Amazon has less than 10% of retail. It's smaller than Walmart.
That's not a false number there everyone. However, that said, Amazon is 49.1% of all e-commercesales. I'll point here for infographic of online versus offline sales. Now those numbers are a bit dated as they were 2016 to 2017, but it shows that online is $400B and offline is around $3.4T or $3,375B for those wanting to keep a consistent scale. More interestingly online sales show higher growth than offline sales +14% versus +5%. If everything were to stay exactly the same in terms of percentage of sales and rates of growth, Amazon does seem be a big concern should online sales begin to outstrip offline sales. Now do note, that's a big IF there, so use whatever amount of gains of salt you so wish on that.
I don't think IGW is wrong here. This is one of those things that this might be a problem one day and Governments should be proactive, not reactive. It's a question of, should a government act proactively when such actions may or may not be warranted? Or should the government sit on the sidelines and wait until there is a problem, which in turn may not ever come to pass? With how fast online sales are growing, I don't think it unwise for the EU to start having this on their radar. How far they should go though, I couldn't honestly say.
There's a lot in it but I'll hit some high points.
Pre-1972 works
You can basically break everything "recorded audio" into one of four groups for things pre-1973.
1. Pre-1923: All audio recording pre-1923 will have their copyright expire three years after this becomes law. Since the President has not sign this into law, that three year clock hasn't started.
2. 1923-1946: They will get a 95 year (that is expires in 2018 to 2041) copyright from date of publish, plus a five year transition period. So expires in (2023-2046).
3. 1947 - 1956: Will get a 110 year protection, no extra frills attached to that number so expires in (2057 to 2066).
4. 1957 - 1972: No matter the date, any works in this period will expire in 2067. (so 110 years to 95 years).
1973 and forward
Pretty much the copyright will exist for 95 years and pass into public domain thereafter.
States will now have a central repository for claims
When someone sues for copyright infringement or not paying royalties or whatever, it's up to the states to determine if you have a claim or not. This led to a lot of craziness as some states like Florida didn't recognize an artist's right pre-1972, but the recording company does have a right. Which gets into the two types of copyright, mechanical rights and licensing rights. The various states have all kinds of different laws about how a song writer transfers rights to the person who eventually produces the CD or audio file that you listen to. This whole process will now be streamlined...
Companies will have to figure out how to streamline this
It's left up to the big three, ASCAP, BMI, and SESAC to put together how they want to streamline this process. Been suggested that there be some kind of unified database, but the law doesn't explicitly state how they do it. There's not much recourse if they tilt the scales in their favor, but once the system is up, everyone has to respect it. The law does mention that whatever system they do setup, it has to treat mechanical rights and licensing rights AS EQUAL. So if the music studio gets 5 cents for licensing, the artist has to get 5 cents for mechanical rights.
Claims
I'm going to end it here because I'm getting really bored with this, but the law goes into a lot about how streaming services will query the database (if that's how they do it) and from that query it'll let them know how much they owe Music Studio A and Artist A per play. It also covers how states will be able to query the database and figure out how to proceed in court, and so on. Basically, whatever the big three come up with, with how to do things, it'll be up to them to get everyone on board with it. For that kind of music that's commercially sold. Now artist just performing and what not, they still have access to their copyright by nature even without having to sign up for the database. Basically, that's where you get into the "wiretapping" thing that someone else mentioned. Basically, public performances from artists get a free go, unless someone else claims it, and if they claim it, they need to cite either the database or whatever protection the state affords them. But it shifts the burden back onto the person filing the claim and not the performer.
Again, it's an insanely complex law with 118 pages and you can rest assure I've totally missed a ton of it because I'm still reading the damn thing. By all means, I'm sure fellow Slashdotters will step up and correct me where I'm most likely wrong and fill in all the holes that I've missed but that serious about thirty minutes of a read of the law that I could distill for you.
We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin. Roughly speaking, there are three basic transport layer security states for web origins: Secure (valid HTTPS, other origins like (*, localhost, *)); Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors); and Non-secure (broken HTTPS, HTTP).
Emphasis mine. And if you are wondering about the wording there, the exact definition can be found on the W3 site here. Which says if you trust the site then you can be assured that the information you transmit to the site has done so securely, that you can trust that they received the information that you sent them.
At no point can any standards body or web vendor indicate how compromised or fully functioning the host you are sending your data to is. At no point has any web browser maker (Apple, Google, Microsoft, Mozilla, et al) indicated that "Secure Host" == "Non Compromised Host". They have only indicated transmission "Secure Transmission to host" == "Non Compromised Transmission to host". What the host does with it, be it to send your data to some gulag in Siberia, to your bank for processing, or both is completely dependent on the remote host.
I think we can all safely say that Ajit Pai will be mostly remembered as someone who ran the FCC in a pretty horrible manner. I don't think fifty years from now anyone will have any kind of fond memory of his tenure at the FCC, even less his leadership.
One, really big defining feature has been his lack of care for any kind of input outside his own and his acknowledged circle. Pai has mostly taken critics and professionals who have criticized him and mostly mocked them. It's one thing to indicate that you do not agree and pass ruling, it is entirely a different thing to show the level of contempt Pai has had for the public at large. Considering past FCC Chairs, Pai has been the most antagonistic to the public since the FCC's inception.
I think this is the biggest thing about Pai's tenure, his complete lack of care for the public. Every argument made thus far from Pai's FCC has been, "this will be good for business" and while I have yet to see that in effect, all of that aside, the public is mostly whom the chair should be acting in the interest for. Arguments should begin and end there and for goodness sake, shouldn't be the target of agitation in a public stage. We get it Pai, you believe everyone is an idiot who isn't you, but that happens in your home/your head. Openly acting out frustration is a clear sign that perhaps you weren't cut out for civil service.
And that is what I feel Pai will be most remembered for. Long after everyone here has turned to dust, Pai's name in FCC history will be mostly associated with what FCC Chairs ought not to do with respects to the citizens of this country. And that might not have registered with him or perhaps he is content/not caring with the tragedy of what it is, that the majority of his professional life can be summed up with whatever you do, don't do it like Ajit Pai. Even if it does win over whatever in business, which I highly doubt, simply his hostile treatment of those who criticizes him puts him into a ranking unlike any who have come before him, and perhaps any who comes after him.
I totally understand, but specifically this combo showing up as a false positive is going to be difficult to get legit users white listed and still have an effective anti-cheat. I do not envy Blizzard programmers at the moment.
Yeah, just FYI Python 2.7 is in a way its own thing. Different from the 2.x and different from the 3.x series. 2.6 is a no holds barred pure 2.x whereas 2.7 is a mixture of 2.x and 3.x features. So if you want to compare point releases, best to try that with the 3.x series. Also, if you're using something that requires the 2.x series, you shouldn't use that unless it is absolutely critical with zero replacements.
You shouldn't have to. Every other language does some simple things to maintain backward compatibility in point releases (and mostly in major releases too).
Again see argument about 3.x, but yeah not every language does this. Java 8/9 transition breaks things. ASP.Net to ASP.Net core breaks things along the way. I'm interested in what languages you have in mind, because I know quite a few languages that do maintain backwards compatibility (ish). For example, C++ pre and post namespace breaks fstreams in programs, but compilers provide flags to override that, so it depends on what you mean by breaking. Does it count if the compiler by default breaks, but providing flags fixes it? Because if your definition means including flags break compatibility, then oooh boy are there a a shit ton of broken languages.
Also the fact that most languages use every day and have used for decades use braces for blocks means my eyes and mind are very much trained for that
Yeah, it's clear that you've never used a positional programming language. I guess it'll be a sign of my age, but buddy, program COBOL or RPG on punch cards and let me know about that curly brace issue you're having. Positional and indentation has been used way, way, way, longer than curly braces. That's not me knocking on the curly braces, I love my C/C++ folks out there! But I hate to tell you C and C-style is pretty recent in the timeline of all things computer.
They haven't indicated why that is. Part of me just feels they're shafting folks. Some of me wants to believe that they just didn't write any of the code to do cloud saves into these games. However, that last part gets me thinking, "well shit, that means they've tossed their API together at the last minute, that's not good.". Either way, par for the course for Nintendo.
Other things she had started like the Major League Soccer team have gone through
Well I think the reason that stuck was because Jon Ingram had pored a lot into that. Pretty much if Frist, Ingram, or Smith (that's HCA, Ingram, and FedEx) say they want something, well they get it.
click-baiting business model adopted by the news-entertainment industry which has ruined their credibility
This might be me splitting hairs here, but I believe the word is integrity not credibility. Credibility typically is an adherence to fact, IBM is working on a system of facial recognition and the ACLU sees that as highly problematic. Integrity is typically an adherence to morals or standards. This media is attempting to sensationalize a thing that is mired in fear, of which newspapers should join in the fray per journalistic standards.
That's all I had to say, I know, just me getting wrapped up in minutia. Nothing wrong with your comment, just wanted to point out the difference between the two words, at least as I understand them. Sorry for the inconvenience.
Mozilla didn't want to encourage this style of "helping to make a standard". But yeah, pretty much the W3 has become more and more irrelevant for the web.
Now on to what you said...
Mozilla has just finished copying them
We're starting to get into the territory of the question that was asked way back in the 90s, "Who gets to make a standard on the web?" I don't think there's been any satisfactory answer to that question. Microsoft felt that the folks writing the web browsers back in the day were the ones who should have the most say in what "is" and what "isn't" a web standard. Mozilla, post Netscape, mostly wanted to stick strictly to W3 published standards. Google came aboard and pretty much was "Yeah! Open Standards!!". Fast forward to around 2016 and Google isn't so hip on waiting on W3 to standardize something. Firefox is starting to see the writing on the wall that standards don't mean much of anything, if no one is willing to follow them.
So that's where we are with Firefox. Mozilla is content to stick to W3 spec verbatim. Also smaller browser players see standards as good things. But of course, major players don't really want to have to wait on W3 to having meetings, have a vote, have a period for comment, etc just so that they can get their new shiny out the door.
So yeah, if Mozilla seemed a bit hesitant about implementation, it's because this isn't a standard and supporting it means supporting a non-standard web. I'm not sitting here trying to pass judgement, but it is for sure something to think about for a second. Do we want web browser makers to dictate the web standard or do we want a standards body to dictate it? There's not a right or wrong, it's just a different set of pros and cons. However, I feel that we're heading right back whence we came and we'll soon have sites that only work correctly because they use "Google HTML" and if you want a browser to actually work, you'll need one that is as close as possible to being compliant with "Google" spec. Much like how it once was with the "IE" web.
So yeah, what might have looked like a "let's copy Google" move, this was more in lines of Mozilla saying, "Hey Goolge! The W3 says nothing about this new type of fontworks you're doing! You are breaking the Internet with putting out non-standard HTML. *looks around industry* Oh I guess no one really cares. I guess we'll hold out. *waits a year, gets a few bugzilla reports demanding feature* Well I guess we'll have to cave on this one."
It's an extension to OpenType, which is a standard, that was developed by Apple, Microsoft, Adobe, and Google.
Just in case that wasn't clear. OpenType fonts are a standard file format. OpenType fonts are loosely based off Apple's TrueType font format. However, the variable size extension to OpenType is not a standard.
Incorrect. Variable size OpenType isn't a standard at all. It's an extension to OpenType, which is a standard, that was developed by Apple, Microsoft, Adobe, and Google. Variable size OpenType allows a font file to give enough instructions on glyph construction, that the browsers can construct font sizes and styles that are not specified in the font file on the fly. Typically, when you specify a font size that isn't in your font cache, the web browser will use the largest font size and then scale upward to make do, fo rmissing styles, the browser just ignores it. This allows a web browser to take the instructions for how the font is built and build any size needed as opposed to scaling the fonts.
You can see this in action here. The CSS specifies an OpenType file and then goes on to specify styles and sizes that are not in the original file. Thus the browser dynamically builds the fonts according the specific instructions given on how to build those kinds of styles and sizes. Just as an example, you can see this line of code in the style attribute of one of the div tags.
This allows those values "size", "quad", "bevl", and "oval" to be passed down to the font engine. Now those specific names "size"... are specific to how the font was created, the browser just takes those named values and passes it down to the font rendering engine. The font engine will know what to do with those named values because the font file specifies what those named values "do" to the font.
I believe that Firefox was sitting the fence on this technology since it has yet to become standard and Mozilla didn't want to encourage this style of "helping to make a standard". But yeah, pretty much the W3 has become more and more irrelevant for the web.
A household of 3 persons in Germany uses over a year on average 4250 kWh. That is close to 11kWh per day.
So you obviously could generate that yourself if you wanted
And I show how that's incorrect, that's not being pedantic, that's showing that the person's entire argument is false. If your argument is ABC and ABC is the main point of your argument, going over the math of ABC isn't fretting the small stuff, it's me going over ABC which person indicated was the main point of their argument.
I can assure you that Mozilla was not at all surprised by Chrome. If anything, many of those working the codebase at the time were worried because there wasn't any solid direction devs were being pushed in to compete with Chrome. But everyone saw the writing on the wall with Chrome coming out which is exactly what prompted the 3.0 to 3.5 jump and began the era of "toss literally everything at it" that eventually ended with Firefox 24.
users demanding their websites work on their iPhones
I don't think this could be underscored enough. People wanting the sites they visit to work on their iPhone drove a massive amount of standards adoption, killed XHTML 2.0, rushed HTML5 (even though it was too late), more than anything else previously did. However, apps have pretty much made standards a non-issue now.
Minecraft usually packs in a JVM. Since Jigsaw in Java 9 it's a lot easier to drop the pieces of the JVM that you don't need and then package a trimmer JVM into your executable. You just need a binary shim that loads the minimal JVM and then that JVM loads your program. So pretty much, if you are after a specific target, you don't need to get a full JVM implemented any more. That said, for the Chromebooks that support it, there's an Android Minecraft that can already be ran on Chromebooks with that whole Android on Chromebook thing that Google started a few years back.
But who wants to ride a bike at home after work for 4 hours to recharge the batteries... that went down during work time.
Which part of this did you not comprehend?
The part where that doesn't mathematically add up. Three average people at best can generate 0.3 kW in an ideal conditions, which more than likely you use 0.5 kW per hour actually being home. You cannot charge a battery with -0.2 kW, that's what the negative sign means. It's like you don't understand math AND you don't understand the size of energy in 1 kW. A 100 W light bulb uses the entire stream of energy the everyday man can produce, and that's not even taking anything out for losses. Marathon bicyclers can maintain around 130 - 150 W an hour, but maybe the top 5% of the world's population can output 200 W for any measurable amount of time. So even the best that this planet has to offer cannot at best power two light bulbs for any measurable amount of time. But again, side stepping that.
No matter how hard a family of three pedals, they cannot in four hours even hope to produce anything over 20% the amount of power used during an eight hour period while they weren't home. Over the course of a year, you cannot provide any meaningful offset of power usage by cycling. It's like the difference in time of arrival by increasing speed by marginal percentage. Yes, if you are only five miles away from your destination, increasing your speed by 5 mph can have a noticeable percentage change in the overall time spent driving. However, if you are 1000 miles away, increasing your speed by 5 mph isn't going to even change the arrival time by any noticeable percentage of the entire duration. The numerator is vastly larger than the speed by orders of magnitude. The same is true for pedal power, humans produce so little power in pedal power compared to the vast amount of power they will use in one year.
Does that mean no one should do it? No, if that's what floats your boat, by all means. But goodness do not get on here and do "math" and try to prove your point when your math is worse than a fifth grader attempting the problem. Your final numbers are just straight up wrong. There's zero meaning in what you think has meaning. Your argument was non-existent from word "go".
A household of 3 persons in Germany uses over a year on average 4250 kWh. That is close to 11kWh per day.
So you obviously could generate that yourself if you wanted...
But who wants to ride a bike at home after work for 4 hours to recharge the batteries... that went down during work time.
I am so angry at how bad your math is right now, I could spit acid. I want to take a math book with the word "average" highlighted and beat your damn head with it. Let me show you why.
11kWh per day. Okay, now take the sum of these numbers in kW. (0.34, 0.38, 0.39, 0.41, 0.42, 0.41, 0.43, 0.45, 0.51, 0.53, 0.59, 0.53, 0.52, 0.51, 0.53, 0.59, 0.48, 0.47, 0.47, 0.46, 0.46, 0.4, 0.36, 0.36). They add up to 11 kW, right? Also note there are 24 values, that's because that 11 kWh a day doesn't mean we use 0.46 kW every hour. It means over a 24 hour period we use what would on average add up to 11 kWh. That spread could be... (0.11, 0.13, 0.14, 0.41, 0.42, 0.43, 0.54, 0.53, 0.51, 0.53, 0.68, 0.71, 0.68, 0.67, 0.66, 0.67, 0.66, 0.57, 0.52, 0.53, 0.51, 0.11, 0.13, 0.15) Again, those add up to 11 kWh, but now we have really low times, but that has to be offset by really high times to get to the 11 kWh average you specified.
And we could change this spread however we like the point being is it has to come up to 11 kWh to hit your average per day. Which if you wanted to do this over a four hour period, like you said, you would need to pedal 2.75 kWh each hour, not the 0.46 watts you calculated, and 2.75 kWh could not be done by a family of three.
You aren't wrong, but there is a point where skepticism turns to cynicism. Now that is not me calling any single person here as being a cynic. What it is me saying is that we all need to be careful to not let our well founded skepticism turn us into cynics. It's one of those things I too struggle with, trying to prevent myself from going full on, "everything Trump does is bad!". That's cynicism and it's not good intellectually.
Running for office triggers a different set of rules. Don't run for office if you want to pay off your mistresses.
I don't think this can be stated enough. When you run for political office the object is to keep things for the election fair and there's not a really good hard and fast rules about that so hence the reason it kind of goes to court if you dispute the FEC's idea of fair. Now that's not to say it's all a toss up, there are indeed straight up laws that say, "No you cannot accept money over this dollar amount from any one donor. No you cannot accept money of any amount from a foreign investor that has no vested stance in US politics (ie. foreign company that has an HQ here in the US vs does not have an HQ here in the US)" and so on. But ultimately the entire point is to keep things fair. As one would say, is the "spirit" of the law.
So that said, paying hush money to keep a scandal from hitting the newspaper, is one of those things that: A. We don't have a hard rule that says that you cannot do that. B. Does raise the question as to how many people might not have voted for him had they found out about the affair. So that's going to be one of those things that a judge would need to rule on IF the FEC wanted to bring a case up about it. The funds might have indeed come from Trump's own pocket, but it does seem like it would beg the question of, "did that payment affect the election in some manner?" Maybe not, maybe so, but that's up for the FEC to determine if they want to ask a judge that question or not.
However, that brings me to my point here. One, we don't know for sure if Trump paid personally for the hush money or used campaign funds, but there's clearly enough worry there that I'm sure a court would allow the subpoena of records to double check that. But that matter aside, even if it was paid for by personal funds, did the action sway voters, in essence, did it make the election unfair? And it's important that people going into the argument remember this, that paying hush money when running for office, you have to ensure that you maintain oneself in a manner to ensure that the election is conducted fairly. So the other person mentioned John Edwards and that's actually good because it brings in how difficult it is to test this "did it change the election results?" question. It ought to be a difficult question to test in court because there's so much that goes behind an election, it's incredibly difficult to point to one event and say, "yes, that one thing tipped the balance" unless, of course, it's a massive brouhaha that would have rightly changed the election results.
So long story short, elections are supposed to be fair and there's things that aren't explicitly illegal that can make elections unfair. It's up to the FEC to take those things and bring them before a judge to weigh in on if that thing done did indeed make the election unfair. It's got a super high bar for the standard, as it should since elections are complex beast in of themselves. But the original question, "is it illegal to to pay hush money while running for office?" Doesn't have a clear answer since there isn't a law that explicitly states that, so it's a case by case kind of thing. But if you don't want to be needlessly investigated, it's best that you either don't make a payment and let the story hit or you do make a payment and then file the paperwork. Or you could go the third rail option here and just not be morally corrupt. There's not a law stating that you need to have any kind of moral compass when in office, but dang if it doesn't make a convincing case for your reelection or ousting in 2020. Just saying.
They are killing that off too. The code hasn't been maintained in almost a decade and is a super great way to crash your browser for feeds that are using mixed media DTD models. No one stepped up in the last round to want to fix it, so it's getting chopped. Also, it's horrible code, my only guess is that the group that had wrote it, do so in a single night of Red Bull fueled rage.
Perhaps the claim is that Firefox is irrelevant precisely because it "does not have a presence on phones or tablets."
It does have a mobile browser, however it is horribly crippled by Android. Grab FF mobile, head over to Google, Google's website actively switches you to a pretty crappy site if using anything other than Chrome on Android. Google image search is literally a pain for no good reason on FF mobile. Changing the user agent fixes everything wrong with Google, but then you're just reporting that you're Chrome on Android. It's not just a little, Android goes out of its way to be hostile to other web browsers.
Chrome has top position because of mobile, and it's top in mobile because it actively nixes any attempt by others to use Google's services. And that nixing is pretty darn good at keeping others at bay with how deeply woven Google is in pretty much every website on the planet.
That's a long comment to say "things have changed at FF and not for the better".
Depends on your definition of better. The code base is a lot cleaner and a lot of the underlying components no longer have crazy interactions with each other. They aren't quite to the point of easily being replaced in and out (loosely coupled) but they are a whole hell of a lot simpler to make changes in one without completely breaking the others. I'll side step multiple threads and what not. But compared to where the code base was, the browser's code is a whole hell of a lot better.
The browser is larger than before, slower than before
I don't know what you mean in size, pure size, RAM usage?? I'm going to go with RAM since that usually what most people point a finger to. Memory usage is an issue in all browsers, and that's not an excuse. However, memory issues have plagued Firefox for quite some time now, here's one example for starters. RAM usage in browsers is a complex topic that's not just a "Mozilla, Google, Microsoft" changed something and now everything breaks. Browsers are being asked very complex things by JavaScript frameworks, video decoding, complex style sheets, web fonts, and so on. I'll say, I don't have a clear answer for you on that. The web is increasing in complexity and pretty much a Browsers is being asked to be a small self contained VM. Firefox specifically has had to make shifts in what to prioritize for what goes on in the browser. So at one point there was a massive outcry of freezing and slowness, trade off for dealing with that to some extent is more RAM usage. There's a balance to be struck for sure, but even all high and mighty Google engineers have yet to really tackle that well. I will say this, that Palemoon has off and on change with this. Some releases will focus on CPU enhancements and other will focus on RAM enhancements and you can tell which one is which by looking at htop. The web is astoundingly complex and perhaps it shouldn't be that way, or maybe it should be that way and browser devs have just yet to crack a meaningful balance between CPU/memory. As for the slower than before, I've not noticed that, but it really depends on your setup. Again, that has a lot to do with, "can the browser offload tasks to something else?" Which it's still insane to me that we've gotten to a point where webpages are so complex that we need to have offloading workers, but I guess I'm just an old fart.
has less useful extenstions[sic]
Yeah, you might want to read the article you are posting to for that. Devs can do one of two things. One, go ahead hack together an API for that and watch as it is slowly abused to death and we go right back to bad code in the code base. Two, actually put together a well thought out API and stress test it over time to develop a model that is one that will work well without a million hacks. By all means, if there's some contribution you'd like to add, the devs are all ears. But by no means, should the devs hack something together, just so your purple hug bear bar multi-tab manager addon will work. Want to speed that process up? Feel free to send anyone worth their salt who won't duct-tape their API up to make it work over.
has less configuration options exposed
Fun thing, Chrome has a ton of options exposed. Number one complaint I hear from that team is the fact they had to implement a search bar for the configuration since there are so many dang options. Is there a balance? Oh you betcha! No arguments there, but it's literally, "you will always be burned by someone" type thing. about:config and just deal. If there's something you really, really want to see. Put it up on Bugzilla, make a strong argument for it. I'm not saying you are wrong on this, but it's just a such a touchy thing that devs really want a strong argument for
Is there a mechanism in place to ensure no malware makes it into Firefox add-ons that are published on the Mozilla site?
I think that's akin to asking the question, is there a mechanism in place to ensure that some random source tree on GitHub isn't just malware? Other than having people look over the code, the answer is no. Mozilla switched up dev priorities and theres a handful of extra devs now that can review addons. However, I would suggest that if you are going to install an addon, to review the source of it. Outside that, YMMV between 0% stopped and 99% stopped. Addons aren't good in a security context, if you place a high value on security, then you might not want to use addons for any browser/randomly clone some branch of code from GitHub/randomly install some piece of a software on your system.
Cuz, you know, the new stuff is definitely secure and this is just an illusion,
The old system was removed because:
One, the old system no one wanted to maintain it. Hard to keep a system secure when literally zero people want to work on it, Palemoon has some of the relics from the old system which means a lot of your addons should work there, but be warned that even they haven't kept 100% the old ways because...
Two, the old system sucked really bad. The old addon system is crap because it required way more tightly coupled pieces then should ever be needed. Yes, it was bad code, that should be said, Mozilla in the early days shipped bad code. By the time FF24 ESR came around, folks saw it as a good time to start breaking away from the old bad code because...
Three, you couldn't please everyone and new features took forever. All that super tightly coupled code meant that as soon as you changed that over there, person C's addon would break, fix it, and now person R over there has a broken issue related to feature ABC, fix that an now person Q is complaining about devs breaking feature XYZ. This was literally the norm with addons all of the time Bad code meant that the entire base was fragile and making sure addons worked between versions was becoming a nightmare, not only for FF devs but also for addon devs. Addon devs would just ask FF devs to just fix things and that led to...
Four, at some point the FF devs said screw fixing this crap. Palemoon devs I guess are more apt to fix old code than the FF devs were, but basically the FF devs looked at the task at hand and just said screw it. With no one else wanting to jump on board, they began putting together what would become the next version of FF.
Now here's the thing. These plugins were sipping data under the old system and they went undetected because the FF devs are busy trying to fix ABC that multitab dev over there is crying about. Now that the FF devs don't have to worry about that crap, yeah, they've got more time to carefully look at addons to see what's going on within. Addon security is indeed there, but only to a point. Addons aren't going to start grabbing files outside the sandbox and sending them to remote host, at least as far as anyone knows at the moment but bugs happen all the time. But all addons, even the old system, allowed your current URL request to be sent to remote host. If you use Palemoon, Chrome, Edge, or whatever, pretty much all addon systems allow to some degree the ability to ship your current URL to the addon for additional processing. The only way they can be made secure is to have eyeballs on the addons or if you just don't use addons at all, but you will not ever have an addon system that doesn't give the URL to the addon and trust them to not be malicious with it, unless you/yourself write said system. At some point, the end user needs to educate themselves about what the heck they're doing on their system. All addon systems are leaks of your data within your browser's sandbox. Using addons opens you up to a lot. If that's not kosher with you, then you ought not to use addons.
Slashdot Mirror
Amazon has less than 10% of retail. It's smaller than Walmart.
That's not a false number there everyone. However, that said, Amazon is 49.1% of all e-commerce sales. I'll point here for infographic of online versus offline sales. Now those numbers are a bit dated as they were 2016 to 2017, but it shows that online is $400B and offline is around $3.4T or $3,375B for those wanting to keep a consistent scale. More interestingly online sales show higher growth than offline sales +14% versus +5%. If everything were to stay exactly the same in terms of percentage of sales and rates of growth, Amazon does seem be a big concern should online sales begin to outstrip offline sales. Now do note, that's a big IF there, so use whatever amount of gains of salt you so wish on that.
I don't think IGW is wrong here. This is one of those things that this might be a problem one day and Governments should be proactive, not reactive. It's a question of, should a government act proactively when such actions may or may not be warranted? Or should the government sit on the sidelines and wait until there is a problem, which in turn may not ever come to pass? With how fast online sales are growing, I don't think it unwise for the EU to start having this on their radar. How far they should go though, I couldn't honestly say.
There's a lot in it but I'll hit some high points.
Pre-1972 works
You can basically break everything "recorded audio" into one of four groups for things pre-1973.
1. Pre-1923: All audio recording pre-1923 will have their copyright expire three years after this becomes law. Since the President has not sign this into law, that three year clock hasn't started.
2. 1923-1946: They will get a 95 year (that is expires in 2018 to 2041) copyright from date of publish, plus a five year transition period. So expires in (2023-2046).
3. 1947 - 1956: Will get a 110 year protection, no extra frills attached to that number so expires in (2057 to 2066).
4. 1957 - 1972: No matter the date, any works in this period will expire in 2067. (so 110 years to 95 years).
1973 and forward
Pretty much the copyright will exist for 95 years and pass into public domain thereafter.
States will now have a central repository for claims
When someone sues for copyright infringement or not paying royalties or whatever, it's up to the states to determine if you have a claim or not. This led to a lot of craziness as some states like Florida didn't recognize an artist's right pre-1972, but the recording company does have a right. Which gets into the two types of copyright, mechanical rights and licensing rights. The various states have all kinds of different laws about how a song writer transfers rights to the person who eventually produces the CD or audio file that you listen to. This whole process will now be streamlined...
Companies will have to figure out how to streamline this
It's left up to the big three, ASCAP, BMI, and SESAC to put together how they want to streamline this process. Been suggested that there be some kind of unified database, but the law doesn't explicitly state how they do it. There's not much recourse if they tilt the scales in their favor, but once the system is up, everyone has to respect it. The law does mention that whatever system they do setup, it has to treat mechanical rights and licensing rights AS EQUAL. So if the music studio gets 5 cents for licensing, the artist has to get 5 cents for mechanical rights.
Claims
I'm going to end it here because I'm getting really bored with this, but the law goes into a lot about how streaming services will query the database (if that's how they do it) and from that query it'll let them know how much they owe Music Studio A and Artist A per play. It also covers how states will be able to query the database and figure out how to proceed in court, and so on. Basically, whatever the big three come up with, with how to do things, it'll be up to them to get everyone on board with it. For that kind of music that's commercially sold. Now artist just performing and what not, they still have access to their copyright by nature even without having to sign up for the database. Basically, that's where you get into the "wiretapping" thing that someone else mentioned. Basically, public performances from artists get a free go, unless someone else claims it, and if they claim it, they need to cite either the database or whatever protection the state affords them. But it shifts the burden back onto the person filing the claim and not the performer.
Again, it's an insanely complex law with 118 pages and you can rest assure I've totally missed a ton of it because I'm still reading the damn thing. By all means, I'm sure fellow Slashdotters will step up and correct me where I'm most likely wrong and fill in all the holes that I've missed but that serious about thirty minutes of a read of the law that I could distill for you.
not the new and bogus "https means it's legit, everything should be https" line of thinking, re Google
That's not even the thought process from Google. Here is the proposal from way back when. Relevant section:
We all need data communication on the web to be secure (private, authenticated, untampered). When there is no data security, the UA should explicitly display that, so users can make informed decisions about how to interact with an origin. Roughly speaking, there are three basic transport layer security states for web origins: Secure (valid HTTPS, other origins like (*, localhost, *)); Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors); and Non-secure (broken HTTPS, HTTP).
Emphasis mine. And if you are wondering about the wording there, the exact definition can be found on the W3 site here. Which says if you trust the site then you can be assured that the information you transmit to the site has done so securely, that you can trust that they received the information that you sent them.
At no point can any standards body or web vendor indicate how compromised or fully functioning the host you are sending your data to is. At no point has any web browser maker (Apple, Google, Microsoft, Mozilla, et al) indicated that "Secure Host" == "Non Compromised Host". They have only indicated transmission "Secure Transmission to host" == "Non Compromised Transmission to host". What the host does with it, be it to send your data to some gulag in Siberia, to your bank for processing, or both is completely dependent on the remote host.
I think we can all safely say that Ajit Pai will be mostly remembered as someone who ran the FCC in a pretty horrible manner. I don't think fifty years from now anyone will have any kind of fond memory of his tenure at the FCC, even less his leadership.
One, really big defining feature has been his lack of care for any kind of input outside his own and his acknowledged circle. Pai has mostly taken critics and professionals who have criticized him and mostly mocked them. It's one thing to indicate that you do not agree and pass ruling, it is entirely a different thing to show the level of contempt Pai has had for the public at large. Considering past FCC Chairs, Pai has been the most antagonistic to the public since the FCC's inception.
I think this is the biggest thing about Pai's tenure, his complete lack of care for the public. Every argument made thus far from Pai's FCC has been, "this will be good for business" and while I have yet to see that in effect, all of that aside, the public is mostly whom the chair should be acting in the interest for. Arguments should begin and end there and for goodness sake, shouldn't be the target of agitation in a public stage. We get it Pai, you believe everyone is an idiot who isn't you, but that happens in your home/your head. Openly acting out frustration is a clear sign that perhaps you weren't cut out for civil service.
And that is what I feel Pai will be most remembered for. Long after everyone here has turned to dust, Pai's name in FCC history will be mostly associated with what FCC Chairs ought not to do with respects to the citizens of this country. And that might not have registered with him or perhaps he is content/not caring with the tragedy of what it is, that the majority of his professional life can be summed up with whatever you do, don't do it like Ajit Pai. Even if it does win over whatever in business, which I highly doubt, simply his hostile treatment of those who criticizes him puts him into a ranking unlike any who have come before him, and perhaps any who comes after him.
I totally understand, but specifically this combo showing up as a false positive is going to be difficult to get legit users white listed and still have an effective anti-cheat. I do not envy Blizzard programmers at the moment.
Python 2.7. It needs to be EXACTLY 2.6
Yeah, just FYI Python 2.7 is in a way its own thing. Different from the 2.x and different from the 3.x series. 2.6 is a no holds barred pure 2.x whereas 2.7 is a mixture of 2.x and 3.x features. So if you want to compare point releases, best to try that with the 3.x series. Also, if you're using something that requires the 2.x series, you shouldn't use that unless it is absolutely critical with zero replacements.
You shouldn't have to. Every other language does some simple things to maintain backward compatibility in point releases (and mostly in major releases too).
Again see argument about 3.x, but yeah not every language does this. Java 8/9 transition breaks things. ASP.Net to ASP.Net core breaks things along the way. I'm interested in what languages you have in mind, because I know quite a few languages that do maintain backwards compatibility (ish). For example, C++ pre and post namespace breaks fstreams in programs, but compilers provide flags to override that, so it depends on what you mean by breaking. Does it count if the compiler by default breaks, but providing flags fixes it? Because if your definition means including flags break compatibility, then oooh boy are there a a shit ton of broken languages.
Also the fact that most languages use every day and have used for decades use braces for blocks means my eyes and mind are very much trained for that
Yeah, it's clear that you've never used a positional programming language. I guess it'll be a sign of my age, but buddy, program COBOL or RPG on punch cards and let me know about that curly brace issue you're having. Positional and indentation has been used way, way, way, longer than curly braces. That's not me knocking on the curly braces, I love my C/C++ folks out there! But I hate to tell you C and C-style is pretty recent in the timeline of all things computer.
They haven't indicated why that is. Part of me just feels they're shafting folks. Some of me wants to believe that they just didn't write any of the code to do cloud saves into these games. However, that last part gets me thinking, "well shit, that means they've tossed their API together at the last minute, that's not good.". Either way, par for the course for Nintendo.
"we dont break userland!!" shouts furious old man as he hurtles coffee at blue-screened airport flight departures display.
Well a kernel shouldn't break userland unless there's a very good reason to do so. As for the hurling of coffee, I cannot condone that behavior.
Other things she had started like the Major League Soccer team have gone through
Well I think the reason that stuck was because Jon Ingram had pored a lot into that. Pretty much if Frist, Ingram, or Smith (that's HCA, Ingram, and FedEx) say they want something, well they get it.
click-baiting business model adopted by the news-entertainment industry which has ruined their credibility
This might be me splitting hairs here, but I believe the word is integrity not credibility. Credibility typically is an adherence to fact, IBM is working on a system of facial recognition and the ACLU sees that as highly problematic. Integrity is typically an adherence to morals or standards. This media is attempting to sensationalize a thing that is mired in fear, of which newspapers should join in the fray per journalistic standards.
That's all I had to say, I know, just me getting wrapped up in minutia. Nothing wrong with your comment, just wanted to point out the difference between the two words, at least as I understand them. Sorry for the inconvenience.
From my original comment
Mozilla didn't want to encourage this style of "helping to make a standard". But yeah, pretty much the W3 has become more and more irrelevant for the web.
Now on to what you said...
Mozilla has just finished copying them
We're starting to get into the territory of the question that was asked way back in the 90s, "Who gets to make a standard on the web?" I don't think there's been any satisfactory answer to that question. Microsoft felt that the folks writing the web browsers back in the day were the ones who should have the most say in what "is" and what "isn't" a web standard. Mozilla, post Netscape, mostly wanted to stick strictly to W3 published standards. Google came aboard and pretty much was "Yeah! Open Standards!!". Fast forward to around 2016 and Google isn't so hip on waiting on W3 to standardize something. Firefox is starting to see the writing on the wall that standards don't mean much of anything, if no one is willing to follow them.
So that's where we are with Firefox. Mozilla is content to stick to W3 spec verbatim. Also smaller browser players see standards as good things. But of course, major players don't really want to have to wait on W3 to having meetings, have a vote, have a period for comment, etc just so that they can get their new shiny out the door.
So yeah, if Mozilla seemed a bit hesitant about implementation, it's because this isn't a standard and supporting it means supporting a non-standard web. I'm not sitting here trying to pass judgement, but it is for sure something to think about for a second. Do we want web browser makers to dictate the web standard or do we want a standards body to dictate it? There's not a right or wrong, it's just a different set of pros and cons. However, I feel that we're heading right back whence we came and we'll soon have sites that only work correctly because they use "Google HTML" and if you want a browser to actually work, you'll need one that is as close as possible to being compliant with "Google" spec. Much like how it once was with the "IE" web.
So yeah, what might have looked like a "let's copy Google" move, this was more in lines of Mozilla saying, "Hey Goolge! The W3 says nothing about this new type of fontworks you're doing! You are breaking the Internet with putting out non-standard HTML. *looks around industry* Oh I guess no one really cares. I guess we'll hold out. *waits a year, gets a few bugzilla reports demanding feature* Well I guess we'll have to cave on this one."
It's an extension to OpenType, which is a standard, that was developed by Apple, Microsoft, Adobe, and Google.
Just in case that wasn't clear. OpenType fonts are a standard file format. OpenType fonts are loosely based off Apple's TrueType font format. However, the variable size extension to OpenType is not a standard.
It's a Web Standard that Firefox now supports
Incorrect. Variable size OpenType isn't a standard at all. It's an extension to OpenType, which is a standard, that was developed by Apple, Microsoft, Adobe, and Google. Variable size OpenType allows a font file to give enough instructions on glyph construction, that the browsers can construct font sizes and styles that are not specified in the font file on the fly. Typically, when you specify a font size that isn't in your font cache, the web browser will use the largest font size and then scale upward to make do, fo rmissing styles, the browser just ignores it. This allows a web browser to take the instructions for how the font is built and build any size needed as opposed to scaling the fonts.
You can see this in action here. The CSS specifies an OpenType file and then goes on to specify styles and sizes that are not in the original file. Thus the browser dynamically builds the fonts according the specific instructions given on how to build those kinds of styles and sizes. Just as an example, you can see this line of code in the style attribute of one of the div tags.
style="font-variation-settings: 'size' 0, 'quad' 0, 'bevl' 0, 'oval' 0"
This allows those values "size", "quad", "bevl", and "oval" to be passed down to the font engine. Now those specific names "size"... are specific to how the font was created, the browser just takes those named values and passes it down to the font rendering engine. The font engine will know what to do with those named values because the font file specifies what those named values "do" to the font.
I believe that Firefox was sitting the fence on this technology since it has yet to become standard and Mozilla didn't want to encourage this style of "helping to make a standard". But yeah, pretty much the W3 has become more and more irrelevant for the web.
When the literally comment is...
A household of 3 persons in Germany uses over a year on average 4250 kWh. That is close to 11kWh per day. So you obviously could generate that yourself if you wanted
And I show how that's incorrect, that's not being pedantic, that's showing that the person's entire argument is false. If your argument is ABC and ABC is the main point of your argument, going over the math of ABC isn't fretting the small stuff, it's me going over ABC which person indicated was the main point of their argument.
Chrome surprised Firefox quickly too
I can assure you that Mozilla was not at all surprised by Chrome. If anything, many of those working the codebase at the time were worried because there wasn't any solid direction devs were being pushed in to compete with Chrome. But everyone saw the writing on the wall with Chrome coming out which is exactly what prompted the 3.0 to 3.5 jump and began the era of "toss literally everything at it" that eventually ended with Firefox 24.
users demanding their websites work on their iPhones
I don't think this could be underscored enough. People wanting the sites they visit to work on their iPhone drove a massive amount of standards adoption, killed XHTML 2.0, rushed HTML5 (even though it was too late), more than anything else previously did. However, apps have pretty much made standards a non-issue now.
The rest of your comment is spot on though.
Mostly it would be about getting a full JVM
Minecraft usually packs in a JVM. Since Jigsaw in Java 9 it's a lot easier to drop the pieces of the JVM that you don't need and then package a trimmer JVM into your executable. You just need a binary shim that loads the minimal JVM and then that JVM loads your program. So pretty much, if you are after a specific target, you don't need to get a full JVM implemented any more. That said, for the Chromebooks that support it, there's an Android Minecraft that can already be ran on Chromebooks with that whole Android on Chromebook thing that Google started a few years back.
But who wants to ride a bike at home after work for 4 hours to recharge the batteries ... that went down during work time.
Which part of this did you not comprehend?
The part where that doesn't mathematically add up. Three average people at best can generate 0.3 kW in an ideal conditions, which more than likely you use 0.5 kW per hour actually being home. You cannot charge a battery with -0.2 kW, that's what the negative sign means. It's like you don't understand math AND you don't understand the size of energy in 1 kW. A 100 W light bulb uses the entire stream of energy the everyday man can produce, and that's not even taking anything out for losses. Marathon bicyclers can maintain around 130 - 150 W an hour, but maybe the top 5% of the world's population can output 200 W for any measurable amount of time. So even the best that this planet has to offer cannot at best power two light bulbs for any measurable amount of time. But again, side stepping that.
No matter how hard a family of three pedals, they cannot in four hours even hope to produce anything over 20% the amount of power used during an eight hour period while they weren't home. Over the course of a year, you cannot provide any meaningful offset of power usage by cycling. It's like the difference in time of arrival by increasing speed by marginal percentage. Yes, if you are only five miles away from your destination, increasing your speed by 5 mph can have a noticeable percentage change in the overall time spent driving. However, if you are 1000 miles away, increasing your speed by 5 mph isn't going to even change the arrival time by any noticeable percentage of the entire duration. The numerator is vastly larger than the speed by orders of magnitude. The same is true for pedal power, humans produce so little power in pedal power compared to the vast amount of power they will use in one year.
Does that mean no one should do it? No, if that's what floats your boat, by all means. But goodness do not get on here and do "math" and try to prove your point when your math is worse than a fifth grader attempting the problem. Your final numbers are just straight up wrong. There's zero meaning in what you think has meaning. Your argument was non-existent from word "go".
A household of 3 persons in Germany uses over a year on average 4250 kWh. That is close to 11kWh per day. So you obviously could generate that yourself if you wanted ...
But who wants to ride a bike at home after work for 4 hours to recharge the batteries ... that went down during work time.
I am so angry at how bad your math is right now, I could spit acid. I want to take a math book with the word "average" highlighted and beat your damn head with it. Let me show you why.
11kWh per day. Okay, now take the sum of these numbers in kW. (0.34, 0.38, 0.39, 0.41, 0.42, 0.41, 0.43, 0.45, 0.51, 0.53, 0.59, 0.53, 0.52, 0.51, 0.53, 0.59, 0.48, 0.47, 0.47, 0.46, 0.46, 0.4, 0.36, 0.36). They add up to 11 kW, right? Also note there are 24 values, that's because that 11 kWh a day doesn't mean we use 0.46 kW every hour. It means over a 24 hour period we use what would on average add up to 11 kWh. That spread could be... (0.11, 0.13, 0.14, 0.41, 0.42, 0.43, 0.54, 0.53, 0.51, 0.53, 0.68, 0.71, 0.68, 0.67, 0.66, 0.67, 0.66, 0.57, 0.52, 0.53, 0.51, 0.11, 0.13, 0.15) Again, those add up to 11 kWh, but now we have really low times, but that has to be offset by really high times to get to the 11 kWh average you specified.
And we could change this spread however we like the point being is it has to come up to 11 kWh to hit your average per day. Which if you wanted to do this over a four hour period, like you said, you would need to pedal 2.75 kWh each hour, not the 0.46 watts you calculated, and 2.75 kWh could not be done by a family of three.
Please never pretend to do math ever again.
Skepticism is good.
You aren't wrong, but there is a point where skepticism turns to cynicism. Now that is not me calling any single person here as being a cynic. What it is me saying is that we all need to be careful to not let our well founded skepticism turn us into cynics. It's one of those things I too struggle with, trying to prevent myself from going full on, "everything Trump does is bad!". That's cynicism and it's not good intellectually.
Running for office triggers a different set of rules. Don't run for office if you want to pay off your mistresses.
I don't think this can be stated enough. When you run for political office the object is to keep things for the election fair and there's not a really good hard and fast rules about that so hence the reason it kind of goes to court if you dispute the FEC's idea of fair. Now that's not to say it's all a toss up, there are indeed straight up laws that say, "No you cannot accept money over this dollar amount from any one donor. No you cannot accept money of any amount from a foreign investor that has no vested stance in US politics (ie. foreign company that has an HQ here in the US vs does not have an HQ here in the US)" and so on. But ultimately the entire point is to keep things fair. As one would say, is the "spirit" of the law.
So that said, paying hush money to keep a scandal from hitting the newspaper, is one of those things that: A. We don't have a hard rule that says that you cannot do that. B. Does raise the question as to how many people might not have voted for him had they found out about the affair. So that's going to be one of those things that a judge would need to rule on IF the FEC wanted to bring a case up about it. The funds might have indeed come from Trump's own pocket, but it does seem like it would beg the question of, "did that payment affect the election in some manner?" Maybe not, maybe so, but that's up for the FEC to determine if they want to ask a judge that question or not.
However, that brings me to my point here. One, we don't know for sure if Trump paid personally for the hush money or used campaign funds, but there's clearly enough worry there that I'm sure a court would allow the subpoena of records to double check that. But that matter aside, even if it was paid for by personal funds, did the action sway voters, in essence, did it make the election unfair? And it's important that people going into the argument remember this, that paying hush money when running for office, you have to ensure that you maintain oneself in a manner to ensure that the election is conducted fairly. So the other person mentioned John Edwards and that's actually good because it brings in how difficult it is to test this "did it change the election results?" question. It ought to be a difficult question to test in court because there's so much that goes behind an election, it's incredibly difficult to point to one event and say, "yes, that one thing tipped the balance" unless, of course, it's a massive brouhaha that would have rightly changed the election results.
So long story short, elections are supposed to be fair and there's things that aren't explicitly illegal that can make elections unfair. It's up to the FEC to take those things and bring them before a judge to weigh in on if that thing done did indeed make the election unfair. It's got a super high bar for the standard, as it should since elections are complex beast in of themselves. But the original question, "is it illegal to to pay hush money while running for office?" Doesn't have a clear answer since there isn't a law that explicitly states that, so it's a case by case kind of thing. But if you don't want to be needlessly investigated, it's best that you either don't make a payment and let the story hit or you do make a payment and then file the paperwork. Or you could go the third rail option here and just not be morally corrupt. There's not a law stating that you need to have any kind of moral compass when in office, but dang if it doesn't make a convincing case for your reelection or ousting in 2020. Just saying.
If they kill of Live Bookmarks I will die.
They are killing that off too. The code hasn't been maintained in almost a decade and is a super great way to crash your browser for feeds that are using mixed media DTD models. No one stepped up in the last round to want to fix it, so it's getting chopped. Also, it's horrible code, my only guess is that the group that had wrote it, do so in a single night of Red Bull fueled rage.
Perhaps the claim is that Firefox is irrelevant precisely because it "does not have a presence on phones or tablets."
It does have a mobile browser, however it is horribly crippled by Android. Grab FF mobile, head over to Google, Google's website actively switches you to a pretty crappy site if using anything other than Chrome on Android. Google image search is literally a pain for no good reason on FF mobile. Changing the user agent fixes everything wrong with Google, but then you're just reporting that you're Chrome on Android. It's not just a little, Android goes out of its way to be hostile to other web browsers.
Chrome has top position because of mobile, and it's top in mobile because it actively nixes any attempt by others to use Google's services. And that nixing is pretty darn good at keeping others at bay with how deeply woven Google is in pretty much every website on the planet.
That's a long comment to say "things have changed at FF and not for the better".
Depends on your definition of better. The code base is a lot cleaner and a lot of the underlying components no longer have crazy interactions with each other. They aren't quite to the point of easily being replaced in and out (loosely coupled) but they are a whole hell of a lot simpler to make changes in one without completely breaking the others. I'll side step multiple threads and what not. But compared to where the code base was, the browser's code is a whole hell of a lot better.
The browser is larger than before, slower than before
I don't know what you mean in size, pure size, RAM usage?? I'm going to go with RAM since that usually what most people point a finger to. Memory usage is an issue in all browsers, and that's not an excuse. However, memory issues have plagued Firefox for quite some time now, here's one example for starters. RAM usage in browsers is a complex topic that's not just a "Mozilla, Google, Microsoft" changed something and now everything breaks. Browsers are being asked very complex things by JavaScript frameworks, video decoding, complex style sheets, web fonts, and so on. I'll say, I don't have a clear answer for you on that. The web is increasing in complexity and pretty much a Browsers is being asked to be a small self contained VM. Firefox specifically has had to make shifts in what to prioritize for what goes on in the browser. So at one point there was a massive outcry of freezing and slowness, trade off for dealing with that to some extent is more RAM usage. There's a balance to be struck for sure, but even all high and mighty Google engineers have yet to really tackle that well. I will say this, that Palemoon has off and on change with this. Some releases will focus on CPU enhancements and other will focus on RAM enhancements and you can tell which one is which by looking at htop. The web is astoundingly complex and perhaps it shouldn't be that way, or maybe it should be that way and browser devs have just yet to crack a meaningful balance between CPU/memory. As for the slower than before, I've not noticed that, but it really depends on your setup. Again, that has a lot to do with, "can the browser offload tasks to something else?" Which it's still insane to me that we've gotten to a point where webpages are so complex that we need to have offloading workers, but I guess I'm just an old fart.
has less useful extenstions[sic]
Yeah, you might want to read the article you are posting to for that. Devs can do one of two things. One, go ahead hack together an API for that and watch as it is slowly abused to death and we go right back to bad code in the code base. Two, actually put together a well thought out API and stress test it over time to develop a model that is one that will work well without a million hacks. By all means, if there's some contribution you'd like to add, the devs are all ears. But by no means, should the devs hack something together, just so your purple hug bear bar multi-tab manager addon will work. Want to speed that process up? Feel free to send anyone worth their salt who won't duct-tape their API up to make it work over.
has less configuration options exposed
Fun thing, Chrome has a ton of options exposed. Number one complaint I hear from that team is the fact they had to implement a search bar for the configuration since there are so many dang options. Is there a balance? Oh you betcha! No arguments there, but it's literally, "you will always be burned by someone" type thing. about:config and just deal. If there's something you really, really want to see. Put it up on Bugzilla, make a strong argument for it. I'm not saying you are wrong on this, but it's just a such a touchy thing that devs really want a strong argument for
Is there a mechanism in place to ensure no malware makes it into Firefox add-ons that are published on the Mozilla site?
I think that's akin to asking the question, is there a mechanism in place to ensure that some random source tree on GitHub isn't just malware? Other than having people look over the code, the answer is no. Mozilla switched up dev priorities and theres a handful of extra devs now that can review addons. However, I would suggest that if you are going to install an addon, to review the source of it. Outside that, YMMV between 0% stopped and 99% stopped. Addons aren't good in a security context, if you place a high value on security, then you might not want to use addons for any browser/randomly clone some branch of code from GitHub/randomly install some piece of a software on your system.
Cuz, you know, the new stuff is definitely secure and this is just an illusion,
The old system was removed because:
One, the old system no one wanted to maintain it. Hard to keep a system secure when literally zero people want to work on it, Palemoon has some of the relics from the old system which means a lot of your addons should work there, but be warned that even they haven't kept 100% the old ways because...
Two, the old system sucked really bad. The old addon system is crap because it required way more tightly coupled pieces then should ever be needed. Yes, it was bad code, that should be said, Mozilla in the early days shipped bad code. By the time FF24 ESR came around, folks saw it as a good time to start breaking away from the old bad code because...
Three, you couldn't please everyone and new features took forever. All that super tightly coupled code meant that as soon as you changed that over there, person C's addon would break, fix it, and now person R over there has a broken issue related to feature ABC, fix that an now person Q is complaining about devs breaking feature XYZ. This was literally the norm with addons all of the time Bad code meant that the entire base was fragile and making sure addons worked between versions was becoming a nightmare, not only for FF devs but also for addon devs. Addon devs would just ask FF devs to just fix things and that led to...
Four, at some point the FF devs said screw fixing this crap. Palemoon devs I guess are more apt to fix old code than the FF devs were, but basically the FF devs looked at the task at hand and just said screw it. With no one else wanting to jump on board, they began putting together what would become the next version of FF.
Now here's the thing. These plugins were sipping data under the old system and they went undetected because the FF devs are busy trying to fix ABC that multitab dev over there is crying about. Now that the FF devs don't have to worry about that crap, yeah, they've got more time to carefully look at addons to see what's going on within. Addon security is indeed there, but only to a point. Addons aren't going to start grabbing files outside the sandbox and sending them to remote host, at least as far as anyone knows at the moment but bugs happen all the time. But all addons, even the old system, allowed your current URL request to be sent to remote host. If you use Palemoon, Chrome, Edge, or whatever, pretty much all addon systems allow to some degree the ability to ship your current URL to the addon for additional processing. The only way they can be made secure is to have eyeballs on the addons or if you just don't use addons at all, but you will not ever have an addon system that doesn't give the URL to the addon and trust them to not be malicious with it, unless you/yourself write said system. At some point, the end user needs to educate themselves about what the heck they're doing on their system. All addon systems are leaks of your data within your browser's sandbox. Using addons opens you up to a lot. If that's not kosher with you, then you ought not to use addons.