I don't believe mspaint supports icon format directly, but you can convert bitmaps into icon files programmatically.
Then you'll need to apply for approval of a program to "convert bitmaps into icon files programmatically", as I'm not aware of one that ships with Windows.
First show how that's necessary for doing your job. Can you phrase it in a form analogous to "Without this, I cannot annotate screenshots, and without annotating screenshots, I cannot do my job because of good reasons X and Y"?
I shouldn't have to worry about these things if all I want to do is make a quick goofy little icon or whatever.
Does Paint even include an exporter for an icon file that includes multiple sizes?
But sometimes, part of the job includes knowing when to pick your battles.
True. I'm also aware that which battles to pick depends on how expendable the company considers you to be. This is probably why I haven't had quite as much problem getting GIMP approved as some other users are reporting, as I've worked at mostly small businesses.
This brings me to another point: Sometimes, picking your battles includes picking your employer. "I left when I realized the company made a habit of refusing to provide suitable tools to do my job on a reasonable time frame. Assigning projects that require image editing without allowing use of a basic image editor, even one distributed as free software, was the last straw."
Some of us have Actual Work to do that doesn't involve tilting at IT windmills.
If your employer's IT department presents windmills, you are being paid to tilt at them. Then you can use your days off to polish your CV so you can find a job with a different employer whose IT department is less dysfunctional at approving widely used applications distributed as free software.
Hammers for nails.
You are dealing with an IT department that requires excessive red tape to obtain a hammer.
Then apply for approval to attach said flash drive, and be proactive in notifying all managers involved that the work for which you are paid is pending said approval. When caught dicking around on your phone, point to the three or more tasks waiting on approval.
Then the next step is to investigate why so many tasks are hitting the back burner. If you can show management that tool approval is the leading source of project delays, this might spur an effort to make approval of use of free software more Agile, seeing as Agile is the hot buzzword.
Self-signed certs force encryption, so I'm not sure how an ISP would able to crack that encryption [...] The problem with self-signed certs is there is no mechanism that requires the cert owner to actually control the domain the cert, no way to ensure the server you are connecting to actually is who it ways it is.
You answered your own question. Instead of letting a subscriber connect to a server with a self-signed certificate, the ISP would intercept the connection, act as a server to the subscriber, and act as a client to the real server. Browser publishers warn for self-signed certificates but don't warn for DV certificates because they have agreed that https in the scheme means some level of verification that the domain and server share control.
A computer locked down to run only applications approved by the corporate IT department will run Paint because it has been approved as part of the Windows operating system but refuse to run "your Hello World".
All of which are crap or a better open source alternative exists.
Among the applications you listed are music store, music streaming, music identification video store, and video streaming apps. What's the free replacement for each? What's the appropriate way to obtain an OAuth key pair for a free Twitter client when Twitter can and does revoke API keys that leak to the public? And what's the free replacement for Skype that can perform text, voice, and video chat with users on your existing Skype contact list or with Skype users who have invited you to text, voice, or video chat with them?
And the justification will usually involve adjustment layers, a Photoshop feature where a filter is associated with a layer, automatically updating when the layers below it change. But because you usually don't need adjustment layers just to mark up screenshots, GNU Image Manipulation Program should be easier to approve.
What fraction of Windows PCs that you have encountered are locked down so tight that connecting a flash drive you carry with GIMP Portable on it doesn't work?
When you or your manager applied to corporate IT to add GNU Image Manipulation Program to the "small handful of other critical software", what was the reason given for the denial?
When forced to work on machines that have things locked down tight, downloading and installing a new tool is not always an option.
How are you "forced to work on machines" like that in the first place? Why can't you play the "can't do the job without appropriate tools" card to temporarily decline to work on them pending approval of use of, say, GIMP Portable?
GIMP has both the paintbrush tool, which antialiases strokes "with additional pixels on either side in a lighter colour", and the pencil tool, which "does operate on a pixel basis".
Off-Store apps can be installed in Windows 10 Home and Windows 10 Pro, just not Windows 10 S. What problem did you run into when installing Paint.NET on Windows 10 Home or Windows 10 Pro? Or does your PC run Windows 10 S? If so, which make and model so that others can follow the growth of Windows 10 S usage share?
Today at work, I tested this claim by starting GIMP on two PCs, one with Xubuntu 16.04 and the other with Windows 10, neither with an SSD. From choosing the app from the start menu to GIMP's main window appearing took four seconds on each. I also tested it a few days ago on a compact laptop with an SSD and an Atom CPU, and it took five seconds. But I concede that these tests weren't fresh after a PC restart, and it didn't have to rescan fonts and plug-ins. Or are you often triggering something that requires rescanning fonts and plug-ins?
Could you describe further? When has Apple violated its privacy policy? Or which practices does this policy allow that are still unacceptably intrusive?
And which brand of laptop should I try in a showroom instead?
humans can't do anything useful with "almost everything might be dangerous".
Of course they can. They can opt into the walled garden of Nintendo, Sony, Microsoft, or Apple, for example, which in theory allow only vetted businesses to publish on their platforms.
1) I have a bunch of older extensions, some of which aren't signed.
Extensions listed on AMO before signing was instituted were automatically signed. For extensions distributed off-AMO, fork them pursuant to their free software licenses and submit your fork as an unlisted extension.
2) Sometimes I modify extensions (fix bugs, get rid of annoying behaviors).
Then you are a developer, not a "consumer" who only views works created by others. Fork the older extensions pursuant to their free software licenses and submit your fork as an unlisted extension, or use Firefox Developer Edition.
3) I don't want to have to "apply" to someone else for the right to run something on my own computer.
In principle, browsers for desktop operating systems already discard DOMs to the page file. One drawback of this approach is fragmentation: because one 4K page of memory may contain objects associated with more than one tab, it might take longer for a document to get completely paged out. To what extent does Firefox try to keep a document's data together in address space?
If there is no "vetting" then why have CA's? Just self-sign and call it a day.
Self-signing allows any ISP to intercept your connection and act as a man in the middle without your knowledge. A domain-validated certificate requires an attacker to intercept not only your connection to the web server but also the CA's connection to the domain's DNS server days or weeks earlier when the certificate was issued.
Why hold one CA to a completely different set of standards than every other CA?
Because most other major CAs that offer domain-validated (DV) certificates also offer organization-validated (OV) or Extended Validation (EV) certificates for a higher price. Let's Encrypt does not.
Then go get the CA/Browser Forum to amend their requirements that all CAs and web browser makers follow.
Or write a browser extension to trust DV certificates less. Then you'll get a green bar on Twitter but a warning on Facebook. Comodo's Dragon browser, for example, has included something like this, displaying a warning the first time the user visits a site using a DV certificate. The warning's text begins as follows:
It may not be safe to exchange information with this site
The security (or SSL) certificate for this website indicates that the organization operating it may not have undergone trusted third-party validation that it is a legitimate business. Although the information passed between you and this website will be encrypted, you have no assurance of who you are actually exchanging information with[...]
it was assumed that CA has an Authority to verify that this website is who it claims it is.
And when the only claim in question is "this site is operated by the same entity that owns the domain", a CA offering domain-validated certificates has an Authority to verify this claim. Let's Encrypt does this through either a cleartext HTTP connection to the server or DNS TXT records. Verifying whether the domain owner ought to continue to own that domain, or that the domain is not misleadingly similar to the name of a large business, is outside the scope of a domain-validated certificate.
I don't believe mspaint supports icon format directly, but you can convert bitmaps into icon files programmatically.
Then you'll need to apply for approval of a program to "convert bitmaps into icon files programmatically", as I'm not aware of one that ships with Windows.
First show how that's necessary for doing your job. Can you phrase it in a form analogous to "Without this, I cannot annotate screenshots, and without annotating screenshots, I cannot do my job because of good reasons X and Y"?
I shouldn't have to worry about these things if all I want to do is make a quick goofy little icon or whatever.
Does Paint even include an exporter for an icon file that includes multiple sizes?
But sometimes, part of the job includes knowing when to pick your battles.
True. I'm also aware that which battles to pick depends on how expendable the company considers you to be. This is probably why I haven't had quite as much problem getting GIMP approved as some other users are reporting, as I've worked at mostly small businesses.
This brings me to another point: Sometimes, picking your battles includes picking your employer. "I left when I realized the company made a habit of refusing to provide suitable tools to do my job on a reasonable time frame. Assigning projects that require image editing without allowing use of a basic image editor, even one distributed as free software, was the last straw."
Some of us have Actual Work to do that doesn't involve tilting at IT windmills.
If your employer's IT department presents windmills, you are being paid to tilt at them. Then you can use your days off to polish your CV so you can find a job with a different employer whose IT department is less dysfunctional at approving widely used applications distributed as free software.
Hammers for nails.
You are dealing with an IT department that requires excessive red tape to obtain a hammer.
Then apply for approval to attach said flash drive, and be proactive in notifying all managers involved that the work for which you are paid is pending said approval. When caught dicking around on your phone, point to the three or more tasks waiting on approval.
Then the next step is to investigate why so many tasks are hitting the back burner. If you can show management that tool approval is the leading source of project delays, this might spur an effort to make approval of use of free software more Agile, seeing as Agile is the hot buzzword.
Self-signed certs force encryption, so I'm not sure how an ISP would able to crack that encryption [...] The problem with self-signed certs is there is no mechanism that requires the cert owner to actually control the domain the cert, no way to ensure the server you are connecting to actually is who it ways it is.
You answered your own question. Instead of letting a subscriber connect to a server with a self-signed certificate, the ISP would intercept the connection, act as a server to the subscriber, and act as a client to the real server. Browser publishers warn for self-signed certificates but don't warn for DV certificates because they have agreed that https in the scheme means some level of verification that the domain and server share control.
A computer locked down to run only applications approved by the corporate IT department will run Paint because it has been approved as part of the Windows operating system but refuse to run "your Hello World".
[A laundry list]
All of which are crap or a better open source alternative exists.
Among the applications you listed are music store, music streaming, music identification video store, and video streaming apps. What's the free replacement for each? What's the appropriate way to obtain an OAuth key pair for a free Twitter client when Twitter can and does revoke API keys that leak to the public? And what's the free replacement for Skype that can perform text, voice, and video chat with users on your existing Skype contact list or with Skype users who have invited you to text, voice, or video chat with them?
And the justification will usually involve adjustment layers, a Photoshop feature where a filter is associated with a layer, automatically updating when the layers below it change. But because you usually don't need adjustment layers just to mark up screenshots, GNU Image Manipulation Program should be easier to approve.
Windows > Single-Window Mode
Turn it on and GIMP becomes far less of a Charlie Foxtrot. Otherwise, what are your other GIMP UI annoyances?
What fraction of Windows PCs that you have encountered are locked down so tight that connecting a flash drive you carry with GIMP Portable on it doesn't work?
When you or your manager applied to corporate IT to add GNU Image Manipulation Program to the "small handful of other critical software", what was the reason given for the denial?
When forced to work on machines that have things locked down tight, downloading and installing a new tool is not always an option.
How are you "forced to work on machines" like that in the first place? Why can't you play the "can't do the job without appropriate tools" card to temporarily decline to work on them pending approval of use of, say, GIMP Portable?
GIMP has both the paintbrush tool, which antialiases strokes "with additional pixels on either side in a lighter colour", and the pencil tool, which "does operate on a pixel basis".
Off-Store apps can be installed in Windows 10 Home and Windows 10 Pro, just not Windows 10 S. What problem did you run into when installing Paint.NET on Windows 10 Home or Windows 10 Pro? Or does your PC run Windows 10 S? If so, which make and model so that others can follow the growth of Windows 10 S usage share?
GIMP just takes forever to load.
Today at work, I tested this claim by starting GIMP on two PCs, one with Xubuntu 16.04 and the other with Windows 10, neither with an SSD. From choosing the app from the start menu to GIMP's main window appearing took four seconds on each. I also tested it a few days ago on a compact laptop with an SSD and an Atom CPU, and it took five seconds. But I concede that these tests weren't fresh after a PC restart, and it didn't have to rescan fonts and plug-ins. Or are you often triggering something that requires rescanning fonts and plug-ins?
Could you describe further? When has Apple violated its privacy policy? Or which practices does this policy allow that are still unacceptably intrusive?
And which brand of laptop should I try in a showroom instead?
GOG has also taken to releasing certain titles that only work if you have an internet connection.
Which? Does this refer to games with no substantial single-player campaign, or to games that phone home even in single-player mode?
humans can't do anything useful with "almost everything might be dangerous".
Of course they can. They can opt into the walled garden of Nintendo, Sony, Microsoft, or Apple, for example, which in theory allow only vetted businesses to publish on their platforms.
1) I have a bunch of older extensions, some of which aren't signed.
Extensions listed on AMO before signing was instituted were automatically signed. For extensions distributed off-AMO, fork them pursuant to their free software licenses and submit your fork as an unlisted extension.
2) Sometimes I modify extensions (fix bugs, get rid of annoying behaviors).
Then you are a developer, not a "consumer" who only views works created by others. Fork the older extensions pursuant to their free software licenses and submit your fork as an unlisted extension, or use Firefox Developer Edition.
3) I don't want to have to "apply" to someone else for the right to run something on my own computer.
Then use Firefox Developer Edition.
In principle, browsers for desktop operating systems already discard DOMs to the page file. One drawback of this approach is fragmentation: because one 4K page of memory may contain objects associated with more than one tab, it might take longer for a document to get completely paged out. To what extent does Firefox try to keep a document's data together in address space?
If there is no "vetting" then why have CA's? Just self-sign and call it a day.
Self-signing allows any ISP to intercept your connection and act as a man in the middle without your knowledge. A domain-validated certificate requires an attacker to intercept not only your connection to the web server but also the CA's connection to the domain's DNS server days or weeks earlier when the certificate was issued.
Why hold one CA to a completely different set of standards than every other CA?
Because most other major CAs that offer domain-validated (DV) certificates also offer organization-validated (OV) or Extended Validation (EV) certificates for a higher price. Let's Encrypt does not.
Then go get the CA/Browser Forum to amend their requirements that all CAs and web browser makers follow.
Or write a browser extension to trust DV certificates less. Then you'll get a green bar on Twitter but a warning on Facebook. Comodo's Dragon browser, for example, has included something like this, displaying a warning the first time the user visits a site using a DV certificate. The warning's text begins as follows:
it was assumed that CA has an Authority to verify that this website is who it claims it is.
And when the only claim in question is "this site is operated by the same entity that owns the domain", a CA offering domain-validated certificates has an Authority to verify this claim. Let's Encrypt does this through either a cleartext HTTP connection to the server or DNS TXT records. Verifying whether the domain owner ought to continue to own that domain, or that the domain is not misleadingly similar to the name of a large business, is outside the scope of a domain-validated certificate.