At a minimum allowing every site to run arbitrary code is moronic. Which means I need to know if I care enough about your content and have any trust in you before I allow you to run scripts.
How should a site go about gaining the user's trust? I imagine that one way to gain the user's trust is to offer a subset of functionality that works without any client-side script. But this is impractical for a lot of sites, and UX could suffer severely. For example, in a web application for drawing a picture, there is a workaround for not being able to use JS+SVG or JS+Canvas, but it's painful. The site could use server-side web forms, which allow interaction only through clicking, not dragging, and re-send the entire picture after every click. That not only wastes more bandwidth than wise use of scripts but also makes it difficult to use many paint tools.
But I'll just click the back button and move on.
Have fun using your search engine all day but not finding anything because you hit the back button on every result.
Whether a cellular carrier charges extra to receive an SMS isn't a country-dependent thing. Or even carrier-dependent. It depends on which plan you have purchased.
Whether low-end cellular plans include charges for receiving is certainly country-dependent. They have been commonplace in the United States. In the United States, the tradition has been to offer plans that charge both the sender and the receiver. They have not been commonplace in European countries. In European countries, the tradition has been to offer plans that charge only the sender.
All major providers in the US (and probably all providers, even the minor ones, but I haven't actually looked) offer plans with unlimited SMS
Which then means you have to consider the cost of upgrading from your current plan to a plan with unlimited SMS. These plans cost plenty of extra dollars per month compared to an occasional-use pay-as-you-go plan only for urgent calls. If you use services with 2-factor authentication to make money, then perhaps unlimited SMS is worth $120 per year. And if you don't share a house with someone with a landline, then your landline-replacement plan may already include SMS. But for someone who mostly uses cellular to arrange an occasional ride and currently pays less than $10 per month to begin with, the cost of multiple incoming texts per day, one for each service that uses 2-factor authentication, can add up.
My point is that there have been exploits in all parts of a web client stack. Therefore, you have to show how JavaScript exploits pose greater risk than exploits in something else.
Suburbs of Seattle have broadband. But as I understand it, Seattle proper requires a supermajority of landowners in a neighborhood to agree to install a utility, and failure to cast a vote is counted as an oppose vote. See also this thread in a story about Netflix.
I think two-factor authentication hasn't caught on because there are a lot of people in the United States who either can't receive text messages at all (landline) or have to pay 10 to 40 cents for each received message (prepaid cell phone).
Am I on my laptop or desktop, which are hooked into an uncapped 40Mb/s fiber, or on my phone, which does have limits on its cellular data consumption? My answer would be different between the two.
3. Or you're on your laptop tethered to your phone or a MiFi device while a passenger in a vehicle. 4. Or you're living in a rural area outside of cable and DSL availability, and the only service options are satellite and fixed cellular. 5. Or you're living in urban Seattle whose right-of-way red tape has blocked attempts to deploy wired broadband, and the only service options are satellite and fixed cellular.
But how much risk do they create compared to the following three issues?
There have also been HTML, CSS, font, and image exploits.
Browser publishers are responsible for fixing JavaScript exploits. Have these exploits been reported to browser publishers?
Would you prefer that sites use the <video> tag for animating their ads rather than the often more bandwidth-efficient yet script-dependent <canvas> element?
Unfortunately, one common use case that contraindicates Linux is wanting to run programs that aren't on Linux.
If you care more about your privacy, you could try replacing the Windows-only applications with comparable applications that are free software or at least that work correctly in Wine.
The 10" 2-in-1s [like ASUS Transformer Book T100] have a whole bunch of things not working in Debian
Debian is but one choice. Linux Mint or Ubuntu or openSUSE work with about everything
Key word: "about". I looked at the instructions for getting Linux Mint up on a Transformer Book, and it appears you have to buy a compatible USB NIC and plug it in so that you can download the driver for the built-in Wi-Fi. I looked up Ubuntu, and Wi-Fi is "buggy" and suspend is "not working". Nor has anyone had luck with openSUSE. Google couldn't turn up anything about PC-BSD on the T100; I can't tell whether this means it "just works" or just that nobody has tried it. I wouldn't bet on the former.
First I'd like to understand how you'd define "malware" or "malicious software", and please explain how a policy including "no SWF objects and no Java applets" would allow malicious software to slip in.
Windows 10 cannot stop you from blocking their telemetry addresses in your home router.
Which means you have to carry around your home router and a battery to power it whenever you want to use your laptop with open public Wi-Fi or your cellular MiFi device.
Not to put too fine a point on this, but anyone who values privacy should be using BSD or Linux.
Provided that a laptop in your preferred form factor is available with BSD or Linux installed. The 10" 2-in-1s in Best Buy come with Windows 8.1 (with Windows 10 upgrade available for the cost of bandwidth) and have a whole bunch of things not working in Debian.
No Flash Player I'll agree with. But would you really prefer to waste your valuable bandwidth on a prerendered silent video ad when a vector animated ad rendered to a canvas using JavaScript on the client can be sent with far fewer bytes of your monthly cap?
You would install WinRAR because someone requires you to submit an archive in RAR format and nothing but WinRAR (or command-line products from the same company) can create archives in RAR format. But in practice, I don't expect this to come up very often outside the warez scene, whose release standards have traditionally required split RAR.
7Zip is better in many ways. Lightweight is the one major thing it has on WinRAR.
Some would claim that it isn't even the most major thing. The.7z format is documented, like the.zip format and notably unlike the.rar format, which all about about a dozen people are legally prohibited from understanding because of the UnRAR license.
Because the democratic concepts of equal justice and equal representation under law have not yet developed to take into account the allegedly different intelligence levels of different identifiable subpopulations. And because the best evidence so far is that intelligence metrics correlate more with socioeconomic status among people of the same race than with race among people with similar socioeconomic status.
Thank you for providing such evidence. So here are the facts as I understand them:
"Race" is a set of traits that make up an appearance phenotype. Traits related to appearance are Mendelian, inherited through genes.
Socioeconomic status is Lamarckian, partly inherited from parents and partly acquired from strangers in the environment.
Racism is the use of a person's race to diminish his socioeconomic status.
The heritable component of socioeconomic status means that an individual with a less prestigious race whose ancestors lived in a racist environment will tend to have a lower socioeconomic status.
And here are ways the facts inform policy:
A social welfare state attempts to bring citizens' socioeconomic status up to a baseline by establishing social welfare programs, such as subsidized education and housing.
Some countries take measures to reduce the heritability of socioeconomic status, such as estate taxation.
Some countries take measures to reverse this correlation, such as affirmative action.
Mendel helped prove those claims are no longer extraordinary.
Mendel helped in the sense that he established that traits were heritable in dominant and recessive patterns. The specific correlation of one particular dominant or recessive trait in any given species with another dominant or recessive trait, as far as I can tell, was outside what his pea experiments showed.
-1 for trolling.
First, I thought users weren't supposed to reply and moderate in the same story. Second, in what way was the comment "deliberately offensive or provocative"?
If it turns out that gene research shows that some types of people are more intelligent or more creative than others, so what?
Extraordinary claims, such as a correlation between genes that produce an ethnic appearance and genes that produce intelligence or creativity, require extraordinary evidence. If such evidence is found, expect anti-defamation organizations and others to debunk it hard, such as the second edition of Gould's The Mismeasure of Man released specifically to challenge the methodology of The Bell Curve.
just that people should immigrate legally, so that they can come in at a rate that they can mesh well with existing society.
Say the body responsible for setting a nation's immigration policy has decided to admit refugees on the basis that emergency evacuation from a war zone outweighs the difficulty of "mesh[ing] well with existing society". In that case, they are immigrating legally.
Not even in 1996, when Oakland Unified School District decided to recognize jive as a language and pay higher salaries typical of ESL specialists to teachers fluent in jive?
But otherwise, yes, a lot of people confuse jive with jibe.
If you were an employee of a video game developer other than Capcom developing a control scheme for a platform shooter other than Mega Man, how would you do it?
At a minimum allowing every site to run arbitrary code is moronic. Which means I need to know if I care enough about your content and have any trust in you before I allow you to run scripts.
How should a site go about gaining the user's trust? I imagine that one way to gain the user's trust is to offer a subset of functionality that works without any client-side script. But this is impractical for a lot of sites, and UX could suffer severely. For example, in a web application for drawing a picture, there is a workaround for not being able to use JS+SVG or JS+Canvas, but it's painful. The site could use server-side web forms, which allow interaction only through clicking, not dragging, and re-send the entire picture after every click. That not only wastes more bandwidth than wise use of scripts but also makes it difficult to use many paint tools.
But I'll just click the back button and move on.
Have fun using your search engine all day but not finding anything because you hit the back button on every result.
Whether a cellular carrier charges extra to receive an SMS isn't a country-dependent thing. Or even carrier-dependent. It depends on which plan you have purchased.
Whether low-end cellular plans include charges for receiving is certainly country-dependent. They have been commonplace in the United States. In the United States, the tradition has been to offer plans that charge both the sender and the receiver. They have not been commonplace in European countries. In European countries, the tradition has been to offer plans that charge only the sender.
All major providers in the US (and probably all providers, even the minor ones, but I haven't actually looked) offer plans with unlimited SMS
Which then means you have to consider the cost of upgrading from your current plan to a plan with unlimited SMS. These plans cost plenty of extra dollars per month compared to an occasional-use pay-as-you-go plan only for urgent calls. If you use services with 2-factor authentication to make money, then perhaps unlimited SMS is worth $120 per year. And if you don't share a house with someone with a landline, then your landline-replacement plan may already include SMS. But for someone who mostly uses cellular to arrange an occasional ride and currently pays less than $10 per month to begin with, the cost of multiple incoming texts per day, one for each service that uses 2-factor authentication, can add up.
My point is that there have been exploits in all parts of a web client stack. Therefore, you have to show how JavaScript exploits pose greater risk than exploits in something else.
There is no broadband in downtown Seattle?
Suburbs of Seattle have broadband. But as I understand it, Seattle proper requires a supermajority of landowners in a neighborhood to agree to install a utility, and failure to cast a vote is counted as an oppose vote. See also this thread in a story about Netflix.
I think two-factor authentication hasn't caught on because there are a lot of people in the United States who either can't receive text messages at all (landline) or have to pay 10 to 40 cents for each received message (prepaid cell phone).
All my online purchases I get a text from "Verified by VISA" with a one-time authentication code.
Which hurts in countries whose cellular carriers charge subscribers to receive SMS text messages. Slashdot's home country (USA) is one of them.
Am I on my laptop or desktop, which are hooked into an uncapped 40Mb/s fiber, or on my phone, which does have limits on its cellular data consumption? My answer would be different between the two.
3. Or you're on your laptop tethered to your phone or a MiFi device while a passenger in a vehicle.
4. Or you're living in a rural area outside of cable and DSL availability, and the only service options are satellite and fixed cellular.
5. Or you're living in urban Seattle whose right-of-way red tape has blocked attempts to deploy wired broadband, and the only service options are satellite and fixed cellular.
There are javascript exploits.
But how much risk do they create compared to the following three issues?
Unfortunately, one common use case that contraindicates Linux is wanting to run programs that aren't on Linux.
If you care more about your privacy, you could try replacing the Windows-only applications with comparable applications that are free software or at least that work correctly in Wine.
The 10" 2-in-1s [like ASUS Transformer Book T100] have a whole bunch of things not working in Debian
Debian is but one choice. Linux Mint or Ubuntu or openSUSE work with about everything
Key word: "about". I looked at the instructions for getting Linux Mint up on a Transformer Book, and it appears you have to buy a compatible USB NIC and plug it in so that you can download the driver for the built-in Wi-Fi. I looked up Ubuntu, and Wi-Fi is "buggy" and suspend is "not working". Nor has anyone had luck with openSUSE. Google couldn't turn up anything about PC-BSD on the T100; I can't tell whether this means it "just works" or just that nobody has tried it. I wouldn't bet on the former.
First I'd like to understand how you'd define "malware" or "malicious software", and please explain how a policy including "no SWF objects and no Java applets" would allow malicious software to slip in.
Short answer: don't run one single ad blocked/privacy extension. Run a bunch, block as much crap as you can.
A bunch including a DNS-level tool such as a hosts file manager, correct?
Windows 10 cannot stop you from blocking their telemetry addresses in your home router.
Which means you have to carry around your home router and a battery to power it whenever you want to use your laptop with open public Wi-Fi or your cellular MiFi device.
Not to put too fine a point on this, but anyone who values privacy should be using BSD or Linux.
Provided that a laptop in your preferred form factor is available with BSD or Linux installed. The 10" 2-in-1s in Best Buy come with Windows 8.1 (with Windows 10 upgrade available for the cost of bandwidth) and have a whole bunch of things not working in Debian.
No Flash Player I'll agree with. But would you really prefer to waste your valuable bandwidth on a prerendered silent video ad when a vector animated ad rendered to a canvas using JavaScript on the client can be sent with far fewer bytes of your monthly cap?
What "scene"? Do you mean the warez scene? I thought it was still using RAR files split into several dozen pieces.
You would install WinRAR because someone requires you to submit an archive in RAR format and nothing but WinRAR (or command-line products from the same company) can create archives in RAR format. But in practice, I don't expect this to come up very often outside the warez scene, whose release standards have traditionally required split RAR.
7Zip is better in many ways. Lightweight is the one major thing it has on WinRAR.
Some would claim that it isn't even the most major thing. The .7z format is documented, like the .zip format and notably unlike the .rar format, which all about about a dozen people are legally prohibited from understanding because of the UnRAR license.
Why is it extraordinary?
Because the democratic concepts of equal justice and equal representation under law have not yet developed to take into account the allegedly different intelligence levels of different identifiable subpopulations. And because the best evidence so far is that intelligence metrics correlate more with socioeconomic status among people of the same race than with race among people with similar socioeconomic status.
Thank you for providing such evidence. So here are the facts as I understand them:
And here are ways the facts inform policy:
Mendel helped prove those claims are no longer extraordinary.
Mendel helped in the sense that he established that traits were heritable in dominant and recessive patterns. The specific correlation of one particular dominant or recessive trait in any given species with another dominant or recessive trait, as far as I can tell, was outside what his pea experiments showed.
-1 for trolling.
First, I thought users weren't supposed to reply and moderate in the same story. Second, in what way was the comment "deliberately offensive or provocative"?
Alignment is O(n) in the length of rods. Querying by eye is O(n^.5) in the number of rods, and querying by touch is O(n) in the length of rods.
If it turns out that gene research shows that some types of people are more intelligent or more creative than others, so what?
Extraordinary claims, such as a correlation between genes that produce an ethnic appearance and genes that produce intelligence or creativity, require extraordinary evidence. If such evidence is found, expect anti-defamation organizations and others to debunk it hard, such as the second edition of Gould's The Mismeasure of Man released specifically to challenge the methodology of The Bell Curve.
just that people should immigrate legally, so that they can come in at a rate that they can mesh well with existing society.
Say the body responsible for setting a nation's immigration policy has decided to admit refugees on the basis that emergency evacuation from a war zone outweighs the difficulty of "mesh[ing] well with existing society". In that case, they are immigrating legally.
Not even in 1996, when Oakland Unified School District decided to recognize jive as a language and pay higher salaries typical of ESL specialists to teachers fluent in jive?
But otherwise, yes, a lot of people confuse jive with jibe.
If you were an employee of a video game developer other than Capcom developing a control scheme for a platform shooter other than Mega Man, how would you do it?
Or do you object to hypotheticals on principle?