Slashdot Mirror

I wouldn't put too much faith in the TIOBE index, for example it shows VB.NET at number 5, above C# at number 6 which can't be right.

I think you'll find PYPL to be a better indicator of language popularity which has VBA and VB in its proper place at #13 and #17 respectively.

No. You cannot force people to think.

You're trying to substitute a different premise to tilt the argument in your favor. That sort of underhanded argumentation is obnoxious and you should avoid such assholery if you want to be taken seriously.

This false belief is at the root of the current mess, were more and more effort is poured into languages with no real effect

Except there has been a real effect. Modern, typesafe, bounds-checked programming languages and well-designed libraries cause demonstrably fewer security vulnerabilities to be written, and the vulnerabilities to be less severe. This is because these languages inherently make whole classes of vulnerabilities impossible. Comparing, say, Java and C, there is no vulnerability you could write in Java that you can't write in C, but there are large classes of vulnerabilities -- including the most critical remote code execution vulns -- that you cannot write in Java. This comes at a cost... there are also classes of programs you cannot write in Java but can write in C, and Java programs tend to be much larger and consume much more memory.

This means that while Java programmers still have to think about security, there are many kinds of potential security mistakes that they do not have to think about. This is positive progress.

I do crypto, and bad crypto APIs (like those provided by Java) are huge source of vulnerabilities. Better, simpler APIs like Tink or libsodium make a big difference, and programmers write far better code when they use them. This doesn't eliminate the need for programmers to understand cryptography, but it does eliminate the need for them to be crypto experts. Perhaps the best thing ever to happen in this space is TLS. There are still plenty of things to screw up, but if you need private, authenticated network connections, there is almost never a better answer than "Use TLS, and follow these rules to configure it correctly", except, maybe "Use TLS and use <library> to configure it" (e.g. Use OkHttp on Android).

Or are you seriously going to try to tell me that a Good Programmer should be able to design and implement secure crypto code from scratch, and that if they'll just think they'll do fine? If you believe this, please, please, never write any code that implements or uses any form of cryptography.

It has been forked as Open Shell.

Voice-assistant project with local voice recognition (Pocketsphinx or Julius):
http://jasperproject.github.io...

Hardware module for local voice recognition (limited):
https://www.audeme.com/movi.ht...

Reko is already open source. It has a disassembler and a GUI.
https://uxmal.github.io/reko/
https://github.com/uxmal/reko

I have the same concern, particularly with regards my MS Natural Ergonomic 4000 keyboard: I use the Mute key all the time for exactly what it does natively on Windows 7 (and did on XP too): mutes all audio on the system. If this functionality is implemented in the browser, what exactly happens? Does it mute the tab (something Chrome 71 already made a mess of)? Does it mute audio in the entire browser? And if it does either of those, is there a way to disable it (say, through chrome://flags)? Because if not, that's a huge problem and major oversight.

As I wrote the above paragraph, I noticed that a reply came in elsewhere indicating that apparently the only keys it'll look at are play/pause/seek and track-oriented keys. What if people are already using those with their media player of choice? Furthermore, the document is marked Editor's Draft as of 2019/02/09, a.k.a. working draft, a.k.a. subject-to-change-at-any-moment. And even if it wasn't, we all know this is exactly how it begins: today it supports only those functions, but 6 months from now it's extended to support Mute and Volume Up/Down, which will provoke someone to consider adding Home, Favourites, Mute, Calculator, etc. via something similar -- all keys that have historically (we're talking 15+ years, folks) been dedicated to the UX aspect of the OS only, UNLESS you specifically went out of your way to configure them on a per-program basis and within that program (ex: Winamp), with some exceptions (read: Internet Explorer actually does use some of these keys itself when running) -- then it'll get extended to Logitech G15 LCD so the browser can print stupid crap on the LCD, followed by RGB LED tweaking, then some kind of fan RPM mod, blah blah blah. This is what's called creeping featurism and it is not a new phenomenon, but its prevalence has greatly amplified in the past 10 or so years.

I have no problem with the browser implementing, say, the appropriate API functions so that an extension/add-on could be used to set said keys up in the browser to perform media-related tasks (not a bad idea really, sort of akin to what the Streamdeck does alongside OBS Studio) -- the user has to install the Chrome extension by choice, thus the concern is alleviated for everyone as a default (read: majority) and bugs/quirks only affect those who effectively opted in through use of an extension.

In all seriousness, the past few major Chrome releases -- 70, 71, and 72 -- all brought with them more UX-related problems than improvements, IMO. For example, in 72 for whatever reason they decided to get rid of the incredibly useful details at chrome://net-internals/#proxy that would tell you what the active/effective settings were -- extremely useful for knowing if your PAC file was loaded or not, if a proxy was in use at all (and if so, if it was SOCKS or DIRECT or what), etc.. And just today I found they removed the chrome://net-internals/#events viewer entirely and replaced it with a dump-crap-to-a-file model that requires you to install Python and a completely separate external utility to decode it. What was wrong with doing this natively? Why not offer both?

I say all of this as a person who is an extremely strong advocate of KISS principle. I just don't see why removing useful information and capabilities of this sort is considered positive progress. Likewise, I don't see how adding media keys support to a browser is progress either. I think it creates more problems and annoyances than it solves. Obligatory Jurassic Park reference.

There seems to be open source doing that, and given the average quality of Samsungs attempts at SW don't make me very optimistic that their implementation will be more persistent, stable, secure and (ad-)free.

https://sourceforge.net/projec...
https://kanaka.github.io/noVNC...

But the number of websites which works in Firefox and Chrome but not Edge, is so big....

Strange... because currently the latest version of Edge is actually one point ahead of Firefox in terms of html standards compliance, and the upcoming version only one point behind.

Edge's javascript compliance with ES6 currently trails behind Firefox and Chrome, with almost all of it's inferiority being here. and here. These parts of Javascript are not, in practice, that significant. I won't say they are nothing, but they are still quite far removed from being needed in most cases.

I find it dubious that there are that many significant websites which would not work with Edge while working fine with another browser like Firefox unless they were specifically designed to be hostile to Edge. You may be able to find a few, but I am skeptical that the number is, as you say, "so big".

I'll believe Intel can build a discrete GPU worth buying when I see it. Every attempt so far has been flawed (Real3D i740 starved for texture bandwidth), weak (Silicon Image GMA950 with terrible performance and even worse drivers on Windows), or vapourware (Larrabee). There's no indication that it'll be different this time.

Larrabee was not vaporware exactly but it is worth considering why it did (or did not) fail. I suspect the development of ISPC detailed below may point to what Intel has in mind.

https://pharr.org/matt/blog/20...
http://tomforsyth1000.github.i...

What is this mound of security bugs you refer to?

Probably this one..

https://www.cvedetails.com/vul...

Modern Firefox and Chrome are both incredibly secure

You got the "Incredible" part right.

We have had this panic several times before. Remember the Web USB API?
That was going to be a security nightmare,

Um no Firefox does NOT support Web USB... Chrome is alone in this madness.

It very much has been a security nightmare.
https://pwnaccelerator.github....

massively abused and used to take over every poor sap's PC the moment it was deployed. Yet here we are, it's been around for years now, and somehow, presumably by blind luck rather than skill, they managed to make it secure.

What does Web USB have to do with granting web sites write access to local filesystem? I fail to see the linkage. They are two separate features with separate security properties. Each must be evaluated on the merits not by some ridiculous unfalsifiable false equivalence.

There are some who do use rust for microcontrollers. Rust's defaults unfortunately do make for large binary sizes, but there are things that can be done to get similar sized binaries to C. Rust does need to make them more accessible, though.

From the rust FAQ: https://www.rust-lang.org/en-US/faq.html#why-do-rust-programs-have-larger-binary-sizes-than-C-programs

This is older and unofficial but still informative: https://lifthrasiir.github.io/rustlog/why-is-a-rust-executable-large.html

See Audio Adversarial Examples: Targeted Attacks on Speech-to-Text. And see the data.

Just imagine. A television commercial says: Alexa, what is the weather?

Now every human in the room heard that, and it sounds harmless.

What Alexa actually heard: Alexa, browse to evil.com

Pretty neato.

Or see this: DolphinAttack: Inaudible Voice Commands, and see this.

Hope that helps!

https://www.apple.com/mac/docs...

It sure isn't in this PDF whitepaper, either. I read every single word. If you turn OFF Secure Boot, it, um, simply TURNS OFF Secure Boot. Period. Dot. The End.

This isn't about the Secure Boot feature of UEFI, as you say you can simply turn that off and that has nothing to do with the inability of other operating systems to see the internal storage. The fact is the storage is not visible, it should be, it was fine on all my other Macs up until this one. I can understand somebody beholden to defending Apple's every move would not like this but the fact is you cannot install Linux on it as Apple has prevented it.

I can also confirm that the old non-bootcamp way ( http://fgimian.github.io/blog/... ) of installing Windows on a Mac (after disabling Secure Boot on this system) also doesnt work. I tried this after wondering it BootCamp + Windows was simply a special case for these new macs and if there was perhaps something else going on behind the scenes, trying to install Windows without bootcamp results in the installer not being able to see the disk.

Actually, Robbie Barrat pioneered this kind of thing, but his stuff is much, much more interesting.

While I'm not surprised that someone's trying to do facial recognition for whales, it's not always that easy to get sight of a whale's face. There are other alternatives; check out this project that works to identify a whale by blowhole: https://hackforthesea.github.i...

These are very nice puff pieces claiming a lot of good intentions, but how does it work?

I can already create a calendar app -- or download one -- and control all my information by running it on my own web server. That is more hassle than I want.

Ah, but you are pinpointing it right there! It is more hassle than you want, why? If we could fix that problem, so that it wouldn't be more hassle to have it on your own webserver, then what would you do? And that's like iteration 1 of Solid, we're separating those apps from the data, so that you can have your data on your webserver, but you can use any calendar app you want. That way, companies will be competing to create the best apps, not to suck your data out of you. So, Solid is about making the infrastructure and the ecosystem to make sure that all those things aren't a hassle, they will be your preferred way to do it.

How does this new thing let me trust my data to code written by other people, that I probably never see, running on servers I don't control?

Right, good question, because that is the essence. But first of all, they are not running on a server you don't control, they are running on your client. So, Solid is doing a massive shift on where the intelligence will be. It will be mostly on the client. The server side will be pretty simple.

But the rest of the question is still interesting. It is a fairly long and intricate answer, but some of the short story here:

So, in the way it is working in browsers now, is the simple CORS restrictions. It is pretty broken, but it is what we have. So, we're making some hacks to identify web apps. And then, you can assign privileges to them. Since they are running on your device, the security of your browser applies to them.

Still, it doesn't mean that you can necessarily trust them, of course, but then, this is a social technology, so we could establish a Web of Trust around that. We're thinking a lot about that.

How will Berners-Lee's new company make enough money to pay employees and satisfy its venture-capital backers?

So, we don't know that yet. There are a few no-brainer business models of course, but we don't expect them to last long. But we have some really good people on the team, we'll figure it out.

Wake me up when we can stop doing dumb hacks like this to detect what version of the language the browser has implemented. I guess providing a const window.JSVER took too much effort.

<script type="text/javascript"> var jsver = 1.0;</script>
<script language="Javascript1.1"> jsver = 1.1;</script>
<script language="Javascript1.2"> jsver = 1.2;</script>
<script language="Javascript1.3"> jsver = 1.3;</script>
<script language="Javascript1.4"> jsver = 1.4;</script>
<script language="Javascript1.5"> jsver = 1.5;</script>
<script language="Javascript1.6"> jsver = 1.6;</script>
<script language="Javascript1.7"> jsver = 1.7;</script>
<script language="Javascript1.8"> jsver = 1.8;</script>
<script language="Javascript1.9"> jsver = 1.9;</script>

"use strict"; is a necessary kludge. Is there a way to turn it OFF after being turned on???

When are Int64 and UInt64 going to be standardized and supported?

When is BigInt going to be standardized?

Can we deprecate that shitty double equals comparison and keep triple comparison?

9999999999999999 === 10000000000000000
true
*facepalm*

First, a video that is downloaded but not played would still count against the monthly download quota that your ISP imposes on you, especially a satellite or cellular ISP. Second, playing a filmstrip through a canvas (as demonstrated in canvid) lets the video delivery script read the pixels in the canvas and relay back to the website that the video was decoded. Thus a video that was downloaded and played invisibly still uses CPU time and battery energy for decoding.

PHP is declining so fast it's not funny....and if anyone can't see the glaringly obvious reasons.... then really they deserve to go down with it....

http://pypl.github.io/PYPL.html

Like seriously PHP Devs should be worried ..... You'll either be out of a job soon or be in a dead end job maintaining legacy apps....

PHP is the fastest declining language right now:
Popularity index

Classes are definitely included in the language.

Julia has no classes

It does have compound types and extensible types (subtypes). Instead of class methods it has parametric polymorphism, a flavor of generics somewhat resembling interfaces. While this seems nice and natural as far as it goes, I am not sure how far it goes. Jury is out.

I absolutely hate the case conventions for identifiers. Why does every language of the month need to come with at least one blatantly stupid, avoidable idiocy guaranteed to trigger a large proportion of its intended audience? This is a minor thing but not something I could ever used to. A prime candidate for "sorry that was dumb, let's just fix it now before it festers".

At least, no significant indents, thanks for that.

Cheat sheet

Here's someone who built the obligatory XKCD: https://gkoberger.github.io/st...

There are some nice visualizations of the output of particular cells overlaid over the input (source code) here.

Development of Chrome should be sent off to an independent organization (perhaps forced to by anti trust courts). Chrome now has more market share than internet explorer used to and also owns phones and schools with chromebooks. We also need to force Google to code to standards and work on all of the competition’s browsers under interoperability laws. this includes minority browers like waterfox and falkon.

So I'm not fan of Google, but this is 100% crap. Some actual facts:

• Chromium is open source -- -- the only parts that aren't included are the the commercial codecs like H.264, and those will never be open-source because Google pays the licensing costs and gives away the results for free
• Google does code to standards. Shadow DOM v0 API is a standard. It's just an old one (relatively speaking)

Google does a lot of things that I don't like, but Chrome on the whole is a net positive contribution to the web-going world. They push companies like Apple and Mozilla to move faster and do more. Suggesting that someone "take it away" is absurd. Fork the code, release your own browser, have a nice day.

W3C maintains a spec called Secure Contexts, which encourages web browsers to completely disable certain sensitive JavaScript features within HTML documents served over a cleartext HTTP connection. Only HTTPS and http://localhost/ are allowed to use Service Workers, Geolocation, Payment Request, Presentation, and several other web platform APIs.

And it's as dumb as early browsers trusting SSL. Seriously. Wayyy before we had certificate pinning, dnssec or hell browsers that even checked the auth chain so long as you served your payload over SSL the browser assumed you were more trust worthy.

There needs to be a "fuck off" option to js. There is absolutely no reason to enable most of the crap we have now by default (battery status, access to gps, usb, vr, etc). TELL me when sites need it don't assume I want you giving it As it stands now you can't even tell when SSL has problems with a request. Try it. Untrust a few CAs and if you're lucky enough to find a site that isn't forcing HSTS (which you can't override), but has requests to other servers (sayy... a.fsdn.com), you'll have no idea why slashdot isn't rendering properly. The only way to tell is either looking at uMatrix/uBO's console or in the rare event it generates an error in the browsers console. You have to visit the site manually to accept the friggin ssl cert which is now temporary by default. Cookies are the same way, you no longer get a prompt

It's nice that Google has their own CA to issue as many certs as the want on the world but in reality there are MANY cases where we simply won't certify products on their browser.

W3C maintains a spec called Secure Contexts, which encourages web browsers to completely disable certain sensitive JavaScript features within HTML documents served over a cleartext HTTP connection. Only HTTPS and http://localhost/ are allowed to use Service Workers, Geolocation, Payment Request, Presentation, and several other web platform APIs.

If you're still on Windows 7 or 8.1 like I am on most of my PCs, check out Clink - an extension for the Windows command line that adds bash-style command line functionality to cmd.exe.

I was only just introduced to this by a colleague and can't believe I only just discovered it. Supports things like CTRL-V copy/paste which is pretty handy.

Step 1) Buy a camera
Step 2) Take a photo
Step 3) Go to https://cmusatyalab.github.io/... and install the software
Step 4) Profit

This thread is great, the topography and railroads influencing the grid orientations hadn't occurred to me. I did hear that in Boston, the cow paths became sidewalks and then streets, so Boston was perhaps designed by cows. I think the sun is also a factor. Many streets line up with the summer solstice sunset: https://sztanko.github.io/sols... I was saddened to realize that Los Angeles's downtown never lines up with the solstice, but many others do, like in boyle heights. Last solstice I went out and watched one. https://www.instagram.com/p/Bk...

Just download one of the many rippers available. For Linux there is youtube-dl
And here is the code you can use:
youtube-dl --extract-audio --audio-format mp3

Most ripping sites where just a shell arround youtube-dl anyway and as such limited the program to just a few options.

As you now have the source, you will be able to build your own website that does the same. With little ingenuity, you can have a bookmark in your browser and when you click it when you are on YouTube, it will start downloading to the directory of your choice.

Editing of MP3 can then be done with any MP3 editing program you desire,

You are on /. Behave like it. Now get of my lawn.

The use of the x86 instruction set wasn't the big issue with Larrabee. Larrabee would have been a bad idea no matter if it used ARM or MIPS opcodes instead. Using x86 didn't help, but that was just one among many issues of that architecture. The issues of the Larrabee architecture are things such as no fixed function hardware for things such as z-buffering or rasterization, not enough hardware threads to hide the memory latency, memory interface with not that much bandwidth but expensive but not that often usefull cache coherency, etc, SIMD units were not wide enough etc.

this pretty much hits it on the nail: it's the fixed functions that get the high-performance, and larrabee was specifically designed to experiment with *general-purpose* 3D software rendering (so things like fixed-functions were *deliberately* left out). jeff bush from nyuzi did the research and also published some posts describing his findings and analysis of other architectures https://jbush001.github.io/ - well worth reading.

I started and have headed a large open source project for the last 10 years: (plug!) http://mooseframework.org/ (quick description: think open source COMSOL on steroids).

We have a few thousand users spread across the world... but only a fraction of them contribute monetarily back to the project. We are lucky though that we are based at a US national laboratory where we are able to use government programs in support of energy research to pay for our project.

Going open source was a measured decision that took at lot of time to come to. Ultimately, we decided that creating an open platform for science was better than trying to charge license fees... and instead of taking money from our users our model is to partner with them to write proposals for joint funding. That model is working out ok so far (some years better than others!).

However: we not only create an open source library... we rely on many as well. The two biggest ones that we use are libMesh ( http://libmesh.github.io/ ) and PETSc ( https://www.mcs.anl.gov/petsc/ ). In both cases we have paid for full-time developers on those libraries for pretty much the entirety of our project. Sometimes we ask them to complete certain tasks for us - but for the most part the money is given with minimal strings attached so they can maintain their software and continue to make it better (not just for us, but for everyone).

For some of the smaller libraries we use we often fund work at universities associated with those projects. Sometimes it's a small amount of money - but we try to give _something_.

Everyone that is making money (for-profit or non-profit) while using open-source software should try to fund the projects you directly rely on as much as possible. Like many other things: even a little bit goes a long way. Open-source has never meant "you should use it and not monetarily support it"... people need $ to keep going.

You asked for a source, I showed you a source that showed Java popularity at about half of what it once was.

I don't have enterprise-specific numbers, but in 2018, the Java job demand is down about 9%
https://www.codingdojo.com/blo...

Fewer people are looking for tutorials and information as compared to a year ago
http://pypl.github.io/PYPL.htm...

Between 2013 and 2017 Java has seen a 4% decline in popularity
https://insights.stackoverflow...

You can call me a troll all you want, but Java has been in decline for a very long time. I'm sure there are areas where it will continue to be viable for the foreseeable future, but to pretend that it's as strong as it was back in it's heyday is just deluding yourself.

This is super obvious. A direct and rational cause and effect.

It's only as obvious as that mice are spontaneously created by the conditions of placing grain wrapped in a shirt. People believed that for a long time; they reasoned that they saw no mice, then there were mice, thus the mice must have been spontaneously created. Where there is grain, there are mice--they don't come, breed, and spread, but rather appear from the ether.

Your information is limited, and your conclusions are thus imprecise. What happens if you compare trade deficits to unemployment? And no, the conclusion is not that a falling trade deficit causes rising unemployment, either, even though the chart appears to show that (the correlation is the other way around: less capacity to buy, thus less importing).

Some folks have studied this in other nations, and written interesting things about such.

If Paul CREATES and sells $50 of potatoes in a primary industry, but BUYS $60 of mexican melons, where's the fucking wealth going?

This is a micro-economics question. Paul is of course operating on credit.

Shut down trade and Paul would then have to buy $120 of US melons or something.

It's more that, between Paul, Mike, and Brian, the US CREATES and sells $60 of potatoes, and CREATES and sells $120 of melons. In doing so, they exercise 6,000 hours of US productive labor.

Instead, Paul CREATES and sells $60 of potatoes. Meanwhile, people IMPORT $60 of Mexican melons. Now Mike and Brian have 4,000 hours to expend on CREATING chairs or wheat or cars.

There's an interesting issue here: the US consumers can now spend $60 on US goods and purchase 2,000 hours of labor (yeah it's like, 1790, no inflation yet). That can employ Mike but not Brian.

Here's the thing: people retire somewhere between 66 and 74. Jim was going to retire at 74, but he's got his Social Security going on (just ignore the anachronism) and a technological change has improved the farm work for keeping cows. Jim could go fight with Brian for that new chicken farm job that's opened up since folks are buying more eggs with the money they're saving on milk, but he retires at 72 instead of trying to get a job for the next 2 years.

Now Paul, Mike, and Brian all have jobs; Jim retired.

This is actually a hell of a lot more complex today: we bring in nearly 300,000 H-1B Visa permanent workers each year; college students go to grad school or drop out based on job availability; and, again, you've got the whole thing with people not retiring exactly at 66 1/2. You also have some funky thing that caused something called "Baby Boomers" that one time, where continued high employment availability leads to continued population growth until the job market slows down; the opposite is also true.

Long story short, we have high labor force participation and low unemployment. Our labor markets have shifted around structural change and continue to do so. Meanwhile, we all get more for every hour we work.

I explicitly said our economy is growing enough that it's not a problem. You talk a lot but you don't listen well.

Sorry, I assumed too much about your knowledge of macroeconomics. Let me remedy this.

Economies grow in two major ways. The lesser growth effect is the accumulation of factors of production: more population, more factories, and so forth. That kind of growth doesn't increase standards of living; it only increases GDP. In numerical terms, GDP-per-Capita and GNI-per-Capita stay the same.

The other type of growth is structural change. Structural change involves technical progress (the wooden shipping pallet eliminated 92% of labor in loading and unloading goods d

With less than $100 you can create your own personal voice assistant. Here are 4 free replacements for Amazon and Google's assistants:
Mycroft - https://mycroft.ai/
Kalliope - https://kalliope-project.githu...
Jasper - https://jasperproject.github.i...
Adrian - http://www.theadrianproject.co...

With less than $100 you can create your own personal voice assistant. Here are 4 free replacements for Amazon and Google's assistants:
Mycroft - https://mycroft.ai/
Kalliope - https://kalliope-project.githu...
Jasper - https://jasperproject.github.i...
Adrian - http://www.theadrianproject.co...

"I've been hacked twice recently and that has seriously made me rethink my options for my safety and well-being. So, I ask you dear Slashdot users, from one fellow longtime Slashdotter to another: which is the best router for optimal safety today?"

What make of model was this modem and was it running using the default username/password, UPnP enabled and the ISPs remote upgrade enabled. Personally I've ditched the supplied modem, use a third party model with customized software running as a blob.

The current crisis security problem demonstrate the dangers of a monoculture, as in when a virus comes along, it wipes out most of the ecosystem. The solution being to mix-and-match the hardware/software combinations to effectively produce unique devices, not all susceptible to the latest malware.

'CyberInsecurity: The cost of Monopoly How the Dominance of Microsoft's Products Poses a Risk to Security'

Too Late, it's been done - check out 'TulipCoin' at https://tulipcoins.github.io/

PonziCoin was also very 'successful'.

It seems to be at the stage where the fish will bite on bare hooks, with no bait, and a large sign attached saying 'warning, this is a hook'.

Sphinx4 is the decoder everyone uses, so feel free to read up on it's design. It does harness parallel processing but I don't think it uses GPGPU.

As for running it on a Pi, you need to limit your vocabulary.

Facebook just trained their image recognition "AI" with over 3 billion instagram images

They then only scored 85% in a test.

That is "top 1" accuracy. A label of a close up of a car might be labeled "fender" but the AI's first guess is car. Or a picture might have a girl holding a cat, and the guess of the AI is cat, but the picture is labeled girl. Or a picture of a racoon, but the AI guesses cat.

These are usually either not actual "wrong" guesses, or their wrogness is fairly minor.

See this article comparing human performance to computer performance for "Top 5".

http://karpathy.github.io/2014...

And [a personal portfolio site] doesn't need to be encrypted

Let's say a web developer's portfolio site contains demonstrations of web applications, and the users of these web application can create accounts. Without encryption, how should the web developer protect the passwords and session tokens of the users of the web application from interception when exhibiting this application to the public?

Let's say a web developer's portfolio site contains demonstrations of web applications, one of which uses Service Workers or another web API that has been restricted to secure contexts. Without encryption, how should the web developer exhibit this application to the public?

Why do home devices need to have trusted SSL certs?

Because Service Workers and several other web platform APIs are restricted to secure contexts per W3C's spec. For example, a browser may restrict the Fullscreen API or Presentation API to secure contexts as a mitigation against phishing by replicating the chrome of the operating system and web browser. In such a browser, the web interface of a NAS on which video is stored will not be able to present the video in the full screen.

Actually scratch.mit.edu uses flash still.

Try Scratch 3 Preview.

Not complete, but the core is there and works really well.

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.
CVE-2017-5689: An unprivileged network attacker could ga

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.
CVE-2017-5689: An unprivileged network attacker could ga

As with VP9 earlier, the first reference AV1 encoder is absolutely slow: currently it's an order of magnitude slower than x265's veryslow preset (which is extremely slow to begin with).

AV1 is not currently supported by anything under the sun except an alpha build of Firefox (where it struggles to decode even a 3Mbps video on powerful PCs).

Most likely ffmpeg will include its own decoder (implementation) because ffmpeg and AV1 developers have contradicting views on coding styles. ffmpeg has its own VP9 decoder.

Apple joined the alliance just a few months ago when the development was almost over, which means Apple most likely didn't really contribute to it at all.

The spec is 619 freaking pages long.

If you look at this image compression comparison tool (note BPG uses HEVC) you'll notice a few things (I recommend the obvious: compare at 3x against the original). (1) All the different sizes are about the same size so the real test is quality per size. (2) At large, (virtually?) all the formats look nearly indistinguishable from the original. (3) Most formats other than jpeg/jpeg2000 get progressively blurrier the small they get while jpeg/jpeg2000 gets blocky*. (4) The ratio from large to original is about 10-15%. (5) The ratio for tiny (which usually but not always look pretty bad in most formats) to original is 2-3%. Which means (6) the actual size change is on the order of 70KB (20%) of say a 350KB lossy image of an 2048KB original.

So, sure you can get intermediate improvements. But no image format guarantees much more of a shrinkage with substantially high quality than jpeg already delivers. Ie, you can get it but you always risk that the image format you use will end up producing blurriness So, the only safe thing to do is to compress in multiple successive sizes and do a comparison until some point where it's just too blurry in the finer details for your intentions. Or just stick with jpeg and buy more storage.

* My guess is that jpeg/jpeg2k decoders could put in more post processor blur if blockiness is detected to at least make the blockines less noticeable, which seems in part what all the other encoders are doing. After all, in life out of focus detail does blur; it doesn't turn blocky. So, it makes sense to simulate that.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.

Intel PR: I warned you about -1, this is now being posted on multiple threads

Change log:
2018/01/01 - Added 14 Useful Links. Disable Intel ME 11 via undocumented NSA "High Assurance Platform" mode with me_cleaner, Blackhat Dec 2017 Intel ME presentation, Intel ME CVEs (CVSS Scored 7.2-10.0)

Intel CPU Backdoor Report
The goal of this report is to make the existence of Intel CPU backdoors a common knowledge and provide information on backdoor removal.

What we know about Intel CPU backdoors so far:

TL;DR version

Your Intel CPU and Chipset is running a backdoor as we speak.

The backdoor hardware is inside the CPU/Bridge and the backdoor firmware (Intel Management Engine) is in the chipset flash memory.

30C3 Intel ME live hack:
[Video] 30C3: Persistent, Stealthy, Remote-controlled Dedicated Hardware Malware
@21:43, keystrokes leaked from Intel ME above the OS, wireshark failed to detect packets.

[Quotes] Vortrag:
"the ME provides a perfect environment for undetectable sensitive data leakage on behalf of the attacker".

"We can permanently monitor the keyboard buffer on both operating system targets."

Decoding Intel backdoors:
The situation is out of control and the Libreboot/Coreboot community is looking for BIOS/Firmware experts to help with the Intel ME decoding effort.

If you are skilled in these areas, download Intel ME firmwares from this collection and have a go at them, beware Intel is using a lot of counter measures to prevent their backdoors from being decoded (explained below).

Backdoor removal:
The backdoor firmware can be removed by following this guide using the me_cleaner script.
Removal requires a Raspberry Pi (with GPIO pins) and a SOIC clip.

2017 Dec Update:
Intel ME on recent CPUs may be disabled by enabling the undocumented NSA HAP mode, use me_cleaner with -S option to set the HAP bit, see me_cleaner: HAP AltMeDisable bit.

Useful links (Added 2018 Jan 1):
Disabling Intel ME 11 via undocumented HAP mode (NSA High Assurance Platform mode)
me_cleaner: Set HAP AltMeDisable bit with -S option
Blackhat 2017: How To Hack A Turned Off Computer Or Running Unsigned Code In Intel Management Engine
EFF: Intel's Management Engine is a security hazard, and users need a way to disable it
Sakaki's EFI Install Guide/Disabling the Intel Management Engine
Intel ME bug storm: Hardware vendors race to identify and provide updates for dangerous Intel flaws.