But a whitelist requires more diligence to maintain if you don't want to turn a PC into a game console
A whitelist is a gateway to an app store only system with censorship and lack of choice.
That's sort of what I was getting at. It really depends on by whom it's managed. Some PC owners can be trusted to maintain their own whitelist; others can't.
If by an experienced user
A whitelist managed by an experienced user is highly effective, as described in an article by Roger A. Grimes and a SANS white paper. It's even better when you have a couple such users to handle application evaluation requests in a company's IT department.
If by an inexperienced home PC owner
A malware publisher can social engineer a user to approve malware. Some people actually prefer censorship because they don't trust themselves to perform the "vigilance" that is "the price of liberty".[1] In fact, ease of use is why game consoles are still around, as what some consider "censorship" others consider "peace of mind that I won't irreversibly break something". But a solution requires precisely defining "censorship", as malware authors would claim that they're being "censored".
[1] Thomas U. P. Charlton. The Life of Major General James Jackson. Augusta: Randolph & Co., 1809.
Some SSDs use lossless data compression (analogous to gzip) to pack more sectors into fewer physical pages so that they don't have to spend quite as much time erasing pages. To avoid this possibility, you might want to use a cipher to generate noise that the drive's firmware cannot compress.
Without adding file system hooks to the kernel, how should a real-time antivirus tool trap attempts to read potentially infected files?
Sometimes I think the PC Matic guys are right: a whitelist is a more reliable way to block malware. But a whitelist requires more diligence to maintain if you don't want to turn a PC into a game console, and diligence is something sorely lacking in the non-technical majority.
You can't get into the venue in the first place without putting a $500 authorization (or "hold") on your credit card. If you're thrown out, they capture the authorization.
Of course one reason to look up a song is because you misheard some lyrics and want to know what the song was.
Misheard lyrics are more likely to pull up misheard lyric sites like amiright.com, provided that someone else misheard them the same way. Unlike the major lyrics sites, these don't have quite the same pressing need to license lyrics from the publishers, as there's a clearer fair use argument for their presentation of 1- or 2-line snippets in the context of comment on the vocal style of a popular recording.
Google would prefer that you buy and carry a smartphone and subscribe to cellular data so that you can use the Song Search widget in Google Play Music.
Bad Lip Reading version
What about the misheard Bad Lip Reading version? "Every iPhone poops because it isn't an Android and should be destroyed"
Another potential option: Chromebook and a Linux VPS.
If I'm not mistaken, you're referring to leasing a VPS and using it as an app server through SSH, X11, VNC, or RDP from your online Chromebook. This might be useful for someone who is online all the time, such as someone who A. drives, B. rides transit in an area where transit provides Wi-Fi, or C. already subscribes to a tetherable cellular data plan and has more data allowance left at the end of the month than he knows what to do with. (Someone like me would have to subscribe to cellular data in order to enter category C.) How much data per hour does X11, VNC, or RDP over an SSH tunnel typically use, so I can go to Ting.com and calculate the cost of this fourth option?
Even if it is plausible, plausibility isn't the standard for a tort conviction. The standard is "preponderance", or "balance of probabilities", or "more likely than not", or 51 percent probability. If your access point has three or more users, the probability drops to one-third or less unless the copyright owner can show more evidence that you performed the infringement.
"If electronic devices prompt the user to perform acts that cause data loss for the device's owner, accept this misfortune and keep your electronics under lock and key." Is that what I'm supposed to take away from this?
A Chromebook can be used in verified mode or developer mode. Verified mode cannot run user applications written in languages other than JavaScript. Switching modes requires wiping the drive. Every time a Chromebook is started in developer mode, the firmware offers to switch back to verified mode. Pressing Space (at the prompt to press Space) then Enter (at the prompt to press Enter) begins a wipe and switch; waiting 30 seconds or pressing Ctrl+D (instead of Space) continues the developer mode boot process. Ostensibly this is to ensure that the user is transmitting his Google Account credentials only to a process trusted by Google. But the fear is that an uninformed user other than the Chromebook's owner, especially someone living with or visiting the owner, may follow the prompts and thereby cause data loss for the owner.
Then let me offer a personal experience in a similar situation that is not hypothetical. Years ago, my brother was using the custom graphics editor in The Print Shop on an Apple II computer. While I was taking a shower, he accepted the offer to "initialize" a floppy disk to store a graphic that he had created, not knowing what "initialize" meant. Data loss ensued.
You mention the article "How to Install Ubuntu Linux on Your Chromebook with Crouton" by Chris Hoffman.
Every time you turn on a Chromebook that has Crouton installed, it'll prompt you to wipe the drive. Even if you know to press Ctrl+D to skip the prompt, someone else won't.
I thought the Chromebook Pixel was already some kind of high-end hardware, am I wrong? What more could you want from a $1000+ laptop that runs an android-flavoured OS?
You may have conflated the Chromebook Pixel, which runs Chrome OS, with its successor the Pixel C, which runs Android. To which did you refer?
If you're referring to the Pixel C
More than one window on the screen. The Pixel C doesn't have and won't get any form of split-screen multitasking. From Devindra Hardawar's review on Engadget: "Using one app at a time is [...] no way to get through a day's worth of computing." Using a computer is more difficult if you cannot see a document and the notes you are taking on that document at once. What good is a full-screen calculator?
If you're referring to the Chromebook Pixel
The ability to write and test code on the laptop in a language other than JavaScript. A Chromebook can be switched from OS verification mode to developer mode for use with Crouton, but every time you turn on a Chromebook in developer mode, its firmware prompts the user to "press space to re-enable OS verification". If you happen to be at the machine, you can press Ctrl+D to skip the prompt, but if anybody else turns it on, they'll probably press Space in an attempt to "be helpful". And because a mode switch wipes the drive, you'll lose all work that you haven't yet backed up as well as the use of the Chromebook until you can get back to a desktop or traditional laptop with which to reinstall Crouton.
we already want to make the game as reasonably portable as possible so we can put in on PC, consoles, and possibly mobile--ie, often Android.
I don't see how one game can work well on both consoles and mobile, especially if isn't inherently a point-and-click game. Consoles have a thumbstick and buttons as their primary input device. The vast majority of Android devices* have a touch screen. If you try to adapt a game designed for a thumbstick and buttons to a touch screen the trivial way, by putting a D-pad and buttons on a flat sheet of glass the way emulators do, you get something like Pixeline and the Jungle Treasure. It's a platformer in the vein of Super Mario Bros. or Giana Sisters. When I tried it on my Nexus 7 (2012) tablet, it was a pain in the ass to play because I kept accidentally pressing outside the active area of the on-screen controls due to lack of any sort of tactile feedback as to where my thumbs were. (Pairing a Bluetooth keyboard solves it but also somewhat defeats the point of mobile.) The workaround to make a platformer work with a touch screen often involves simplifying it to an endless runner.
* Most Android devices are not OUYA, SHIELD, JXD, or GameStick.
The desire to release a game on both Windows and various consoles
A developer that has been approved by ID@Xbox but told "not yet" by SCE and Nintendo is likely to target Windows and Xbox One. Or in other words, Windows and Windows.
So when I setup doubleclick.wired.com, and point it's A records to a double click server so they can serve you ads, and that server also hosts doubleclick.othersite.com
The possibility of delegating a subdomain to a third party raises deep philosophical issues of what is considered to be part of someone's "domain". But I mentioned the same public-suffix-plus-one policy because it's also the rule used for the scope of an HTTP cookie. A script on doubleclick.wired.com would have a less easy time correlating me with doubleclick.othersite.com because a particular site can set a cookie only for the same public-suffix-plus-one.
But if they do figure out how to track despite lack of third-party cookies, even a same-origin policy wouldn't be sufficient, as the user agent can't tell whether a request to wired.com load balancer retrieves from WIRED's origin server or from its DoubleClick proxy.
But a whitelist requires more diligence to maintain if you don't want to turn a PC into a game console
A whitelist is a gateway to an app store only system with censorship and lack of choice.
That's sort of what I was getting at. It really depends on by whom it's managed. Some PC owners can be trusted to maintain their own whitelist; others can't.
If by an experienced user A whitelist managed by an experienced user is highly effective, as described in an article by Roger A. Grimes and a SANS white paper. It's even better when you have a couple such users to handle application evaluation requests in a company's IT department. If by an inexperienced home PC owner A malware publisher can social engineer a user to approve malware. Some people actually prefer censorship because they don't trust themselves to perform the "vigilance" that is "the price of liberty".[1] In fact, ease of use is why game consoles are still around, as what some consider "censorship" others consider "peace of mind that I won't irreversibly break something". But a solution requires precisely defining "censorship", as malware authors would claim that they're being "censored".[1] Thomas U. P. Charlton. The Life of Major General James Jackson. Augusta: Randolph & Co., 1809.
plus a big "NOTICE: this computer can't run normal programs + details" label on the side to reduce buyer's remorse
Does the label mention Wine, which can run many but not all Windows desktop applications?
Some SSDs use lossless data compression (analogous to gzip) to pack more sectors into fewer physical pages so that they don't have to spend quite as much time erasing pages. To avoid this possibility, you might want to use a cipher to generate noise that the drive's firmware cannot compress.
Without adding file system hooks to the kernel, how should a real-time antivirus tool trap attempts to read potentially infected files?
Sometimes I think the PC Matic guys are right: a whitelist is a more reliable way to block malware. But a whitelist requires more diligence to maintain if you don't want to turn a PC into a game console, and diligence is something sorely lacking in the non-technical majority.
And what if you dont have a credit card because your application was declined for some reason?
The same way you bought the ticket to the show or reserved the hotel room: use a debit card with at least $500 of available balance.
You can't get into the venue in the first place without putting a $500 authorization (or "hold") on your credit card. If you're thrown out, they capture the authorization.
Of course one reason to look up a song is because you misheard some lyrics and want to know what the song was.
Misheard lyrics are more likely to pull up misheard lyric sites like amiright.com, provided that someone else misheard them the same way. Unlike the major lyrics sites, these don't have quite the same pressing need to license lyrics from the publishers, as there's a clearer fair use argument for their presentation of 1- or 2-line snippets in the context of comment on the vocal style of a popular recording.
Google would prefer that you buy and carry a smartphone and subscribe to cellular data so that you can use the Song Search widget in Google Play Music.
Bad Lip Reading version
What about the misheard Bad Lip Reading version? "Every iPhone poops because it isn't an Android and should be destroyed"
Another potential option: Chromebook and a Linux VPS.
If I'm not mistaken, you're referring to leasing a VPS and using it as an app server through SSH, X11, VNC, or RDP from your online Chromebook. This might be useful for someone who is online all the time, such as someone who A. drives, B. rides transit in an area where transit provides Wi-Fi, or C. already subscribes to a tetherable cellular data plan and has more data allowance left at the end of the month than he knows what to do with. (Someone like me would have to subscribe to cellular data in order to enter category C.) How much data per hour does X11, VNC, or RDP over an SSH tunnel typically use, so I can go to Ting.com and calculate the cost of this fourth option?
Thank you. After the discontinuation of netbooks, I've been looking for something to replace mine. Now I know there are two now and one coming soon:
Even if it is plausible, plausibility isn't the standard for a tort conviction. The standard is "preponderance", or "balance of probabilities", or "more likely than not", or 51 percent probability. If your access point has three or more users, the probability drops to one-third or less unless the copyright owner can show more evidence that you performed the infringement.
Is this Native Client?
Can C++ Chrome apps be built directly on the device, or must they be cross-compiled?
splitscreen multitasking [...] will be core functionality for all Android devices on N.
That's good to hear. Thank you for the update.
"If electronic devices prompt the user to perform acts that cause data loss for the device's owner, accept this misfortune and keep your electronics under lock and key." Is that what I'm supposed to take away from this?
A Chromebook can be used in verified mode or developer mode. Verified mode cannot run user applications written in languages other than JavaScript. Switching modes requires wiping the drive. Every time a Chromebook is started in developer mode, the firmware offers to switch back to verified mode. Pressing Space (at the prompt to press Space) then Enter (at the prompt to press Enter) begins a wipe and switch; waiting 30 seconds or pressing Ctrl+D (instead of Space) continues the developer mode boot process. Ostensibly this is to ensure that the user is transmitting his Google Account credentials only to a process trusted by Google. But the fear is that an uninformed user other than the Chromebook's owner, especially someone living with or visiting the owner, may follow the prompts and thereby cause data loss for the owner.
Hypothetical
Then let me offer a personal experience in a similar situation that is not hypothetical. Years ago, my brother was using the custom graphics editor in The Print Shop on an Apple II computer. While I was taking a shower, he accepted the offer to "initialize" a floppy disk to store a graphic that he had created, not knowing what "initialize" meant. Data loss ensued.
You've outlined two possibilities:
I find A far more likely than B, especially for someone who knows about laptops in general but doesn't know about Chromebook firmware.
Would you have preferred VBScript?
Never mind the fact that converting from a string to a var will OVERFLOW and NOT be EXACT.
Then don't do it? It's like saying "hey, that gun will kill someone if u pull the trigger while pointing at them!" - duh.
Google any big int lib.
Could you share your experience with the runtime performance (or lack thereof) of available big int libs for JavaScript?
You answered your own complaint... use strict equals.
Do there also exist strict less than and strict greater than?
Didn't they just introduce modules?
What they did "just introduce" is irrelevant as long as the client remains stuck on ECMAScript 5.
any JS developer worth their salary
Perhaps the problem is that the gotchas in the language make most ECMAScript developers not "worth their salary" by that measure.
Booting Linux via Crouton is trivial.
Until someone else turns it on and presses Space. Then what happens to your data?
You mention the article "How to Install Ubuntu Linux on Your Chromebook with Crouton" by Chris Hoffman.
Every time you turn on a Chromebook that has Crouton installed, it'll prompt you to wipe the drive. Even if you know to press Ctrl+D to skip the prompt, someone else won't.
I thought the Chromebook Pixel was already some kind of high-end hardware, am I wrong? What more could you want from a $1000+ laptop that runs an android-flavoured OS?
You may have conflated the Chromebook Pixel, which runs Chrome OS, with its successor the Pixel C, which runs Android. To which did you refer?
If you're referring to the Pixel C More than one window on the screen. The Pixel C doesn't have and won't get any form of split-screen multitasking. From Devindra Hardawar's review on Engadget: "Using one app at a time is [...] no way to get through a day's worth of computing." Using a computer is more difficult if you cannot see a document and the notes you are taking on that document at once. What good is a full-screen calculator? If you're referring to the Chromebook Pixel The ability to write and test code on the laptop in a language other than JavaScript. A Chromebook can be switched from OS verification mode to developer mode for use with Crouton, but every time you turn on a Chromebook in developer mode, its firmware prompts the user to "press space to re-enable OS verification". If you happen to be at the machine, you can press Ctrl+D to skip the prompt, but if anybody else turns it on, they'll probably press Space in an attempt to "be helpful". And because a mode switch wipes the drive, you'll lose all work that you haven't yet backed up as well as the use of the Chromebook until you can get back to a desktop or traditional laptop with which to reinstall Crouton.OBEY.
Whom? I thought Andre the Giant didn't have a posse anymore since he died back in 1993.
Happiness is slavery.
Fans of closed platforms like iOS and game consoles would agree.
we already want to make the game as reasonably portable as possible so we can put in on PC, consoles, and possibly mobile--ie, often Android.
I don't see how one game can work well on both consoles and mobile, especially if isn't inherently a point-and-click game. Consoles have a thumbstick and buttons as their primary input device. The vast majority of Android devices* have a touch screen. If you try to adapt a game designed for a thumbstick and buttons to a touch screen the trivial way, by putting a D-pad and buttons on a flat sheet of glass the way emulators do, you get something like Pixeline and the Jungle Treasure . It's a platformer in the vein of Super Mario Bros. or Giana Sisters. When I tried it on my Nexus 7 (2012) tablet, it was a pain in the ass to play because I kept accidentally pressing outside the active area of the on-screen controls due to lack of any sort of tactile feedback as to where my thumbs were. (Pairing a Bluetooth keyboard solves it but also somewhat defeats the point of mobile.) The workaround to make a platformer work with a touch screen often involves simplifying it to an endless runner.
* Most Android devices are not OUYA, SHIELD, JXD, or GameStick.
The desire to release a game on both Windows and various consoles
A developer that has been approved by ID@Xbox but told "not yet" by SCE and Nintendo is likely to target Windows and Xbox One. Or in other words, Windows and Windows.
So when I setup doubleclick.wired.com, and point it's A records to a double click server so they can serve you ads, and that server also hosts doubleclick.othersite.com
The possibility of delegating a subdomain to a third party raises deep philosophical issues of what is considered to be part of someone's "domain". But I mentioned the same public-suffix-plus-one policy because it's also the rule used for the scope of an HTTP cookie. A script on doubleclick.wired.com would have a less easy time correlating me with doubleclick.othersite.com because a particular site can set a cookie only for the same public-suffix-plus-one.
But if they do figure out how to track despite lack of third-party cookies, even a same-origin policy wouldn't be sufficient, as the user agent can't tell whether a request to wired.com load balancer retrieves from WIRED's origin server or from its DoubleClick proxy.