The upshot of this is that users are going to become accustomed to ignore all such warnings and proceed to the site anyway. Rendering even legitimate warnings basically useless.
Given that all that is happening is websites which are insecure will be listed as such, this isn't a warning as much as it is actual information relevant to the session.
The only warning users may get is if they visit an insecure website that asks for login details. There's only so much you can do to defend a user from themselves, but the end goal here is not about the users as much as it is about the web masters.
Shut your mouth until you're fully-informed on the subject.
He is fully informed. You're talking about two different messages for two different reasons. Frankly any website that asks to fill in a password field without encryption deserves a full page warning. Which is exactly what you got for your protection.
The warning isn't fucking unobtrusive, that's the problem.
Of course it is. This change changed the title bar only.
If you're getting an intrusive warning it will be because the website you're accessing unencrypted is asking users to enter a password field unencrypted. You should inform the idiot who runs the website.
Google says you're welcome.
Too bad nerds like you quite often have shorter sight than your coke-bottle glasses lets on.
Take a chill pill man. Better still take some blood pressure medication. You'll blow an artery keeping this up.
for 90% of the stuff I browse on the web, I don't need https.
You may not. Consider yourself lucky to live in a place where you can see the things you see without being persecuted for it.
https should be saved for pages that actually need encryption
The only person who is able to decide if they need encryption or not is the person doing the browsing. They cannot arbitrarily decide this since HSTS was widely implemented and since there's no longer a practical downside to simply serving encrypted information to everyone that is the safe default option.
The entire concept of certificate "authorities" is already fundamentally broken by design. (Kinda obvious, given the "argument from authority" fallacy.)
I can not trust an organization that happens to host a website, but I'm supposed to trust an organization that happens to be a CA? Because the browser maker said so? Whose trustworthiness is not established either, by the way.
Yes and here's why: Browser makers don't work in a vacuum. Differences in certificate trust are easily checked on installed instances so you can see if one browser is acting nefariously vs the others. Along with that there are many very open browsers out there who very publicly discuss CAs (see Mozilla).
By extension those various browsers have power over the CA and they have demonstrated repeatedly to execute that power in order to hold the CAs to a reasonable standard. See Symantec, WoSign, or even state run CAs like CNNIC as examples of this system working in practice.
The result is trust through fear of retaliation, or rather as it typically goes, trust through fear of your entire business being given the death sentence. CAs have a lot to lose by breaching the trust of users and their actions in doing so are very easily traced thanks to the very public nature of their work.
You may not trust any random organisation, but you certainly have plenty of reasons to place more trust in a CA to ensure your channel is encrypted and the target organisation is who they say they are.... Assuming you're not on a corporate computer that is.
I think you're providing a nice counter example there. Symantec's actions as untrustworthy resulted in them directly losing their business. Same with some of the other vendors we had.
Ultimately exposure to users was limited, certificate revocations were issued, and the guilty parties punished. This is very much a system working as intended in order to maintain trust.
That's not to say you should blindly trust them, but given they actually have something to lose and standards which they need to uphold along with an auditable chain of trust, they get a hell of a lot more trust than random parties.
If you don't disable JavaScript, sites will use a setInterval to load each frame of the video as a JPEG and display it, as in this demo.
Honestly given the choice between breaking nearly every webpage on the internet without manual intervention, and having a soundless animation display I'll pick the latter any day of the week.
Finding one example in an entire ecosystem isn't a "big" anything. I hope your killer addon gets ported successfully, I really do, but to use that as an example that the majority of the ecosystem didn't bounce back doesn't make a lot of sense, especially given that by all accounts it wasn't a very popular plugin.
What about asking to accept every time a cookie is requested?
What do you mean back to the days? Europeans would love to know!
Jokes about the stupidity of EU legislation that forced the "we use cookies" popup on every site, there's no going forward or going back. Ther's only understanding the change in context of the world and why we did things the way we did.
1) Asking about cookies made sense back in a time when their use was rare. Now it makes more sense to block 3rd party cookies, and often erase them after the session completes. 2) Blocking images made sense when the internet was slow and we were being asked to punch the monkey. Now it actively breaks websites to do so. 3) Autoplaying videos made sense when the only site serving videos was youtube. Now I can't even frigging browse CNN without my computer speakers muted. I would turn it off, but see my response to 1.
To say it was unplayable would be more praise than the result deserved.
And on the flip side games sent through OnLive were very much playable, just the company failed to monetise the service properly and went under.
Incidentally what you're talking about is also a 10 year old game. And now that you just made me think of the internet connection I had 10 years ago I'm going to go curl up in the corner in the fetal position and cry.
Your logical fallacy is that of the ridiculous example.
Ridiculous examples are not a logical fallacy. Though by claiming my example is arbitrarily ridiculously you yourself have committed an ad hominem fallacy.
ICs actually improved things.
Indeed. And my phone is now better than it ever was, smaller, lighter, and more capable in every way.
This is the attitude that is dooming humanity.
This attitude leads to the development of pacemakers and other very small but completely unservicable medical electronics that actively save and improve lives for all. But I'm sure you'll agree that these get a free pass because you have some kind of go / no go rule for what you think personally is an improvement and therefore should be applied to everyone else.
We all bow before your greatness, and beg for your approval of our electronics your eminence.
What you're failing miserably to comprehend is that all the signal processing, image processing, manipulation of the data captured from the sensor is entirely fucking irrelevant.
You can do all of it the same way on data captured from any sensor. It's a constant.
You can do it anyway. However when you do it on resolutions that at lower resolutions you start to actively clobber parts of your data since these algorithms rely primarily on looking for differences in very small spaces. The only time what you say is right is: a) the lenses would be capable of producing relevant data at this level, which they are not because of the diffraction limit, and b) someone actually looks at data with the same physical dimensions which either implies he's not looking at the picture on the whole, or has just used a lot of digital zoom (another benefit we haven't discussed, primarily due to the lens issues).
I understand quite well enough.
I have a feeling you understand the concepts, but don't understand how it all fits together.
You're a megapixel count queen and think software and/or multiple exposures can compensate for shitty sensor size.
Nothing's further from the truth. I shoot with a relatively low resolution camera, and I don't think multiple exposures with pixel fuzzing solves anything. I know it, and use specialised image processing software to do it frequently. Come back when you actually have to do some science with your sensor including characterising and compensating for the various noise sources, rather than just playing your point and click adventure game.
I've demonstrated pretty comprehensively that it can not.
You haven't demonstrated anything. Actually well that's not fair. You have comprehensively demonstrated your ignorance and stubbornness about this topic, and also your ability to type words into a box and hit submit.
I shouldn't need special tools to work on devices which commonly need to be worked on, and if I do, they should be cheap little locking pins and the like.
80 years ago you could work on and build every piece of electronics at home. Did you use the same justification when they invented the IC? Your entitlement to repair ends when it inhibits development progress of general electronics. Cheap little locking pins? Screw that. Buy a plastic phone from China if that's what you want.
Wait, the old harddrive is at home? What kind of a solution is that? At the very least have it mailed to your destination. Otherwise why go to all the effort?
I like my photographs to work from a single exposure.
So do I. You're the one who started talking about galaxies. Something that precisely isn't imaged with a single exposure.
Oh look. The full frame sensor has discernably less noise than the APS-C sensor, despite both being 24MP.
Yep it did. You're not listing quantum efficiency, you're listing noise and seemingly ignoring half my post while you rave about hardware.
My camera can use sub-pixel shifts in the sensor too but that's still fuck all use with moving subjects
Ahhh exactly! Now we're talking the same language. So in order to get the same benefits as we discussed when you started talking about galaxies we can do something very simple: Record at a resolution higher than the diffraction limit of the optics.
Which is my entire fucking point. At any sensor generation, the larger sensor captures light much better.
Cool story. There's more to making a photo than the hardware on the sensor. And the total system quality needs to take into account what you do with image processing as well.
My year old camera still sucks at low-light photography compared to a new full frame DSLR.
Cool story, maybe when you spend $3000 for a phone you may be better off.
Look honestly there's no point continuing this discussion. As it is you've ignored or failed to understand anything I wrote then proceeded to complain when I started my post with the basis of your own example which ultimately forms the basis for the very image processing which benefits high resolution sensors in the first place.
Try to understand what I'm talking about and stop looking for examples that specifically exclude it to help make your point. Otherwise it just looks like you're arguing with yourself.
The vendor coming to your side of an air gap involves a laptop that has no other network connection.
Otherwise known as a security risk.
You misunderstand. I'm not saying don't air-gap. I'm saying don't "air-gap and be done with it". Your network architecture is a small part of overall security. Airgapping makes people incredibly complacent.
Did you try a bit too much in the lounge while you were in Amsterdam?;-)
Solid work ethic is right, I wouldn't call the Dutch necessarily well mannered, and I sure as hell wouldn't call Schipol well run. Have you ever been ushered through the employee entrance of an airport because they utterly failed to manage the security line during a holiday? They also managed to then tell customers to arrive at the airport 3 hours early but didn't tell the airlines, so there were customers who go to the airport super early, to a closed check-in desk, and then missed their flights due to the resulting security queue.
That said I believe the investment in new security was a direct result of the blunder last summer.
Funny you should mention Galaxies. But not so funny how you're comparing the two.
Photon counting vs producing a photograph and noise reducing the results are two very different statistical processes. The benefit of the galaxies is they don't move allowing us to reset the nose floor between identical exposures thus statistically eliminating the noise of the sensor as you go. Just doing a longer exposure doesn't help you much determine what is Galaxy and what is a photon hitting the sensor.
Then there's the actual noise reduction process and how it can be applied. NASA specifically created a technique for eliminating sensor noise by making sub-pixel shifts in the camera creating a resulting really large but blurry picture with many megapixels. Noise reduction algorithms then working on a pixel by pixel level do wonders determining the difference between blurry stars to eliminate sensor noise and the final picture is then downsampled back to the original resolution. I use the same technique when I image galaxies to great effect. The difference is I have the time to dedicate to making the noise profile finer than the image subject when I use my telescope. We don't have that luxury when hand-holding a camera.
The difference between large and small sensors all but disappeared a few generations back. In the earlier days sensor size was critical due to major problems with the ability to capture photons. Quantum efficiency of sensors was quite low, gaps between photosensitive areas were large and making a smaller pixel often meant a photon getting reflected or absorbed without recording. Microlensing, and reducing the supporting structure between photosensitive areas has done more for image SNR than pixels size ever did. To be clear bigger still is better, but that is purely hardware and first principles and ignores a whole lot of signal processing advancements that have been made.
The summary is as short sighted as a lot of Slashdot posters when it comes to the benefits of speed. Not only that it's actively ignoring the fact that many carriers now specifically degrade video anyway.
I have the iPhone X, and I stopped using the Ookla app months ago after I discovered that it was giving me incorrectly slow results. When I use the dslreports speed test, I consistently get the speeds I expect to see on any given wifi network; however, the Ookla app shows a much slower speed (consistently) on those same networks.
Ookla have put quite a bit of effort into preventing carriers from treating them specially. When doing speed tests across various programs it would be the *slowest* not the fastest that I would believe.
I can't speak for you or your observation but I gave up on dslreports after I was torrenting at 18MB/s ran dslreports and instantly got shown my theoretical max transfer rate while my torrents suddenly froze. A very clear indication that carriers are artifically prioritising dslreports. In the meantime Speedtest showed my torrents drop to around 10MB/s and then gave me a result a tad below half my actual connected speed.
The upshot of this is that users are going to become accustomed to ignore all such warnings and proceed to the site anyway. Rendering even legitimate warnings basically useless.
Given that all that is happening is websites which are insecure will be listed as such, this isn't a warning as much as it is actual information relevant to the session.
The only warning users may get is if they visit an insecure website that asks for login details. There's only so much you can do to defend a user from themselves, but the end goal here is not about the users as much as it is about the web masters.
Most web sites don't need https. Most web sites don't take payments, don't transmit user data, etc.
People in the world are very much persecuted for what they read. It's not for you to decide their risk of viewing content.
Shut your mouth until you're fully-informed on the subject.
He is fully informed. You're talking about two different messages for two different reasons. Frankly any website that asks to fill in a password field without encryption deserves a full page warning. Which is exactly what you got for your protection.
You're welcome mate.
The warning isn't fucking unobtrusive, that's the problem.
Of course it is. This change changed the title bar only.
If you're getting an intrusive warning it will be because the website you're accessing unencrypted is asking users to enter a password field unencrypted. You should inform the idiot who runs the website.
Google says you're welcome.
Too bad nerds like you quite often have shorter sight than your coke-bottle glasses lets on.
Take a chill pill man. Better still take some blood pressure medication. You'll blow an artery keeping this up.
Thanks, Google, for breaking the internet.
Interesting comment. Note that I was able to read it and you were able to post it so it would appear the internet is doing just fine.
for 90% of the stuff I browse on the web, I don't need https.
You may not. Consider yourself lucky to live in a place where you can see the things you see without being persecuted for it.
https should be saved for pages that actually need encryption
The only person who is able to decide if they need encryption or not is the person doing the browsing. They cannot arbitrarily decide this since HSTS was widely implemented and since there's no longer a practical downside to simply serving encrypted information to everyone that is the safe default option.
Do you not want any guarantees that your news is unaltered from the source?
Is it even relevant? Was it ever relevant? I meant wasn't it ever relevant?
Fuck Putin. I didn't say that. I said make love to Putin. Fake news!
The entire concept of certificate "authorities" is already fundamentally broken by design. (Kinda obvious, given the "argument from authority" fallacy.)
I can not trust an organization that happens to host a website, but I'm supposed to trust an organization that happens to be a CA? Because the browser maker said so? Whose trustworthiness is not established either, by the way.
Yes and here's why: Browser makers don't work in a vacuum. Differences in certificate trust are easily checked on installed instances so you can see if one browser is acting nefariously vs the others. Along with that there are many very open browsers out there who very publicly discuss CAs (see Mozilla).
By extension those various browsers have power over the CA and they have demonstrated repeatedly to execute that power in order to hold the CAs to a reasonable standard. See Symantec, WoSign, or even state run CAs like CNNIC as examples of this system working in practice.
The result is trust through fear of retaliation, or rather as it typically goes, trust through fear of your entire business being given the death sentence. CAs have a lot to lose by breaching the trust of users and their actions in doing so are very easily traced thanks to the very public nature of their work.
You may not trust any random organisation, but you certainly have plenty of reasons to place more trust in a CA to ensure your channel is encrypted and the target organisation is who they say they are. ... Assuming you're not on a corporate computer that is.
I think you're providing a nice counter example there. Symantec's actions as untrustworthy resulted in them directly losing their business. Same with some of the other vendors we had.
Ultimately exposure to users was limited, certificate revocations were issued, and the guilty parties punished. This is very much a system working as intended in order to maintain trust.
That's not to say you should blindly trust them, but given they actually have something to lose and standards which they need to uphold along with an auditable chain of trust, they get a hell of a lot more trust than random parties.
If you don't disable JavaScript, sites will use a setInterval to load each frame of the video as a JPEG and display it, as in this demo.
Honestly given the choice between breaking nearly every webpage on the internet without manual intervention, and having a soundless animation display I'll pick the latter any day of the week.
Finding one example in an entire ecosystem isn't a "big" anything. I hope your killer addon gets ported successfully, I really do, but to use that as an example that the majority of the ecosystem didn't bounce back doesn't make a lot of sense, especially given that by all accounts it wasn't a very popular plugin.
What about asking to accept every time a cookie is requested?
What do you mean back to the days? Europeans would love to know!
Jokes about the stupidity of EU legislation that forced the "we use cookies" popup on every site, there's no going forward or going back. Ther's only understanding the change in context of the world and why we did things the way we did.
1) Asking about cookies made sense back in a time when their use was rare. Now it makes more sense to block 3rd party cookies, and often erase them after the session completes.
2) Blocking images made sense when the internet was slow and we were being asked to punch the monkey. Now it actively breaks websites to do so.
3) Autoplaying videos made sense when the only site serving videos was youtube. Now I can't even frigging browse CNN without my computer speakers muted. I would turn it off, but see my response to 1.
Time is irrelevant, only context matters.
To say it was unplayable would be more praise than the result deserved.
And on the flip side games sent through OnLive were very much playable, just the company failed to monetise the service properly and went under.
Incidentally what you're talking about is also a 10 year old game. And now that you just made me think of the internet connection I had 10 years ago I'm going to go curl up in the corner in the fetal position and cry.
Your logical fallacy is that of the ridiculous example.
Ridiculous examples are not a logical fallacy. Though by claiming my example is arbitrarily ridiculously you yourself have committed an ad hominem fallacy.
ICs actually improved things.
Indeed. And my phone is now better than it ever was, smaller, lighter, and more capable in every way.
This is the attitude that is dooming humanity.
This attitude leads to the development of pacemakers and other very small but completely unservicable medical electronics that actively save and improve lives for all. But I'm sure you'll agree that these get a free pass because you have some kind of go / no go rule for what you think personally is an improvement and therefore should be applied to everyone else.
We all bow before your greatness, and beg for your approval of our electronics your eminence.
What you're failing miserably to comprehend is that all the signal processing, image processing, manipulation of the data captured from the sensor is entirely fucking irrelevant.
You can do all of it the same way on data captured from any sensor. It's a constant.
You can do it anyway. However when you do it on resolutions that at lower resolutions you start to actively clobber parts of your data since these algorithms rely primarily on looking for differences in very small spaces. The only time what you say is right is:
a) the lenses would be capable of producing relevant data at this level, which they are not because of the diffraction limit, and b) someone actually looks at data with the same physical dimensions which either implies he's not looking at the picture on the whole, or has just used a lot of digital zoom (another benefit we haven't discussed, primarily due to the lens issues).
I understand quite well enough.
I have a feeling you understand the concepts, but don't understand how it all fits together.
You're a megapixel count queen and think software and/or multiple exposures can compensate for shitty sensor size.
Nothing's further from the truth. I shoot with a relatively low resolution camera, and I don't think multiple exposures with pixel fuzzing solves anything. I know it, and use specialised image processing software to do it frequently. Come back when you actually have to do some science with your sensor including characterising and compensating for the various noise sources, rather than just playing your point and click adventure game.
I've demonstrated pretty comprehensively that it can not.
You haven't demonstrated anything. Actually well that's not fair. You have comprehensively demonstrated your ignorance and stubbornness about this topic, and also your ability to type words into a box and hit submit.
I shouldn't need special tools to work on devices which commonly need to be worked on, and if I do, they should be cheap little locking pins and the like.
80 years ago you could work on and build every piece of electronics at home. Did you use the same justification when they invented the IC? Your entitlement to repair ends when it inhibits development progress of general electronics. Cheap little locking pins? Screw that. Buy a plastic phone from China if that's what you want.
Wait, the old harddrive is at home? What kind of a solution is that? At the very least have it mailed to your destination. Otherwise why go to all the effort?
That's wrong on pretty much every level.
Wow. Just wow!
I like my photographs to work from a single exposure.
So do I. You're the one who started talking about galaxies. Something that precisely isn't imaged with a single exposure.
Oh look. The full frame sensor has discernably less noise than the APS-C sensor, despite both being 24MP.
Yep it did. You're not listing quantum efficiency, you're listing noise and seemingly ignoring half my post while you rave about hardware.
My camera can use sub-pixel shifts in the sensor too but that's still fuck all use with moving subjects
Ahhh exactly! Now we're talking the same language. So in order to get the same benefits as we discussed when you started talking about galaxies we can do something very simple: Record at a resolution higher than the diffraction limit of the optics.
Which is my entire fucking point. At any sensor generation, the larger sensor captures light much better.
Cool story. There's more to making a photo than the hardware on the sensor. And the total system quality needs to take into account what you do with image processing as well.
My year old camera still sucks at low-light photography compared to a new full frame DSLR.
Cool story, maybe when you spend $3000 for a phone you may be better off.
Look honestly there's no point continuing this discussion. As it is you've ignored or failed to understand anything I wrote then proceeded to complain when I started my post with the basis of your own example which ultimately forms the basis for the very image processing which benefits high resolution sensors in the first place.
Try to understand what I'm talking about and stop looking for examples that specifically exclude it to help make your point. Otherwise it just looks like you're arguing with yourself.
The vendor coming to your side of an air gap involves a laptop that has no other network connection.
Otherwise known as a security risk.
You misunderstand. I'm not saying don't air-gap. I'm saying don't "air-gap and be done with it". Your network architecture is a small part of overall security. Airgapping makes people incredibly complacent.
Sorry you are absolutely right. I confused them with MRI scanners and their giant magnets.
This is what I put my bag through last week: http://airportfocusinternation...
Did you try a bit too much in the lounge while you were in Amsterdam? ;-)
Solid work ethic is right, I wouldn't call the Dutch necessarily well mannered, and I sure as hell wouldn't call Schipol well run. Have you ever been ushered through the employee entrance of an airport because they utterly failed to manage the security line during a holiday? They also managed to then tell customers to arrive at the airport 3 hours early but didn't tell the airlines, so there were customers who go to the airport super early, to a closed check-in desk, and then missed their flights due to the resulting security queue.
That said I believe the investment in new security was a direct result of the blunder last summer.
Funny you should mention Galaxies. But not so funny how you're comparing the two.
Photon counting vs producing a photograph and noise reducing the results are two very different statistical processes. The benefit of the galaxies is they don't move allowing us to reset the nose floor between identical exposures thus statistically eliminating the noise of the sensor as you go. Just doing a longer exposure doesn't help you much determine what is Galaxy and what is a photon hitting the sensor.
Then there's the actual noise reduction process and how it can be applied. NASA specifically created a technique for eliminating sensor noise by making sub-pixel shifts in the camera creating a resulting really large but blurry picture with many megapixels. Noise reduction algorithms then working on a pixel by pixel level do wonders determining the difference between blurry stars to eliminate sensor noise and the final picture is then downsampled back to the original resolution. I use the same technique when I image galaxies to great effect. The difference is I have the time to dedicate to making the noise profile finer than the image subject when I use my telescope. We don't have that luxury when hand-holding a camera.
The difference between large and small sensors all but disappeared a few generations back. In the earlier days sensor size was critical due to major problems with the ability to capture photons. Quantum efficiency of sensors was quite low, gaps between photosensitive areas were large and making a smaller pixel often meant a photon getting reflected or absorbed without recording. Microlensing, and reducing the supporting structure between photosensitive areas has done more for image SNR than pixels size ever did. To be clear bigger still is better, but that is purely hardware and first principles and ignores a whole lot of signal processing advancements that have been made.
The summary is as short sighted as a lot of Slashdot posters when it comes to the benefits of speed. Not only that it's actively ignoring the fact that many carriers now specifically degrade video anyway.
The illusion of due process.
I have the iPhone X, and I stopped using the Ookla app months ago after I discovered that it was giving me incorrectly slow results. When I use the dslreports speed test, I consistently get the speeds I expect to see on any given wifi network; however, the Ookla app shows a much slower speed (consistently) on those same networks.
Ookla have put quite a bit of effort into preventing carriers from treating them specially. When doing speed tests across various programs it would be the *slowest* not the fastest that I would believe.
I can't speak for you or your observation but I gave up on dslreports after I was torrenting at 18MB/s ran dslreports and instantly got shown my theoretical max transfer rate while my torrents suddenly froze. A very clear indication that carriers are artifically prioritising dslreports. In the meantime Speedtest showed my torrents drop to around 10MB/s and then gave me a result a tad below half my actual connected speed.
YMMV. Bottom line, don't believe anything outright.