And spending $800[1] to time-shift over-the-air television.
my kids gaming while playing Youtube videos
make them go outside and play
For one thing, I have no idea how to make the weather suitable for that on any given day. For another, stranger danger hysteria has increased since you grew up, to the point of parents getting arrested for letting their kids walk to and from the park.[2]
the telephone works just great for talking to people
Yeah, at $6 an hour for long distance on a landline. A better suggestion might have been to downgrade from video to voice over IP, which is billed at a much lower rate than POTS long distance.
How many of the tens of thousands of small businesses on whose websites crooks are trying millions of credential combinations can afford an annual subscription to said "commercially available data validation software packages"?
Just let me choose the channels I want. Maybe I don't need six channels of ESPN.
Local ABC affiliate: $20/mo ESPN, Disney Channel, Freeform, A&E, and several others: Included at no additional charge with ABC subscription through your participating multichannel pay TV provider
The closest thing to "something inherent about the Apple design" is Apple's tighter control over production of devices with Lightning and MagSafe connectors through refusal to license relevant patents. Android devices, on the other hand, use standardized USB micro-B and USB C connectors. Licenses for patents that cover standard USB connectors are offered under "FRAND" (uniform royalty) conditions. So any safe USB charger is a safe Android charger.
If you want to selectively block media types, you can do that using a browser extension installed on each PC. Or you can set up a proxy on localhost on each PC and have the browser installed on that PC trust that proxy's root certificate. Then you're back down to two parties being able to see the communication: the client and the localhost proxy, and the server. This regains blocking by media type but loses a shared cache.
It's also possible to configure your Squid proxy to behave differently on sites that are unusually privacy-sensitive using a stare rule. Log the SNI field of each ClientHello message from your proxy's clients. Build a list of which hostnames ought to be cached (high-traffic sites) or not (financial or medical sites), and be transparent with your users about the process of building this list. Bump (MITM) the high-traffic sites so that you can cache them, and splice (tunnel) the sensitive ones so that you can reassure users that your proxy isn't snooping this particular connection. The user will be able to tell whether a connection is through your proxy by looking at who issued the certificate. For example, in Firefox, one can click the lock in the URL bar, click the right arrow, and read "Verified by:".
On the other hand, see replies to bigjosh on Coding Horror Discourse, who expressed the same need for caching. One of the replies expresses a possibility that the fact of having read articles about a particular subject on Wikipedia might itself be sensitive even if Wikipedia is public and cacheable.
I should have been more specific that I was referring to the English-language dub, titled Spartakus and the Sun Beneath the Sea, not the French-language original, titled Les mondes engloutis.
Do you disbelieve that root-ca's in the US or other monitoring countries couldn't be forced to give out subordinated CA's to install @ ISP monitoring sites?
That's what "certificate transparency" is supposed to block.
MITM proxying that lowers security for all https sites (finance, et al.).
The problem might be related to the historic use of the scheme and port as a hint for whether or not it ought to be possible to treat a particular connection as Cache-Control: public or not. I'll have to think about how to most effectively express this problem to "encrypt all the things" types.
Simply by going w/HTTPS instead of HTTP creates increased server load and increased network latencies.
There are anecdotal reports that HTTP/2 over TLS can have less latency than cleartext HTTP/1.1. So if you add HTTP/2 to your MITM, you may be able to mitigate some of the TLS overhead.
From the time I connect to some sites, till I leave, google, et al, have encrypted connections going.
A hosts file or client-side tracking blocker extension works for HTTPS just as well as for cleartext HTTP.
Case in point: What "legal alternatives" would it recommend to someone caught pirating the TV series Spartakus and the Sun Beneath the Sea or the film Song of the South?
When you connect to an encrypted site, you really connect to your ISP's pass-through traffic decoder, which then passes another encrypted circuit on to wherever you were going.
That's true only if your ISP is using an intercepting proxy. Because the proxy's internal CA is not installed as a trusted root on a stock client, a stock client will display an "untrusted issuer" warning. So I imagine that networks serving only a minority of clients, such as corporate or school networks or ISPs in less-developed economies, would force an intercepting proxy on clients newly introduced to the network.
HTTPS safety is an "illusion" to get you to use it so you can't easily be selective about what you block or cache by site.
Blocking "by site" is still possible with HTTPS, as the Server Name Indication (SNI) field of the TLS ClientHello message contains the hostname in cleartext so that the server can know which virtual host's certificate to present. Intermediate caching or blocking at a finer level than "by site" does require MITM though.
Caching rate on HTTP sites -- 10-30 or higher %, on HTTPS -- 0%
Are you referring to caching on the client or caching on intermediate proxies? Clients cache HTTPS the same way they cache cleartext HTTP. Intercepting proxies cache HTTPS only if the user has chosen to trust the proxy.
That's what I meant by https "everywhere" harming security for those sites that have a legitimate need for it. By implementing a MITM proxy, it makes all https streams less secure.
Cleartext HTTP: Any router on the path can see the communication. HTTPS: Only three hosts can see the communication, namely the client, the server, and the corporate MITM.
It's still an improvement.
The more internal-proxies that implement MITM HTTPS for their internal needs/wants, the more pressure those not wanting those streams to be easily visible or cacheable will work to disable that "hole"
Are you referring to public key pinning? Native apps for smartphone-derived operating systems already do this as a common practice.
And to others, PC means a way to get work done while riding transit. This means a laptop. How many people actually build a laptop from a "barebook" kit?
A huge display isn't very useful if the smartphone-derived operating system's window manager doesn't allow displaying more than one app at once on that display.
Say you have a network connection via some form of wireless that gives you 10gb or more
And once I've burned through those 10 GB, which would take eight seconds at 10 Gbps, what else can I do for the rest of the month before my data plan resets?
Believe it or not, Android works fairly well with a mouse except for games and apps designed around swiping exclusively.
That and the fact that most devices haven't been upgraded to Android 7 "Nougat", the first version to incorporate tiling window management as a standard feature, as opposed to the maximized paradigm that smartphone-derived GUIs tend to impose.
The strict W^X policy in iOS forbids third-party applications from using "quality dynamic compilers". A page allocated as writable cannot be flipped to executable on request from a third-party application. The only dynamic compiler in iOS is the one in WebKit, and it won't compile anything but JavaScript.
You're not the first user to suggest moving. But several other users think "only a raving lunatic" would "live like a nomad chasing ISPs".
my Mother-in-law streaming Hulu
She should be watching television
And spending $800[1] to time-shift over-the-air television.
my kids gaming while playing Youtube videos
make them go outside and play
For one thing, I have no idea how to make the weather suitable for that on any given day. For another, stranger danger hysteria has increased since you grew up, to the point of parents getting arrested for letting their kids walk to and from the park.[2]
the telephone works just great for talking to people
Yeah, at $6 an hour for long distance on a landline. A better suggestion might have been to downgrade from video to voice over IP, which is billed at a much lower rate than POTS long distance.
[1] Estimated price of a TiVo DVR with an All-In subscription.
[2] See "5 Things Everyone Did Growing Up (That Now Get You Arrested) by Chan Teik Onn, "5 Things Your Parents Did (They'd Be Arrested For Today)" by C. Coville, "Cops called on Texas mom for son playing outside" by Philip Caulfield, "Mom Lets 4-Year-Old Play Outside, Faces Jail" by Elizabeth Armstrong Moore, and "When 'Stranger Danger' is actually the police and CPS" by Katherine Martinko.
Because a lot of U.S. cardmembers still don't have mobile phones with unmetered incoming SMS.
Do most desktop PCs have a suitable webcam? If not, buying one online may end up a Catch-22 once it comes time to pay.
How many of the tens of thousands of small businesses on whose websites crooks are trying millions of credential combinations can afford an annual subscription to said "commercially available data validation software packages"?
Just let me choose the channels I want. Maybe I don't need six channels of ESPN.
Local ABC affiliate: $20/mo
ESPN, Disney Channel, Freeform, A&E, and several others: Included at no additional charge with ABC subscription through your participating multichannel pay TV provider
Would you accept such a model?
There's no commercial free option for Sling, there's no commercial free version for PS Vue
Would you prefer $200 per month? Because that's what Sling and the like would cost if every channel were as expensive as HBO.
why pay for a service and still be saddled with commercials?
What would the film The Wizard be without commercials for NES games?
The closest thing to "something inherent about the Apple design" is Apple's tighter control over production of devices with Lightning and MagSafe connectors through refusal to license relevant patents. Android devices, on the other hand, use standardized USB micro-B and USB C connectors. Licenses for patents that cover standard USB connectors are offered under "FRAND" (uniform royalty) conditions. So any safe USB charger is a safe Android charger.
If you want to selectively block media types, you can do that using a browser extension installed on each PC. Or you can set up a proxy on localhost on each PC and have the browser installed on that PC trust that proxy's root certificate. Then you're back down to two parties being able to see the communication: the client and the localhost proxy, and the server. This regains blocking by media type but loses a shared cache.
It's also possible to configure your Squid proxy to behave differently on sites that are unusually privacy-sensitive using a stare rule. Log the SNI field of each ClientHello message from your proxy's clients. Build a list of which hostnames ought to be cached (high-traffic sites) or not (financial or medical sites), and be transparent with your users about the process of building this list. Bump (MITM) the high-traffic sites so that you can cache them, and splice (tunnel) the sensitive ones so that you can reassure users that your proxy isn't snooping this particular connection. The user will be able to tell whether a connection is through your proxy by looking at who issued the certificate. For example, in Firefox, one can click the lock in the URL bar, click the right arrow, and read "Verified by:".
On the other hand, see replies to bigjosh on Coding Horror Discourse, who expressed the same need for caching. One of the replies expresses a possibility that the fact of having read articles about a particular subject on Wikipedia might itself be sensitive even if Wikipedia is public and cacheable.
Such as mostly newer laptops. Bay Trail stuff in particular, such as the ASUS T100TA and X205TA, took a while for basic functionality to be supported in Debian and other distressed. Bluetooth and screen brightness are still broken on the T100TA.
I should have been more specific that I was referring to the English-language dub, titled Spartakus and the Sun Beneath the Sea, not the French-language original, titled Les mondes engloutis.
Do you disbelieve that root-ca's in the US or other monitoring countries couldn't be forced to give out subordinated CA's to install @ ISP monitoring sites?
That's what "certificate transparency" is supposed to block.
MITM proxying that lowers security for all https sites (finance, et al.).
The problem might be related to the historic use of the scheme and port as a hint for whether or not it ought to be possible to treat a particular connection as Cache-Control: public or not. I'll have to think about how to most effectively express this problem to "encrypt all the things" types.
Simply by going w/HTTPS instead of HTTP creates increased server load and increased network latencies.
There are anecdotal reports that HTTP/2 over TLS can have less latency than cleartext HTTP/1.1. So if you add HTTP/2 to your MITM, you may be able to mitigate some of the TLS overhead.
From the time I connect to some sites, till I leave, google, et al, have encrypted connections going.
A hosts file or client-side tracking blocker extension works for HTTPS just as well as for cleartext HTTP.
When the notice states that the "infringing file" was a Ubuntu ISO image. . . . . This was years ago
Was this around July 2011, when Emacs was discovered to include copyright infringements? Or around June 2012, when certain falling block games were ruled to infringe copyright, with M-x tetris in Emacs possibly next on the hit list of a video game developer who thinks free software should never have existed because it destroys the market?
Case in point: What "legal alternatives" would it recommend to someone caught pirating the TV series Spartakus and the Sun Beneath the Sea or the film Song of the South?
Provided that such laptops are even manufactured in the desired size. Manufacturers largely gave up 10" laptops in favor of tablets in late 2012.
When you connect to an encrypted site, you really connect to your ISP's pass-through traffic decoder, which then passes another encrypted circuit on to wherever you were going.
That's true only if your ISP is using an intercepting proxy. Because the proxy's internal CA is not installed as a trusted root on a stock client, a stock client will display an "untrusted issuer" warning. So I imagine that networks serving only a minority of clients, such as corporate or school networks or ISPs in less-developed economies, would force an intercepting proxy on clients newly introduced to the network.
HTTPS safety is an "illusion" to get you to use it so you can't easily be selective about what you block or cache by site.
Blocking "by site" is still possible with HTTPS, as the Server Name Indication (SNI) field of the TLS ClientHello message contains the hostname in cleartext so that the server can know which virtual host's certificate to present. Intermediate caching or blocking at a finer level than "by site" does require MITM though.
Caching rate on HTTP sites -- 10-30 or higher %, on HTTPS -- 0%
Are you referring to caching on the client or caching on intermediate proxies? Clients cache HTTPS the same way they cache cleartext HTTP. Intercepting proxies cache HTTPS only if the user has chosen to trust the proxy.
That's what I meant by https "everywhere" harming security for those sites that have a legitimate need for it. By implementing a MITM proxy, it makes all https streams less secure.
Cleartext HTTP: Any router on the path can see the communication.
HTTPS: Only three hosts can see the communication, namely the client, the server, and the corporate MITM.
It's still an improvement.
The more internal-proxies that implement MITM HTTPS for their internal needs/wants, the more pressure those not wanting those streams to be easily visible or cacheable will work to disable that "hole"
Are you referring to public key pinning? Native apps for smartphone-derived operating systems already do this as a common practice.
Those were taken by the European Union, Gabon, and Canada respectively.
Is there a timetable to ensure that important features can be used without JavaScript or with only free JavaScript? The Savannah code hosting service, based on a fork of the software that SourceForge uses, appears to work without any proprietary JavaScript.
And to others, PC means a way to get work done while riding transit. This means a laptop. How many people actually build a laptop from a "barebook" kit?
a display as big as you can handle
A huge display isn't very useful if the smartphone-derived operating system's window manager doesn't allow displaying more than one app at once on that display.
Say you have a network connection via some form of wireless that gives you 10gb or more
And once I've burned through those 10 GB, which would take eight seconds at 10 Gbps, what else can I do for the rest of the month before my data plan resets?
Until you discover that a particular game that you want to play isn't ported to the console you have but is available for both Windows and X11/Linux.
What are people using to make the apps, edited videos, and the like that are played on said "Android based phones and tablets"?
Believe it or not, Android works fairly well with a mouse except for games and apps designed around swiping exclusively.
That and the fact that most devices haven't been upgraded to Android 7 "Nougat", the first version to incorporate tiling window management as a standard feature, as opposed to the maximized paradigm that smartphone-derived GUIs tend to impose.
The strict W^X policy in iOS forbids third-party applications from using "quality dynamic compilers". A page allocated as writable cannot be flipped to executable on request from a third-party application. The only dynamic compiler in iOS is the one in WebKit, and it won't compile anything but JavaScript.