But no, Netflix had to use Silverlight, which I refuse to install, and now they're going to an even more limited IE11-only extension.
No they aren't, where did you get that idea from? They aren't moving to an IE11 only extension, the extensions are browser plugins and will be available for many different platforms.
We've been working with Google to implement support for the HTML5 Premium Video Extensions in the Chrome browser, and we've just started using this technology on the Samsung ARM-Based Chromebook. Our player on this Chromebook device uses the Media Source Extensions and Encrypted Media Extensions to adaptively stream protected content. WebCrypto hasn't been implemented in Chrome yet, so we're using a Netflix-developed PPAPI (Pepper Plugin API) plugin which provides these cryptographic operations for now. We will remove this last remaining browser plugin as soon as WebCrypto is available directly in the Chrome browser. At that point, we can begin testing our new HTML5 video player on Windows and OS X.
Artists profited from their work long before copyright. They sold original works (actual originals, not infinitely reproduced copies) and gave live performances.
And they can (and do) do that now, it's the choice of the artist what ideology they subscribe to and if you have an aversion to a particular ideology then support only those that share yours, which you are free to do.
I'm just curious because 'images' is one of the key elements in this story and works of art are so often used in products like games.
If they used GPL then I will have to assume that they meant for it to be used literally and that the "loopholes" are intentional, otherwise they should have used another license.
I'd like to see some real, hard facts to back up these assertions.
The real hard facts are that while devices that provide this control are easily available and have been for many many years they are still not the device of choice for most people.
The constant rhetoric from the "I'm the real geek" crowd on/. is that "most people" (grandma, sister, uncle Jim...) only care about looking at Facebook and YouTube and other than the occasional Word document, they can barely operate a computer. I think this meme is condescending and inaccurate.
I agree, but that's not contrary to my original statement.
That all depends on the flexibility the user wants, profiles that control this would be ideal, but that's diving into implementation details and I'm not implementing so I don't really care.
Is it immoral - in the GPL ideology - (or not in the 'spirit' of the GPL) to have non-free works of art (images, audio, video, etc...)? I mean I know the business model pushed by GPL advocates is around paying for support, improvements and documentation but such things don't really apply to works of art like that or even to software products like games.
I don't think it is, to people here absolutely, but the vast majority of people don't need or want that level of control. The choice has always been there though and continues to be there but adoption of those solutions has never taken off in the mainstream environment because users simply do not care.
Most people just need a thin client to access Facebook/Gmail/Amazon.com/Pintrest, Youtube and the 2-3 specialty sites, pay bills and let junior type up his book report.
That sounds more like what most people have in common rather than the only things most people need.
So what's your solution? No security at all? Of course the user is going to have to make decisions and yes 'cancel or allow' is the way in which users do this.
I don't see how not, if the sandbox is configured to give each application its own hostname whitelist.
Anythingcould be part of sandboxing if it is in a particular implementation, I already asked you what implementations had such a mechanism and you gave no example, in fact you just said you believed some firewalls could have whitelists. It really is simple english, it couldn't be clearer that the failing at comprehension is completely on your part. And even if there were a particular sandbox implementation did have such a mechanism what of it?
So what's the appropriate sandboxing model that keeps applications from seeing files that they're not supposed to see but also allows transclusion (as in HTML documents) to work?
One where the user is warned of such things and asked whether or not to proceed or you could turn if off, we've already been through this, why are you asking the same questions over again? So again, let's see how good you are at reading comprehension: what is your point? It's becoming more and more clear you have no point and are just interested in arguing for the sake of it.
See if you can successfully read and comprehend this post by actually answering all the questions in context.
As for networking, I was under the impression that a lot of personal firewalls could operate in whitelist mode.
That's nothing to do with application sandboxing.
The problem with this sort of mechanism comes when a document viewer tries to open other files whose relative paths are stored in a document. This includes, for example, images referenced through <img src="..."> or other documents linked to through <a href="..."> in an HTML document.
That's not a problem, that's security, that's exactly why such things are implemented in local application sandboxes as well.
But can you run any game you want, any emulator you want
But for that I have a PC which actually does a good job of it, the N64 emulators run like shit on Ouya and even old games like GTA 3 and 4 run like absolute crap on it. Sure it wasn't $99 but it's a lot more functional and I prefer to pay a little more to have a good experience than cheap out on a shit one. For most of the games on there they are just as good - if not better thanks to things like accelerometers and touchscreen (no a touchpad isn't the same thing) - on a tablet or phone, hopefully there will be some decent games where the Ouya will actually shine (and given the low price point it won't need much to justify).
I don't understand what home user is going to be willing to sit down spend time with each application to specify on which ports, using which protocols, to which hosts, each local application should be allowed to connect, or which files in which folders each application should be allowed to access.
You say you're familiar with sandboxing but what sandboxing implementation requires all that? Moreover I'm still not sure what your point is, is it that security is too convoluted for you so you just prefer no security?
JavaScript retrieves the RSS or Atom feed from multiple sites that support CORS, parses it, and displays it. This way nothing gets necessarily leaked to the operator of the server on which the reader is hosted, neither the content of the feeds nor the password needed to retrieve each feed. Nor can web servers hosting feeds block the IP address of the server on which the reader is hosted for alleged excessive use.
Then yes, if that's the way you want to implement it, or you trust that application enough to allow it to do whatever it needs, again like privilege escalation on for local applications.
Then I appear to have applied a definition of "local applications" with which you disagree
It's not that i disagree, it's that you added 'desktop platforms' which is not relevant. Sandboxed applications running locally on a user's machine, or are you unfamiliar with the concept of sandboxing?
Please explain what you mean by this catchphrase.
To even the most simple-minded person this is obvious, however if you really have that much difficulty with such a simple concept I'll spell it out for you: You've failed to comprehend what was written, you need to go back and try again.
Script tag injection with JSON or XML allows this sort of thing and does have legitimate uses, which is why the decision to allow this sort of behavior should be up to the user.
Could you explain [...] why you believe the security methodology should be any different to sandboxing of any other local applications?
If a web site has opted into CORS, it has opted into allowing other sites to include its (non-executable) resources into their sandboxes.
Firstly you didn't explain what your proposed solution is, which probably means you don't have one. Secondly that doesn't explain why the security methodology should be any different to sandboxing of local applications, try again.
A "Cancel or Allow" pop-up for each domain that each page accesses could get tiring for the user.
Only if the user is constantly visiting different sites with legitimate reasons to access executable code resources behind multiple domains, so unlikely. Also you could set trusted domains for particular resources that the browser could remember (again much like local security privileges). Could you explain what your solution is and why you believe the security methodology should be any different to sandboxing of any other local applications?
If a web application has a legitimate reason to access resources that are behind more than one domain, what's the non-poor way to design such a web application?
To ask the user to turn on the feature for this instance, just like when an application legitimately requires privilege escalation on an operating system.
If you already have an AMD system, why not run Orbis on it, getting access to the games written for the PS4?
Because Orbis and the PS4 games are written for a very specific hardware configuration, not just any AMD system. It's a lot easier to optimize and squeeze performance out of a system when you know how much RAM you have, how much cache you have, what your bus speeds are, what your latencies are, number of shader processors, number of CPU cores, etc... and write software specifically to that configuration.
They had TWO choices, okay? TWO. they could 1.- Raise the price of the PS3 to cost plus, which would have been around 980 dollars USD. 2.- Pull the OtherOS.
Wrong, they never had to pull OtherOS from existing consoles, stop being such a pathetic apologist.
No I think the idea that this is considered 'exploiting' it is idiotic, Sony made a bad choice but that doesn't mean consumers were doing anything wrong. The thing that really clinches it though is that they brought out the new version without OtherOS - that's fine, no problem with that and it mitigates the problems you highlighted to fix their mistake - however what doesn't fly is that they removed the OtherOS feature from existing consoles, they did not have to do that!
No but I know how long the battery will last with the mic always on.
The concern with the xbox is that they could turn it on whenever they want, which they could of course do with smartphones, tablets, laptops or whatever already.
Besides, the sound of my keys jingling in my pocket isn't that exciting.
I can't imagine the sound of gamers playing games is particularly exciting either.
But no, Netflix had to use Silverlight, which I refuse to install, and now they're going to an even more limited IE11-only extension.
No they aren't, where did you get that idea from? They aren't moving to an IE11 only extension, the extensions are browser plugins and will be available for many different platforms.
We've been working with Google to implement support for the HTML5 Premium Video Extensions in the Chrome browser, and we've just started using this technology on the Samsung ARM-Based Chromebook. Our player on this Chromebook device uses the Media Source Extensions and Encrypted Media Extensions to adaptively stream protected content. WebCrypto hasn't been implemented in Chrome yet, so we're using a Netflix-developed PPAPI (Pepper Plugin API) plugin which provides these cryptographic operations for now. We will remove this last remaining browser plugin as soon as WebCrypto is available directly in the Chrome browser. At that point, we can begin testing our new HTML5 video player on Windows and OS X.
http://techblog.netflix.com/2013/04/html5-video-at-netflix.html
Obviously the problem is trying to do this in a web browser. Why should we play video in a web browser?
Why not just do it like we do on Android an iOS? Make it an app.
Because this way to support any platform with a HTML5 browser you only need to build the DRM module for it rather than having to write an app.
Artists profited from their work long before copyright. They sold original works (actual originals, not infinitely reproduced copies) and gave live performances.
And they can (and do) do that now, it's the choice of the artist what ideology they subscribe to and if you have an aversion to a particular ideology then support only those that share yours, which you are free to do.
What makes you think that?
I'm just curious because 'images' is one of the key elements in this story and works of art are so often used in products like games.
If they used GPL then I will have to assume that they meant for it to be used literally and that the "loopholes" are intentional, otherwise they should have used another license.
I agree.
No, i'm not saying that at all.
I'd like to see some real, hard facts to back up these assertions.
The real hard facts are that while devices that provide this control are easily available and have been for many many years they are still not the device of choice for most people.
The constant rhetoric from the "I'm the real geek" crowd on /. is that "most people" (grandma, sister, uncle Jim...) only care about looking at Facebook and YouTube and other than the occasional Word document, they can barely operate a computer. I think this meme is condescending and inaccurate.
I agree, but that's not contrary to my original statement.
That all depends on the flexibility the user wants, profiles that control this would be ideal, but that's diving into implementation details and I'm not implementing so I don't really care.
Is it immoral - in the GPL ideology - (or not in the 'spirit' of the GPL) to have non-free works of art (images, audio, video, etc...)? I mean I know the business model pushed by GPL advocates is around paying for support, improvements and documentation but such things don't really apply to works of art like that or even to software products like games.
Giving control back to the user is key.
I don't think it is, to people here absolutely, but the vast majority of people don't need or want that level of control. The choice has always been there though and continues to be there but adoption of those solutions has never taken off in the mainstream environment because users simply do not care.
Most people just need a thin client to access Facebook/Gmail/Amazon.com/Pintrest, Youtube and the 2-3 specialty sites, pay bills and let junior type up his book report.
That sounds more like what most people have in common rather than the only things most people need.
So what's your solution? No security at all? Of course the user is going to have to make decisions and yes 'cancel or allow' is the way in which users do this.
I don't see how not, if the sandbox is configured to give each application its own hostname whitelist.
Anything could be part of sandboxing if it is in a particular implementation, I already asked you what implementations had such a mechanism and you gave no example, in fact you just said you believed some firewalls could have whitelists. It really is simple english, it couldn't be clearer that the failing at comprehension is completely on your part. And even if there were a particular sandbox implementation did have such a mechanism what of it?
So what's the appropriate sandboxing model that keeps applications from seeing files that they're not supposed to see but also allows transclusion (as in HTML documents) to work?
One where the user is warned of such things and asked whether or not to proceed or you could turn if off, we've already been through this, why are you asking the same questions over again? So again, let's see how good you are at reading comprehension: what is your point? It's becoming more and more clear you have no point and are just interested in arguing for the sake of it.
See if you can successfully read and comprehend this post by actually answering all the questions in context.
As for networking, I was under the impression that a lot of personal firewalls could operate in whitelist mode.
That's nothing to do with application sandboxing.
The problem with this sort of mechanism comes when a document viewer tries to open other files whose relative paths are stored in a document. This includes, for example, images referenced through <img src="..."> or other documents linked to through <a href="..."> in an HTML document.
That's not a problem, that's security, that's exactly why such things are implemented in local application sandboxes as well.
But can you run any game you want, any emulator you want
But for that I have a PC which actually does a good job of it, the N64 emulators run like shit on Ouya and even old games like GTA 3 and 4 run like absolute crap on it. Sure it wasn't $99 but it's a lot more functional and I prefer to pay a little more to have a good experience than cheap out on a shit one. For most of the games on there they are just as good - if not better thanks to things like accelerometers and touchscreen (no a touchpad isn't the same thing) - on a tablet or phone, hopefully there will be some decent games where the Ouya will actually shine (and given the low price point it won't need much to justify).
I don't understand what home user is going to be willing to sit down spend time with each application to specify on which ports, using which protocols, to which hosts, each local application should be allowed to connect, or which files in which folders each application should be allowed to access.
You say you're familiar with sandboxing but what sandboxing implementation requires all that? Moreover I'm still not sure what your point is, is it that security is too convoluted for you so you just prefer no security?
JavaScript retrieves the RSS or Atom feed from multiple sites that support CORS, parses it, and displays it. This way nothing gets necessarily leaked to the operator of the server on which the reader is hosted, neither the content of the feeds nor the password needed to retrieve each feed. Nor can web servers hosting feeds block the IP address of the server on which the reader is hosted for alleged excessive use.
Then yes, if that's the way you want to implement it, or you trust that application enough to allow it to do whatever it needs, again like privilege escalation on for local applications.
Then I appear to have applied a definition of "local applications" with which you disagree
It's not that i disagree, it's that you added 'desktop platforms' which is not relevant. Sandboxed applications running locally on a user's machine, or are you unfamiliar with the concept of sandboxing?
Please explain what you mean by this catchphrase.
To even the most simple-minded person this is obvious, however if you really have that much difficulty with such a simple concept I'll spell it out for you: You've failed to comprehend what was written, you need to go back and try again.
Should an RSS reader with 12 feeds present 12 alerts?
You'll have to be more specific about the implementation of the RSS reader.
The difference is that there is no "sandboxing of local applications" at all on the most popular desktop platforms.
I didn't say anything about desktop platforms, try again.
none of which are "executable".
Script tag injection with JSON or XML allows this sort of thing and does have legitimate uses, which is why the decision to allow this sort of behavior should be up to the user.
Could you explain [...] why you believe the security methodology should be any different to sandboxing of any other local applications?
If a web site has opted into CORS, it has opted into allowing other sites to include its (non-executable) resources into their sandboxes.
Firstly you didn't explain what your proposed solution is, which probably means you don't have one. Secondly that doesn't explain why the security methodology should be any different to sandboxing of local applications, try again.
A "Cancel or Allow" pop-up for each domain that each page accesses could get tiring for the user.
Only if the user is constantly visiting different sites with legitimate reasons to access executable code resources behind multiple domains, so unlikely. Also you could set trusted domains for particular resources that the browser could remember (again much like local security privileges). Could you explain what your solution is and why you believe the security methodology should be any different to sandboxing of any other local applications?
If a web application has a legitimate reason to access resources that are behind more than one domain, what's the non-poor way to design such a web application?
To ask the user to turn on the feature for this instance, just like when an application legitimately requires privilege escalation on an operating system.
If you already have an AMD system, why not run Orbis on it, getting access to the games written for the PS4?
Because Orbis and the PS4 games are written for a very specific hardware configuration, not just any AMD system. It's a lot easier to optimize and squeeze performance out of a system when you know how much RAM you have, how much cache you have, what your bus speeds are, what your latencies are, number of shader processors, number of CPU cores, etc... and write software specifically to that configuration.
They had TWO choices, okay? TWO. they could 1.- Raise the price of the PS3 to cost plus, which would have been around 980 dollars USD. 2.- Pull the OtherOS.
Wrong, they never had to pull OtherOS from existing consoles, stop being such a pathetic apologist.
No I think the idea that this is considered 'exploiting' it is idiotic, Sony made a bad choice but that doesn't mean consumers were doing anything wrong. The thing that really clinches it though is that they brought out the new version without OtherOS - that's fine, no problem with that and it mitigates the problems you highlighted to fix their mistake - however what doesn't fly is that they removed the OtherOS feature from existing consoles, they did not have to do that!
All OtherOS "proves" is that we can't have nice things because fucking douchebags will exploit the living hell out of it, that is all.
How did anybody 'exploit' it?
No but I know how long the battery will last with the mic always on.
The concern with the xbox is that they could turn it on whenever they want, which they could of course do with smartphones, tablets, laptops or whatever already.
Besides, the sound of my keys jingling in my pocket isn't that exciting.
I can't imagine the sound of gamers playing games is particularly exciting either.