Slashdot Mirror


User: tepples

tepples's activity in the archive.

Stories
0
Comments
68,260
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 68,260

  1. There's no reason for skimping on your web server anymore, encryption is easy and even crappy virutal machines can serve up HTTPS without issue.

    One reason is that your web server is private, and you don't own a domain.

    In order to set up HTTPS traffic to the owner of a home router, printer, or NAS, its owner would first have to acquire a domain and a certificate for said device. But as I understand it, most providers of dynamic DNS on a subdomain without charge still aren't in the Public Suffix List. And if the domain in which your subdomain is registered hasn't completed the process to be added to the Public Suffix List, and 20 other customers on the same subdomain have already obtained a certificate from Let's Encrypt in the past week, Let's Encrypt will refuse to issue you a certificate on rate limit grounds. This means that even if you do buy a router, printer, and NAS with Let's Encrypt integration, you'll need to buy a domain for your home LAN and continue to renew it.

  2. The purpose is to ensure that the code executed by the user's browser is the code sent by the cat meme site, not something else intended to exploit browser vulnerabilities to hijack the user's computer.

    The cat meme site doesn't need to run javascript.

    Then let me restate the spirit of swillden's comment for the noscript case:

    The purpose is to ensure that the HTML markup, CSS code, image data, audio data, and video data interpreted by the user's browser is the HTML markup, CSS code, image data, audio data, and video data sent by the cat meme site, not something else intended to exploit browser vulnerabilities to hijack the user's computer.

  3. Per the CA/Browser Forum Baseline Requirements, Let's Encrypt is forced to banish you for either of the following reasons:

    • A. Your domain isn't fully qualified, such as multicast DNS names under .local.
    • B. Your domain has expired.
  4. There's little reason why publicly available non-controversial information should be encrypted

    For one thing, what you find non-controversial a third party may find controversial. For another, home ISPs such as Comcast can and do inject their own ads and other malware into cleartext HTTP connections.

  5. Ever wonder why the advertised 12 hour battery life of your mobile device has dropped to 8 or 6 hours? This is why.

    On which device, and with which websites, have you benchmarked a battery life difference of this magnitude between cleartext HTTP and HTTPS? Because otherwise, I'm more inclined to blame the growth in both lithium dendrites and ad display script complexity for reduced battery capacity.

  6. Can I have a couple hundred billion dollars? on Mozilla To Document Cross-Browser Web Dev Standards with Google, Microsoft, Samsung, and W3C (venturebeat.com) · · Score: 1

    How do you recommend going about crowdfunding several hundred billion U.S. dollars to acquire a controlling interest in the incumbent movie studios in order to force them to end their policy of price discrimination against rewatchers?

  7. The Web was pretty useful before the onslaught of ads.

    Before ads, the Web was accessed through dial-up. Would you prefer to go back to 0.05 Mbps?

    And the ad driven content isn't worth watching. So I'm happy to pay. Why would an ad free web be so bad?

    If you view one document on each of 25 sites in a month, such as documents linked from a web search result page, you'd end up having to pay $4 per site per month times 25 sites = $100 per month on top of what you already pay for Internet access.

  8. Re:Once sites like that fill search results on Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) · · Score: 1

    What they actually did was even scummier - they included the actual answers on the page if the referrer was Google.

    That's called "cloaking", which Google generally forbids. But since October 1, Google has officially allowed this specific kind of cloaking under the name "flexible sampling", so long as the document contains a JSON-LD block to mark specific CSS class names as being paywalled.

  9. Not if you don't use Chrome or Search on Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) · · Score: 1

    Why does google get to decide and censor what JavaScript a website can run?

    Google doesn't get to do so unless you use the Google Chrome browser or reach the website through Google Search. Both have replacements: Firefox and DuckDuckGo, or Edge/Safari and Bing.

  10. Re: Once sites like that fill search results on Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) · · Score: 1

    User agent switching doesn't work anymore unless you come from a Google IP block.

  11. Re:Once sites like that fill search results on Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) · · Score: 1

    Then we're back to the original AC's modal dialog: "Website forbidden. Please disable your adblock and reload the page."

  12. Wine to the maintainers of Windows apps on Ubuntu 17.10 Artful Aardvark Released · · Score: 1

    ubuntu should build in a subsystem for windows apps. iow, the ability to transparently install and run any windows app.

    sudo apt install wine and bug the maintainers of the Windows apps you use for Wine fixes, which shouldn't be any bigger than the fixes that were needed to port an app from Windows 98 to XP or from XP to 7.

  13. Re:Service Workers enable offline mode on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    With very rare exceptions most native development is in a virtual machine language or is in a language that is compile-able on multiple systems.

    Just because a language is "compile-able" doesn't mean that the developer has a copy of a cross-development toolchain targeting a particular platform and a device of that platform on which to test it. For example, a developer without a Mac and an iPad isn't going to be porting his app to iPad, and a developer without a Windows license isn't going to be porting his app to Windows PCs. You might end up facing a screen like this:

    GNU/Linux Download .deb for Ubuntu (x86-64) Android Install on Google Play Store | Install on F-Droid | Download .apk Source code View repository on GitHub Windows Back our crowdfunding campaign macOS Back our crowdfunding campaign iOS Back our crowdfunding campaign PlayStation 4 Back our crowdfunding campaign Xbox One Back our crowdfunding campaign Nintendo Switch Back our crowdfunding campaign

    In theory, it'd be possible to choose an application distributed as free software, download the application's source code, cross-compile it for execution on your own device, troubleshoot and fix any inadvertent reliance on platform-specific behaviors of the library (be they implementation-defined, unspecified, or undefined), send a pull request to the application's maintainer, and respond to subsequent issues filed by users of your port to that platform. But in practice, what fraction of users are willing to become the port maintainer for a particular application on a particular platform just to use the application?

    I'm not even sure the last time I saw a native app not crossplatform (iOS/Android or Mac/Windows).

    Xcode is Mac exclusive, the game Tiny Wings is iOS exclusive, and Safari in which to test a web application's compatibility with Safari is exclusive to Mac and iOS. Or do you want a third-party, non-game example on each?

  14. Re:Once sites like that fill search results on Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) · · Score: 1

    What do you plan to do once "1-2 sites" where you get your news install cryptocurrency miners? Or your webmail sites?

  15. Painful to move insertion point or insert HTML on Traditional PC Sales Continue To Slide (zdnet.com) · · Score: 1

    for a paragraph or two, a phone is fine.

    When I compose a paragraph such as this one, I don't necessarily enter the words in the order that I intend them to be read. I go back and forth, using Ctrl+left and Ctrl+right to move backward and forward in what I'm writing. I have found moving the insertion point with Android's touch screen input to be an exercise in frustration. I also find it frustrating with Android's touch screen input to select text to copy for an inline quotation and place the insertion point to paste them. Having the parts of an HTML or BBCode closing tag such as </em> or [/quote] spread across three different pages of the on-screen keyboard is also painful, as well as turning href into great or beef when I'm trying to enter an <a> element because autocorrect can't tell markup from prose.

    Work emails sometimes involve longer responses and when I have to use a laptop I do.

    You are correct that I had work email in mind, be it my day job or free software projects' mailing lists, not noreply@ things like purchase receipts.

    Asian languages like Chinese, Japanese and Korean are far easier to input for some people using a finger as opposed to a keyboard system.

    I can see your point for logographic languages like Chinese and Japanese. But Korean hangul is an alphabet, theoretically just as amenable to keyboard entry as the Latin letters in which English is written.

  16. Re:Google should see this as a threat!!! on Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) · · Score: 1

    Most people wouldn't even notice the difference or the cost.

    Not even when the device's battery runs out twice as fast as it used to? Or were you operating under the assumption that "Most people" use a desktop PC as opposed to a laptop, tablet, or smartphone?

  17. [Without script,] many sites simply don't load right and you can't navigate and are filled with gibberish when you do that.

    Then visit the many sites that do work without script instead of the many sites that don't work.

  18. Forum sites such as SoylentNews and Slashdot work without script. The user navigates or submits a form, and the site returns a document. Those web applications for which navigation and form submission are insufficient can be rewritten as a native application.

  19. As I understand it, EME provides a controlled interface to a Content Decryption Module (CDM). A CDM can obfuscate only audio and video decoding and output, not any process whose output the script can directly monitor. If you have a proof of concept of Monero mining in a well-known CDM, such as Widevine, Primetime, or PlayReady, I'd like to see it.

  20. Once sites like that fill search results on Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) · · Score: 5, Informative

    I'd never go back to that site.

    So how will you deal with the frustration when you find that the majority of the top ten results from a particular web search query come from that site and others like it? It becomes tedious to add a dozen or more -site:domain.example terms to every single query. Google Search used to allow blacklisting a domain, but this feature has since been permanently discontinued. I found some promising browser extensions for users of Google Search on select desktop browsers:

    Google Chrome for desktop Personal Blocklist Firefox 56 or later Personal Blocklist (not by Google) Firefox 52 ESR or Firefox 56 Hide Unwanted Results of Google Search

    But what works for Chrome for Android, Edge, or Safari? Or for DuckDuckGo or Bing?

  21. Re:Service Workers enable offline mode on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    Why would users be required to own multiple platforms? If someone actually needs to use an application that is exclusive to a platform, they should own that one.

    Because the user needs to use one application exclusive to one platform and a second application exclusive to a different one.

    By "native", I mean compiled for the platform it's being run on, rather than interpreted or pseudo-interpreted, such as with Javascript, etc.

    In other words, developers ought to build apps in Qt/C++ to target all five major client platforms, correct?

  22. Re:Builders vs Buyers on Traditional PC Sales Continue To Slide (zdnet.com) · · Score: 1

    building a computer has become extremely simple. [...] Building a computer nowadays is a matter of just plugging things together. If you can plug a cartridge into a game console, you can build a modern PC.

    I haven't seen (in person) anyone who built his own laptop from a "barebook".

    Nobody is talking about assembling a laptop, but I'm sure you thought you had a point.

    My point is that a commentator who thinks everyone ought to build a PC instead of buying one needs to start remembering to toss "desktop" in the post in order to ensure readers that he or she didn't forget about those users who have a valid reason to use a laptop, such as use while riding public transit. I've actually found that the assumption that all PCs are desktops to be related to the assumption that all people drive cars.

  23. Re:Service Workers enable offline mode on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    Enjoy your inability to use apps that you find because they were developed as Mac apps and iOS apps instead of web apps.

    Or if your primary computer is a Mac:
    Enjoy your inability to use apps that you find because they were developed as Windows apps and Android apps instead of web apps.

  24. Re:Service Workers enable offline mode on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    I tend avoid apps that are implemented in cross-platform frameworks for simple quality reasons. Native apps tend to be of higher quality (depending on the engineer who wrote them, of course). Cross-platform frameworks tend to be "least common denominator" kinds of things.

    Is it better to require most computer users to purchase, maintain, and carry multiple brands of computer in order to run exclusive applications, each designed for a different brand of computer?

    Which widget set is "native" on X11/Linux? Is it GTK+, Qt, or something else? Because both of those are ported to Windows, what makes them any more "native" on X11/Linux than on Windows?

  25. Re:Service Workers enable offline mode on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    Enjoy your actual copy of Office while you still can.

    What makes you think LibreOffice is going away any time soon?