Are a substantial fraction of laptop owners willing to 1. research compatible WLAN/WWAN cards, especially with some manufacturers' habit of BIOS whitelisting; 2. buy one to replace the existing WLAN card; and 3. open their laptop to install it?
Perhaps this article is just about encouragement to bundle a WLAN/WWAN card in new laptops in place of a WLAN card.
The fact that it differs among QWERTY, AZERTY, and QWERTZ layouts, and the fact that a user unfamiliar with a particular game is more likely to correctly guess arrow keys than to correctly guess WASD or IJKL.
If a fixed element is positioned at the very top or bottom and more than half the width of the body, the browser can use a heuristic to determine that it's a navigation bar whose height should be excluded from the viewport height for page scrolling calculation.
And then someone adds six lines of CSS to make it more readable, resulting in a better MFing website. (The one thing I disagree with on Better is "A little less contrast".)
If not the arrow keys, then what key would you recommend to move the player's character in a video game that the player is trying on the web before deciding to buy and install it locally?
Having to use two hands to hold Fn and press Down Arrow to activate the PgDn scancode is less convenient than just pressing the big fat spacebar with one hand.
a lot of page views are on devices that don't even have a physical space bar.
And a lot are on devices that do, such as the laptop into which I'm typing this comment. So unless you're requiring the user to receive SMS for account confirmation, or your web application's core functionality depends on continuous geolocation, a substantial fraction of users are going to end up on desktops, laptops, or tablets with a clip-on keyboard.
Say you have a 12" tablet and a 10" laptop. Which is the "desktop computer" and which the "mobile device"?
You appear to recommend the use of a separate m.-site. If a phone user shares a link through e-mail, Usenet, or more recent web-based substitutes for the above (forums, Facebook, Twitter, etc.) with a desktop user, which version should the recipient see?
My question is whether a malicious PNG opening on debian can cause the system to let it load a bash shell
Even if it does, it won't last long, as libpng will be patched promptly. And it won't require a complete reboot, just closing and reopening all applications that link to libpng.
Furthermore, you overestimate how difficult it is to obtain a valid certificate. All I need to do is own a domain.
This is true of TLS but not of code signing. There's no counterpart to Let's Encrypt ($0 for 90 days) or SSLs.com ($15 for three years), as far as I've been made aware. And a TLS certificate works across all major platforms, unlike an Authenticode certificate that works only for Windows, not for macOS or anything else. Apple is the only CA on macOS, and it charges $99 per year for a certificate that passes Gatekeeper.
It's a little bit like TLS certificates for internal applications -- many admins I know will do the absolute minimum required to stop the browser from showing a certificate error, then run away screaming.
The difference being that with TLS, browsers treat a domain-validated certificate as sufficient, but there's no counterpart to DV certificates in code signing.
how is bash - or any of the other unix-based shells, such as ksh, ssh, ash thru zsh - any more secure than PowerShell?
Not allowing the equivalent of ShellExecute on a script without the execute bit set, and saving files downloaded from the Internet without the execute bit.
What would a signature possibly mean to me as a user if I don't know you?
All code signing certificates issued by CAs trusted by popular operating systems are at least organizationally validated. This means two things: 1. the executable wasn't modified since it left the publisher's build farm, and 2. you know whom to sue if there are problems (especially in jurisdictions that don't allow a blanket disclaimer of all liability).
With or without a signature, my choice is still: either I run this script I need to my job, or I don't and I can't do my job (or it gets much, much harder).
I think the idea is that when faced with an unsigned script and a competitor's signed script, users will choose the signed script because of the guarantees of an OV certificate.
Is the adapter included with the phone, or is it sold separately? And does the adapter allow recharging the phone's battery while headphones are in use?
That only means you have to mark the pages containing the code you just generated read-only once you're done.
Several operating systems in wide use, such as Apple iOS and the operating systems of modern video game consoles, offer no way for third-party applications to switch a page from read-write to read-execute. When a page is allocated for data, the OS clears it first, and it stays non-executable until deallocated. Only the OS's executable loader* has the privilege to allocate pages for code, and once the loader loads a module, verifies its digital signature, and flips its pages from read-write to read-execute, the pages stay non-writable until deallocated.
* Or, in the case of Apple iOS, the WebKit JavaScript virtual machine.
Are a substantial fraction of laptop owners willing to 1. research compatible WLAN/WWAN cards, especially with some manufacturers' habit of BIOS whitelisting; 2. buy one to replace the existing WLAN card; and 3. open their laptop to install it?
Perhaps this article is just about encouragement to bundle a WLAN/WWAN card in new laptops in place of a WLAN card.
How about this; give the user an easy-to-use function that forces the page to load the mobile or desktop version on a site-by-site basis.
Good luck designing such "an easy-to use function", especially when such a large percentage of the population can't perform even the simplest tasks on a computer.
What is wrong with 'WASD'?
The fact that it differs among QWERTY, AZERTY, and QWERTZ layouts, and the fact that a user unfamiliar with a particular game is more likely to correctly guess arrow keys than to correctly guess WASD or IJKL.
"becoming the dominant interface" doesn't imply nearly the same usage share disparity as fiber+cable+DSL+satellite+cellular compared to dial-up.
If a fixed element is positioned at the very top or bottom and more than half the width of the body, the browser can use a heuristic to determine that it's a navigation bar whose height should be excluded from the viewport height for page scrolling calculation.
And then someone adds six lines of CSS to make it more readable, resulting in a better MFing website. (The one thing I disagree with on Better is "A little less contrast".)
If not the arrow keys, then what key would you recommend to move the player's character in a video game that the player is trying on the web before deciding to buy and install it locally?
hit the damn "page down" key
Having to use two hands to hold Fn and press Down Arrow to activate the PgDn scancode is less convenient than just pressing the big fat spacebar with one hand.
a lot of page views are on devices that don't even have a physical space bar.
And a lot are on devices that do, such as the laptop into which I'm typing this comment. So unless you're requiring the user to receive SMS for account confirmation, or your web application's core functionality depends on continuous geolocation, a substantial fraction of users are going to end up on desktops, laptops, or tablets with a clip-on keyboard.
Say you have a 12" tablet and a 10" laptop. Which is the "desktop computer" and which the "mobile device"?
You appear to recommend the use of a separate m.-site. If a phone user shares a link through e-mail, Usenet, or more recent web-based substitutes for the above (forums, Facebook, Twitter, etc.) with a desktop user, which version should the recipient see?
Almost all laptops have internal mini PCIe or M.2 slots.
How many of them? What are you willing to remove to add a cellular card?
Who said it had to be an external device?
The trend toward making laptops less internally upgradeable said it had to be an external device.
My question is whether a malicious PNG opening on debian can cause the system to let it load a bash shell
Even if it does, it won't last long, as libpng will be patched promptly. And it won't require a complete reboot, just closing and reopening all applications that link to libpng.
Likewise, you need Apple's blessing to publish on Nintendo's competitor (the iPod and iPhone).
The royalty for the underlying novel, comic book, TV series, etc. may be per unit, as may the royalty for any music used in the movie.
Phones don't come with slide-out keyboards anymore. If you meant a Bluetooth keyboard, how good are the IDEs for phones?
Furthermore, you overestimate how difficult it is to obtain a valid certificate. All I need to do is own a domain.
This is true of TLS but not of code signing. There's no counterpart to Let's Encrypt ($0 for 90 days) or SSLs.com ($15 for three years), as far as I've been made aware. And a TLS certificate works across all major platforms, unlike an Authenticode certificate that works only for Windows, not for macOS or anything else. Apple is the only CA on macOS, and it charges $99 per year for a certificate that passes Gatekeeper.
I have a feeling I missed something important.
It's a little bit like TLS certificates for internal applications -- many admins I know will do the absolute minimum required to stop the browser from showing a certificate error, then run away screaming.
The difference being that with TLS, browsers treat a domain-validated certificate as sufficient, but there's no counterpart to DV certificates in code signing.
how is bash - or any of the other unix-based shells, such as ksh, ssh, ash thru zsh - any more secure than PowerShell?
Not allowing the equivalent of ShellExecute on a script without the execute bit set, and saving files downloaded from the Internet without the execute bit.
What would a signature possibly mean to me as a user if I don't know you?
All code signing certificates issued by CAs trusted by popular operating systems are at least organizationally validated. This means two things: 1. the executable wasn't modified since it left the publisher's build farm, and 2. you know whom to sue if there are problems (especially in jurisdictions that don't allow a blanket disclaimer of all liability).
With or without a signature, my choice is still: either I run this script I need to my job, or I don't and I can't do my job (or it gets much, much harder).
I think the idea is that when faced with an unsigned script and a competitor's signed script, users will choose the signed script because of the guarantees of an OV certificate.
Then again, you can find out in a few minutes if your current machine will run fine on Linux.
If six years ago the answer turned out to be no, what would you have done at the time?
Under such a regime, how would a musician become "authorized"?
Is the adapter included with the phone, or is it sold separately? And does the adapter allow recharging the phone's battery while headphones are in use?
That only means you have to mark the pages containing the code you just generated read-only once you're done.
Several operating systems in wide use, such as Apple iOS and the operating systems of modern video game consoles, offer no way for third-party applications to switch a page from read-write to read-execute. When a page is allocated for data, the OS clears it first, and it stays non-executable until deallocated. Only the OS's executable loader* has the privilege to allocate pages for code, and once the loader loads a module, verifies its digital signature, and flips its pages from read-write to read-execute, the pages stay non-writable until deallocated.
* Or, in the case of Apple iOS, the WebKit JavaScript virtual machine.
NVIDIA wins in the universe where people treat the loss of freedom caused by a proprietary device driver as an acceptable cost of doing business.
Having used classic Windows apps on an 8" tablet, I can't imagine any sane person wanting to run them on a phone
Not even on a phone paired to a keyboard and connected to a 24" external monitor?