I conceded the original question, namely "can Mac binaries run outside a Mac?", and raised two new questions, namely "can Mac GUI binaries run outside a Mac?" and "can iOS binaries run outside an iOS device?". You called this "moving the goalposts". Under what conditions is it acceptable to ask a second question, provided it is not represented as the original question?
I had never heard of Darling, a Darwin program loader for Linux. That's a start. I may check every few months to see if there's progress toward running GUI applications.
So let me amend my claim: Good luck running a native iOS binary off an iPhone or iPad. Even the device simulator in Xcode is said to emulate a fictional Intel-based iOS device so that it can use an x86 VMM as opposed to a true emulator.
You need some assembly language to get the processor from real mode into protected or long mode. Therefore, by your "all aspects" definition, C is not a programming language.
If it's just a web "page", a document for reading as opposed to an actual web application, you don't need updates smaller than a full page. And if you don't need fine-grained updates, you don't really need JavaScript. Instead, the server can create the final DOM, serialize that DOM to HTML, and send the HTML to the browser. Form prevalidation can use the new HTML5 input types.
It's pretty lame comparing slow-as-mud + heavyweight scripting languages - even worse, ones that are remotely interpreted at the client, rather than actually run at the server -- with serious programming languages (and serious programmers.)
If you prefer that apps be "actually run at the server" and made in "serious programming languages", how would such apps display their results to the user? Would it be better if we were accessing applications through X11 protocol instead of through HTTP, HTML, CSS, and JavaScript? Or what protocol to access remote applications (with smaller view update granularity than the full page) would you prefer instead?
Would WebAssembly be preferable to JavaScript? Because without JavaScript and without WebAssembly, the only possible interaction is following a link or submitting a form and getting a reload of the entire page. This rules out a lot of use cases.
When push comes to shove, it should be possible to have a 'normal' ad-allowing browser fetch everything that is on the site, but which is 'invisible' to the actual user of the computer, and which *then* get transferred to the 'visible' browser, while - locally, as it were - the ads get removed.
On which machine would this "'normal' ad-allowing browser" run? Are you describing something that won't do anything to keep autoplaying video ads in non-video articles from using an excessive fraction of a cellular or satellite Internet subscriber's monthly data transfer quota, or are you describing Opera Mini?
True, practice not meeting theory led to Heartbleed. But Heartbleed woke the industry, and now audits of free software have become somewhat more common. Audits for binary blobs aren't practical at all.
Two of them are easy. "Encrypted" means served through HTTPS. "Ad choice supported" means supporting the YourAdChoices control to turn interest-based ad delivery on and off.
The other two are a bit more vague, but Google iab non-invasive ads returns IAB Tech Lab Solutions with a bit more explanation. "Light" means a maximum data size, as specified in IAB Creative Guidelines. "Non-invasive" means that ads do not cover the body of the article, and ads other than an interstitial before a video body do not automatically play audio.
Present adtech delivers the text of an article through the initial HTML document and advertisements through scripts loaded asynchronously. This means the text of the article is available to the user before the style sheet, images, ad delivery scripts, and the like. A full implementation of access control would encrypt everything in the article below the abstract or lead section so that cleartext isn't available until the ad delivery script has run.
Or should I shut up and not give publishers any ideas?
Say you're researching a topic, and you end up hitting a bunch of dead links because the operator of their respective servers could no longer afford to keep the lights on. Then Somebody Else's Problem becomes your problem.
Banks I'll grant. They're unusual in that financial industry regulations mean they have the most to lose if a script is found to be unsafe. Healthcare sites are up there as well because of HIPAA (or foreign counterparts).
For sites in less regulated industries, how should a user go about finding whether a site's scripts are safe to add to the user's whitelist?
Then why do you not have a little star next to your name on slashdot?
Because Slashdot hasn't sold subscriptions for well over a year. From subscribe.pl:
Please Note: Buying or gifting of a new subscription is not available at the moment. We apologize for the inconvenience.
During the Dice Holdings era, Slashdot instead experimented with giving a "Disable Advertising" checkbox to users with Excellent (25-50) karma to encourage them to provide and moderate comments. After Slashdot and SourceForge were sold to BIZX six months ago, this ended as well.
Then put JavaScript on a whitelist, and have the UI for editing this whitelist geolocate the IP of each hostname so that you can be more cautious about servers in countries where you can't sue.
For one thing, I do most of my shopping on smile.amazon.com so that Electronic Frontier Foundation. A source is somewhat less likely to attack that vector.
But even if it does, security is a process of which the hosts file is one layer and PKI is another. The server will have to present an X.509 certificate for names smile.amazon.com or www.amazon.com (as appropriate) when my browser connects to port 443. A fake server's certificate won't be issued by either A. a CA certified by Mozilla or B. a self-signed CA that the Perspectives extension reports as consistent.
Windows itself is proprietary and requires admin privilege to run.
But seriously: On Windows, writing to %windir%\system32\drivers\etc\hosts requires administrative privileges. You can instead have APK Hosts File Engine generate the hosts file in your own profile and then use File Explorer to copy it to %windir%\system32\drivers\etc\hosts.
So what should they do? Go back to the past. Sell static banners/small animated gifs. No javascript, no flash, no tracking, no malware. Simply sell static ad space for X amount of money per Y amount of time.
Sell ad space to whom? Your "no tracking" rule appears to rule out ad networks and ad exchanges in favor of each publisher* having to run its own ad sales department. So what can the publisher of a smallish site do to find enough advertisers to buy most of its inventory? And how can this publisher assure advertisers that the view and click statistics that it provides are accurate?
While they're at it, why not program it in case the user doesn't have a monitor?
Bad example, as screen readers (such as JAWS, Window-Eyes, and NVDA) do just that. In fact, Windows 10 is still available without charge for licensed users of Windows 7 or 8.1 who use assistive technologies such as text-to-speech.
Because a separate device for each job is e-wasteful.
But you have to remember, we never signed a contract with teh internetz that these folk have some sort of right to existence.
You signed up for a Slashdot account, and Slashdot is ad-supported.
In the meantime, if a site won't let me in, I just look it as if I caught a 404.
If I see such a "404" in a story or comment on Slashdot, should I report it in a reply, as I've done here?
I conceded the original question, namely "can Mac binaries run outside a Mac?", and raised two new questions, namely "can Mac GUI binaries run outside a Mac?" and "can iOS binaries run outside an iOS device?". You called this "moving the goalposts". Under what conditions is it acceptable to ask a second question, provided it is not represented as the original question?
I had never heard of Darling, a Darwin program loader for Linux. That's a start. I may check every few months to see if there's progress toward running GUI applications.
So let me amend my claim: Good luck running a native iOS binary off an iPhone or iPad. Even the device simulator in Xcode is said to emulate a fictional Intel-based iOS device so that it can use an x86 VMM as opposed to a true emulator.
a native binary is insensitive to machine environments
Good luck running a binary made for a Mac on any machine environment other than a Mac.
(Legally.)
You need some assembly language to get the processor from real mode into protected or long mode. Therefore, by your "all aspects" definition, C is not a programming language.
If it's just a web "page", a document for reading as opposed to an actual web application, you don't need updates smaller than a full page. And if you don't need fine-grained updates, you don't really need JavaScript. Instead, the server can create the final DOM, serialize that DOM to HTML, and send the HTML to the browser. Form prevalidation can use the new HTML5 input types.
It's pretty lame comparing slow-as-mud + heavyweight scripting languages - even worse, ones that are remotely interpreted at the client, rather than actually run at the server -- with serious programming languages (and serious programmers.)
If you prefer that apps be "actually run at the server" and made in "serious programming languages", how would such apps display their results to the user? Would it be better if we were accessing applications through X11 protocol instead of through HTTP, HTML, CSS, and JavaScript? Or what protocol to access remote applications (with smaller view update granularity than the full page) would you prefer instead?
Would WebAssembly be preferable to JavaScript? Because without JavaScript and without WebAssembly, the only possible interaction is following a link or submitting a form and getting a reload of the entire page. This rules out a lot of use cases.
When push comes to shove, it should be possible to have a 'normal' ad-allowing browser fetch everything that is on the site, but which is 'invisible' to the actual user of the computer, and which *then* get transferred to the 'visible' browser, while - locally, as it were - the ads get removed.
On which machine would this "'normal' ad-allowing browser" run? Are you describing something that won't do anything to keep autoplaying video ads in non-video articles from using an excessive fraction of a cellular or satellite Internet subscriber's monthly data transfer quota, or are you describing Opera Mini?
By adding a RAM SSD and putting the swap file on it. Then the SOC's internal RAM becomes in effect a cache for your RAM SSD.
When is the last time you check all the code.
True, practice not meeting theory led to Heartbleed. But Heartbleed woke the industry, and now audits of free software have become somewhat more common. Audits for binary blobs aren't practical at all.
http://c2.com/cgi/wiki?TheKenThompsonHack
Obsoleted by the David A. Wheeler defense.
This is just expensive hipster stuff with an ugly 3d printed case, no merit...
The merit is ability to show to suits that there exists a market for modular battery-powered computers with additive manufactured cases.
My computer, my decision as to what gets downloaded and displayed on it.
Their site, their decision as to whether to replace articles with a "turn off your ad blocker" message.
And then as soon as the browser pauses the connection 1 MB into the page load, things on the page stop moving around.
Two of them are easy. "Encrypted" means served through HTTPS. "Ad choice supported" means supporting the YourAdChoices control to turn interest-based ad delivery on and off.
The other two are a bit more vague, but Google iab non-invasive ads returns IAB Tech Lab Solutions with a bit more explanation. "Light" means a maximum data size, as specified in IAB Creative Guidelines. "Non-invasive" means that ads do not cover the body of the article, and ads other than an interstitial before a video body do not automatically play audio.
Present adtech delivers the text of an article through the initial HTML document and advertisements through scripts loaded asynchronously. This means the text of the article is available to the user before the style sheet, images, ad delivery scripts, and the like. A full implementation of access control would encrypt everything in the article below the abstract or lead section so that cleartext isn't available until the ad delivery script has run.
Or should I shut up and not give publishers any ideas?
Say you're researching a topic, and you end up hitting a bunch of dead links because the operator of their respective servers could no longer afford to keep the lights on. Then Somebody Else's Problem becomes your problem.
Banks I'll grant. They're unusual in that financial industry regulations mean they have the most to lose if a script is found to be unsafe. Healthcare sites are up there as well because of HIPAA (or foreign counterparts).
For sites in less regulated industries, how should a user go about finding whether a site's scripts are safe to add to the user's whitelist?
Then why do you not have a little star next to your name on slashdot?
Because Slashdot hasn't sold subscriptions for well over a year. From subscribe.pl:
During the Dice Holdings era, Slashdot instead experimented with giving a "Disable Advertising" checkbox to users with Excellent (25-50) karma to encourage them to provide and moderate comments. After Slashdot and SourceForge were sold to BIZX six months ago, this ended as well.
The subscription page for the red site, on the other hand, is up and running:
Then put JavaScript on a whitelist, and have the UI for editing this whitelist geolocate the IP of each hostname so that you can be more cautious about servers in countries where you can't sue.
APK Hosts File Engine is proprietary because APK fears that a malware author would rebrand it the way Chromium was rebranded as eFast.
For one thing, I do most of my shopping on smile.amazon.com so that Electronic Frontier Foundation. A source is somewhat less likely to attack that vector.
But even if it does, security is a process of which the hosts file is one layer and PKI is another. The server will have to present an X.509 certificate for names smile.amazon.com or www.amazon.com (as appropriate) when my browser connects to port 443. A fake server's certificate won't be issued by either A. a CA certified by Mozilla or B. a self-signed CA that the Perspectives extension reports as consistent.
Windows itself is proprietary and requires admin privilege to run.
But seriously: On Windows, writing to %windir%\system32\drivers\etc\hosts requires administrative privileges. You can instead have APK Hosts File Engine generate the hosts file in your own profile and then use File Explorer to copy it to %windir%\system32\drivers\etc\hosts.
So what should they do? Go back to the past. Sell static banners/small animated gifs. No javascript, no flash, no tracking, no malware. Simply sell static ad space for X amount of money per Y amount of time.
Sell ad space to whom? Your "no tracking" rule appears to rule out ad networks and ad exchanges in favor of each publisher* having to run its own ad sales department. So what can the publisher of a smallish site do to find enough advertisers to buy most of its inventory? And how can this publisher assure advertisers that the view and click statistics that it provides are accurate?
* Operator of an ad-funded site