If you can verify that the vault always leaves your machine encrypted
How is that possible when the GUI half of the LastPass client is not part of the lastpass-cli repository or any other repository owned by the LastPass organization?
That's no longer required since Xcode 7 if you're not distributing your apps, but a $150/year* sufficiently recent Mac is required, unless the computer that you already use for other things happens to be a sufficiently recent Mac.
* Estimate based on dividing the price of a Mac mini by its expected four-year update life.
That's not the complete corresponding source code to everything in the executable. It's the source code to lastpass-cli, not the source code to the GUI that wraps it. One or both of the following could be the case:
A. The source code in lastpass-cli is not the source code that gets built in the proprietary client. B. Even if it is, the proprietary GUI component could be passing data to a server independently from the components disclosed as part of lastpass-cli.
Are you recommending that a business distribute an application that relies on jailbreaking, which in turn relies on a security defect that Apple can close at any time?
Good luck turning a macOS binary made "with a proper multi-OS toolkit" into the corresponding Windows, GNU/Linux, or Android binary made with the same toolkit. Or good luck convincing the publisher to distribute the source code of its proprietary application to the public so that you can do the recompilation and the fixing of inevitable platform-related bugs yourself.
In my limited experience with Amazon Linux on an EC2 VPS at work, it has felt essentially the same as any other RPM distribution. What's the big difference between this and CentOS?
You are assuming that a web-based spreadsheet is a sane idea.
It's a less insane idea than a Mac-based spreadsheet that you can't run because your computer happens not to be a Mac, or a Windows-based spreadsheet that you can't run because your computer happens not to have a Windows license or to even have an x86-64 CPU in the first place, such as "mobile" (here meaning an ARM-powered device running a smartphone-derived operating system).
The only ways to go around the store are even more expensive: A. buy a Mac for each of your iOS users so that they can install the application from source code using Xcode, or B. the iOS Developer Enterprise Program, which requires employing all your users.
and with Qt you don't have to do anything but recompile.
Is there a guide to using a Linux PC to cross-compile a Qt application for Windows, macOS, Android, and iOS? And how can one be sure that it will work across all platforms without testing, as opposed to inadvertently relying on implementation-defined, unspecified, or undefined behaviors that differ between the various platforms' Qt backends?
So once your script determines that a particular certificate needs to be renewed, makes a CSR, and obtains a renewed certificate, how do you automate installation? Not all shared hosting providers offer an API to install a renewed certificate without human intervention.
Windows XP reaching EOL only means that Microsoft stopped supporting it
We have chosen not to support an operating system that its publisher no longer supports. Because the operating system is proprietary software and will never see another security update, we can assume that a device running that operating system is likely to be infected with a keylogger or other malware that makes the browsing session unusably insecure, installed through exploiting a defect in the operating system published around or after the time that the operating system's publisher ended support. See Forever day bugs.
"standards compliant [...] JS" can assume the use of touch gestures, such as slide to change pages. Or it can assume the usefulness of mouseover events.
"standards compliant [...] CSS" can make links small and close together.
the easiest path for Amazon [to offer validation] would be to make only a Libreoffice version and simply dump Excel to reduce development costs. Or do the right thing and provide an online tool for that
In that case, each submission to said "online tool" would count against the quota, which is one of the things that client-side prevalidation is supposed to avoid. At least that's how Amazon's competitor eBay does it: a feed to add product listings to eBay can be set in "VerifyAdd" mode, but VerifyAdd actions count against the user's quota just as much as Add actions do.
writing code for hobby projects while riding transit to and from one's day job [] is one thing I use my laptop for
I drive a car and cannot work while commuting (at least not yet).
Neither can I while cycling to and from work, but I take the bus when weather is not amenable to cycling, such as during snow or heavy rain.
Not having a big screen (like a notebook's) is a hindrance (in e.g. a train), but carrying one all the time is also annoying.
It was less annoying when 10.1" laptops were widely available. Now it's mostly tablets whose window manager enforces a window management policy of all maximized all the time, at least over the next year or so until tablets running Android 7 "Nougat" fill retail channels and applications are updated to support Nougat.
I'm not thinking about some kind of homebrew OS. I'm thinking mainstream Android, for instance.
"Mainstream Android" versions 6 and earlier don't support split screen between different apps. And devices shipping with versions back to 5.1 were still being sold new as of October 2016.
when developing one mostly sends code which is way less bulkier.
The images and audio files that the code reads and displays or plays are still bulky, especially if the application is graphical as opposed to command-line and text-based.
network speed grows faster than Moore's law
Because the quantity demanded also grows with network speed, in part caused by growth of user base, the price doesn't move very much from 1 cent per megabyte. In addition, the carriers require each subscriber to buy a minimum amount of data transfer allowance, priced at hundreds of USD per year, in order to qualify for a data plan at all. So it's either pay hundreds or wait to sync until arriving at home or work where Internet access over the WLAN either is unmetered or has a monthly quota high enough not to worry about, such as the 1000 GB/mo quota of Xfinity by Comcast. Historically, laptops running a mainstream desktop operating system have had more storage, and their applications have had better support for working offline and connecting occasionally, than tablets running a mainstream smartphone operating system.
Nowadays people are somewhat careful to avoid as much as possible such "proprietary software license agreements".
I disagree that this is anywhere near the case, especially in the home and small business segments. People still buy iPhone and iPad devices running proprietary iOS when Android devices are available, they still use Google Play Store when F-Droid is available, and they still buy major brand laptop PCs running Windows or macOS when System76 and Dell XPS Developer Edition laptops are available. They accept "an inferior, limited product" because the free alternative is insufficient for the use case.
And this will end like Adobe Acrobat Reader for Linux did -- old, unsupported and superseded by good enough alternatives like Okular.
Again, good enough up until the first time you end up dealing with a company or government agency that has bought into PDF form submission.
See, for example, Tetris v. Xio, as well as Microsoft's threats ag
Everything else is a security risk and should not be part of the browser. That's what 'desktop apps' were for, and they worked very well thank you very much.
How well does a web application made for Safari for macOS work on Chrome for Windows or Linux? Reasonably well.
How well does a desktop application made for macOS work on anything but a Mac?
I don't even want a site to know whether I'm on a "mobile" device.
Then watch it assume you're on a mobile device and require use of drag gestures to view the next or previous page. Or watch it assume you're on a desktop computer and end up with tiny text, mouseovers, and links smaller than your fingertip.
Absolutely, those are applications. I'm talking about web pages, the things that display information and you can navigate around.
The line between the two is by no means bright. For example, is a discussion forum such as Slashdot a "page" or an "application"?
Javascript programs are implicitly open source
A minified program in JavaScript is not "the preferred form of a work for making modifications to it".
so just use open source programs that use a multiplatform framework like Qt. Problem solved.
If you make a web application, you have to test it on each major browser engine. In practice, this means Chrome, Firefox, Edge, and initially using Chrome as a proxy for Safari. But if you change from offering one web application to offering five native applications, you end up having to compile, test, and deploy on all five platforms' stores. Several of those (Windows UWP, Mac App Store, iOS) have annual fees, and several require purchase of a particular brand of premium-priced computer on which to develop and test the application (in particular iOS, development for which requires a sufficiently recent Mac). So would it be reasonable for an application developer to offer its web application for use without charge but charge a fee for the native applications in order to recoup the cost of their development?
In which case that host sucks and customers should stop using them.
Many hosting plans are paid annually rather than monthly. If someone has paid ahead for several months of hosting, a $5 per year Comodo certificate valid until the date that the hosting is up for renewal would be cheaper than forgoing several months of paid-for services.
Some out there claim you need a separate IP address even though you don't [with Server Name Indication].
Only for the past two and a half years has that been true. Because Internet Explorer on Windows XP didn't support Server Name Indication, compatibility with all major supported web browsers required a separate IPv4 address for each certificate. This changed in mid-April 2014 when Windows XP reached end of life. I think a lot of shared web hosts didn't offer SNI because they wanted to reduce the cost of support calls from users of combinations of browser and operating system that are incompatible with SNI.
DreamHost among others has builtin support for Let's Encrypt.
I switched to WebFaction in December 2012 because it offered SNI, unlike the hosting I had at the time. Did DreamHost offer SNI hosting back in 2012, or was it cleartext- or dedicated IP-only back then?
Windows 10 other than Enterprise has no UI for disabling updates, nor for setting an Ethernet connection as "metered". When someone connects a desktop computer to a satellite modem, it's through an Ethernet cable. But it's still metered, on the order of $5 to $10 per gigabyte. Or when someone tethers a laptop computer to a smartphone through a USB cable, the phone appears to the computer as an Ethernet adapter. But it's still metered, with pricing at a similar order of magnitude.
Unlike service packs to Windows 10, service packs and update rollups to Windows XP and Windows 7 weren't multiple gigabytes.
And yet, touch is the most common way we interact with computers today. Wow.
True, in the case of devices devoted to a single task at once, if not a single task altogether. But what's "the most common way we interact with computers" that are capable of displaying more than one application at once, such as one in which to read and one in which to write?
If you're trying to keep both the head and legs in frame, and you're already zoomed out as far as your device's lens goes, what is the alternative to vertical video?
stop using my "real computer" as an excuse to require my browser run your needless javascript.
Please clarify your comment. In your opinion, is there necessary JavaScript, or is all JavaScript "needless" to you?
There are plenty of web applications that could not be created without script, and plenty more that would be horribly inefficient (full page reload per click and/or hundreds of iframes on one screen) without script. Good luck making a web-based paint program or spreadsheet without script. And if you say those apps should be native instead of using the web platform, good luck running a Mac-only app on your Windows PC or a Windows-only app on your Mac.
If you can verify that the vault always leaves your machine encrypted
How is that possible when the GUI half of the LastPass client is not part of the lastpass-cli repository or any other repository owned by the LastPass organization?
Purchase $100/year Apple developer license
That's no longer required since Xcode 7 if you're not distributing your apps, but a $150/year* sufficiently recent Mac is required, unless the computer that you already use for other things happens to be a sufficiently recent Mac.
* Estimate based on dividing the price of a Mac mini by its expected four-year update life.
Look up "tort of deceit" and "non-disclosure agreement" and "false advertising". Even if it isn't a crime, it can still be grounds for a civil suit.
If your biometrics are compromised, how can they be revoked and reissued without harming you?
That's not the complete corresponding source code to everything in the executable. It's the source code to lastpass-cli, not the source code to the GUI that wraps it. One or both of the following could be the case:
A. The source code in lastpass-cli is not the source code that gets built in the proprietary client.
B. Even if it is, the proprietary GUI component could be passing data to a server independently from the components disclosed as part of lastpass-cli.
Are you recommending that a business distribute an application that relies on jailbreaking, which in turn relies on a security defect that Apple can close at any time?
Good luck turning a macOS binary made "with a proper multi-OS toolkit" into the corresponding Windows, GNU/Linux, or Android binary made with the same toolkit. Or good luck convincing the publisher to distribute the source code of its proprietary application to the public so that you can do the recompilation and the fixing of inevitable platform-related bugs yourself.
In my limited experience with Amazon Linux on an EC2 VPS at work, it has felt essentially the same as any other RPM distribution. What's the big difference between this and CentOS?
You are assuming that a web-based spreadsheet is a sane idea.
It's a less insane idea than a Mac-based spreadsheet that you can't run because your computer happens not to be a Mac, or a Windows-based spreadsheet that you can't run because your computer happens not to have a Windows license or to even have an x86-64 CPU in the first place, such as "mobile" (here meaning an ARM-powered device running a smartphone-derived operating system).
You don't need to use "stores"
The only ways to go around the store are even more expensive: A. buy a Mac for each of your iOS users so that they can install the application from source code using Xcode, or B. the iOS Developer Enterprise Program, which requires employing all your users.
and with Qt you don't have to do anything but recompile.
Is there a guide to using a Linux PC to cross-compile a Qt application for Windows, macOS, Android, and iOS? And how can one be sure that it will work across all platforms without testing, as opposed to inadvertently relying on implementation-defined, unspecified, or undefined behaviors that differ between the various platforms' Qt backends?
So once your script determines that a particular certificate needs to be renewed, makes a CSR, and obtains a renewed certificate, how do you automate installation? Not all shared hosting providers offer an API to install a renewed certificate without human intervention.
Windows XP reaching EOL only means that Microsoft stopped supporting it
We have chosen not to support an operating system that its publisher no longer supports. Because the operating system is proprietary software and will never see another security update, we can assume that a device running that operating system is likely to be infected with a keylogger or other malware that makes the browsing session unusably insecure, installed through exploiting a defect in the operating system published around or after the time that the operating system's publisher ended support. See Forever day bugs.
"standards compliant [...] JS" can assume the use of touch gestures, such as slide to change pages. Or it can assume the usefulness of mouseover events.
"standards compliant [...] CSS" can make links small and close together.
the easiest path for Amazon [to offer validation] would be to make only a Libreoffice version and simply dump Excel to reduce development costs. Or do the right thing and provide an online tool for that
In that case, each submission to said "online tool" would count against the quota, which is one of the things that client-side prevalidation is supposed to avoid. At least that's how Amazon's competitor eBay does it: a feed to add product listings to eBay can be set in "VerifyAdd" mode, but VerifyAdd actions count against the user's quota just as much as Add actions do.
writing code for hobby projects while riding transit to and from one's day job [] is one thing I use my laptop for
I drive a car and cannot work while commuting (at least not yet).
Neither can I while cycling to and from work, but I take the bus when weather is not amenable to cycling, such as during snow or heavy rain.
Not having a big screen (like a notebook's) is a hindrance (in e.g. a train), but carrying one all the time is also annoying.
It was less annoying when 10.1" laptops were widely available. Now it's mostly tablets whose window manager enforces a window management policy of all maximized all the time, at least over the next year or so until tablets running Android 7 "Nougat" fill retail channels and applications are updated to support Nougat.
I'm not thinking about some kind of homebrew OS. I'm thinking mainstream Android, for instance.
"Mainstream Android" versions 6 and earlier don't support split screen between different apps. And devices shipping with versions back to 5.1 were still being sold new as of October 2016.
when developing one mostly sends code which is way less bulkier.
The images and audio files that the code reads and displays or plays are still bulky, especially if the application is graphical as opposed to command-line and text-based.
network speed grows faster than Moore's law
Because the quantity demanded also grows with network speed, in part caused by growth of user base, the price doesn't move very much from 1 cent per megabyte. In addition, the carriers require each subscriber to buy a minimum amount of data transfer allowance, priced at hundreds of USD per year, in order to qualify for a data plan at all. So it's either pay hundreds or wait to sync until arriving at home or work where Internet access over the WLAN either is unmetered or has a monthly quota high enough not to worry about, such as the 1000 GB/mo quota of Xfinity by Comcast. Historically, laptops running a mainstream desktop operating system have had more storage, and their applications have had better support for working offline and connecting occasionally, than tablets running a mainstream smartphone operating system.
Nowadays people are somewhat careful to avoid as much as possible such "proprietary software license agreements".
I disagree that this is anywhere near the case, especially in the home and small business segments. People still buy iPhone and iPad devices running proprietary iOS when Android devices are available, they still use Google Play Store when F-Droid is available, and they still buy major brand laptop PCs running Windows or macOS when System76 and Dell XPS Developer Edition laptops are available. They accept "an inferior, limited product" because the free alternative is insufficient for the use case.
And this will end like Adobe Acrobat Reader for Linux did -- old, unsupported and superseded by good enough alternatives like Okular.
Again, good enough up until the first time you end up dealing with a company or government agency that has bought into PDF form submission.
See, for example, Tetris v. Xio, as well as Microsoft's threats ag
Everything else is a security risk and should not be part of the browser. That's what 'desktop apps' were for, and they worked very well thank you very much.
How well does a web application made for Safari for macOS work on Chrome for Windows or Linux? Reasonably well.
How well does a desktop application made for macOS work on anything but a Mac?
I don't even want a site to know whether I'm on a "mobile" device.
Then watch it assume you're on a mobile device and require use of drag gestures to view the next or previous page. Or watch it assume you're on a desktop computer and end up with tiny text, mouseovers, and links smaller than your fingertip.
Absolutely, those are applications. I'm talking about web pages, the things that display information and you can navigate around.
The line between the two is by no means bright. For example, is a discussion forum such as Slashdot a "page" or an "application"?
Javascript programs are implicitly open source
A minified program in JavaScript is not "the preferred form of a work for making modifications to it".
so just use open source programs that use a multiplatform framework like Qt. Problem solved.
If you make a web application, you have to test it on each major browser engine. In practice, this means Chrome, Firefox, Edge, and initially using Chrome as a proxy for Safari. But if you change from offering one web application to offering five native applications, you end up having to compile, test, and deploy on all five platforms' stores. Several of those (Windows UWP, Mac App Store, iOS) have annual fees, and several require purchase of a particular brand of premium-priced computer on which to develop and test the application (in particular iOS, development for which requires a sufficiently recent Mac). So would it be reasonable for an application developer to offer its web application for use without charge but charge a fee for the native applications in order to recoup the cost of their development?
In which case that host sucks and customers should stop using them.
Many hosting plans are paid annually rather than monthly. If someone has paid ahead for several months of hosting, a $5 per year Comodo certificate valid until the date that the hosting is up for renewal would be cheaper than forgoing several months of paid-for services.
Some out there claim you need a separate IP address even though you don't [with Server Name Indication].
Only for the past two and a half years has that been true. Because Internet Explorer on Windows XP didn't support Server Name Indication, compatibility with all major supported web browsers required a separate IPv4 address for each certificate. This changed in mid-April 2014 when Windows XP reached end of life. I think a lot of shared web hosts didn't offer SNI because they wanted to reduce the cost of support calls from users of combinations of browser and operating system that are incompatible with SNI.
DreamHost among others has builtin support for Let's Encrypt.
I switched to WebFaction in December 2012 because it offered SNI, unlike the hosting I had at the time. Did DreamHost offer SNI hosting back in 2012, or was it cleartext- or dedicated IP-only back then?
Windows 10 other than Enterprise has no UI for disabling updates, nor for setting an Ethernet connection as "metered". When someone connects a desktop computer to a satellite modem, it's through an Ethernet cable. But it's still metered, on the order of $5 to $10 per gigabyte. Or when someone tethers a laptop computer to a smartphone through a USB cable, the phone appears to the computer as an Ethernet adapter. But it's still metered, with pricing at a similar order of magnitude.
Unlike service packs to Windows 10, service packs and update rollups to Windows XP and Windows 7 weren't multiple gigabytes.
good luck running [a Linux executable] from '96 against a modern /lib.
I thought that's what a chroot was for.
And yet, touch is the most common way we interact with computers today. Wow.
True, in the case of devices devoted to a single task at once, if not a single task altogether. But what's "the most common way we interact with computers" that are capable of displaying more than one application at once, such as one in which to read and one in which to write?
I've used a laptop on the loo plenty often. Laptops appear to count as desktops for purposes of this survey.
If you're trying to keep both the head and legs in frame, and you're already zoomed out as far as your device's lens goes, what is the alternative to vertical video?
To bystanders, people will look like they are conducting an invisible orchestra.
And ending up with sore arms. Certain input methods depicted in the film Minority Report are a recipe for gorilla arm.
stop using my "real computer" as an excuse to require my browser run your needless javascript.
Please clarify your comment. In your opinion, is there necessary JavaScript, or is all JavaScript "needless" to you?
There are plenty of web applications that could not be created without script, and plenty more that would be horribly inefficient (full page reload per click and/or hundreds of iframes on one screen) without script. Good luck making a web-based paint program or spreadsheet without script. And if you say those apps should be native instead of using the web platform, good luck running a Mac-only app on your Windows PC or a Windows-only app on your Mac.