Put the smartphone against your ear: the screen shuts down
I think the claim is that proximity ought to disable the screen and touch screen at the level of the operating system, not that of the browser. The dialer (be it built-in or Skype for Web) would always request that the operating system display the number pad. And then based on proximity, the operating system would choose whether or not to display what the dialer has requested and whether or not to pass on touch events to the dialer. If the dialer absolutely needs to determine whether the number pad is displayed, I guess it could listen for visibilitychange events or determine whether requestAnimationFrame() called its callback in the past second.
So, your solution is to let everyone run javascript, in case someone you trust need to? All the while letting places you shouldn't trust run scripts because that's the default?
No. I was commenting on Anonymous Coward #56247539's proposed policy of whitelisting script site and asking how a site would go about expressing to the user that it is worthy of opting in. To this, Anonymous Coward #56247827 replied:
I see absolutely no reason why we should be trusting web sites to run scripts at all. [...] Who gives a fuck?
Correct me if I'm wrong, but this implied to me that no site ought to be trusted. If this is the case, and if there is no generic "application player" for all major operating systems that is not a web browser, then this means applications are specific to an operating system, which is an outcome that I find undesirable.
You wrote:
Why should I by default trust that any random website?
You shouldn't, unless the site has done something to make it trustworthy. So let me restate my question: In an environment where script is whitelisted, what ought a site hosting a web application to do to make it trustworthy?
Isn't that exactly what the noscript HTML tag is for?
No, because a user agent that supports script but fails to fetch a particular script will neither run the script nor show the contents of the <noscript> element. Last I heard, it was best practice to ignore the existence of the <noscript> tag, instead including the no-script content in the main document and having script slap a class onto the <html> element once the script actually loads, so that CSS code in the stylesheet hides the script.
But in any case: What contents should a web application put into its elements shown when the script does not run in order to demonstrate to the user that it is worthy of "opt in explicit consent"?
maybe showing a GIF promising all kinds of wonderful things the site can do for you..
What makes a reasonable user willing to trust the information presented in said GIF?
Under this policy, how would a web application that falls into "the small amount of use case that actually need scripting" demonstrate to the user that it is worthy of "opt in explicit consent"?
Who gives a fuck?
People who use operating systems other than the majority desktop operating system, for one. If most web browsers did not run script, developers of web applications would instead develop native applications, which are specific to a single operating system and instruction set architecture. What good is a Linux (x86-64) executable on a Linux (ARM) device? What good is a native executable for macOS on anything but a Mac? What good is even the source code for a Cocoa application on anything but a Mac?
At least with the web platform, one application can use a useful subset of the HTML5 standard to reach users across Windows desktop, Windows UWP, macOS, X11/Linux, iOS, and Android, without needing to recompile the application for multiple platforms and buy a separate software publisher certificate for each platform.
My first guess is that it was coded for the dialer of Firefox OS, a phone operating system in which all applications including the dialer are web applications. The dialer needs to make certain decisions based on proximity of the phone to the user's ear. Even outside Firefox OS, so does any voice chat application.
Say the user wants the ambient light to control not only the OS-controlled backlight brightness but also a website's color scheme, in particular light on dark vs. dark on light. With what markup should a website declare both color schemes to the browser in order to allow the browser to choose one based on the brightness level read from the operating system?
In a WebRTC voice and video chat application running in a web browser on a smartphone, proximity of the user's smartphone to the ear could be used to automatically switch between speakerphone mode (with half duplex, higher volume, and optional video) and non-speakerphone mode (with lower volume, full duplex, and no video).
So you would prefer a policy such that newly encountered domains default to script off. Under this policy, how would a web application that falls into "the small amount of use case that actually need scripting" demonstrate to the user that it is worthy of "opt in explicit consent"?
Let me try to reconcile these comments: hambone142 probably remembers buying cable TV in the 1970s when it had only the locals, public access, and "subscription services such as HBO", before there were "cable, but not subscription, channels such as CNN". Are cable TV operators still allowed to require subscribers to buy a package of "cable, but not subscription, channels such as CNN" before allowing them to buy "subscription services such as HBO"?
1. Install Firefox Quantum on any GNU/Linux distribution. 2. Start Firefox Quantum. 3. Open Slashdot and some other tab. 4. Log in to your account. 5. Browse to this comment. 6. Click "Reply to This" and compose a reply to this comment. 7. Attempt to press Ctrl+Tab to switch to the other tab in order to do research for your reply, but accidentally press Ctrl+Q instead, which invokes File > Quit. Watch Firefox Quantum close all tabs in all windows. 8. Restore your previous session and notice that Firefox Quantum failed to restore the contents of the "Comment:" text area. You have just lost data.
Previous versions of Firefox for GNU/Linux had extensions to prevent this data loss by unbinding Ctrl+Q. None of them work in Firefox Quantum for GNU/Linux.
such that scrolling to the top of the scrollback automatically requests past messages from the bouncer and integrates them into the scrollback?
Any why would you want this oddly specific and useless mechanism? Why does the scrollback have to be requested on demand?
Because people accustomed to Slack, Skype, or Discord demand the ability of a proposed replacement therefor to review and search chat history. It's likely that you have some model to review and search chat history in mind that you find superior to infinite scrolling; what is it?
An IRC client having a pastebin client? Why do I get the impression I'm talking to a Windows user here...
You're talking not to a user of Windows but instead to a user who collaborates with other team members who use Windows and tries to convince said team members to switch from Slack, Skype, or Discord to a combination of some IRC server and client, a bouncer, and a pastebin. They are accustomed to a user experience that integrates IRC, bouncer, and pastebin.
Apples and Oranges, IRC is not software, it's specification.
I am aware that IRC proper is a specification for client to IRC server communication. That's why I mentioned "Apache or NGINX", as both are examples of servers that follow the HTTP specification for web browser to web server communication. But what is the specification for client to bouncer communication for the actions of reviewing and searching chat history? And what is the specification for client to pastebin communication? Among SFTP, FTPS, and WebDAV over HTTPS, which is preferred?
Which IRC client integrates seamlessly with a bouncer, such that scrolling to the top of the scrollback automatically requests past messages from the bouncer and integrates them into the scrollback?
Client-side thing. DCC if you want.
Good luck reliably DCCing from one NAT to another, especially for users behind an ISP that applies carrier grade NAT to all home subscribers. And good luck DCCing when the user who sent the file is offline. To make that work, you'd end up having to integrate DCC into the bouncer, turning it into a pastebin. About that:
Pastebin otherwise.
Which IRC client for each of the five major operating systems (X11/Linux, Android, Windows, macOS, and iOS) has a decent pastebin client?
IMHO nothing that should be proper part of IRC.
In the same way that GNU, Apache or NGINX, MySQL or PostgreSQL, and PHP or Python aren't part of Linux proper, which is a kernel. Distributions combine them. So which distribution of IRC server, bouncer, and pastebin server is any good?
[A VM to run an IRC server, bouncer, and pastebin server] has to be at least this |-----------------| big.
How big is that in RAM megabytes and storage gigabytes?
Good luck even mail-ordering such a laptop [with a free operating system] in 11.6" size, as the well-known options are 13" (Dell XPS Developer Edition) or 14" (smallest System76 laptop).
If you want a decent laptop, you usually have to order it online, and from the business laptop section, where you have a pretty decent selection of models that either come preloaded with Linux or are well known to be Linux-friendly.
For one thing, how would I go about trying the screen and keyboard of a laptop I'm ordering online in order to avoid having to pay a substantial restocking fee should I dislike its feel? For another, who sells a laptop with a free operating system in a size smaller than 13 inches, in order to deter thieves by carrying it in a bag that isn't obviously a laptop bag? I currently use a ThinkPad X61, but its battery life isn't the best, and its 4:3 swivel screen is just a bit too tall.
I had an Eee PC 901 running Ubuntu. It gave up the magic smoke not because of cigarettes (our house is tobacco free) but because of a heat problem. But why did support for GNU/Linux on ASUS kit go so downhill between the 901 and the T100?
I have never nor have I witnessed anyone who has had a driver issue with linux.
Then you are fortunate not to have been handed an ASUS Transformer Book T100TA. As of 2018, many things are still broken, including suspend, screen backlight control, Bluetooth, and the internal camera. Audio and networking require proprietary firmware packages that Debian cannot include in the install image, and good luck downloading said packages without networking.
downloading the 4 fucking gigabytes itself over a metered connection
First get rid of all the old copies of bind and sendmail out there that are easily exploitable, then update all the web servers, then update all the OS's.
In context, that's not quite comparable. DNS, mail, and web servers tend to have a far higher monthly data transfer quota than PCs attached to a home network whose Internet uplink is satellite or terrestrial wireless (i.e. cellular).
Then run a Free and Open Source Software operating system.
Good luck finding a laptop warranted for compatibility with such an operating system in any major electronics or office supply chain. Good luck even mail-ordering such a laptop in 11.6" size, as the well-known options are 13" (Dell XPS Developer Edition) or 14" (smallest System76 laptop). What am I missing?
Discord offers similar features, and yet happily consumes barely any processor and memory.
Since when? Discord's downloadable client is an Electron application, and last time I tried it (on Debian), its three Chromium processes combined took 365 MB. Skype's downloadable client for Linux also uses Electron and also takes hundreds of megabytes of RAM.
Slashdot Mirror
Put the smartphone against your ear: the screen shuts down
I think the claim is that proximity ought to disable the screen and touch screen at the level of the operating system, not that of the browser. The dialer (be it built-in or Skype for Web) would always request that the operating system display the number pad. And then based on proximity, the operating system would choose whether or not to display what the dialer has requested and whether or not to pass on touch events to the dialer. If the dialer absolutely needs to determine whether the number pad is displayed, I guess it could listen for visibilitychange events or determine whether requestAnimationFrame() called its callback in the past second.
So, your solution is to let everyone run javascript, in case someone you trust need to? All the while letting places you shouldn't trust run scripts because that's the default?
No. I was commenting on Anonymous Coward #56247539's proposed policy of whitelisting script site and asking how a site would go about expressing to the user that it is worthy of opting in. To this, Anonymous Coward #56247827 replied:
Correct me if I'm wrong, but this implied to me that no site ought to be trusted. If this is the case, and if there is no generic "application player" for all major operating systems that is not a web browser, then this means applications are specific to an operating system, which is an outcome that I find undesirable.
You wrote:
Why should I by default trust that any random website?
You shouldn't, unless the site has done something to make it trustworthy. So let me restate my question: In an environment where script is whitelisted, what ought a site hosting a web application to do to make it trustworthy?
Isn't that exactly what the noscript HTML tag is for?
No, because a user agent that supports script but fails to fetch a particular script will neither run the script nor show the contents of the <noscript> element. Last I heard, it was best practice to ignore the existence of the <noscript> tag, instead including the no-script content in the main document and having script slap a class onto the <html> element once the script actually loads, so that CSS code in the stylesheet hides the script.
But in any case: What contents should a web application put into its elements shown when the script does not run in order to demonstrate to the user that it is worthy of "opt in explicit consent"?
maybe showing a GIF promising all kinds of wonderful things the site can do for you..
What makes a reasonable user willing to trust the information presented in said GIF?
Under this policy, how would a web application that falls into "the small amount of use case that actually need scripting" demonstrate to the user that it is worthy of "opt in explicit consent"?
Who gives a fuck?
People who use operating systems other than the majority desktop operating system, for one. If most web browsers did not run script, developers of web applications would instead develop native applications, which are specific to a single operating system and instruction set architecture. What good is a Linux (x86-64) executable on a Linux (ARM) device? What good is a native executable for macOS on anything but a Mac? What good is even the source code for a Cocoa application on anything but a Mac?
At least with the web platform, one application can use a useful subset of the HTML5 standard to reach users across Windows desktop, Windows UWP, macOS, X11/Linux, iOS, and Android, without needing to recompile the application for multiple platforms and buy a separate software publisher certificate for each platform.
My first guess is that it was coded for the dialer of Firefox OS, a phone operating system in which all applications including the dialer are web applications. The dialer needs to make certain decisions based on proximity of the phone to the user's ear. Even outside Firefox OS, so does any voice chat application.
Say the user wants the ambient light to control not only the OS-controlled backlight brightness but also a website's color scheme, in particular light on dark vs. dark on light. With what markup should a website declare both color schemes to the browser in order to allow the browser to choose one based on the brightness level read from the operating system?
In a WebRTC voice and video chat application running in a web browser on a smartphone, proximity of the user's smartphone to the ear could be used to automatically switch between speakerphone mode (with half duplex, higher volume, and optional video) and non-speakerphone mode (with lower volume, full duplex, and no video).
So you would prefer a policy such that newly encountered domains default to script off. Under this policy, how would a web application that falls into "the small amount of use case that actually need scripting" demonstrate to the user that it is worthy of "opt in explicit consent"?
Then hambone142 remembers when there were fewer or no content providers who chose to dictate such terms to cable operators.
that specific example [of unwanted Ctrl+Q presses] seems like a reason to petition the developers to add this as an option
From the petition in question: "NEW bug which will not be worked on by staff"
Let me try to reconcile these comments: hambone142 probably remembers buying cable TV in the 1970s when it had only the locals, public access, and "subscription services such as HBO", before there were "cable, but not subscription, channels such as CNN". Are cable TV operators still allowed to require subscribers to buy a package of "cable, but not subscription, channels such as CNN" before allowing them to buy "subscription services such as HBO"?
Try this test:
1. Install Firefox Quantum on any GNU/Linux distribution.
2. Start Firefox Quantum.
3. Open Slashdot and some other tab.
4. Log in to your account.
5. Browse to this comment.
6. Click "Reply to This" and compose a reply to this comment.
7. Attempt to press Ctrl+Tab to switch to the other tab in order to do research for your reply, but accidentally press Ctrl+Q instead, which invokes File > Quit. Watch Firefox Quantum close all tabs in all windows.
8. Restore your previous session and notice that Firefox Quantum failed to restore the contents of the "Comment:" text area. You have just lost data.
Previous versions of Firefox for GNU/Linux had extensions to prevent this data loss by unbinding Ctrl+Q. None of them work in Firefox Quantum for GNU/Linux.
which extensions?
One such extension installed on my copy of Firefox ESR 52 is Keybinder. It cannot be ported because XUL keysets have gone away, and the feature request for adding a WebExtensions counterpart to XUL keysets shows no meaningful activity.
I've got some potentially life-changing news for you: you don't need to use your registrar's bundled DNS.
Apart from Cloudflare, with which "other free options out there" for name hosting do readers have experience?
such that scrolling to the top of the scrollback automatically requests past messages from the bouncer and integrates them into the scrollback?
Any why would you want this oddly specific and useless mechanism? Why does the scrollback have to be requested on demand?
Because people accustomed to Slack, Skype, or Discord demand the ability of a proposed replacement therefor to review and search chat history. It's likely that you have some model to review and search chat history in mind that you find superior to infinite scrolling; what is it?
An IRC client having a pastebin client? Why do I get the impression I'm talking to a Windows user here...
You're talking not to a user of Windows but instead to a user who collaborates with other team members who use Windows and tries to convince said team members to switch from Slack, Skype, or Discord to a combination of some IRC server and client, a bouncer, and a pastebin. They are accustomed to a user experience that integrates IRC, bouncer, and pastebin.
Apples and Oranges, IRC is not software, it's specification.
I am aware that IRC proper is a specification for client to IRC server communication. That's why I mentioned "Apache or NGINX", as both are examples of servers that follow the HTTP specification for web browser to web server communication. But what is the specification for client to bouncer communication for the actions of reviewing and searching chat history? And what is the specification for client to pastebin communication? Among SFTP, FTPS, and WebDAV over HTTPS, which is preferred?
How would I go about repairing, for example, the rechargeable lithium ion battery pack in such a netbook?
Most bouncers like ZNC.
Which IRC client integrates seamlessly with a bouncer, such that scrolling to the top of the scrollback automatically requests past messages from the bouncer and integrates them into the scrollback?
Client-side thing. DCC if you want.
Good luck reliably DCCing from one NAT to another, especially for users behind an ISP that applies carrier grade NAT to all home subscribers. And good luck DCCing when the user who sent the file is offline. To make that work, you'd end up having to integrate DCC into the bouncer, turning it into a pastebin. About that:
Pastebin otherwise.
Which IRC client for each of the five major operating systems (X11/Linux, Android, Windows, macOS, and iOS) has a decent pastebin client?
IMHO nothing that should be proper part of IRC.
In the same way that GNU, Apache or NGINX, MySQL or PostgreSQL, and PHP or Python aren't part of Linux proper, which is a kernel. Distributions combine them. So which distribution of IRC server, bouncer, and pastebin server is any good?
[A VM to run an IRC server, bouncer, and pastebin server] has to be at least this |-----------------| big.
How big is that in RAM megabytes and storage gigabytes?
Good luck even mail-ordering such a laptop [with a free operating system] in 11.6" size, as the well-known options are 13" (Dell XPS Developer Edition) or 14" (smallest System76 laptop).
If you want a decent laptop, you usually have to order it online, and from the business laptop section, where you have a pretty decent selection of models that either come preloaded with Linux or are well known to be Linux-friendly.
For one thing, how would I go about trying the screen and keyboard of a laptop I'm ordering online in order to avoid having to pay a substantial restocking fee should I dislike its feel? For another, who sells a laptop with a free operating system in a size smaller than 13 inches, in order to deter thieves by carrying it in a bag that isn't obviously a laptop bag? I currently use a ThinkPad X61, but its battery life isn't the best, and its 4:3 swivel screen is just a bit too tall.
365 MB
Like he said, barely any RAM.
I disagree that 365 MB is "barely any RAM" when Dell.com is still selling new laptops with only 2 GB of RAM.
I had an Eee PC 901 running Ubuntu. It gave up the magic smoke not because of cigarettes (our house is tobacco free) but because of a heat problem. But why did support for GNU/Linux on ASUS kit go so downhill between the 901 and the T100?
I have never nor have I witnessed anyone who has had a driver issue with linux.
Then you are fortunate not to have been handed an ASUS Transformer Book T100TA. As of 2018, many things are still broken, including suspend, screen backlight control, Bluetooth, and the internal camera. Audio and networking require proprietary firmware packages that Debian cannot include in the install image, and good luck downloading said packages without networking.
downloading the 4 fucking gigabytes itself over a metered connection
First get rid of all the old copies of bind and sendmail out there that are easily exploitable, then update all the web servers, then update all the OS's.
In context, that's not quite comparable. DNS, mail, and web servers tend to have a far higher monthly data transfer quota than PCs attached to a home network whose Internet uplink is satellite or terrestrial wireless (i.e. cellular).
Then run a Free and Open Source Software operating system.
Good luck finding a laptop warranted for compatibility with such an operating system in any major electronics or office supply chain. Good luck even mail-ordering such a laptop in 11.6" size, as the well-known options are 13" (Dell XPS Developer Edition) or 14" (smallest System76 laptop). What am I missing?
Using Firefox ESR 52 works for about five more months, after which point the only supported Firefox ESR version (namely Firefox ESR 60) will support only WebExtensions. And unless Firefox ESR 60 includes a fix for [commands] Explicit support for overriding built-in keyboard shortcuts by WebExtensions (bug 1325692), there will be a lot of angry users.
Discord offers similar features, and yet happily consumes barely any processor and memory.
Since when? Discord's downloadable client is an Electron application, and last time I tried it (on Debian), its three Chromium processes combined took 365 MB. Skype's downloadable client for Linux also uses Electron and also takes hundreds of megabytes of RAM.