What I wonder is why edge hasn't. I mean common, its initial release was in an age where chrome was the most popular browser, and chrome does run its pdf reader in a sandbox (afaik).
js+html+canvas API is a perfect way to encode vector animations, with similar compression ratios (assuming transport compression) as flash. For legacy content, there is shumway. But right now the task is to get flash out of mainstream websites, which still rely on it for some reason or another.
They'll still allow it. Until google decides to drop flash support, nothing will really happen. Really, they should simply say that flash will be removed on Jan 01 2018, and then every site will abandon flash. Or even better: lower the score in google search results if a site uses flash and has no js fallback. That's the biggest power google has, it works wonders.
something like LLVM bitcode that can be compiled and run at near-native speeds instead of the crappy 2-10x slower JS
First, there is asm.js, which is a subset of js that runs in almost every browser, which can be easily compiled into assembly. It has been the alternate proposal to PNaCl by mozilla, and has won against the google idea. Its basically the same as PNaCl performance wise, the sole difference is that PNaCl is bytecode while asm.js is in textual representation (and a valid subset of js, so it works even in browsers without direct support for asm.js).
Of course, the textual representation takes up more space than the bytecode, and even though gzip transport compression (which is usually deployed for http connections) gives a similar end product as pnacl, it takes a little overhead computation wise to decompress and in the end its a redundant step. Therefore, the browser vendors (including microsoft, which in fact really liked asm.js, it used it in its office 356 products) are now working on a native binary successor to PNaCl and asm.js which will get a proper standard. Its called web assembly.
In my eyes, its only of the few players that has a straightforward and well designed UI. Kubuntu ships with amarok per default, but I don't like it mostly because of its UI. Similar for windows media player (at least the versions of it I know, from the days I was still using windows).
not outside of android and chromebooks at least. And neither of those two are good to do/real/ work. Linux users have to chose between windows and mac hardware to install their distro on, and usually they chose the windows hardware.
I know that nothing perfectly ties a particular vote with a particular person, but the government has the time of day that you showed up and also knows when certain votes are entered into the system. If the terminals are electronic, even better. So, while they may not have a perfect correlation, they have a pretty good guess.
One of the reasons I am against electric voting terminals:)
A thermostat is probably a bad example, but take e.g. an oven that may be able to cause a fire or a car that may kill you on the road. Also, larger deployments will be more inclined to pay, e.g. for a company a $5000 ransom may be cheaper than having to replace all 200 thermostats in its various rooms.
With this system it would be trivial for the government to deanonymize the vote. What should e.g. a government employed worker do, vote for his boss, knowing that he knows whom to vote for, or vote for someone else, whom he'd much more prefer to see.
Also, there is this problem with endpoint security... Computers today are very very insecure. The only really secure computers these days are perhaps chromebooks.
Probably the higher-ups who decided that redundancy is not required are long gone and doing something different now. They could show off how nicely they could cut so many costs to their bosses and probably got a big bonus for the two quarters they were employed before going to the next job.
Even IF one of your data centers has a power outage (which should not happen as you should have backup generators and batteries that give power until the generators are spun up), you should always have at least ONE other backup data center to take over if something really fails for you.
Even if online banking was secure (which it isn't), the difference still is that online banking TRACKS each of your activities, and that if it it indeed was hacked (e.g. you clicked a wrong link and installed malware), you will find out soon enough. But with voting, the situation is terribly different.
First, its done in secret, noone knows what you voted, even if you told everyone what you will vote, in the booth noone can look over your shoulder. Banking is the exact opposite, the bank knows each of your transactions.
Second, if someone used malware to change the outcome of a vote, there is no way to know it for certain.
I'd say let's keep our fingers off digitizing this part of how we live together.
Maybe some parts of the system should be changed (e.g. letting the people vote directly for the president), but the paper trail is IMO the best and most secure way to do it.
I love technology, but we haven't figured out how to make computers safe (we really haven't), and with votes there is too much at stake.
Its much easier to fake or deanonymize an online vote (undetected) than to do the same with a paper trail based vote.
Voting is one of the areas where I beliveve no computer technology should be used. Computers should be devices that serve us, not devices we use to chose our leaders with.
CRT is outdated technology and there is residual radiation. It requires heavy glass and you can't build larger screens with it.
I fully agree that there shouldn't be such a sideloading API for monitors and that the monitors should be as dumbed down as possible, but I don't think that CRT is the answer. The task the firmware of a monitor executes should be so simple that it can be done right and without security bugs, can't it.
Slowly, oh so slowly, our industry has woken up to the wisdom of starting a design with security and then only adding features when we must, and when they can be shown to be secure.
Forget it. They will continue to add features, just require everything to be signed by the vendor. It won't affect the NSA, as it simply can send security letters to the vendors to give them the signing keys, they will live on happily, but it will make the security researchers shut up because it can't be used by the "smaller" criminals from russia or nigeria or wherever anymore.
Considering what money is wasted on pointless things like the iraq war ($1.1 trillion), this is just peanuts (the LHC had a budget of $9bn). Or take the rio olympics, with a budget of $9.7 billion.
What scientific fields do deserve funding more than physics in your eyes?
Slashdot Mirror
Ah sorry, thanks for the clarification.
Dunno about chrome, but in firefox you can disable and enable many parts of html5.
What I wonder is why edge hasn't. I mean common, its initial release was in an age where chrome was the most popular browser, and chrome does run its pdf reader in a sandbox (afaik).
HTML5 wasn't ready back then. It now is, at least sort of. You can do everything with HTML5 AFAIK maybe except super custom DRM or stuff.
but only technology of the kind that I can compile myself, or at least I know I could because the source is available.
js+html+canvas API is a perfect way to encode vector animations, with similar compression ratios (assuming transport compression) as flash. For legacy content, there is shumway. But right now the task is to get flash out of mainstream websites, which still rely on it for some reason or another.
They'll still allow it. Until google decides to drop flash support, nothing will really happen. Really, they should simply say that flash will be removed on Jan 01 2018, and then every site will abandon flash. Or even better: lower the score in google search results if a site uses flash and has no js fallback. That's the biggest power google has, it works wonders.
something like LLVM bitcode that can be compiled and run at near-native speeds instead of the crappy 2-10x slower JS
First, there is asm.js, which is a subset of js that runs in almost every browser, which can be easily compiled into assembly. It has been the alternate proposal to PNaCl by mozilla, and has won against the google idea. Its basically the same as PNaCl performance wise, the sole difference is that PNaCl is bytecode while asm.js is in textual representation (and a valid subset of js, so it works even in browsers without direct support for asm.js).
Of course, the textual representation takes up more space than the bytecode, and even though gzip transport compression (which is usually deployed for http connections) gives a similar end product as pnacl, it takes a little overhead computation wise to decompress and in the end its a redundant step. Therefore, the browser vendors (including microsoft, which in fact really liked asm.js, it used it in its office 356 products) are now working on a native binary successor to PNaCl and asm.js which will get a proper standard. Its called web assembly.
Agreed. The TRUMP wall may be a neat idea in the eyes of some people, but it won't really stop the drugs.
Probably when they've got developers working on it again :)
In my eyes, its only of the few players that has a straightforward and well designed UI. Kubuntu ships with amarok per default, but I don't like it mostly because of its UI. Similar for windows media player (at least the versions of it I know, from the days I was still using windows).
not outside of android and chromebooks at least. And neither of those two are good to do /real/ work. Linux users have to chose between windows and mac hardware to install their distro on, and usually they chose the windows hardware.
They didn't want to accidentially install the free Ask! toolbar.
I know that nothing perfectly ties a particular vote with a particular person, but the government has the time of day that you showed up and also knows when certain votes are entered into the system. If the terminals are electronic, even better. So, while they may not have a perfect correlation, they have a pretty good guess.
One of the reasons I am against electric voting terminals :)
A thermostat is probably a bad example, but take e.g. an oven that may be able to cause a fire or a car that may kill you on the road. Also, larger deployments will be more inclined to pay, e.g. for a company a $5000 ransom may be cheaper than having to replace all 200 thermostats in its various rooms.
With this system it would be trivial for the government to deanonymize the vote. What should e.g. a government employed worker do, vote for his boss, knowing that he knows whom to vote for, or vote for someone else, whom he'd much more prefer to see.
Also, there is this problem with endpoint security... Computers today are very very insecure. The only really secure computers these days are perhaps chromebooks.
Probably the higher-ups who decided that redundancy is not required are long gone and doing something different now. They could show off how nicely they could cut so many costs to their bosses and probably got a big bonus for the two quarters they were employed before going to the next job.
Even IF one of your data centers has a power outage (which should not happen as you should have backup generators and batteries that give power until the generators are spun up), you should always have at least ONE other backup data center to take over if something really fails for you.
Even if online banking was secure (which it isn't), the difference still is that online banking TRACKS each of your activities, and that if it it indeed was hacked (e.g. you clicked a wrong link and installed malware), you will find out soon enough. But with voting, the situation is terribly different.
First, its done in secret, noone knows what you voted, even if you told everyone what you will vote, in the booth noone can look over your shoulder. Banking is the exact opposite, the bank knows each of your transactions.
Second, if someone used malware to change the outcome of a vote, there is no way to know it for certain.
I'd say let's keep our fingers off digitizing this part of how we live together.
Maybe some parts of the system should be changed (e.g. letting the people vote directly for the president), but the paper trail is IMO the best and most secure way to do it.
I love technology, but we haven't figured out how to make computers safe (we really haven't), and with votes there is too much at stake.
Its much easier to fake or deanonymize an online vote (undetected) than to do the same with a paper trail based vote.
Voting is one of the areas where I beliveve no computer technology should be used. Computers should be devices that serve us, not devices we use to chose our leaders with.
I wonder, do those sites include ga.js? Probably they do.
CRT is outdated technology and there is residual radiation. It requires heavy glass and you can't build larger screens with it.
I fully agree that there shouldn't be such a sideloading API for monitors and that the monitors should be as dumbed down as possible, but I don't think that CRT is the answer. The task the firmware of a monitor executes should be so simple that it can be done right and without security bugs, can't it.
Slowly, oh so slowly, our industry has woken up to the wisdom of starting a design with security and then only adding features when we must, and when they can be shown to be secure.
Forget it. They will continue to add features, just require everything to be signed by the vendor. It won't affect the NSA, as it simply can send security letters to the vendors to give them the signing keys, they will live on happily, but it will make the security researchers shut up because it can't be used by the "smaller" criminals from russia or nigeria or wherever anymore.
Two links that are ten times more informative:
http://boingboing.net/2016/08/...
https://www.defcon.org/html/de...
Considering what money is wasted on pointless things like the iraq war ($1.1 trillion), this is just peanuts (the LHC had a budget of $9bn). Or take the rio olympics, with a budget of $9.7 billion.
What scientific fields do deserve funding more than physics in your eyes?