If the file is cached, then I have to look up the originating server and initiate a two-way conversation with it before I can use the file, in order to make sure my copy isn't obsolete.
This check is unnecessary for a resource that has a far-future Expires: date. Future versions will be provided at a different URL.
Sticker shock, for one thing. Not everybody purchases all their hardware; many receive it as a gift. This is particularly true of K-12 and undergraduate students. And not everybody is willing to spend hundreds replacing all their hardware the moment they start caring about "a device that is actually yours to control."
For another, one cannot buy what is not offered for sale. In not all form factors is it easy to find hardware controlled by the user. For example, affordable 10-inch laptop PCs capable of running a 99% free operating system (except BIOS and Wi-Fi firmware) were discontinued at the end of 2012 in favor of tablets, which had a higher profit margin at the time. The Nokia N900 also never got a worthy successor to my knowledge.
Context for moderators: A claim that the rise of HTTPS is making the browser slow by making it hard for an HTTP proxy near the client to serve cached versions of public pages to multiple users, especially one in a poor or remote area. Counterclaim that one can run a caching HTTPS proxy and have its subscribers trust the proxy to verify origin servers' certs on your behalf.
That doesn't tell you what's wrong.
Another approach is for the proxy server to display the failed certificate's information on a page with HTTP status 502 (Bad Gateway).
And it always hides the real security details, showing the proxy server's security details instead.
I concede that you have found a legitimate drawback of an HTTPS MITM proxy that operates in this manner. I'll have to bring it up if someone else makes this claim.
And doesn't help if you need to access a site for which you have the CA but the proxy doesn't.
If you have a particular root certificate but the proxy doesn't, then it's probably a private CA, such as a CA for servers on your intranet, and no other subscribers to the same proxy are likely to have the certificate either. So unless it's an intercepting proxy that your network won't let you override, you can tell your browser not to use the proxy to cache that particular origin. In Firefox, for example, try Preferences > Advanced > Network > Connection > Settings > No Proxy for.
many would argue that I'm already paying for the data plan for other reasons
Does what you're already paying take into account the possibility that the game may push you into having to pay an overage fee? Or a tethering fee if the device on which you play the game is not the phone to which your data plan is registered?
>Noone seems to care about this feature, noone has been working on it.
Perhaps a better approach is to make test clips that include Herman's Hermits footage. Then you can use Noone to your advantage, fighting pedantry with pedantry.
Forking a non-trivial program may incur more practical lag than forking a trivial program, as more copy-on-write pages have to get duplicated once the forked process starts running.
All the tabs except the active one should just contain a pointer to the source site on startup. Then they can be updated one by one as they are revisited.
Provided the user's computer is still connected to the Internet at the time the browser is restarted. This may not be the case, say, for someone who turns on a laptop to read previously loaded HTML documents while riding the bus to or from work.
The (U.S.) National Weather Service and other weather forecasting agencies do update their forecasts every several hours when they re-run their models based on new conditions read by sensors. And a forecast past five days is a crapshoot.
Your proxy server sees the endpoint's certificate. If the endpoint's certificate doesn't check out, the proxy server refuses to issue its own certificate for that site.
Does "mobilegeddon" affect results of searches performed from PCs? I remember reading somewhere that it does not; only results for queries on touch-driven devices are affected. If not, then any effects of "mobilegeddon" are ultimately the result of your audience abandoning PCs for web browsing in favor of touch-driven devices.
Extra lookups to remote sites suck- more time, more misdirection, etc.
Unless the site doesn't need to be looked up at all because it's already cached.
Similarly, you run the risk of MITM stuff taking place.
These CDNs use HTTPS nowadays. What's the real probability of a CA compromise?
If they upgrade some file and it introduces an incompatibility it may very well break something on your site.
These CDNs use versioned URLs so that they can set Expires: in the far future. An upgrade would produce a different URL.
If the remote site is down, guess what? So is your site.
And if your traditional hosting provider is down, so is your site. And if your ad exchange is down, your viewers get hit with "whitelist or pay" notices.
How much does the increase in data charges from operating your web browser without a cache compare to the cost of moving your boot volume from your 5400 RPM HDD to an OCZ SSD?
(Yes, data charges. Not everybody lives in the service area of an ISP that offers a 1000 GB/mo quota to home users, such as Xfinity by Comcast. They have to rely on 10 GB fixed-cellular service. And even those who do live in range of fiber, cable, or DSL may have to drop home wired Internet to afford mobile Internet.)
Many users expect the new tab page to have the speed dial feature, which shows a screenshot of each of several sites that the user commonly views. This is even more true of visual learners, who may associate a site with its logo or color scheme rather than the text of a <title> element. It's also helpful for sites that pay little attention to putting useful information in a document's <title>, in part because many browsers have begun to deemphasize <title> in their presentation of HTML documents. Each item in Yvan256's laundry list applies just as much to generating said screenshots.
It's web pages that are filled with useless javascript libraries that people think they still need to use for cross-browser support even though Internet Explorer is long dead.
True, IE 8 is dead, but IE 11 is still in use on millions of desktop and laptop PCs running Windows 7.
It's web pages that are filled with useless ads that run their own scripts, sometimes with their own libraries too, fetched from multiple servers.
How can a site operator work around that while still reassuring the site's sponsors that real human beings in the relevant demographic are seeing the sponsors' messages?
huge animated GIFs that should be in video form
How can a site operator work around that between now and when the last H.264 patent expires? Edge reportedly supports WebM since Windows 10 "Anniversary Update", but it's half broken. And Safari still doesn't. Though H.264 viewers may not require royalties under the AVC Patent Portfolio License, encoders still do.
Disable plug-ins.
This doesn't affect HTML5 video or animated GIFs. Which browsers offer an easy way to disable both of those?
Disable javascript. You'll see how fast browsers really are.
And you'll see how many features fall back to a full page reload for each click.
I have a Galaxy Tab A running Marshmallow. Like most other Android tablets, it supports Unknown sources, but it isn't rooted, and editing that file requires root. Can I get DNS blacklisting as an APK that I can install?
i never ever buy anything that says "in app payments". hate them as I feel I'm buying a pig in a poke that I will invest my time in and then be asked to pay some unknown amount in the future.
That's Apple's fault. The App Store says "payments", plural, even when there's only one one-time payment required to unlock all of a particular app's functionality.
I've paid a lot more than $10 for a game over the years and been perfectly happy
Did those games require you to buy a data plan for hundreds of dollars per year in order to keep even single-player mode going when you leave Wi-Fi range?
It's not nickel and dime. It's like Doom: play through a few levels then unlock the entire rest of the game with a single purchase. The only remotely "nickel and dime" element of Super Mario Run that I'm aware of is its requirement for a continuous connection to Nintendo's server through the Internet, which can become very expensive if you want to play away from Wi-Fi.
You can do "responsive" things or whatever without a single line of JS if you learn the standards.
Without either reloading the entire page or using JavaScript, how can a comment section like this load newly posted comments when the user requests new comments or load comments below the previous score threshold when the user requests to lower the score threshold?
And without JavaScript, how can a website reassure its sponsors that the user is likely to have viewed the sponsors' messages? Or do you want to end up having to buy a $4 per month subscription to each site that you find in a web search?
I've done that. Even after maxing my laptop at 2 GB and replacing the HDD with an SSD, some things remain slow. The CPU graph shows one core maxed out (Firefox 50, which disables e10s because of add-ons) or both cores maxed out (Firefox 51 beta, which uses e10s), which wouldn't happen if it were swapping. I'd replace my laptop, but a new 10" has been hard to find for the past four years (except for laptops that run Chrome OS and beg the user at every boot to wipe Crouton).
There's no reason why Windows should take tens of minutes after boot before it becomes usable
Installation of operating system updates is one colorably legitimate reason. First, those parts of Windows that can't be overwritten while a user is logged in need to be updated. And then once you first log in after installing a service pack, your profile may need to be updated to reflect the update (the "Hi" screen in Windows 8 and 10). It's considerably faster for non-update boots. Or is slow installation of updates the problem to which you're referring?
* You have too many slow addons enabled [...] * The page is slow (big/complex)
The problem is that fixing one of these can break the other. Nowadays, one needs an add-on, be it a browser extension or a DNS blacklist manager, just to block the parts that make pages overly complex with upwards of 1 MB of scripts and video ads for a 4000-word article.
* You are out of CPU (unlikely)
On a phone or tablet CPU, it's surprisingly likely.
If the file is cached, then I have to look up the originating server and initiate a two-way conversation with it before I can use the file, in order to make sure my copy isn't obsolete.
This check is unnecessary for a resource that has a far-future Expires: date. Future versions will be provided at a different URL.
Sticker shock, for one thing. Not everybody purchases all their hardware; many receive it as a gift. This is particularly true of K-12 and undergraduate students. And not everybody is willing to spend hundreds replacing all their hardware the moment they start caring about "a device that is actually yours to control."
For another, one cannot buy what is not offered for sale. In not all form factors is it easy to find hardware controlled by the user. For example, affordable 10-inch laptop PCs capable of running a 99% free operating system (except BIOS and Wi-Fi firmware) were discontinued at the end of 2012 in favor of tablets, which had a higher profit margin at the time. The Nokia N900 also never got a worthy successor to my knowledge.
Context for moderators: A claim that the rise of HTTPS is making the browser slow by making it hard for an HTTP proxy near the client to serve cached versions of public pages to multiple users, especially one in a poor or remote area. Counterclaim that one can run a caching HTTPS proxy and have its subscribers trust the proxy to verify origin servers' certs on your behalf.
That doesn't tell you what's wrong.
Another approach is for the proxy server to display the failed certificate's information on a page with HTTP status 502 (Bad Gateway).
And it always hides the real security details, showing the proxy server's security details instead.
I concede that you have found a legitimate drawback of an HTTPS MITM proxy that operates in this manner. I'll have to bring it up if someone else makes this claim.
And doesn't help if you need to access a site for which you have the CA but the proxy doesn't.
If you have a particular root certificate but the proxy doesn't, then it's probably a private CA, such as a CA for servers on your intranet, and no other subscribers to the same proxy are likely to have the certificate either. So unless it's an intercepting proxy that your network won't let you override, you can tell your browser not to use the proxy to cache that particular origin. In Firefox, for example, try Preferences > Advanced > Network > Connection > Settings > No Proxy for.
many would argue that I'm already paying for the data plan for other reasons
Does what you're already paying take into account the possibility that the game may push you into having to pay an overage fee? Or a tethering fee if the device on which you play the game is not the phone to which your data plan is registered?
Here's a quote from a bug report about gamma:
>Noone seems to care about this feature, noone has been working on it.
Perhaps a better approach is to make test clips that include Herman's Hermits footage. Then you can use Noone to your advantage, fighting pedantry with pedantry.
Forking a non-trivial program may incur more practical lag than forking a trivial program, as more copy-on-write pages have to get duplicated once the forked process starts running.
All the tabs except the active one should just contain a pointer to the source site on startup. Then they can be updated one by one as they are revisited.
Provided the user's computer is still connected to the Internet at the time the browser is restarted. This may not be the case, say, for someone who turns on a laptop to read previously loaded HTML documents while riding the bus to or from work.
The (U.S.) National Weather Service and other weather forecasting agencies do update their forecasts every several hours when they re-run their models based on new conditions read by sensors. And a forecast past five days is a crapshoot.
Your proxy server sees the endpoint's certificate. If the endpoint's certificate doesn't check out, the proxy server refuses to issue its own certificate for that site.
Does "mobilegeddon" affect results of searches performed from PCs? I remember reading somewhere that it does not; only results for queries on touch-driven devices are affected. If not, then any effects of "mobilegeddon" are ultimately the result of your audience abandoning PCs for web browsing in favor of touch-driven devices.
Extra lookups to remote sites suck- more time, more misdirection, etc.
Unless the site doesn't need to be looked up at all because it's already cached.
Similarly, you run the risk of MITM stuff taking place.
These CDNs use HTTPS nowadays. What's the real probability of a CA compromise?
If they upgrade some file and it introduces an incompatibility it may very well break something on your site.
These CDNs use versioned URLs so that they can set Expires: in the far future. An upgrade would produce a different URL.
If the remote site is down, guess what? So is your site.
And if your traditional hosting provider is down, so is your site. And if your ad exchange is down, your viewers get hit with "whitelist or pay" notices.
How much does the increase in data charges from operating your web browser without a cache compare to the cost of moving your boot volume from your 5400 RPM HDD to an OCZ SSD?
(Yes, data charges. Not everybody lives in the service area of an ISP that offers a 1000 GB/mo quota to home users, such as Xfinity by Comcast. They have to rely on 10 GB fixed-cellular service. And even those who do live in range of fiber, cable, or DSL may have to drop home wired Internet to afford mobile Internet.)
Many users expect the new tab page to have the speed dial feature, which shows a screenshot of each of several sites that the user commonly views. This is even more true of visual learners, who may associate a site with its logo or color scheme rather than the text of a <title> element. It's also helpful for sites that pay little attention to putting useful information in a document's <title>, in part because many browsers have begun to deemphasize <title> in their presentation of HTML documents. Each item in Yvan256's laundry list applies just as much to generating said screenshots.
It's web pages that are filled with useless javascript libraries that people think they still need to use for cross-browser support even though Internet Explorer is long dead.
True, IE 8 is dead, but IE 11 is still in use on millions of desktop and laptop PCs running Windows 7.
It's web pages that are filled with useless ads that run their own scripts, sometimes with their own libraries too, fetched from multiple servers.
How can a site operator work around that while still reassuring the site's sponsors that real human beings in the relevant demographic are seeing the sponsors' messages?
huge animated GIFs that should be in video form
How can a site operator work around that between now and when the last H.264 patent expires? Edge reportedly supports WebM since Windows 10 "Anniversary Update", but it's half broken. And Safari still doesn't. Though H.264 viewers may not require royalties under the AVC Patent Portfolio License, encoders still do.
Disable plug-ins.
This doesn't affect HTML5 video or animated GIFs. Which browsers offer an easy way to disable both of those?
Disable javascript. You'll see how fast browsers really are.
And you'll see how many features fall back to a full page reload for each click.
HOSTS-level blocking
I have a Galaxy Tab A running Marshmallow. Like most other Android tablets, it supports Unknown sources, but it isn't rooted, and editing that file requires root. Can I get DNS blacklisting as an APK that I can install?
i never ever buy anything that says "in app payments". hate them as I feel I'm buying a pig in a poke that I will invest my time in and then be asked to pay some unknown amount in the future.
That's Apple's fault. The App Store says "payments", plural, even when there's only one one-time payment required to unlock all of a particular app's functionality.
I've paid a lot more than $10 for a game over the years and been perfectly happy
Did those games require you to buy a data plan for hundreds of dollars per year in order to keep even single-player mode going when you leave Wi-Fi range?
It's not nickel and dime. It's like Doom: play through a few levels then unlock the entire rest of the game with a single purchase. The only remotely "nickel and dime" element of Super Mario Run that I'm aware of is its requirement for a continuous connection to Nintendo's server through the Internet, which can become very expensive if you want to play away from Wi-Fi.
You're referring to subresource integrity, correct? That exists, but only Firefox currently allows the server to specify that scripts from a particular origin require SRI.
What you are missing is that even if the browser has the library cached, it still much reach out to the server to see if it has the latest version
Not if the version number is in the URL. Then the CDN can serve the library with an Expires: header with a value years in the future.
You can do "responsive" things or whatever without a single line of JS if you learn the standards.
Without either reloading the entire page or using JavaScript, how can a comment section like this load newly posted comments when the user requests new comments or load comments below the previous score threshold when the user requests to lower the score threshold?
And without JavaScript, how can a website reassure its sponsors that the user is likely to have viewed the sponsors' messages? Or do you want to end up having to buy a $4 per month subscription to each site that you find in a web search?
I've done that. Even after maxing my laptop at 2 GB and replacing the HDD with an SSD, some things remain slow. The CPU graph shows one core maxed out (Firefox 50, which disables e10s because of add-ons) or both cores maxed out (Firefox 51 beta, which uses e10s), which wouldn't happen if it were swapping. I'd replace my laptop, but a new 10" has been hard to find for the past four years (except for laptops that run Chrome OS and beg the user at every boot to wipe Crouton).
There's no reason why Windows should take tens of minutes after boot before it becomes usable
Installation of operating system updates is one colorably legitimate reason. First, those parts of Windows that can't be overwritten while a user is logged in need to be updated. And then once you first log in after installing a service pack, your profile may need to be updated to reflect the update (the "Hi" screen in Windows 8 and 10). It's considerably faster for non-update boots. Or is slow installation of updates the problem to which you're referring?
* You have too many slow addons enabled
[...]
* The page is slow (big/complex)
The problem is that fixing one of these can break the other. Nowadays, one needs an add-on, be it a browser extension or a DNS blacklist manager, just to block the parts that make pages overly complex with upwards of 1 MB of scripts and video ads for a 4000-word article.
* You are out of CPU (unlikely)
On a phone or tablet CPU, it's surprisingly likely.
Did you try right-clicking the Back button to see a list of steps that you can skip?