Apart from a few very early devices sold by U.S. carrier AT&T, essentially all Android phones and tablets have an option to allow installation of applications from outside Google Play Store. This means that Gab can use any or all of three options:
Submit its app to Amazon Appstore.
Make its app available for unknown sources.
Publish an API so that the developer of a microblogging application can make a client as free software and submit its source code to F-Droid.
In fact, Android 8 "Oreo" makes this less monopolistic by letting the user designate any app as a store rather than using the system-wide, all-or-nothing "Unknown sources" setting of previous versions.
Perhaps readers discriminate against writers who use "fuck" because of the high overall correlation between forms of that word and fallacious arguments, particularly those that use personal attacks or other appeals to emotion. Someone who reads Cracked, for example, might not have this bias because though its articles contain the occasional F-bomb, they are on the whole well reasoned.
The MITM could insert malicious code into files transferred through FTP. Even if the file looks like a video, several video containers such as WMV have contained functionality to download DRM code to obtain a license needed to decrypt the video in the WMV file. This functionality can be and has been used for dropping trojans.
The problem with blowing away your cookies every time you restart is that it breaks sites that use two factor authentication. Because receiving the verification code through SMS on a prepaid U.S. cellular plan costs money each time, sites using 2FA offer a "Remember this computer as mine" option. If you disable persistent cookies, you end up having to receive SMS every time. For whom would this be worth ten cents per day times the number of sites that one logs into per day?
Unless the server sincerely doesn't support STARTTLS. Without some counterpart to HSTS, how is a client supposed to distinguish a server that doesn't support TLS from one that does but is behind a proxy that changes "Send a STARTTLS command first" to "Send a XXXXXXXX command first"?
You can just as easily spoof a UI image over an encrypted channel as you can over a cleartext channel.
With an encrypted channel, the browser has a fully qualified domain name with which to associate all images transmitted over that channel. With an unencrypted channel, the browser can't tell what domain has injected the images.
The idea that "consumers" want ads, much less that they want "timely and useful" ads is mistaken.
Most viewers want to read articles without having to pay a dollar per page (to compensate for per-transaction fees typical of credit card processors) or pay per site per year. They accept ads as a means to this end.
Now if they also stop supporting javascript it would definitely be a browser worth using !
If web browser developers were to stop supporting JavaScript, web application developers would make native applications instead. And many such developers aren't going to have the resources to make and thoroughly test five versions of each native application, one for each of GNU/Linux, Android, Windows, macOS, and iOS. This means users will end up unable to use some applications that they would have been able to use had they been web applications.
Or should a developer deliver a Windows application that has been tested in Windows and Wine, expect GNU/Linux and macOS users to use Wine, and expect Android and iOS users to do without?
The explicit FTPS method allows a client to revert to an unencrypted control channel after authentication, but it is only at the client's discretion. The FTPS server can't tell the client to issue a CDC command. So if your site requires it, you have to tell your users to configure their FTPS client that way.
And that's a good thing. Otherwise, neither side can be sure that the file that is received is identical to the file that was sent.
There still exists a subset of FTP that's simple to support if the server operator doesn't need FXP functionality, namely PASV-only. Or is FXP too important in practice to consider it expendable?
Modern FTP clients and servers support STARTTLS as a command to initiate TLS
Unless the ISP intercepts the STARTTLS command sent by the client and turns it into a garbage command that produces a 502 Method Not Supported response, fooling the client into thinking the server doesn't support TLS. This has happened, Ars Technica has reported on it, and there's even a proof of concept in PyPI. What's FTP's counterpart to HSTS?
It would seem that the only unsecure bit of an ftp download would be some asshole manipulating packets at a router somewhere down the line. That should be illegal anyway, imagine if they did that with TV.
Cable TV operators already replace a small number of commercials per hour per their retransmission contracts with the networks. You can tell this is happening on (say) The Weather Channel because the crawl at the bottom disappears.
Apart from a few very early devices sold by U.S. carrier AT&T, essentially all Android phones and tablets have an option to allow installation of applications from outside Google Play Store. This means that Gab can use any or all of three options:
In fact, Android 8 "Oreo" makes this less monopolistic by letting the user designate any app as a store rather than using the system-wide, all-or-nothing "Unknown sources" setting of previous versions.
Perhaps readers discriminate against writers who use "fuck" because of the high overall correlation between forms of that word and fallacious arguments, particularly those that use personal attacks or other appeals to emotion. Someone who reads Cracked, for example, might not have this bias because though its articles contain the occasional F-bomb, they are on the whole well reasoned.
Nexus and Pixel users pay Google for hardware. Are they also "the product"?
Perhaps the bottom half of the point scale is for asset flips and other comparably bad material.
A failed WebDAV PUT can be resumed with a second PUT specifying a Content-Range.
Let me know when Xcode is ported to iPad.
Or unless it's a video whose publisher doesn't want it sent in the clear to be viewed by other people who haven't paid for it.
You mean like the eBay and Amazon listers that I revised over the course of six years for an online toy seller? Yup, Python.
The MITM could insert malicious code into files transferred through FTP. Even if the file looks like a video, several video containers such as WMV have contained functionality to download DRM code to obtain a license needed to decrypt the video in the WMV file. This functionality can be and has been used for dropping trojans.
The problem with blowing away your cookies every time you restart is that it breaks sites that use two factor authentication. Because receiving the verification code through SMS on a prepaid U.S. cellular plan costs money each time, sites using 2FA offer a "Remember this computer as mine" option. If you disable persistent cookies, you end up having to receive SMS every time. For whom would this be worth ten cents per day times the number of sites that one logs into per day?
What would the CLI counterpart to said derpy clients look like? I imagine not unlike Wget.
Unless the server sincerely doesn't support STARTTLS. Without some counterpart to HSTS, how is a client supposed to distinguish a server that doesn't support TLS from one that does but is behind a proxy that changes "Send a STARTTLS command first" to "Send a XXXXXXXX command first"?
You can just as easily spoof a UI image over an encrypted channel as you can over a cleartext channel.
With an encrypted channel, the browser has a fully qualified domain name with which to associate all images transmitted over that channel. With an unencrypted channel, the browser can't tell what domain has injected the images.
A better user experience doesn't involve ads.
I agree. A user experience is possible without ads. You just have to chan...
To read the rest of this comment, log in to your comments by tepples account or subscribe to comments by tepples.
The idea that "consumers" want ads, much less that they want "timely and useful" ads is mistaken.
Most viewers want to read articles without having to pay a dollar per page (to compensate for per-transaction fees typical of credit card processors) or pay per site per year. They accept ads as a means to this end.
Now if they also stop supporting javascript it would definitely be a browser worth using !
If web browser developers were to stop supporting JavaScript, web application developers would make native applications instead. And many such developers aren't going to have the resources to make and thoroughly test five versions of each native application, one for each of GNU/Linux, Android, Windows, macOS, and iOS. This means users will end up unable to use some applications that they would have been able to use had they been web applications.
Or should a developer deliver a Windows application that has been tested in Windows and Wine, expect GNU/Linux and macOS users to use Wine, and expect Android and iOS users to do without?
My guess as to the retargeting apologist's reply: "Have you bought another of the helmet as a gift for another biker in your circle of friends?"
The biggest benefit I can think of would be for all of the advertisers to join all of the lawyers at the bottom of the ocean.
That won't work in practice for one simple reason. Publishers will sw...
To read the rest of this comment, log in to your comments by tepples account or subscribe to comments by tepples.
The explicit FTPS method allows a client to revert to an unencrypted control channel after authentication, but it is only at the client's discretion. The FTPS server can't tell the client to issue a CDC command. So if your site requires it, you have to tell your users to configure their FTPS client that way.
And that's a good thing. Otherwise, neither side can be sure that the file that is received is identical to the file that was sent.
There are use cases where you really honestly don't care if the cat video you're getting to kill time is authentic or not.
But you do care whether the operating system UI presented after the conclusion of the cat video is authentic and not a phishing attempt.
There still exists a subset of FTP that's simple to support if the server operator doesn't need FXP functionality, namely PASV-only. Or is FXP too important in practice to consider it expendable?
And then every malware bother will use your HTTP server with a PUT enabled to distribute itself.
401 Authorization Required
Do I need to watch cat videos over SSL?
TLS ensures that you're watching only the cat video, not the cat video followed by an ad inserted by a man in the middle, nor the cat video followed by a full-screen phishing form inserted by a man in the middle.
Modern FTP clients and servers support STARTTLS as a command to initiate TLS
Unless the ISP intercepts the STARTTLS command sent by the client and turns it into a garbage command that produces a 502 Method Not Supported response, fooling the client into thinking the server doesn't support TLS. This has happened, Ars Technica has reported on it, and there's even a proof of concept in PyPI. What's FTP's counterpart to HSTS?
It would seem that the only unsecure bit of an ftp download would be some asshole manipulating packets at a router somewhere down the line. That should be illegal anyway, imagine if they did that with TV.
Cable TV operators already replace a small number of commercials per hour per their retransmission contracts with the networks. You can tell this is happening on (say) The Weather Channel because the crawl at the bottom disappears.