Slashdot Mirror


User: tepples

tepples's activity in the archive.

Stories
0
Comments
68,260
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 68,260

  1. A fraction of a percent of a huge number on Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) · · Score: 1

    With two billion web users, even half a percent are ten million.

  2. python3 -m https.server on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    $ python3 -m https.server
    /usr/bin/python3: Error while finding spec for 'https.server' (<class 'ImportError'>: No module named 'https')

    The command lines you give start cleartext HTTP servers, not HTTPS servers. Unlike pages served by HTTPS servers and pages served by localhost, pages served by cleartext HTTP servers on any machine other than localhost are forbidden to access sensitive web APIs.

  3. Re:HTTPS only. Again. on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    You'll probably want a nice domain name for your app anyway, so running an internal DNS server is going to be desired anyway.

    Are you referring to a model in which the publisher of the app registers a domain, such as myapp.example, and allows the app's users to obtain certificates for subdomains inside *.users.myapp.example? That'd fail as soon as the app gets at least 20 new installs per week (source: Let's Encrypt Rate Limits).

    Or are you referring to a model in which each person who installs the app buys his or her own domain and sets up his or her own dynamic DNS server, making said server public so that Let's Encrypt can issue the certificate?

  4. Re:If not web, then what OS-independent platform? on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    systemd should be worrying about activating any hot-plugged multimedia devices that would affect the browser experience, and the browser doesn't need to know about it. It just needs to know what audio inputs and outputs it is allowed to use.

    Then how would a web application use Bluetooth devices other than multimedia devices, such as a Bluetooth pedometer?

  5. Re:If not web, then what OS-independent platform? on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    They're safer because I didn't start them

    You didn't start a web application either because you didn't whitelist the domain it came from in your script blocker.

  6. Re:Does Linux run Cocoa or WPF yet? on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    most can be ported from Win32 to POSIX and MFC to a cross-platform framework like Qt with minimal effort through existing migration frameworks (google them).

    Are you referring to Qt/MFC Migration Framework?

    That's just security in general, if I have the source and can recompile it then I can just remove the security bits.

    If a Bluetooth pedometer syncs its readings to a server through a free application on a PC, how should the operator of the server protect other users from seeing falsified data contributed through a modified application?

    What windows applications include inseparable coupling to kernel mode drivers?

    Support for connecting to iOS devices in iTunes for Windows is one example, as far as I understand.

    And of these applications which ones cannot simply dual license the driver component and why?

    Because proprietary driver components specific to the client application are "by their nature extensions of the covered work" and thus fail to qualify under the GPL's exception for an "aggregate".

  7. Re:If the host name should not be publically known on The Dark Side of Certificate Transparency (sans.edu) · · Score: 1

    The working plan is to provide such resources through the proxy's admin panel, along with step-by-step instructions for platforms where multiple manual user actions are required.

    Where "the proxy" was previously defined as "a small proxy system (physical or virtualized) that is configured to provide TLS service to LAN clients based on your internal CA". But in this case, the first access to "the proxy's admin panel" would itself produce a certificate error. How does the user access the device for the first time?

  8. You seem to think that TV channels have some sort of duty of care that their advertisements are legit.

    I know next to nothing about UK law other than that European law tends to be somewhat more protective of consumers than U.S. law. And even in the U.S., there is evidence of such a "duty of care that their advertisements are legit": the FCC has fined US cable TV networks millions of dollars for showing trailers for the film Olympus Has Fallen that included Emergency Alert System signals.

  9. Re:Why can't we leave it alone on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    Native apps are simpler, less complex, easier to develop

    So I've finished a native app for X11/Linux. How do I run it on anything but X11/Linux? In what way is developing five apps easier than developing one?

  10. Re: Why can't we leave it alone on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    Because developers want to deploy applications to users of Windows, macOS, X11/Linux, iOS, and Android. A native application works only on a single operating system

    Then build for those platforms instead

    Developing for one platform is less expensive than developing for five.

  11. Re:Homestar Runner; Weebl's Stuff; Newgrounds on Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) · · Score: 1

    The answer was "rent our software". License transfers for old versions of Flash can be found on the secondary market, but Adobe's HTML5 authoring tools are available only for rental through Creative Cloud.

  12. It appears Mozilla canceled Shumway on Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) · · Score: 1

    js+html+canvas API is a perfect way to encode vector animations, with similar compression ratios (assuming transport compression) as flash.

    I agree that Canvas or SVG would be the ideal solution going forward. Have you tried any non-Adobe tools for authoring such animations that you're willing to recommend? I don't want to rely on Adobe Animate because it's available only for rental.

    For legacy content, there is shumway.

    If Shumway could replace Flash Player the way pdf.js replaced the Adobe Reader plug-in, that would be great. But as far as I can tell, Mozilla canceled Shumway. There hasn't been a status report in over a year, and the graph of contributions to Git appears to have flatlined over the past 11 months.

  13. Re:Saving a few works of art on Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) · · Score: 1

    If someone cares enough to bother to preserve the animations then they'll be preserved.

    I care enough. But almost all countries also have a life plus 50 year or more copyright regime. So how should I go about tracking down the author of each such animation and seeking his permission to preserve it?

  14. Re:Homestar Runner; Weebl's Stuff; Newgrounds on Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) · · Score: 1

    Rendering the SWF to pixels and encoding the result in WebM is an imperfect solution, as it loses interactivity (a lot of SWFs on Newgrounds are games). It also bloats file size by a factor of ten in my tests, which isn't helpful for users on slow or harshly capped connections.

    All that shit's on YouTube now anyways.

    Games aren't, and for noninteractive animations, YouTube videos eat into a household's monthly cap faster than the original vector animations.

  15. Re:Homestar Runner; Weebl's Stuff; Newgrounds on Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) · · Score: 1

    The question has been answered many, many times before.

    And this time, I tried to phrase it specifically to avoid the ways in which I found the previous answers insufficient. Allow me to review the answers you linked:

    broken record Several "and nothing of value was lost"/"change your tastes"-type answers. Several suggestions to use SVG or Canvas, without any suggestion of tools for authoring such animations or for converting old ones. A suggestion to switch to Adobe Animate, which isn't even available for purchase. (It's a rental, like the rest of Creative Cloud.) A suggestion to beg each developer of a mouse-driven game to remake it as a mobile app and to discard keyboard-driven games. A lot of unanswered follow-ups. A suggestion to make stand-alone native applications to view vector animations, with a follow-up that porting them to all platforms is impractical. Complaints about lack of bookmarking and failure of hover to work on touch screens, with replies pointing out that JavaScript has both these problems. many Reply suggested discarding old animations and making new animations using HTML. A follow-up about affordable tools for authoring such animations went unanswered. many A reply suggested rendering old animations to video, which breaks games and bloats shorts. A reply suggesting SVG without mentioning tools. Later, phantomfive provided the only remotely useful answer with a list of tools, while someone else complained about playback performance.

    In addition, I was interested in what new solutions have appeared or become commonplace since last time I asked.

  16. Re:HTTPS only. Again. on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    So how do I make it secure without making it public?

  17. Re:Whiny Fanboy... but he has a point on Suicide Squad Fan Suing Studio For 'False Advertising' Over Lack of Joker Scenes (independent.co.uk) · · Score: 4, Interesting

    The article implies something close to step 1 was already tried: "I told the theatre about this unjust act and said ‘I didn’t get what I came here to see, can I have my money back?’ They laughed at me and kicked me out. So I’m now taking this to court." Hence your step 2.

  18. Re:Whiny Fanboy... but he has a point on Suicide Squad Fan Suing Studio For 'False Advertising' Over Lack of Joker Scenes (independent.co.uk) · · Score: 1

    That'd be an apt analogy if cinemas were also playing Suicide Squad Deluxe. I have seen no evidence that they are.

  19. Is the ad agency that produced the trailer also dissolved, as well as the television channels and theatres that carried the trailer?

  20. Homestar Runner; Weebl's Stuff; Newgrounds on Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) · · Score: 4, Interesting

    If Google grows a pair as you suggest, then existing vector animations using Flash (Homestar Runner, Weebl and Bob, Animutations, and user contributions to Newgrounds) will become unusable. Even if these are "and nothing of value was lost" to your personal taste, they aren't "and nothing of value was lost" to all viewers. Rendering the SWF to pixels and encoding the result in WebM is an imperfect solution, as it loses interactivity (a lot of SWFs on Newgrounds are games). It also bloats file size by a factor of ten in my tests, which isn't helpful for users on slow or harshly capped connections. So going forward, what will be the recommended way to exhibit old and new vector animations?

  21. Why Slashdot doesn't do Unicode (5:erocS) on Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) · · Score: 3, Interesting

    There was a time when Slashdot tried to support character encodings properly. Then vandals had to mess it up by embedding bidirectional override characters that broke the layout and spoofed moderation scores, and other vandals started using box drawing and CJK characters to make obscene glyph art. After this, Slashdot started to apply a code point whitelist. Yet somehow SoylentNews has implemented working UTF-8.

  22. Re:Why can't we leave it alone on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 2

    Because developers want to deploy applications to users of Windows, macOS, X11/Linux, iOS, and Android. A native application works only on a single operating system unless separate native applications are made for each operating system. If accessing local storage, the camera, Bluetooth, or other features of your computing device requires a native operating system, then it'll likely end up being your preferred operating system that gets left out.

  23. Does Linux run Cocoa or WPF yet? on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    And open source has solved the "not made for a particular PC's operating system" problem. Any vaguely popular OSS gets immediately ported to anything with a CPU

    How easy is it to port an application that uses an OS-specific GUI toolkit, such as Win32, MFC, WPF, or Cocoa, to X11/Linux?

    Besides, a lot of these applications are intentionally not free software because they use security through obscurity to deter users from violating the terms of the related online service. For example, a hacked client for a Bluetooth pedometer could allow users to falsify the sensor readings and thereby cheat at the "compare your daily activity to that of your friends" feature.

    Finally, no Windows application including a kernel-mode driver component can be usefully distributed under the GPLv3 because the "Installation Information" requirement of the GPLv3 is incompatible with the PKI for Windows kernel-mode drivers. As of Windows 10, only Microsoft can digitally sign a driver for distribution to the public, and only a corporation or LLC holding an EV code signing certificate from a commercial CA trusted by Microsoft can submit drivers to be signed.

  24. Re:If not web, then what OS-independent platform? on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 1

    Mail user agent does not run arbitrary scripts from unknown and untrusted third parties - at least none of the ones I've ever used.

    Then you must not have used Outlook Express back when it ran JavaScript in HTML mail by default.

    Those comcast emails I get with big holes in them? That's because my mail client thinks it would be utterly moronic to go fetch arbitrary HTML and javascript from the web and execute it.

    How long did it take developers of HTML mail clients to catch up to that?

  25. Re:HTTPS only. Again. on Chrome Is Nearly Ready To Talk To Your Bluetooth Devices (engadget.com) · · Score: 2

    A related but different question:

    I plan to develop an application that runs on a PC and acts as an HTTPS server that other PCs on the same home LAN can access. It cannot be accessed from the Internet; connections from outside 10/8, 172.16/12, or 192.168/16 are refused to protect the privacy of the information that the application stores.

    I want to make a web application instead of a native application so that I don't have to spend five times as long remaking the application for five different operating systems (Windows, macOS, X11/Linux, Android, and iOS).

    I have to use HTTPS instead of cleartext HTTP in order to make the page a secure context for sensitive web APIs. If a script on a cleartext HTTP origin other than the local machine attempts to access a sensitive web API, the browser will instead raise a security exception. Here are some examples of internal web applications that would need to use a sensitive web API:

    • An internal web app with functionality similar to Snapchat that operates only within a home would need Media Stream in order to use the camera, but Media Stream is HTTPS-only.
    • An internal web app to scan barcodes of products purchased at a grocery store would also need the camera.
    • A video streaming app wouldn't need HTTPS just to run, but it would need HTTPS to go full-screen.
    • A LAN game using WebGL would likewise need to go full-screen and/or set a pointer lock so that the player can aim with the mouse.
    • ObTopic: Likewise for a Bluetooth pedometer to count the steps that each member of the household has taken while wearing it.

    HTTPS is HTTP on TLS, and TLS needs a certificate. So what certificate should this app use? Should the app act as its own CA and require the user to install the app's root certificate on each machine that accesses it? I don't see how that would be practical for home users who aren't particularly tech-savvy.