truth be told, once the whole family was used to TV without commercials, they didn't stand for broadcast. Approximately 17 minutes from every hour stolen from your life. The OTA signal hasn't been used in months. -
Re:Just ... screen?
Do all the news headlines about Debian boil down to
Do they know abut byobu and tmux?
This is about using screen during a network install[1]. Personally, I would have preferred tmux, but it's still cool.
tmux and byobu are both in debian main.
https://lists.debian.org/debian-boot/2016/04/msg00308.html
-
Just ... screen?
-
Bashful Donkey
-
Bashful Donkey
-
Bashful Donkey
-
Bashful Donkey
-
Bashful Donkey
-
Bashful Donkey
-
Re:But what is it used for?
Also, don't do insane things with templates. Also don't include more headers than you need to. Also use compiler cache. I'm pretty sure the smart people at Google didn't get any of those memos
Google already has extensive hints on how to work with C++ and apparently, not even those helped sufficiently. Also, solving this would only solve the problem of build times, not the problem of existing concurrent code at Google being too hairy. At the very least, in addition to solving the build time problems, a replacement for Go's functionality would have to be developed on top of C++ and the C++ clients rewritten to use it.
-
Hernando Barragán was robbed!
The story of how much of Arduino was appropriated from Hernando Barragán without credit is quite disturbing.
https://arduinohistory.github.... -
D-Link is for shits the worst
https://pierrekim.github.io/bl...
run rabbit run
-
Re:Bullspit
Imagine I started calling a blender an "artificial digestive system" that mimics human digestion. Would you buy that? Not if you're a biologist. Where are the enzymes? Where are the biochemical pathways? Where is the nutrient separation and distribution network? Where, indeed, is the anus?
Yet my blender claim is more accurate, by far, than the claim that Artificial Intelligence mimics biological intelligence. The operative word here is "intelligence." We're talking actual cognition, not pre-programmed reactions. No biologist calls a venus fly trap intelligent, even though it has enough cellular automation to catch and digest flies. An ant has the beginnings of intelligence, although we have very little understanding of how even this primitive life form cognates.
Nobody is saying that computer emulation of various tasks that humans do is useful. It is useful. It just isn't intelligent. Not even as intelligent as an ant.
Stanford AI researcher Andrej Karpathy wrote an excellent essay entitled The state of Computer Vision and AI: we are really, really far away. He summarizes how little we've accomplished in terms of AI's original goals. The piece was published in 2012, and AI hasn't moved a nanometer since. -
Re:Like this will help
Or you can roll your own with a little Python know how with youtube-dl
-
subject
typescript adds "class-based object-oriented programming".
Lie.
"Classes" existed already as prototypes, and with ES6 you can create those prototypes with your favorite "class" definition.
I'll never be using typescript so I'll never be using angular2. As much as I loved working with Angular1, I'll instead move to reactjs.
-
USB HID
Their flagship mouse MX Master has quite a few driver issues and also the DarkField sensor seems to have problems with some surfaces.
Drivers? For a *mouse* ?
It's fucking USB HID device (or bluetooth wireless if your laptop has Bluetooth 4.0 LE and you go dongle-less).
It's just a bunch of axis and buttons (though you have to admit that the MX Master mice tend to have a little bit more than the average of them).
You just plug into anything with generic USB HID support and it should work out of the box.
If it doesn't work, you shouldn't blame Logitech, you should blame the retarded operating system that fails at basic USB HID.The only thing that would require extra software would be:
- Battery status in your status bar. Which is visible thanks to green LEDs on the mouse if self, so I doubt it's that much necessary to have the status-bar widget.
(Though we're on- If you want to do some complex re-paring (e.g: pairing the mouse with a Logitech dongle that wasn't initially designed for it).
(Again, this is- Circumventing a piece of software that has asinine key/button binding. (e.g.: that has some stupid arbitrary hardcoded maximum of 3 mouse button, thus preventing you from binding the extra butons to additional functions). But then, any keyboard/mouse/joystick button remapping software would be plenty enough.
Logitech Quality has declined measurably recently, that's my experience anyway.
I have a strong impression that Logitech doesn't the same build quality in all markets.
(I've noticed difference in products between US market, and Logitech's home Switzerland)Could anyone else confirm ?
-
Picking cherries to support your preconceptions
There was a time in the satellite record when you could show that there has been little warming since 1997, and no warming prior to 1997, but significant warming over the whole period: http://phosphorus.github.io/ap...
-
Open source stingray detector
I've shared this on previous posts about stingray - there is an open source Android app to detect if you're connecting to a fraudulent base station, and take action by instantly disconnecting if desired. I don't know if it works or how well, since I'm in India, but people can use it to see if there are any stingrays deployed nearby.
-
Revenge of the Developer
Next week: "If only they'd stayed on HEAD, we wouldn't be having these problems. Also, your kernel is old and you're not running the latest version of systemd. Why don't you just hook into our Jenkins server at http://carautopilot.github.io/ so you can get the latest nightly before you head out on the road each morning?"
-
Secure Contexts require HTTPS even on home LAN
I wouldn't (for the sake of this argument) care if my router was all http because it doesn't answer on the WAN port.
The web interface presented by a cleartext HTTP server cannot use any APIs that are restricted to secure contexts. (A secure context contains only scripts from potentially trustworthy origins, particularly hosts that resolve to 127.0.0.1, the file: scheme, and the https: scheme.) The spec lists several web APIs that it encourages browser makers to restrict to secure contexts. Examples of such APIs that a web server inside an appliance on a home LAN might want to use include Service Workers, Geolocation, Media Capture, and especially Fullscreen.
For example, consider a router with a network attached storage (NAS) feature. If you connect a mass storage device to its USB port, it shares the files on the LAN through SMB, SFTP, and HTTP protocols. If you load videos onto this device, the user may want to watch them on the full screen. But because the Fullscreen API can be used to spoof browser UI, the spec encourages browsers to restrict it to secure contexts. This means the NAS feature will have to support HTTPS.
-
Secure Contexts require HTTPS even on home LAN
I wouldn't (for the sake of this argument) care if my router was all http because it doesn't answer on the WAN port.
The web interface presented by a cleartext HTTP server cannot use any APIs that are restricted to secure contexts. (A secure context contains only scripts from potentially trustworthy origins, particularly hosts that resolve to 127.0.0.1, the file: scheme, and the https: scheme.) The spec lists several web APIs that it encourages browser makers to restrict to secure contexts. Examples of such APIs that a web server inside an appliance on a home LAN might want to use include Service Workers, Geolocation, Media Capture, and especially Fullscreen.
For example, consider a router with a network attached storage (NAS) feature. If you connect a mass storage device to its USB port, it shares the files on the LAN through SMB, SFTP, and HTTP protocols. If you load videos onto this device, the user may want to watch them on the full screen. But because the Fullscreen API can be used to spoof browser UI, the spec encourages browsers to restrict it to secure contexts. This means the NAS feature will have to support HTTPS.
-
Re:Mobile needs to improve browser
It's on the way: https://webassembly.github.io/
-
Re:GPS Pilot, right-wing wanker
There is the fact that the 1930s was the hottest decade of the 20th century
That's what a little knowledge will do to you. You're way in over your head and you don't even know it. Looks like they're removing stuff now. I used to be able to find the paper that Hansen had to admit the 1930s was the hottest decade of the 20th century. He lied about it and got caught, though he claimed it was a Y2K error and not a lie. In my humble opinion, his successor is lying a lot more. That's why every month this year has been a "record." Even featured here on slashdot it's so suspicious, so it's a captain obvious moment. I know true blue cool aid drinking believers believe it.
This site has actual photos of newspaper articles. Those stubborn facts again-
https://stevengoddard.wordpres...Yet another analysis:
https://wattsupwiththat.com/20...Did you look at their last graph from 1880 on? That doesn't line up with the CO2 levels worth a damn.
The cyclical variations from PDO/ENSO/etc on top of the secular warming from CO2 explain each peak and valley in the temperature record quite well. It is naive to think that you would have a monotonic rise in temperatures that matched the monotonic rise in CO2. This is certainly not what the models show.
Here's a neat tool you can use to explore this. Set CO2 to 2.4 and PDO to 0.13 and you already have a pretty good match to the temperature record.
I understand you're not a scientist. However for God sakes, look at the data! Go into the distant past to present! Analyze it! Come up with a theory! You'll see in short order CO2 falls apart as a cause, clearly. Another clue is they want to put people in jail that disagree with man made GW. Classic sign they're wrong and they know it. Otherwise, they'd present real science. You know, using the scientific method. Data, results, you can do it too and come up with the same results.
What's very frustrating to me is I've predicted this for 20 years that their models wouldn't hold up and I've been right. They continue to fail as long as they're based on CO2.
Wonder why I haven't been responding? I have a recipe to save anything from you off to the side. I don't even see it. I came across this one by chance. So I figured I'd try to enlighten you again even though I'm sure I failed. You have a really big problem. You have to overcome those stubborn articles from the past that show MMGW is bullshit. Good luck with that.
-
Re:GPS Pilot, right-wing wanker
we're really returning to where we were about 1000 years ago.
We've blown past where we were even 6000 years ago at the peak of the current inter-glacial. And FAST! It's all occurred since industrialization.
There is the fact that the 1930s was the hottest decade of the 20th century
Did you look at their last graph from 1880 on? That doesn't line up with the CO2 levels worth a damn.
The cyclical variations from PDO/ENSO/etc on top of the secular warming from CO2 explain each peak and valley in the temperature record quite well. It is naive to think that you would have a monotonic rise in temperatures that matched the monotonic rise in CO2. This is certainly not what the models show.
Here's a neat tool you can use to explore this. Set CO2 to 2.4 and PDO to 0.13 and you already have a pretty good match to the temperature record.
-
A few thousand viewers...
Note that NK IPv4 address space is made of one
-
Re:I can't decide
The ironic part is that the shutdown is about attacking those that pointed out the harasser. The protesters are supporting rape, and things like that. That's what I can't figure out. Who is organizing the protest, and why?
So, we have an anonymous group claiming that he sexually assaulted a largely unidentified group of women. At the same time we have clearly identified groups of women telling a different story, some of whom, being among the few people identified by the first group flat out contradict important parts of the story.
I'm not going to suggest my girlfriend rides home at night with Applebaum (which actually shows how insidious this whole thing may be) and I note his lack of lawsuit againt the Tor foundation, still you might excuse me if I still have some doubts both about his actual guilt and the process through which the tor foundation decided they were sure of it.
-
p2p social sharing
This is a novel decentralized approach to social sharing https://ssbc.github.io/patchwo... It really doesn't address the threat of a state actor hacking your endpoints but it's a start.
-
Web Bluetooth Community Group
Open data protocols/services/formats published and controlled by an international organization is the answer.
That'd make sense if the Web Bluetooth Community Group didn't plan to eventually submit Web Bluetooth to W3C after the Chrome team finds and fixes any practical problems discovered during this field trial. As far as I can tell, a new technology has to be implemented in at least two browsers before W3C will consider it for inclusion in the HTML standard.
-
Re:can somebody explain
Without knowing anything about the particulars of this solution, a likely approach nowadays would be to take an existing emulator writen in C/C++ and compile it to JavaScript using Emscripten.
Emscripten produces JavaScript compliant with the asm.js profile, which is a subet of JavaScript that is easily optimized by the browser JS engine, allowing in-browser performance on the order of half of native speed. Given the age of the emulated hardware, this slowdown is not a problem.
You still have to emulate actual I/O devices in plain HTML+JavaScript, which for these presumably amounts to mapping JavaScript input events to a virtual keyboard, and using a HTML Canvas element to emulate the display. Even joysticks and gamepads can be supported in bleeding edge browsers.
TL;DR: By standing on the shoulders of giants, and adding a bunch of glue code.
-
One more on the pile.
Once again proven that browsing the web is like going to a diner party in a world where the handshake has been replaced with unprotected anal sex.
Sure, many people you meet may be offended when you insist on a condom (plugins like requestpolicy, and noscript) and say its some right of theirs to not let you sit at their table because of it, or rant on about how they need to get paid....
but at the end of the day.... its basic security. Loading and running code from random third party sites is not safe. It doesn't matter if its inside a restricted environment, its a risk. Its a risk website owners are in the habbit of irresponsibly magnifying for all of their viewers without a second thought
You should protect yourself. Wear condoms unless you really know your partner. Get some here:
https://requestpolicycontinued...If you have a browser other than firefox, you will need something else, I don't know what they are but, bottom line...protect yourself.
-
Re:What I use?
"I don't suppose you'd be willing to share your greasemonkey scripts for the anti-adblock measures?"
It's available in the usual userscript places, f.ex. the ones below:
-
There's a Stingray detector app for Android
..called AIMSICD. It alerts you to when you're possibly connecting to a fake cell tower, and can be configured to instantly disable the phone radios if that happens. I've tried it, but no idea if it works as claimed since I'm not in the US.
-
Re:Where am I?
How about BPG? Looks better than JPEG2000 to me.
-
cc65 doesn't optimize much
It's not unreasonable to imagine that the ongoing proliferation of embedded doodads would spur that on, but it's a stretch to imagine that it's for devices for which there is nothing but an assembler.
For systems using a 6502 family CPU, there is a C compiler. But it doesn't optimize much, and the 6502 architecture isn't well suited for efficient execution of C anyway. That's why even though a few modern-day NES games are written in C, most are written in assembly language.
-
Re:Yeah right.
