There's no reason for skimping on your web server anymore, encryption is easy and even crappy virutal machines can serve up HTTPS without issue.
One reason is that your web server is private, and you don't own a domain.
In order to set up HTTPS traffic to the owner of a home router, printer, or NAS, its owner would first have to acquire a domain and a certificate for said device. But as I understand it, most providers of dynamic DNS on a subdomain without charge still aren't in the Public Suffix List. And if the domain in which your subdomain is registered hasn't completed the process to be added to the Public Suffix List, and 20 other customers on the same subdomain have already obtained a certificate from Let's Encrypt in the past week, Let's Encrypt will refuse to issue you a certificate on rate limit grounds. This means that even if you do buy a router, printer, and NAS with Let's Encrypt integration, you'll need to buy a domain for your home LAN and continue to renew it.
The purpose is to ensure that the code executed by the user's browser is the code sent by the cat meme site, not something else intended to exploit browser vulnerabilities to hijack the user's computer.
The cat meme site doesn't need to run javascript.
Then let me restate the spirit of swillden's comment for the noscript case:
The purpose is to ensure that the HTML markup, CSS code, image data, audio data, and video data interpreted by the user's browser is the HTML markup, CSS code, image data, audio data, and video data sent by the cat meme site, not something else intended to exploit browser vulnerabilities to hijack the user's computer.
There's little reason why publicly available non-controversial information should be encrypted
For one thing, what you find non-controversial a third party may find controversial. For another, home ISPs such as Comcast can and do inject their own ads and other malware into cleartext HTTP connections.
Ever wonder why the advertised 12 hour battery life of your mobile device has dropped to 8 or 6 hours? This is why.
On which device, and with which websites, have you benchmarked a battery life difference of this magnitude between cleartext HTTP and HTTPS? Because otherwise, I'm more inclined to blame the growth in both lithium dendrites and ad display script complexity for reduced battery capacity.
How do you recommend going about crowdfunding several hundred billion U.S. dollars to acquire a controlling interest in the incumbent movie studios in order to force them to end their policy of price discrimination against rewatchers?
The Web was pretty useful before the onslaught of ads.
Before ads, the Web was accessed through dial-up. Would you prefer to go back to 0.05 Mbps?
And the ad driven content isn't worth watching. So I'm happy to pay. Why would an ad free web be so bad?
If you view one document on each of 25 sites in a month, such as documents linked from a web search result page, you'd end up having to pay $4 per site per month times 25 sites = $100 per month on top of what you already pay for Internet access.
Why does google get to decide and censor what JavaScript a website can run?
Google doesn't get to do so unless you use the Google Chrome browser or reach the website through Google Search. Both have replacements: Firefox and DuckDuckGo, or Edge/Safari and Bing.
ubuntu should build in a subsystem for windows apps. iow, the ability to transparently install and run any windows app.
sudo apt install wine and bug the maintainers of the Windows apps you use for Wine fixes, which shouldn't be any bigger than the fixes that were needed to port an app from Windows 98 to XP or from XP to 7.
With very rare exceptions most native development is in a virtual machine language or is in a language that is compile-able on multiple systems.
Just because a language is "compile-able" doesn't mean that the developer has a copy of a cross-development toolchain targeting a particular platform and a device of that platform on which to test it. For example, a developer without a Mac and an iPad isn't going to be porting his app to iPad, and a developer without a Windows license isn't going to be porting his app to Windows PCs. You might end up facing a screen like this:
GNU/Linux
Download.deb for Ubuntu (x86-64)
Android
Install on Google Play Store | Install on F-Droid | Download.apk
Source code
View repository on GitHub
Windows
Back our crowdfunding campaign
macOS
Back our crowdfunding campaign
iOS
Back our crowdfunding campaign
PlayStation 4
Back our crowdfunding campaign
Xbox One
Back our crowdfunding campaign
Nintendo Switch
Back our crowdfunding campaign
In theory, it'd be possible to choose an application distributed as free software, download the application's source code, cross-compile it for execution on your own device, troubleshoot and fix any inadvertent reliance on platform-specific behaviors of the library (be they implementation-defined, unspecified, or undefined), send a pull request to the application's maintainer, and respond to subsequent issues filed by users of your port to that platform. But in practice, what fraction of users are willing to become the port maintainer for a particular application on a particular platform just to use the application?
I'm not even sure the last time I saw a native app not crossplatform (iOS/Android or Mac/Windows).
Xcode is Mac exclusive, the game Tiny Wings is iOS exclusive, and Safari in which to test a web application's compatibility with Safari is exclusive to Mac and iOS. Or do you want a third-party, non-game example on each?
When I compose a paragraph such as this one, I don't necessarily enter the words in the order that I intend them to be read. I go back and forth, using Ctrl+left and Ctrl+right to move backward and forward in what I'm writing. I have found moving the insertion point with Android's touch screen input to be an exercise in frustration. I also find it frustrating with Android's touch screen input to select text to copy for an inline quotation and place the insertion point to paste them. Having the parts of an HTML or BBCode closing tag such as </em> or [/quote] spread across three different pages of the on-screen keyboard is also painful, as well as turning href into great or beef when I'm trying to enter an <a> element because autocorrect can't tell markup from prose.
Work emails sometimes involve longer responses and when I have to use a laptop I do.
You are correct that I had work email in mind, be it my day job or free software projects' mailing lists, not noreply@ things like purchase receipts.
Asian languages like Chinese, Japanese and Korean are far easier to input for some people using a finger as opposed to a keyboard system.
I can see your point for logographic languages like Chinese and Japanese. But Korean hangul is an alphabet, theoretically just as amenable to keyboard entry as the Latin letters in which English is written.
Most people wouldn't even notice the difference or the cost.
Not even when the device's battery runs out twice as fast as it used to? Or were you operating under the assumption that "Most people" use a desktop PC as opposed to a laptop, tablet, or smartphone?
Forum sites such as SoylentNews and Slashdot work without script. The user navigates or submits a form, and the site returns a document. Those web applications for which navigation and form submission are insufficient can be rewritten as a native application.
As I understand it, EME provides a controlled interface to a Content Decryption Module (CDM). A CDM can obfuscate only audio and video decoding and output, not any process whose output the script can directly monitor. If you have a proof of concept of Monero mining in a well-known CDM, such as Widevine, Primetime, or PlayReady, I'd like to see it.
So how will you deal with the frustration when you find that the majority of the top ten results from a particular web search query come from that site and others like it? It becomes tedious to add a dozen or more -site:domain.example terms to every single query. Google Search used to allow blacklisting a domain, but this feature has since been permanently discontinued. I found some promising browser extensions for users of Google Search on select desktop browsers:
Why would users be required to own multiple platforms? If someone actually needs to use an application that is exclusive to a platform, they should own that one.
Because the user needs to use one application exclusive to one platform and a second application exclusive to a different one.
By "native", I mean compiled for the platform it's being run on, rather than interpreted or pseudo-interpreted, such as with Javascript, etc.
In other words, developers ought to build apps in Qt/C++ to target all five major client platforms, correct?
building a computer has become extremely simple. [...] Building a computer nowadays is a matter of just plugging things together. If you can plug a cartridge into a game console, you can build a modern PC.
I haven't seen (in person) anyone who built his own laptop from a "barebook".
Nobody is talking about assembling a laptop, but I'm sure you thought you had a point.
My point is that a commentator who thinks everyone ought to build a PC instead of buying one needs to start remembering to toss "desktop" in the post in order to ensure readers that he or she didn't forget about those users who have a valid reason to use a laptop, such as use while riding public transit. I've actually found that the assumption that all PCs are desktops to be related to the assumption that all people drive cars.
Enjoy your inability to use apps that you find because they were developed as Mac apps and iOS apps instead of web apps.
Or if your primary computer is a Mac: Enjoy your inability to use apps that you find because they were developed as Windows apps and Android apps instead of web apps.
I tend avoid apps that are implemented in cross-platform frameworks for simple quality reasons. Native apps tend to be of higher quality (depending on the engineer who wrote them, of course). Cross-platform frameworks tend to be "least common denominator" kinds of things.
Is it better to require most computer users to purchase, maintain, and carry multiple brands of computer in order to run exclusive applications, each designed for a different brand of computer?
Which widget set is "native" on X11/Linux? Is it GTK+, Qt, or something else? Because both of those are ported to Windows, what makes them any more "native" on X11/Linux than on Windows?
There's no reason for skimping on your web server anymore, encryption is easy and even crappy virutal machines can serve up HTTPS without issue.
One reason is that your web server is private, and you don't own a domain.
In order to set up HTTPS traffic to the owner of a home router, printer, or NAS, its owner would first have to acquire a domain and a certificate for said device. But as I understand it, most providers of dynamic DNS on a subdomain without charge still aren't in the Public Suffix List. And if the domain in which your subdomain is registered hasn't completed the process to be added to the Public Suffix List, and 20 other customers on the same subdomain have already obtained a certificate from Let's Encrypt in the past week, Let's Encrypt will refuse to issue you a certificate on rate limit grounds. This means that even if you do buy a router, printer, and NAS with Let's Encrypt integration, you'll need to buy a domain for your home LAN and continue to renew it.
The purpose is to ensure that the code executed by the user's browser is the code sent by the cat meme site, not something else intended to exploit browser vulnerabilities to hijack the user's computer.
The cat meme site doesn't need to run javascript.
Then let me restate the spirit of swillden's comment for the noscript case:
The purpose is to ensure that the HTML markup, CSS code, image data, audio data, and video data interpreted by the user's browser is the HTML markup, CSS code, image data, audio data, and video data sent by the cat meme site, not something else intended to exploit browser vulnerabilities to hijack the user's computer.
Per the CA/Browser Forum Baseline Requirements, Let's Encrypt is forced to banish you for either of the following reasons:
There's little reason why publicly available non-controversial information should be encrypted
For one thing, what you find non-controversial a third party may find controversial. For another, home ISPs such as Comcast can and do inject their own ads and other malware into cleartext HTTP connections.
Ever wonder why the advertised 12 hour battery life of your mobile device has dropped to 8 or 6 hours? This is why.
On which device, and with which websites, have you benchmarked a battery life difference of this magnitude between cleartext HTTP and HTTPS? Because otherwise, I'm more inclined to blame the growth in both lithium dendrites and ad display script complexity for reduced battery capacity.
How do you recommend going about crowdfunding several hundred billion U.S. dollars to acquire a controlling interest in the incumbent movie studios in order to force them to end their policy of price discrimination against rewatchers?
The Web was pretty useful before the onslaught of ads.
Before ads, the Web was accessed through dial-up. Would you prefer to go back to 0.05 Mbps?
And the ad driven content isn't worth watching. So I'm happy to pay. Why would an ad free web be so bad?
If you view one document on each of 25 sites in a month, such as documents linked from a web search result page, you'd end up having to pay $4 per site per month times 25 sites = $100 per month on top of what you already pay for Internet access.
What they actually did was even scummier - they included the actual answers on the page if the referrer was Google.
That's called "cloaking", which Google generally forbids. But since October 1, Google has officially allowed this specific kind of cloaking under the name "flexible sampling", so long as the document contains a JSON-LD block to mark specific CSS class names as being paywalled.
Why does google get to decide and censor what JavaScript a website can run?
Google doesn't get to do so unless you use the Google Chrome browser or reach the website through Google Search. Both have replacements: Firefox and DuckDuckGo, or Edge/Safari and Bing.
User agent switching doesn't work anymore unless you come from a Google IP block.
Then we're back to the original AC's modal dialog: "Website forbidden. Please disable your adblock and reload the page."
ubuntu should build in a subsystem for windows apps. iow, the ability to transparently install and run any windows app.
sudo apt install wine and bug the maintainers of the Windows apps you use for Wine fixes, which shouldn't be any bigger than the fixes that were needed to port an app from Windows 98 to XP or from XP to 7.
With very rare exceptions most native development is in a virtual machine language or is in a language that is compile-able on multiple systems.
Just because a language is "compile-able" doesn't mean that the developer has a copy of a cross-development toolchain targeting a particular platform and a device of that platform on which to test it. For example, a developer without a Mac and an iPad isn't going to be porting his app to iPad, and a developer without a Windows license isn't going to be porting his app to Windows PCs. You might end up facing a screen like this:
GNU/Linux DownloadIn theory, it'd be possible to choose an application distributed as free software, download the application's source code, cross-compile it for execution on your own device, troubleshoot and fix any inadvertent reliance on platform-specific behaviors of the library (be they implementation-defined, unspecified, or undefined), send a pull request to the application's maintainer, and respond to subsequent issues filed by users of your port to that platform. But in practice, what fraction of users are willing to become the port maintainer for a particular application on a particular platform just to use the application?
I'm not even sure the last time I saw a native app not crossplatform (iOS/Android or Mac/Windows).
Xcode is Mac exclusive, the game Tiny Wings is iOS exclusive, and Safari in which to test a web application's compatibility with Safari is exclusive to Mac and iOS. Or do you want a third-party, non-game example on each?
What do you plan to do once "1-2 sites" where you get your news install cryptocurrency miners? Or your webmail sites?
for a paragraph or two, a phone is fine.
When I compose a paragraph such as this one, I don't necessarily enter the words in the order that I intend them to be read. I go back and forth, using Ctrl+left and Ctrl+right to move backward and forward in what I'm writing. I have found moving the insertion point with Android's touch screen input to be an exercise in frustration. I also find it frustrating with Android's touch screen input to select text to copy for an inline quotation and place the insertion point to paste them. Having the parts of an HTML or BBCode closing tag such as </em> or [/quote] spread across three different pages of the on-screen keyboard is also painful, as well as turning href into great or beef when I'm trying to enter an <a> element because autocorrect can't tell markup from prose.
Work emails sometimes involve longer responses and when I have to use a laptop I do.
You are correct that I had work email in mind, be it my day job or free software projects' mailing lists, not noreply@ things like purchase receipts.
Asian languages like Chinese, Japanese and Korean are far easier to input for some people using a finger as opposed to a keyboard system.
I can see your point for logographic languages like Chinese and Japanese. But Korean hangul is an alphabet, theoretically just as amenable to keyboard entry as the Latin letters in which English is written.
Most people wouldn't even notice the difference or the cost.
Not even when the device's battery runs out twice as fast as it used to? Or were you operating under the assumption that "Most people" use a desktop PC as opposed to a laptop, tablet, or smartphone?
[Without script,] many sites simply don't load right and you can't navigate and are filled with gibberish when you do that.
Then visit the many sites that do work without script instead of the many sites that don't work.
Forum sites such as SoylentNews and Slashdot work without script. The user navigates or submits a form, and the site returns a document. Those web applications for which navigation and form submission are insufficient can be rewritten as a native application.
As I understand it, EME provides a controlled interface to a Content Decryption Module (CDM). A CDM can obfuscate only audio and video decoding and output, not any process whose output the script can directly monitor. If you have a proof of concept of Monero mining in a well-known CDM, such as Widevine, Primetime, or PlayReady, I'd like to see it.
I'd never go back to that site.
So how will you deal with the frustration when you find that the majority of the top ten results from a particular web search query come from that site and others like it? It becomes tedious to add a dozen or more -site:domain.example terms to every single query. Google Search used to allow blacklisting a domain, but this feature has since been permanently discontinued. I found some promising browser extensions for users of Google Search on select desktop browsers:
Google Chrome for desktop Personal Blocklist Firefox 56 or later Personal Blocklist (not by Google) Firefox 52 ESR or Firefox 56 Hide Unwanted Results of Google SearchBut what works for Chrome for Android, Edge, or Safari? Or for DuckDuckGo or Bing?
Why would users be required to own multiple platforms? If someone actually needs to use an application that is exclusive to a platform, they should own that one.
Because the user needs to use one application exclusive to one platform and a second application exclusive to a different one.
By "native", I mean compiled for the platform it's being run on, rather than interpreted or pseudo-interpreted, such as with Javascript, etc.
In other words, developers ought to build apps in Qt/C++ to target all five major client platforms, correct?
building a computer has become extremely simple. [...] Building a computer nowadays is a matter of just plugging things together. If you can plug a cartridge into a game console, you can build a modern PC.
I haven't seen (in person) anyone who built his own laptop from a "barebook".
Nobody is talking about assembling a laptop, but I'm sure you thought you had a point.
My point is that a commentator who thinks everyone ought to build a PC instead of buying one needs to start remembering to toss "desktop" in the post in order to ensure readers that he or she didn't forget about those users who have a valid reason to use a laptop, such as use while riding public transit. I've actually found that the assumption that all PCs are desktops to be related to the assumption that all people drive cars.
Enjoy your inability to use apps that you find because they were developed as Mac apps and iOS apps instead of web apps.
Or if your primary computer is a Mac:
Enjoy your inability to use apps that you find because they were developed as Windows apps and Android apps instead of web apps.
I tend avoid apps that are implemented in cross-platform frameworks for simple quality reasons. Native apps tend to be of higher quality (depending on the engineer who wrote them, of course). Cross-platform frameworks tend to be "least common denominator" kinds of things.
Is it better to require most computer users to purchase, maintain, and carry multiple brands of computer in order to run exclusive applications, each designed for a different brand of computer?
Which widget set is "native" on X11/Linux? Is it GTK+, Qt, or something else? Because both of those are ported to Windows, what makes them any more "native" on X11/Linux than on Windows?
Enjoy your actual copy of Office while you still can.
What makes you think LibreOffice is going away any time soon?