Just recently it was reported that China will start censoring videos on certain video platforms, taking down content that criticizes the government or depicts LGBT people. http://www.independent.co.uk/n...
People were saying it wasn't a huge deal because citizens "mostly use VPNs anyway" to access foreign videos, but this kinda throws a wrench in that plan.
My biggest gripe with AMP is that it breaks same-page-searching. If you have a specific phrase you're searching for on a very long article, it just doesn't work well because all the search results still seem to be rendered underneath the article, and same-page searching seems to go through each of those first, and sometimes still can't find text after that on the AMP page. When I'm looking something up on mobile, I often just want to find a something quick, not read an entire article.
You can easily side load a lot of stuff yourself using the free personal developer accounts. The apps expire after 30 days though so you have to keep re-adding it every month. I've got a couple apps on my phone that apple would never approve on the store, no jailbreaking.
Thank you for being the one to say something; you're a good person. The other comments here are unbelievable. It's sickening that we live in an age where an entire country of people can quickly turn on a person for something they did in their private life and ridicule them until they feel that death is the only escape. And perhaps the worst part is that so many people don't seem to recognize the bigger picture of it happening.
Xbox One and even 360 are pretty great streaming devices too. Nice thing about consoles is that they have regular automatic updates and you know they're going to support the software for years to come (though they might start winding down 360 in a couple years). Downside is that it's much less hackable than the alternatives. Xbox One does has that developer mode that might let you side-load apps, but I haven't heard anyone really using that yet.
Anyone getting rid of 3.5mm jacks seems like a stupid idea, Apple or whoever. The mobile phone is my primary audio media device these days, and that means being able to plug in stereo speakers or headphones, not low quality bluetooth or some proprietary trash.
Right now any headphone maker in the world can make any headphones they want for the standard jack. Not so with the Lightning port.
That's supposed to be an argument for this change? I don't care if it's a good move for Apple, it's a bad move for me. My iPhone spends ~10 hours every day with something plugged into the 3.5mm jack between my car's auxiliary cable and my nice headphones at work. A new iPhone is already over $600, now I'm expected to get bluetooth installed in my car and toss my $200 headphones, or constantly carry an adapter cable, or buy 3 adapter cables to keep at home, work, and in my car? That's insane.
I was able to try out the mentioned demo late last year, and it was cute, but it's note exactly something you would want to spend more than ~10 minutes messing around with. So to say new Portal "content" is coming might be a little misleading.
I have a feeling that people are going to be very disappointed with the software available at launch for the Vive. It's mostly short tech demos that are worth seeing once, but certainly not worth $800 + a high-end computer upgrade. Still looking forward to the future of this stuff though. It has the potential to be huge.
If you want to make software that uses cryptography available worldwide, you're already incentivized to develop it in a foreign country and import it to the US. There's no restriction on using foreign cryptography in the US, but there are legal hurdles you have to jump if you want to export cryptography from the US.
OpenSSL themselves mentions exporting as an alternative to costly legal counsel: "The only other safe course of action would be to pay non-U.S. citizens to develop the cryptographic software overseas and import it into the U.S., as imports are not restricted. Foreigners who benefit financially from this situation refer to the U.S. “export jobs, not crypto” policy." https://www.openssl.org/docs/f... (page 145)
A step to making this secure is to generate private keys on the end-clients, verify the code to generate them does not also create an escrow key, and be vigilant from then on to only allow access to that private key with audited code.
But there's a usability problem with this: people suck at not losing things.
Lost your private key and need to check your email? You're out of luck. This is the sign of a good, secure system, but the average office person will at some point lose their key and be very pissed off that their account is impossibly unrecoverable.
So to appease the "careless," they backup/generate keys on a server. This has the unfortunate (or fortunate for them?) side effect of allowing undetectable key escrow. So they might be doing this to solve a legitimate usability problem, it just enables these other, probably bigger, problems.
Note that the chrome rich notification center is different from the standardized Web Notifications API https://developer.mozilla.org/...
This story kind of freaked me out at first because I thought it was referring to that Web Notifications API, which I rely on heavily for web based chat and email apps.
It's too bad the Push API is such a mess to implement. It feels like an afterthought to make it available as an API, like Google wanted push notifications for their own sites and thought, "eh what the hell, expose this narrow-use-case API to web developers too."
I've seen Amazon bikes in Seattle already, though it was a bike with a big branded box and two tires in the rear, and the person riding it didn't seem all that experienced. Might've just been a test type thing.
VR is the new sexy thing. Who wouldn't want to contribute the big chunk of VR code to firefox that potential millions of people will be using? The problem is that Firefox has over 40,000 other small, unsexy bugs, including some that are almost 15 years old. There's no corporate management who can say "this stuff is embarrassing, hey you, you gotta fix this before we can even consider a big new feature."
It's not a bad thing necessarily, just different priorities that can potentially result in bloated software. Hopefully "the next big sexy thing" will be streamlining Firefox to make it more efficient, and focus will be directed toward that.
The difference is that with EME the server wouldn't have to have access to the video; you wouldn't have to trust it because the video is encrypted before the server sees it. There's still other issues making it hard to adopt, like key exchange, but it's a step in the right direction for more convenient end-to-end encryption.
There are some positive aspects to the Encrypted Media Extensions API. It does provide some DRM options for companies like Netflix, which isn't great, but it can also enhance the security of personal media files. It will enable a web app to let you upload an encrypted video, then stream it from their server to your computer without having to download the entire thing and decrypt it -- without any browser plugin.
So if you really don't want anyone being able to see your personal videos (not just Netflix's videos), this thing isn't all bad.
I wouldn't be too worried. I looked into this for a web app for chat notifications, and the API is kind of a disaster IMO. From what I saw, it's very opinionated on how the data is acquired and passed on through a ServiceWorker to a notification, to the point that applications would likely have to be built from the ground-up with it mind.
Partway through writing a small browser extension last year, and realizing how much access they have to everything you look at, I stopped using all but a couple trusted browser extensions. Seriously, it was like 15 lines of code to take a screenshot of whatever page you're looking at and send it to a server every 2 seconds with no indication that anything is happening.
Granted, you have to accept a permissions dialog, but most extensions ask for way too many permissions. That cloud-to-butt extension? It already has all the permissions it needs to send the text on every page to a database somewhere, and unless you carefully audit the source of every extension you install (obviously google isn't), you'd never notice, you're just trusting some extension author.
To give more info on Amazon Web Services: They recently added domain name registration. It's very barebones, but also really easy to configure. So if all you want is the domain name, you know what you're doing, and all your servers are setup somewhere, you can point the records at them very easily. But if you also want email forwarding or something else or convenient bundled features, you might want another service.
Yeah, I was surprised there was no mention of the huge privacy implications this has. But hey, maybe this'll reduce the number of IDs and RFID cards you have to carry around since it'll be so easy to identify and track you when you're just walking around.
Slashdot Mirror
Just recently it was reported that China will start censoring videos on certain video platforms, taking down content that criticizes the government or depicts LGBT people. http://www.independent.co.uk/n...
People were saying it wasn't a huge deal because citizens "mostly use VPNs anyway" to access foreign videos, but this kinda throws a wrench in that plan.
My biggest gripe with AMP is that it breaks same-page-searching. If you have a specific phrase you're searching for on a very long article, it just doesn't work well because all the search results still seem to be rendered underneath the article, and same-page searching seems to go through each of those first, and sometimes still can't find text after that on the AMP page. When I'm looking something up on mobile, I often just want to find a something quick, not read an entire article.
Someone should start a kickstarter to buy and release the browsing history of every US Senator who voted for this.
Insomniac is a privately owned company. I'm not sure about Polytron, but given Phil Fish's history, it's likely privately owned as well.
You can easily side load a lot of stuff yourself using the free personal developer accounts. The apps expire after 30 days though so you have to keep re-adding it every month. I've got a couple apps on my phone that apple would never approve on the store, no jailbreaking.
Yes, of course I would be sickened. The capability of mobs to destroy people's lives now, regardless of the person, is disturbing.
Thank you for being the one to say something; you're a good person. The other comments here are unbelievable. It's sickening that we live in an age where an entire country of people can quickly turn on a person for something they did in their private life and ridicule them until they feel that death is the only escape. And perhaps the worst part is that so many people don't seem to recognize the bigger picture of it happening.
Xbox One and even 360 are pretty great streaming devices too. Nice thing about consoles is that they have regular automatic updates and you know they're going to support the software for years to come (though they might start winding down 360 in a couple years). Downside is that it's much less hackable than the alternatives. Xbox One does has that developer mode that might let you side-load apps, but I haven't heard anyone really using that yet.
Anyone getting rid of 3.5mm jacks seems like a stupid idea, Apple or whoever. The mobile phone is my primary audio media device these days, and that means being able to plug in stereo speakers or headphones, not low quality bluetooth or some proprietary trash.
Right now any headphone maker in the world can make any headphones they want for the standard jack. Not so with the Lightning port.
That's supposed to be an argument for this change? I don't care if it's a good move for Apple, it's a bad move for me. My iPhone spends ~10 hours every day with something plugged into the 3.5mm jack between my car's auxiliary cable and my nice headphones at work. A new iPhone is already over $600, now I'm expected to get bluetooth installed in my car and toss my $200 headphones, or constantly carry an adapter cable, or buy 3 adapter cables to keep at home, work, and in my car? That's insane.
I was able to try out the mentioned demo late last year, and it was cute, but it's note exactly something you would want to spend more than ~10 minutes messing around with. So to say new Portal "content" is coming might be a little misleading.
I have a feeling that people are going to be very disappointed with the software available at launch for the Vive. It's mostly short tech demos that are worth seeing once, but certainly not worth $800 + a high-end computer upgrade. Still looking forward to the future of this stuff though. It has the potential to be huge.
If you want to make software that uses cryptography available worldwide, you're already incentivized to develop it in a foreign country and import it to the US. There's no restriction on using foreign cryptography in the US, but there are legal hurdles you have to jump if you want to export cryptography from the US.
OpenSSL themselves mentions exporting as an alternative to costly legal counsel:
"The only other safe course of action would be to pay non-U.S. citizens to develop the cryptographic software overseas and import it into the U.S., as imports are not restricted. Foreigners who benefit financially from this situation refer to the U.S. “export jobs, not crypto” policy." https://www.openssl.org/docs/f... (page 145)
A step to making this secure is to generate private keys on the end-clients, verify the code to generate them does not also create an escrow key, and be vigilant from then on to only allow access to that private key with audited code.
But there's a usability problem with this: people suck at not losing things.
Lost your private key and need to check your email? You're out of luck. This is the sign of a good, secure system, but the average office person will at some point lose their key and be very pissed off that their account is impossibly unrecoverable.
So to appease the "careless," they backup/generate keys on a server. This has the unfortunate (or fortunate for them?) side effect of allowing undetectable key escrow. So they might be doing this to solve a legitimate usability problem, it just enables these other, probably bigger, problems.
See this table for support: http://caniuse.com/#feat=getra...
It's great that they're finally improving Math.random(), but node.js should've had crypto.getRandomValues() from the start.
Note that the chrome rich notification center is different from the standardized Web Notifications API https://developer.mozilla.org/...
This story kind of freaked me out at first because I thought it was referring to that Web Notifications API, which I rely on heavily for web based chat and email apps.
It's too bad the Push API is such a mess to implement. It feels like an afterthought to make it available as an API, like Google wanted push notifications for their own sites and thought, "eh what the hell, expose this narrow-use-case API to web developers too."
I've seen Amazon bikes in Seattle already, though it was a bike with a big branded box and two tires in the rear, and the person riding it didn't seem all that experienced. Might've just been a test type thing.
If you're writing a big, complicated testing framework, don't forget to write tests for the tests. I'm not even joking
VR is the new sexy thing. Who wouldn't want to contribute the big chunk of VR code to firefox that potential millions of people will be using? The problem is that Firefox has over 40,000 other small, unsexy bugs, including some that are almost 15 years old. There's no corporate management who can say "this stuff is embarrassing, hey you, you gotta fix this before we can even consider a big new feature."
It's not a bad thing necessarily, just different priorities that can potentially result in bloated software. Hopefully "the next big sexy thing" will be streamlining Firefox to make it more efficient, and focus will be directed toward that.
The difference is that with EME the server wouldn't have to have access to the video; you wouldn't have to trust it because the video is encrypted before the server sees it. There's still other issues making it hard to adopt, like key exchange, but it's a step in the right direction for more convenient end-to-end encryption.
There are some positive aspects to the Encrypted Media Extensions API. It does provide some DRM options for companies like Netflix, which isn't great, but it can also enhance the security of personal media files. It will enable a web app to let you upload an encrypted video, then stream it from their server to your computer without having to download the entire thing and decrypt it -- without any browser plugin.
So if you really don't want anyone being able to see your personal videos (not just Netflix's videos), this thing isn't all bad.
I wouldn't be too worried. I looked into this for a web app for chat notifications, and the API is kind of a disaster IMO. From what I saw, it's very opinionated on how the data is acquired and passed on through a ServiceWorker to a notification, to the point that applications would likely have to be built from the ground-up with it mind.
Partway through writing a small browser extension last year, and realizing how much access they have to everything you look at, I stopped using all but a couple trusted browser extensions. Seriously, it was like 15 lines of code to take a screenshot of whatever page you're looking at and send it to a server every 2 seconds with no indication that anything is happening.
Granted, you have to accept a permissions dialog, but most extensions ask for way too many permissions. That cloud-to-butt extension? It already has all the permissions it needs to send the text on every page to a database somewhere, and unless you carefully audit the source of every extension you install (obviously google isn't), you'd never notice, you're just trusting some extension author.
To give more info on Amazon Web Services: They recently added domain name registration. It's very barebones, but also really easy to configure. So if all you want is the domain name, you know what you're doing, and all your servers are setup somewhere, you can point the records at them very easily. But if you also want email forwarding or something else or convenient bundled features, you might want another service.
Yeah, I was surprised there was no mention of the huge privacy implications this has. But hey, maybe this'll reduce the number of IDs and RFID cards you have to carry around since it'll be so easy to identify and track you when you're just walking around.