Home users who bought a printer or NAS appliance tend not to already own a domain. Should buying a domain be considered part of the total cost of ownership of home networking?
Part 1 applies only to Samsung tablet owners. With both Galaxy Note 7 phones and more recently the company's washing machines exploding, I imagine that a lot of people have crossed that company off their short list.
As for part 2, most appear to be launchers, one requires root, one is just a file manager with its own quasi-MDI controls, and the most promising (Multi Screen) unfortunately lacks any sort of APK or Play Store link.
Available exclusively for Nexus 9 and Nexus 10. All Nexus products have since been discontinued. Or is the feature worth tracking down a used tablet?
> since some years ago I haven't care anymore about local storage. The main reason being I carry my important contents in usb drives
And guess what tablets can't always mount. I had a Nexus 7 (2012) tablet and an OTG cable, and it failed to do anything when I plugged in a flash drive.
> It's already possible to do a lot of tasks with Android.
Is lightweight hobby software development among them?
Oh, and BTW, a conventional notebook with 1366x768 resolution is very bad for multiwindow OSes.
On a 1024x600 pixel netbook, I can at least set up two 80-column editors or terminals side by side using a 6-pixel-wide font, so I can see both a program's source code and its output.
At least, I could run some apps which would provide a split screen even without the need of a multiwindow OS
Any recommendations for Android apps that pair a web browser with a text editor? Or a source code editor with its output window, as in IDLE (Python IDE)?
> [The proprietary iOS platform is popular] Only in a few countries (most English-speaking plus Norway, Sweden, Switzerland and Japan)
And guess where the market for an English-speaking developer is located.
> I don't know how many variants of that falling pieces game exist -- yet none uses the audio theme, visuals or the name "Tetris".
It was ruled that the copyright applies to the use of the set of the seven pieces that can be made from four square blocks. A game using differently shaped pieces would not infringe but would also not allow anywhere near the same tactics. A sports analogy would be the NFL having exclusive rights to the oblong ball used in gridiron football and trying to use that against USFL and XFL.
> Microsoft and Apple know a thing or two about [setting up an overseas subsidiary]
They're big enough to afford consultants for multinational expansion. I don't see how micro-ISVs can afford the same.
Finally, you get to use new HTML5 features. A lot of the newer features are only available to encrypted sites
Say I want to run a web server on a private network, such as a home NAS, and allow HTML5 playback of videos stored on this NAS. But there has been talk of restricting the Fullscreen API to secure contexts because of the potential for phishing. So how would I go about encrypting a server that doesn't have its own domain name, especially if I want visitors to my home to be able to see the videos in the full screen but not a scary self-signed certificate warning?
This will be noticed when the user tries to visit a couple sites that do use HSTS, such as Google, Facebook, Twitter, or anything else in the preload list.
The easiest way to switch a legacy service to HTTPS is to install an NGINX reverse proxy in front of it.
Provided it has its own fully-qualified domain name.
If a service accessible over a LAN is normally accessed with a private IP address (such as one in 192.168/16), or with a hostname under a phony TLD (such as.local), the CAs won't issue a certificate. This is true, for example, of the HTTP server for administering a router, printer, or NAS. Mozilla's FAQ about deprecation of cleartext HTTP acknowledges this problem but offers no fix yet:
Q. What about my home router? Or my printer?
The challenge here is not that these machines can't do HTTPS, it's that they're not provisioned with a certificate. A lot of times, this is because the device doesn’t have a globally unique name, so it can't be issued a certificate in the same way that a web site can. There is a legitimate need for better technology in this space, and we’re talking to some device vendors about how to improve the situation.
It should also be noted, though, that the gradual nature of our plan means that we have some time to work on this. As noted above, everything that works today will continue to work for a while, so we have some time to solve this problem.
You can trust HTTP as much as you can trust DNS. That's why automated CAs hit a site from several different paths through the Internet. The only practical way the MITM can compromise the validation is by being on the server's only uplink.
And don't bring up DNSSEC until the root is signed with a key longer than 1024 bits.
Not only does most stuff not need to be HTTPS, it often destroys caching
Your browser can cache resources delivered through HTTPS as easily as through cleartext HTTP.
lowers battery life, and hurts performance
This was true until most battery-powered laptops, tablets, and smartphones started shipping with support inside the CPU for commonly used ciphers.
but also.... how does Google know these statistics unless they are freely admitting that they have major spyware in their non-open, binary-only Chrome browser?
In both Google Chrome and its free subset Chromium, users can opt in or out of synchronizing bookmarks and history across all devices on the same Google account.
Neither am I. If a site is public, you can obtain certificates without charge from Let's Encrypt.
adding that heavy overhead to read only sites
Most of the overhead in TLS is in the setup and teardown of connections. And even that is mostly mitigated by keep-alive, HTTP/2, or large files. Podcasts are large files.
It's the browser acting as if a self signed certificate is less secure than no certificate.
Browser makers find it important to accurately report the truth of the sense of security. A self-signed certificate used with the https: scheme gives a false sense of security, whereas the http: scheme gives a true sense of insecurity.
Let's encrypt may be better, but it depends on how browsers decide to treat domain-validated certificates.
The only browser I've ever seen that warns for valid domain-validated certificates is Comodo Dragon. Any certificate that isn't at least organization-validated causes Dragon to show the "mixed passive content" icon in the location bar and an amber interstitial, which resembles the red interstitial for an untrusted issuer and has text to this effect:
It may not be safe to exchange information with this site
The security (or SSL) certificate for this website indicates that the organization operating it may not have undergone trusted third-party validation that it is a legitimate business. Although the information passed between you and this website will be encrypted, you have no assurance of who you are actually exchanging information with, and many websites connected to cyber-crimes use this type of security certificate. Prior to exchanging sensitive information including login/password, personal identity information, or financial details such as credit card numbers with any website that generates this warning, you should find some alternative method of validating this business or consider abandoning the transaction.
And then the firmware will beg you to wipe the machine right back to "OS verification" (that is, the factory image) every single time you turn it on. If you've installed a "regular" GNU/Linux distro on your Chromebook, you have to make sure nobody else has physical access to it even for a moment, or they'll end up tempted to inadvertently wipe it.
I guess that depends on how much plausible deniability is built into a particular site's hostname. If you're on diabetesrecipes.info, for example, then your ISP can already see diabetesrecipes.info in cleartext in the Server Name Indication field of the TLS handshake. If the client doesn't send this field, the HTTPS server where diabetesrecipes.info is hosted won't know which certificate to send out of the hundreds of sites on the same IP address.
yes, there have been ISPs with aggressive proxies that can (and did) insert/modify content. If you cannot trust your ISP, you have other problems that SSL won't always fix.
Unfortunately, most of us are not in a position to move our families within the service area of a trustworthy ISP, if there even is a trustworthy ISP in our home country or any other country to which we hold an entry visa.
Don't you think the restaurant would catch on if one MAC address comes to a particular restaurant every weekday and visits webmail and a bunch of job hunting sites for a couple hours?
The library in my town opens from 8:00 am to 9:00 pm M-F and 9:00 am to 6:00 pm on weekends. Do you really work so many hours at your barista gig that you can't make it down to the library after or before work?
Let me list the hours of the branch within walking distance of my house:
Monday through Wednesday: 9 AM to 9 PM Thursday and Friday: 9 AM to 6 PM Saturday: Closed (Saturday before last Monday in May through Saturday before first Monday in September); 9 AM to 6 PM (rest of year) Sunday: Closed
So if someone is working the equivalent of two part-time jobs to make ends meet, it's easy to construct a plausible work schedule in which he can't visit the library at 9 AM and catch the bus to work on time nor leave work and catch the bus to the library before 6 PM. This means from Thursday through Sunday, someone who relies on Internet access at the public library would be completely disconnected.
The cell phone is useless if you have run out of data transfer allowance for the month or if you have switched to a flip phone in order not to be forced by your carrier into buying a data plan to begin with. The local library is useless if its doors are closed for the evening or weekend whenever you are off the minimum-wage or nearly so job that provides no facility for Internet use by employees but at which you are working to make ends nearly meet while searching for a job that pays a living wage.
Are you seriously suggesting that the proper "fix' for Microsoft removing the option to schedule update downloads is to move to another location to change ISPs?
It is not a proper fix. But in the long run, there is no truly proper fix for proprietary software other than uninstallation. Switching to an ISP with at least a double digit cap works around not only Microsoft's squandering of bandwidth but also that of websites that have both video ads and anti-adblock.
A fourth workaround, other than WLAN, registry editing, or moving, is using GNU/Linux, possibly including replacing your hardware with compatible hardware.
Use your external domain and create sub domains.
Home users who bought a printer or NAS appliance tend not to already own a domain. Should buying a domain be considered part of the total cost of ownership of home networking?
> https://tunesgo.wondershare.co...
Part 1 applies only to Samsung tablet owners. With both Galaxy Note 7 phones and more recently the company's washing machines exploding, I imagine that a lot of people have crossed that company off their short list.
As for part 2, most appear to be launchers, one requires root, one is just a file manager with its own quasi-MDI controls, and the most promising (Multi Screen) unfortunately lacks any sort of APK or Play Store link.
> http://www.howtogeek.com/18934...
That's about Xposed, which requires root. Now that Nexus products have been discontinued, which is the go-to rootable 9 to 10 inch Android tablet?
> http://www.pcmag.com/news/3436...
Available exclusively for Nexus 9 and Nexus 10. All Nexus products have since been discontinued. Or is the feature worth tracking down a used tablet?
> since some years ago I haven't care anymore about local storage. The main reason being I carry my important contents in usb drives
And guess what tablets can't always mount. I had a Nexus 7 (2012) tablet and an OTG cable, and it failed to do anything when I plugged in a flash drive.
> It's already possible to do a lot of tasks with Android.
Is lightweight hobby software development among them?
Oh, and BTW, a conventional notebook with 1366x768 resolution is very bad for multiwindow OSes.
On a 1024x600 pixel netbook, I can at least set up two 80-column editors or terminals side by side using a 6-pixel-wide font, so I can see both a program's source code and its output.
At least, I could run some apps which would provide a split screen even without the need of a multiwindow OS
Any recommendations for Android apps that pair a web browser with a text editor? Or a source code editor with its output window, as in IDLE (Python IDE)?
> [The proprietary iOS platform is popular] Only in a few countries (most English-speaking plus Norway, Sweden, Switzerland and Japan)
And guess where the market for an English-speaking developer is located.
> I don't know how many variants of that falling pieces game exist -- yet none uses the audio theme, visuals or the name "Tetris".
It was ruled that the copyright applies to the use of the set of the seven pieces that can be made from four square blocks. A game using differently shaped pieces would not infringe but would also not allow anywhere near the same tactics. A sports analogy would be the NFL having exclusive rights to the oblong ball used in gridiron football and trying to use that against USFL and XFL.
> Microsoft and Apple know a thing or two about [setting up an overseas subsidiary]
They're big enough to afford consultants for multinational expansion. I don't see how micro-ISVs can afford the same.
Carry a laptop computer and a flip phone that can only talk and text.
Anyone else trying that will first need to buy a domain with which to do ACME over DNS, correct?
Finally, you get to use new HTML5 features. A lot of the newer features are only available to encrypted sites
Say I want to run a web server on a private network, such as a home NAS, and allow HTML5 playback of videos stored on this NAS. But there has been talk of restricting the Fullscreen API to secure contexts because of the potential for phishing. So how would I go about encrypting a server that doesn't have its own domain name, especially if I want visitors to my home to be able to see the videos in the full screen but not a scary self-signed certificate warning?
and block port 443
This will be noticed when the user tries to visit a couple sites that do use HSTS, such as Google, Facebook, Twitter, or anything else in the preload list.
There's also the expense and upkeep of maintaining current certificates. I have 100+ sites
Then set up Certbot or another ACME client to renew certificates for 100+ of these sites, and put it on a cron job.
If HTTPS becomes the default, then what becomes the default way to obtain a certificate for a web server on a private LAN?
The easiest way to switch a legacy service to HTTPS is to install an NGINX reverse proxy in front of it.
Provided it has its own fully-qualified domain name.
If a service accessible over a LAN is normally accessed with a private IP address (such as one in 192.168/16), or with a hostname under a phony TLD (such as .local), the CAs won't issue a certificate. This is true, for example, of the HTTP server for administering a router, printer, or NAS. Mozilla's FAQ about deprecation of cleartext HTTP acknowledges this problem but offers no fix yet:
You can trust HTTP as much as you can trust DNS. That's why automated CAs hit a site from several different paths through the Internet. The only practical way the MITM can compromise the validation is by being on the server's only uplink.
And don't bring up DNSSEC until the root is signed with a key longer than 1024 bits.
Not only does most stuff not need to be HTTPS, it often destroys caching
Your browser can cache resources delivered through HTTPS as easily as through cleartext HTTP.
lowers battery life, and hurts performance
This was true until most battery-powered laptops, tablets, and smartphones started shipping with support inside the CPU for commonly used ciphers.
but also.... how does Google know these statistics unless they are freely admitting that they have major spyware in their non-open, binary-only Chrome browser?
In both Google Chrome and its free subset Chromium, users can opt in or out of synchronizing bookmarks and history across all devices on the same Google account.
I am not going to pay for a fucking SSL cert
Neither am I. If a site is public, you can obtain certificates without charge from Let's Encrypt.
adding that heavy overhead to read only sites
Most of the overhead in TLS is in the setup and teardown of connections. And even that is mostly mitigated by keep-alive, HTTP/2, or large files. Podcasts are large files.
It's the browser acting as if a self signed certificate is less secure than no certificate.
Browser makers find it important to accurately report the truth of the sense of security. A self-signed certificate used with the https: scheme gives a false sense of security, whereas the http: scheme gives a true sense of insecurity.
Let's encrypt may be better, but it depends on how browsers decide to treat domain-validated certificates.
The only browser I've ever seen that warns for valid domain-validated certificates is Comodo Dragon. Any certificate that isn't at least organization-validated causes Dragon to show the "mixed passive content" icon in the location bar and an amber interstitial, which resembles the red interstitial for an untrusted issuer and has text to this effect:
Then use an ACME client that doesn't require administrator privilege, in particular one that uses the DNS challenge instead of the HTTP challenge.
And then the firmware will beg you to wipe the machine right back to "OS verification" (that is, the factory image) every single time you turn it on. If you've installed a "regular" GNU/Linux distro on your Chromebook, you have to make sure nobody else has physical access to it even for a moment, or they'll end up tempted to inadvertently wipe it.
I guess that depends on how much plausible deniability is built into a particular site's hostname. If you're on diabetesrecipes.info, for example, then your ISP can already see diabetesrecipes.info in cleartext in the Server Name Indication field of the TLS handshake. If the client doesn't send this field, the HTTPS server where diabetesrecipes.info is hosted won't know which certificate to send out of the hundreds of sites on the same IP address.
yes, there have been ISPs with aggressive proxies that can (and did) insert/modify content. If you cannot trust your ISP, you have other problems that SSL won't always fix.
Unfortunately, most of us are not in a position to move our families within the service area of a trustworthy ISP, if there even is a trustworthy ISP in our home country or any other country to which we hold an entry visa.
Don't you think the restaurant would catch on if one MAC address comes to a particular restaurant every weekday and visits webmail and a bunch of job hunting sites for a couple hours?
The library in my town opens from 8:00 am to 9:00 pm M-F and 9:00 am to 6:00 pm on weekends. Do you really work so many hours at your barista gig that you can't make it down to the library after or before work?
Let me list the hours of the branch within walking distance of my house:
Monday through Wednesday: 9 AM to 9 PM
Thursday and Friday: 9 AM to 6 PM
Saturday: Closed (Saturday before last Monday in May through Saturday before first Monday in September); 9 AM to 6 PM (rest of year)
Sunday: Closed
So if someone is working the equivalent of two part-time jobs to make ends meet, it's easy to construct a plausible work schedule in which he can't visit the library at 9 AM and catch the bus to work on time nor leave work and catch the bus to the library before 6 PM. This means from Thursday through Sunday, someone who relies on Internet access at the public library would be completely disconnected.
The cell phone is useless if you have run out of data transfer allowance for the month or if you have switched to a flip phone in order not to be forced by your carrier into buying a data plan to begin with. The local library is useless if its doors are closed for the evening or weekend whenever you are off the minimum-wage or nearly so job that provides no facility for Internet use by employees but at which you are working to make ends nearly meet while searching for a job that pays a living wage.
Are you seriously suggesting that the proper "fix' for Microsoft removing the option to schedule update downloads is to move to another location to change ISPs?
It is not a proper fix. But in the long run, there is no truly proper fix for proprietary software other than uninstallation. Switching to an ISP with at least a double digit cap works around not only Microsoft's squandering of bandwidth but also that of websites that have both video ads and anti-adblock.
Do you have any idea how ridiculous that sounds?
Apparently a dozen other users of Slashdot don't.
Why can't one automate the registry edits?
A fourth workaround, other than WLAN, registry editing, or moving, is using GNU/Linux, possibly including replacing your hardware with compatible hardware.
Yes. As I understand I4ko's post, the feature is "required by regulation". Without it, there is the big fat goose egg of 0 revenue.