Slashdot Mirror

I wrote a few years ago about why people submit to console inflexibility. The reasons I came up with include these:

- Offline use of disc games is more convenient for gamers in rural areas or deployed on military bases

I think that you'll find that getting scratched off the list soon.

I wrote a few years ago about why people submit to console inflexibility. The reasons I came up with include these:

- Offline use of disc games is more convenient for gamers in rural areas or deployed on military bases

I think that you'll find that getting scratched off the list soon.

I wrote a few years ago about why people submit to console inflexibility. The reasons I came up with include these:

- Less chance of ending up with "fake game" shovelware even worse than E.T., Chase the Chuck Wagon, and other poster children of the 1983 crash
- No worry about reading the tea leaves that are PC game system requirements
- Little variation among PCs in an online multiplayer pickup group of strangers giving nobody an unfair competitive advantage
- Less cheating in an online multiplayer pickup group of strangers due to no mods
- No need for antivirus
- Offline use of disc games is more convenient for gamers in rural areas or deployed on military bases
- Less hardware variation means less chance of driver conflicts
- Living room friendly case by default

1. Autoplay of video in web pages including the muted but still being played lameness including streamed GIFs and other hacks - (annoyance, bandwidth)

See for example demonstrations of some of these hacks. But how exactly would you propose to detect them and block block them, without breaking not only the JavaScript needed for web applications but also the CSS needed for even static HTML documents?

2. Access to the microphone built into Firefox - an exploit waiting to happen - (privacy)

Would you prefer having to use a native voice chat app? That runs the risk of "We're sorry! The voice chat application is not available for your platform."

3. Access to the camera built into Firefox - an exploit waiting to happen - (privacy)

Would you prefer having to use a native video chat app? That runs the risk of "We're sorry! The video chat application is not available for your platform."

I much prefer {GNU libc, GNU compiler collection, GNU emacs, etc.}/Linux.

Which comes fairly close to the spirit of my "Coreutils plus two" definition.

That last one will stop all animated GIF/PNG/WEBP from ever playing

Do these settings also prevent CSS-animated JPEG and PNG filmstrips like this one and this one from playing?

I saw "autoplaying content (audio and video) blocked by default" in the summary and jumped into the usual test suite. All still played. To learn why, I read the featured article and found this:

Mozilla's main goal is to remove the annoyance of sound blaring from your speakers. On sites that automatically mute the sound, the Block Autoplay feature will not stop the video from playing.

This means autoplaying video in floating ads will continue to drain your computer's battery and your monthly Internet cap.

Disabling autoplay has been in about:config for years now

Setting media.autoplay.default to 1 and media.autoplay.allow-muted to false in Firefox 65.0 did not block pure CSS motion JPEG or pure CSS motion PNG.

Blocking automatic playback of audio will block automatic playback of video with audio. Blocking automatic playback of silent video is a much harder problem. Just blocking MP4, WebM, and GIF animations is not enough, as a site can provide fallbacks that use script or even pure CSS. Some Slashdot users claim to have used extensions to block video, but none of them seem to block all methods in my test suite.

PHP is a horrific language. Most people that use it

...haven't read JavaScript: The Good Parts. PHP and JavaScript have a surprising number of pitfalls in common, such as difficult-to-memorize rules for == comparison. True, there are problems with PHP that are very annoying to work around, as Eevee pointed out in her famous essay. But as with JavaScript, there are also a few common-sense coding standards that make the worst problems less likely.

Nobody should use it. No, not even current versions. It's still broken.

Do you block Wikimedia sites and other sites using MediaWiki software?

You mean something that downloads several hosts files on a schedule, merges them, and writes them out as a cron job? I've written a proposal for such a tool, and I'd appreciate your thoughts on the proposal's discussion page about whether it's workable.

I use a plugin that aims to disable a lot of autoplay, but it doesn't always work.

I'm interested in what your plug-in can and can't block. How many of these tests still play?

I know I can stop it all by turning off JS entirely

CSS animated filmstrips, such as this and this, still play with video autoplay, GIF autoplay, and JavaScript all turned off.

I use a plugin that aims to disable a lot of autoplay, but it doesn't always work.

I'm interested in what your plug-in can and can't block. How many of these tests still play?

I know I can stop it all by turning off JS entirely

CSS animated filmstrips, such as this and this, still play with video autoplay, GIF autoplay, and JavaScript all turned off.

I use a plugin that aims to disable a lot of autoplay, but it doesn't always work.

I'm interested in what your plug-in can and can't block. How many of these tests still play?

I know I can stop it all by turning off JS entirely

CSS animated filmstrips, such as this and this, still play with video autoplay, GIF autoplay, and JavaScript all turned off.

It's seriously strange, right out of the videogame console world or some bullshit like that.

Why do people put up with it on video game consoles in the first place? Because consoles are harder to screw up than a personal computer. Likewise with iOS devices.

I tried to come up with a more balanced view on PHP, synthesizing Eevee's popular "fractal" essay, ManiacDan's "hardly" rebuttal, and Douglas Crockford's JavaScript: The Good Parts, to form coding standards and things that are still broken.

FFS, please just install them from the package repos on B.

Many distributions have a policy of not carrying in their repositories any software that is not free software.

If not possible, get the application's source code, compile and install it.

That would cost half the publisher's market capitalization.

Please consider using FOSS alternatives to the software you think you can't live without

How does one go about finding free software replacements for A. video games in particular genres with a substantial player population, B. players for rented movies, and C. individual income tax return preparation wizards? If you can't think of any, the reasons in this article might be why.

In a web browser? What can you use that isn't JavaScript?

HTML and CSS. And if you absolutely need interaction beyond link navigation, form submission, and checkbox collapse/radio tabs, you can use any language that isn't JavaScript but transpiles to JavaScript or compiles to WebAssembly. Or you can skip a web browser and provide a set of native applications for the end user to download, optionally audit, optionally compile, and install.

On an ISP-hosted web server? What do they give you except PHP?

I wasn't aware that home ISPs were still bundling web hosting now that most subscribers were putting their work in silos such as Blogspot, Tumblr, Facebook, Gab, Twitter, deviantART, and the like. Otherwise you might as well get a $10/mo virtual private server (VPS) from Amazon or any of several other providers and install whatever language you want. Buy your domain and hosting, configure your VPS to run a webserver and get its TLS certificate from Let's Encrypt, and you're set. And if you can't afford that much, third-party shared hosting providers such as DreamHost and WebFaction offer Python and other languages.

It's a good thing that there is no such thing as "Intellectual Property".

That means the GPL doesn't exist.

The GNU General Public License exists. It is a license under copyright.

As I understand it, Errol's point is that copyright, patent, trademark, trade secret, and right of publicity are more different than they are alike. In any case, they're more different than would justify an umbrella term like "intellectual property".

Enjoy Fractal, Hardly, and a synthesis of the two by analogy to Douglas Crockford's JavaScript: The Good Parts

For the same reason anyone wants a game console: it's harder for a user to screw up.

Why is this relevant in a discussion about a public site?

It is intended as a reminder that not all sites are public, and not all parties involved in this policy change have adequately addressed the effect of this policy change on private sites.

Why is this relevant when discussing a browser that still happily shows unencrypted communication?

A browser doesn't "happily show[] unencrypted communication" if it involves a JavaScript API that is reserved for secure contexts.

For that matter, why the heck would you do HTTPS on internal LAN?

Because a growing number of JavaScript APIs specify that they are available on HTTPS origins and http://localhost/ only, and nowhere else. One such API that is both limited to secure contexts and relevant to streaming a video from a home NAS is the Presentation API.

Hell, if you want HTTPS on your LAN addresses, just generate your own certs and install your own root cert on client machines.

Not all client machines make it practical to install a private root certificate, particularly mobile devices or set-top devices. Nor is it advisable to install a private root certificate on devices belonging to visiting friends and relatives if they want to watch a video that's on your NAS.

How is [console lock-in] different from being locked into windows?

Consider two differences between a PC running Windows and an Xbox One running the Windows 10-derived Xbox One system software:

In exchange for this lock-in, consoles offer alleged ease of use.

In my experience, it's not 2:1 but 10:1 in favor of video. Compare a 200 kB video to a 2 MB GIF at the same size and frame rate.

In my experience, it's not 2:1 but 10:1 in favor of video. Compare a 200 kB video to a 2 MB GIF at the same size and frame rate.

I tried chrome://flags/#autoplay-policy in Chromium Version 68.0.3440.75 (Developer Build) built on Debian 9.5, running on Debian 9.5 (64-bit). It didn't block most of the test cases in my video blocking test suite. I guess that's because blocking all video playback is very much easier said than done.

- Block the <video> element, and sites will fall back to the less efficient <img> tag with GIF.
- Block <video> and GIF, and sites will fall back to using JavaScript to rotate JPEG or PNG images into a container.
- Block <video>, GIF, and script, and sites will fall back to using CSS sprites with stepped animations to rotate frames of a JPEG or PNG filmstrip into a container.

True, consoles are easier for many, especially those happy with vanilla AAA games. But on consoles, it's a lot harder to install and use enthusiast-maintained mods that fix a game's user interface annoyances. And consoles tend to get smaller-budget games later than PC if at all.

I assume any sufficiently nerd household has multiple computing devices

I wouldn't be so sure that most users of Live Bookmarks live in a sufficiently nerd household. In a lot of cases, "multiple computing devices" are likely to be devices that go to sleep when not in use, such as smartphones and laptops. Or does "nerd" mean owner of a Raspberry Pi single-board computer or a router specifically purchased for DD-WRT compatibility?

and an ISP that only gives you one public IP address so you have to run a boundary router/NAT box. So I run TT-RSS in an LXC container on that router.

Provided you can even choose to install a container on a router. I imagine that most households lease a modem-router combination device from a home ISP, and I don't see how these are user-flashable. Even those who own their own modem and router probably bought consumer-grade gear, which isn't marked on the box for compatibility with DD-WRT or other user-installed software, at a chain similar to Office Depot or Best Buy.

And you don’t need a domain name in order to run a server

If you don't have a domain name, you don't qualify for a TLS certificate from a publicly trusted certificate authority. If you don't have a TLS certificate, you can't run HTTPS and are instead restricted to cleartext HTTP. If you run a cleartext HTTP server on anything but localhost, the browser will wall it off from certain JavaScript features.

but if you want that, free-of-charge dynamic DNS providers are a thing.

Provided the dynamic DNS provider 1. is on the Public Suffix List and 2. supports TXT records. Otherwise, use of Let's Encrypt to obtain a certificate for the server on your LAN is not feasible.

If you don't disable JavaScript, sites will use a setInterval to load each frame of the video as a JPEG and display it, as in this demo.

Honestly given the choice between breaking nearly every webpage on the internet without manual intervention, and having a soundless animation display I'll pick the latter any day of the week.

I just tried your suggestion in Firefox ESR 52 on Debian 9, with media.autoplay.enabled changed to false. Though the preference successfully blocked VP8, VP9, and AVC video from autoplaying, several methods of presenting video managed to sneak past it: GIF, JPEG sequence, PNG sequence, JPEG filmstrip, and PNG filmstrip.

I just tried your suggestion in Firefox ESR 52 on Debian 9, with media.autoplay.enabled changed to false. Though the preference successfully blocked VP8, VP9, and AVC video from autoplaying, several methods of presenting video managed to sneak past it: GIF, JPEG sequence, PNG sequence, JPEG filmstrip, and PNG filmstrip.

I just tried your suggestion in Firefox ESR 52 on Debian 9, with media.autoplay.enabled changed to false. Though the preference successfully blocked VP8, VP9, and AVC video from autoplaying, several methods of presenting video managed to sneak past it: GIF, JPEG sequence, PNG sequence, JPEG filmstrip, and PNG filmstrip.

I just tried your suggestion in Firefox ESR 52 on Debian 9, with media.autoplay.enabled changed to false. Though the preference successfully blocked VP8, VP9, and AVC video from autoplaying, several methods of presenting video managed to sneak past it: GIF, JPEG sequence, PNG sequence, JPEG filmstrip, and PNG filmstrip.

I just tried your suggestion in Firefox ESR 52 on Debian 9, with media.autoplay.enabled changed to false. Though the preference successfully blocked VP8, VP9, and AVC video from autoplaying, several methods of presenting video managed to sneak past it: GIF, JPEG sequence, PNG sequence, JPEG filmstrip, and PNG filmstrip.

And no, disabling javascript is no longer an option.

If you don't disable JavaScript, sites will use a setInterval to load each frame of the video as a JPEG and display it, as in this demo.

Browsers allow a muted VP8, VP9, or AVC file to autoplay because allowing it takes less Internet bandwidth than falling back to animated GIF, a sequence of discrete JPEG files, or a JPEG filmstrip animated with CSS sprites.

If you plan to build an extension to block all autoplay, here are some test cases. Good luck getting them all.

Browsers allow a muted VP8, VP9, or AVC file to autoplay because allowing it takes less Internet bandwidth than falling back to animated GIF, a sequence of discrete JPEG files, or a JPEG filmstrip animated with CSS sprites.

If you plan to build an extension to block all autoplay, here are some test cases. Good luck getting them all.

There's little to no difference between python and php that isn't purely syntactical.

And there are places where syntax makes all the difference, such as list comprehensions (and the generator expressions that power them).

all the criticisms against php are equally valid against python.

I've found a few, which I'll quote here for convenience:

• Number-like comparison of strings can never be fully turned off. For example, both '10' <= '1e1' and '10' >= '1e1'. One can use strcmp in one's own code and pass sort_flags to sorting functions that support them, but some functions still use the built-in operators < and > that don't even impose a total order. Likewise, switch uses the built-in == comparison operator whose semantics are byzantine.
• Parse errors and undefined function errors are fatal in PHP 5. (Or do CentOS and RHEL have PHP 7 packages yet?)
• Inconsistent conventions for function naming and argument order in the standard library.
• Associativity for the ternary ?: operator is the less useful side.
• PHP allows the server operator to change program semantics in ways that are annoying to work around, especially for shared hosting subscribers without access to the server-wide configuration. At various times, these have included "magic quotes" that spray backslashes all over the request variables, not following HTTP redirects in the CURL library,[1] and restricting the size of files uploaded by a site's users to outdated limits such as 2 megabytes by default.
• PHP versions change the semantics of existing programs in ways that encourage shared hosting providers to continue to offer only outdated versions of PHP, making it impossible for web application developers to take advantage of new features. Compare Python, which puts added functions in one namespace per module and conditions new incompatible syntax features on presence of from __future__ statements.
• The developers of PHP rejected keyword arguments.

[1] From March 2005 through September 2013, cURL could not follow redirects with open_basedir enabled because of a heavy-handed security fix.

If you’d like to specify the language which you think is more suitable than PHP for projects where PHP is often a sensible choice, I’ll be more than happy to come back and offer some specific examples of its failings

I get the impression from eevee's notorious "fractal of bad design" rant that she'd prefer Python. I've been trying to keep my own page about the issue more nuanced, distilling the problems that "fractal" mentions into a set of coding standards, inspired by the work of Douglas Crockford, and another set of failures that coding standards alone cannot prevent.

So where does, say, Python fail in comparison to PHP? (Other than ability to collaborate over channels that are broken in that they mangle leading whitespace.)

Attempting to swing it back on topic: One might blocklist hostnames that serve unwanted scripts as a means of recovering the 10-13 percent of RAM that Chrome's Site Isolation is using.

At the same time doing in Cygwin bash what his app is purporting to be doing hardly takes more than 5 minutes.

Would there be merit in building the blocklist builder tool that I sketched in this article?

And on top of that, if you are doing [DNS blocklisting] per machine, you are doing it wrong.

The operator of a LAN could apply changes to devices on the LAN by configuring its DHCP server to point DNS at a local Pi-hole instance. But when you're out in public using your laptop on public Wi-Fi, you need a local blocklist if you're not running all of your laptop's DNS traffic through your Pi-hole at home.

Not this idiot again!!!

Somewhat recent rambling (2016)...
          https://forums.somethingawful....

A little further back (2015)...
          https://pineight.com/mw/index....

A bit more (2013)...
          https://pineight.com/mw/index....
          https://yro.slashdot.org/comme... (oh look he's been here before. And still AC!)

Wow this guy has been an Anonymous Coward for a fair while now. You'd think with something so great as APK Hosts File Engine 2.0++ they'd be posting using an actual URL and not putting blanks into it and using a real name or business details. I question the pudding he's eating ;)

It reminds me of a really good bit of humor...

"In the beginning was the Plan.
And then came the Assumptions.
And the Assumptions were without form.
And darkness was upon the face of the Workers.
And they spoke among themselves, saying, "It is a crock of shit, and it stinketh."
And the workers went unto their Supervisors and said, "It is a pail of dung, and none may abide the odour thereof."
And the Supervisors went unto their Managers, saying, "It is a container of excrement, and it is very strong, such that none may abide by it."
And the Managers went unto their Directors, saying, "It is a vessel of fertiliser, and none may abide its strength."
And the Directors spoke amongst themselves, saying one to another, "It contains that which aids plant growth, and it is very strong."
And the Directors then went onto the Vice Presidents, saying unto them, "It promotes growth and is very powerful."
And the Vice Presidents went unto the President, saying unto him, "This new plan will actively promote the growth and vigour of the company; with powerful effects."
And the President looked upon the Plan, and saw that it was good.
And the Plan became Policy.
This is How Shit Happens."
          quoted from https://funnyshit.com.au/the_p...

Not this idiot again!!!

Somewhat recent rambling (2016)...
          https://forums.somethingawful....

A little further back (2015)...
          https://pineight.com/mw/index....

A bit more (2013)...
          https://pineight.com/mw/index....
          https://yro.slashdot.org/comme... (oh look he's been here before. And still AC!)

Wow this guy has been an Anonymous Coward for a fair while now. You'd think with something so great as APK Hosts File Engine 2.0++ they'd be posting using an actual URL and not putting blanks into it and using a real name or business details. I question the pudding he's eating ;)

It reminds me of a really good bit of humor...

"In the beginning was the Plan.
And then came the Assumptions.
And the Assumptions were without form.
And darkness was upon the face of the Workers.
And they spoke among themselves, saying, "It is a crock of shit, and it stinketh."
And the workers went unto their Supervisors and said, "It is a pail of dung, and none may abide the odour thereof."
And the Supervisors went unto their Managers, saying, "It is a container of excrement, and it is very strong, such that none may abide by it."
And the Managers went unto their Directors, saying, "It is a vessel of fertiliser, and none may abide its strength."
And the Directors spoke amongst themselves, saying one to another, "It contains that which aids plant growth, and it is very strong."
And the Directors then went onto the Vice Presidents, saying unto them, "It promotes growth and is very powerful."
And the Vice Presidents went unto the President, saying unto him, "This new plan will actively promote the growth and vigour of the company; with powerful effects."
And the President looked upon the Plan, and saw that it was good.
And the Plan became Policy.
This is How Shit Happens."
          quoted from https://funnyshit.com.au/the_p...

There are some general classes of software that the free software community has historically failed to provide. Three big ones among these are original high-production-value video games, players for rented motion pictures, and income tax return preparation. (I've described why these tend to be non-free in another article.) In order to provide these to end users, a repository needs to support packages that are not released under a free software license but instead paywalled. This in turn requires the repository's operator to make some friction-free provision for payment processing.

Zero dollars will get you a fully qualified domain from a DynDNS type of service.

If on your first attempt you hit the weekly rate limit for subdomains under a particular dynamic DNS provider, how practical is it to retry at random intervals for upwards of two days, as another Anonymous Coward suggested?

1. Why do you want your printer to show up in Google search results?

The summary mentions not only Search but also Chrome.

2. Do you really want your printer accessible directly over the Internet?

No, but web browsers' enforcement of Secure Contexts policy currently makes no distinction between machines on the LAN and machines on the Internet.

In a well-engineered system, [obtaining a FQDN through a DDNS service] would be excusable.

No it wouldn't. Not without asking consent first.

"If you do not consent, return this product to the seller per the seller's return policy."

Security for a device like HDHomeRun is rather pointless. Nobody is asking for HTTPS certificates.

Several JavaScript APIs are available only to HTTPS scheme or localhost (127/8, not 192.168/16) per the Secure Contexts specification. Among JavaScript APIs related to video recording or streaming, the Presentation API is already restricted to secure contexts, and browser makers plan to restrict the Fullscreen API similarly to deter phishing attacks that involve spoofing the window manager and browser.

To send encrypted all it needs is a TLS stack and a root certificate. It doesn't need an FQDN or any such bullshit.

Obtaining the certificate needs an FQDN. The CAB Forum's Baseline Requirements forbid issuing in private TLDs, such as .local used by mDNS. Otherwise, you'll have to run your own CA, issue a certificate to the device, and install your CA's root certificate into the web browser on every device from which you plan to view. Some popular mobile browsers don't make that very convenient.

If you're going to name via dependencies then why would you only list one of the dependencies in its name rather than all of them?

It's a matter of correlation. If a system has the dependency that forms part of a platform's name, then it's far more likely than not that the system has, or that its administrator can practically install, common dependencies of other applications for the same platform. By this measure, perhaps GNU is most central to server applications and programming tools designed for Linux, and X Window System to desktop GUI apps. Hence the names "GNU/Linux" and "X11/Linux" to contrast with "Android/Linux".

And what constitutes a GNU/Linux system?

Free Software Foundation acknowledges use of Linux apart from the GNU OS while intentionally declining to give a precise definition. This has led David Johnson to write an article titled "By Any Other Name" making the reduction to absurdity argument you may have been anticipating, largely by replacing GNU with an adaptation of the FreeBSD userland. But my personal definition, based on correlation with installable dependencies, is GNU Coreutils plus two other major components of GNU, such as Bash, GCC, glibc, and Emacs. This means that Cygwin, MinGW with MSYS, and Microsoft WSL are GNU/Windows, and a full installation of DJGPP is GNU/MS-DOS or GNU/FreeDOS.

And further to your question does an application written for the GNU C runtime not run on bionic for example or do you need to include that as part of your naming convention?

Some applications are specialized to run on glibc, the implementation of the C language and POSIX standard library included with GNU. Others will run on any reasonable implementation of the C library that provides varying level of support for POSIX, such as Bionic. But many applications built for Bionic have a more central dependency they can cite, namely the Android userspace.

If you can't tell if it's video or not, you also wouldn't be able to play it

JavaScript code downloads a file, runs an algorithm on its bytes, and updates the pixel content of a <canvas> element. Is that video? How would a browser be able to tell?

JavaScript code downloads a bunch of JPEG or PNG images and displays them in sequence on an <img> element. Is that video? How would a browser be able to tell?

An element has a JPEG background image whose position within its container is advanced by steps using a CSS animation. Is that video? How would a browser be able to tell?

In Firefox ESR 52, currently the default in Debian 9 "Stretch", this galloping horse got past media.autoplay.enabled = false. Does current Firefox add CSS animation blocking?

Let us know you when you *actually* block autoplay and when you can do it more like 80+% of the time, like I can do in Firefox right now with the "Disable HTML5 Autoplay" addon.

Does your autoplay blocker also block motion JPEG implemented in pure CSS?