Only if your issue fits in a small number of categories and you live in the right country. Issues like "I live on a street that has been there for five years, but you still think it's non-existent" apparently don't qualify as needing correction.
Because everyone has perfect sight, wants the same size browser window as the developer, browses at 100% zoom level, with the same fonts, on the same screen resolution, with the same sub-pixel rendering, right? Sure, we're all machines.
Those silly users with their 4K screens should just set them all to 1366x768 like the crappiest notebook LCDs! Jaggies forever! Screw mobile users, damn hipsters can get stuffed.
You're right. Fuck screen readers, accessibility, personalization and anyone with even the slightest disability (colourblind? Sure, we've got burnt umber on light green for you!). Because the designer's view of perfection is what everyone should see, dammit, even if they can't read a word. Design over function.
Of course, if you're being sarcastic, then sure. But you might want to make it more obvious.
They're not that non-standard. Lots of them are USB3 nowadays, and the prices aren't THAT insane (e.g. $100-$300 depending what you need).
I've had a comparable one for my notebook and work notebook, it's two cables to be up and working with the high-res screen, mouse, keyboard, anything else USB and a GbE. It's almost easier than a model-specific dock because you don't have to work out where the locating pins go (but you do need to deal with the 4-dimensional USB connector). It's a short step from that to USB 3.1 single cable, with the dock delivering power and connectivity, and I fully expect Targus or their ilk to produce a "one size for all" - an adapter for the notebook power into the dock, and a single USB to the notebook.
Then where, exactly, should the information be provided? Does each product need to come with a paper leaflet? Do you assume all consumers have ubiquitous Internet access such that they can hit the company website to see what's in a product? Or should they all register all product recipes with a central government agency? In my experience if a company isn't forced to toe the line like this, the ingredients will be listed on the back of a tomato sauce sachet in 1pt yellow on white type, which can be found "on display in the the cellar, in the bottom of a locked filing cabinet, stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard." [Douglas Adams, paraphrased].
It's called LetsEncrypt. You only have to turn over appropriate access to your server to client software (even though to trust it you'd have to review the code or write it yourself). And your web server has to be able to access the LE servers, so you (currently at least) have to permit outbound access from a device providing the website (there are larger configs where you could mitigate that somewhat but this is the simple case).
The client hits the LE servers, gets a string to write to a server-specified location (/.well-known/acme-challenge/URI). Oh, and that retrieval by LE is done over HTTP, so there's NO chance that could ever be subverted.
And because we need to ~double the amount of data used by all the hamster forums, cat videos and aircraft curation guides, especially when a lot of the world's users are on slow or data-limited connections?
Look. I get that it's good to ensure that there's no injected content, and that you know you're connected to the site you want - but that's only true for 1% of the population. The rest of the world wouldn't know the difference between https://www.example.com/member... and https://www.example.com.member.... Both "secure" because they're HTTPS, right?
Factor in all the browsers deciding that privately-signed sites are worse than plain http, that no-one needs to actually SEE the protocol, or the URL, that all the certs are issued by a cabal of companies who just see the benefit of charging for a NUMBER, but barely doing validation... but sure. "Adding security". Right.
That's a ~95% solved problem and has been for decades. Room key on thick plastic block, block goes in a cradle inside the door, activating power to the room. Pull the key to leave and everything goes off.
Worked in the 90's at least when I started traveling for work, and it wasn't just in big city hotels then. Perspex blocks don't have to be smudge-free, don't need extra power of their own, won't break down, are significantly cheaper, can't be trivially hacked to screw with every other room in the hotel - no this is a solution looking for a problem.
This is why no-one trusts the media. I doubt even the most fervent anti-CC campaigner believes this to be true. And while I don't think climate change itself is a hoax, I'm far less convinced that it's a death sentence (e.g. as far as I know we've had higher levels of CO2 in the atmosphere in the past without all life dying).
Is this like the other Meraki stuff where you have to pay Cisco licensing each year to be able to continue to use and manage the hardware (without paying the license it's a brick)? If so it may not be the best solution (also consider - to manage the device you have to have it connected to the cloud, so if that connection goes away or gets flakey, you're SOL).
Plus you have the delightful experience of buying new hardware rather than continuing to use existing stuff if you don't want to pay the danegeld any more.
For those reasons I can't recommend Meraki kit (unless I'm wrong and it's changed) - try the Ubiquiti or Microtik kit instead, or Sophos Home Edition, or frankly anything else that doesn't have continuing payment requirements.
Because this is a direct outcome of configuring secure-by-default. It's there to stop people shooting themselves in the foot the first time they try. Don't like it? Try one of the FIFTEEN WAYS you can run a powershell script without requiring a policy change.
And why should developers and other companies "benefit from Java API's good design with $0 license payment"? That's exactly why Oracle are introducing their Licensed Java Developer program. For only $10,000 per annum, you can be certified to write code that uses the Java API. If you're writing for a company, that company will need to be part of the Licensed Java Application program too, at $25,000 per annum. Extra programs can be brought under the same company umbrella for just $5,000 each. Please note that this program only covers internal applications used by staff, and interested organisations should ensure they comply with the Licensed Java User and Licensed Java Non-Staff User agreements. Applications and code delivered over the Internet will require the organisation owning the code to comply with the terms of the Licensed Java Internet Application agreement, and pay the annual $100,000 fee to Oracle.
You might need a few <sarcasm> tags there, but I do wonder how far Oracle will try to push this.
The next problem though is this. If the Java API is copyrighted, then _any_ API must also be copyrighted. Thus the following are also all copyrighted works which you can't use without the owner's permission:
* int main (int argc, char**argv)
* int swap (int a, int b)
* Any C/C++ header file
* Any object hierarchy, containing at least one class, method or property
You.can't specify a level of complexity (it will be gamed) so you cannot avoid even the simplest "API"s from being copyrighted. It's not quite "the end of the world" but it's a pretty good attempt.
No, unless it is or can be economically comparable to costs at the time it is commercially available, it's next to useless. You seem to have forgotten inflation, price gouging, increases in demand from consumers etc.
You're suggesting that if it's commercially available in (say) 10 years, and approximately a 1:1 direct replacement for fossil diesel, it has to sell for about $2.80 a gallon (at today's prices from some presumably US site called "Daily Fuel Gauge Report"), even if fossil diesel is selling for $6.00 a gallon. That's illogical.
Imagine you have a power supply with a 0V ground, a +5V supply and a +12V supply.
Now connect a resistive load with the input lead on +12V and the ground lead on +5V. You now have a +7V delta and are treating the +5V supply line as if it were ground.
Often done in building PCs to be quieter (as the fans move less air, but are significantly quieter).
Yes, OK, somehow it's Microsoft's fault that the web developers completely failed to produce a site that works in real IE. So by that logic, it is also Mozilla's fault that Firefox doesn't work, and Google's fault that Chrome doesn't? Of course not. You just wanted an excuse to play in the big boy pool didn't you? "See, I'm just like you popular kids and I fit in because I'm copying your behaviour, two seconds after you do it".
Where's your browser, AC? Which browser deployed across millions of PCs did you write? And why won't you take responsibility for it failing to work with this site? And why do you and Google and Mozilla and Microsoft keep disagreeing on the way the box model works, and where the lines go, and what spacing is what? Oh, because the spec is ambiguous you say? Still must be your fault then!
I'm all for bashing Microsoft when they do stupid stuff. But if you want to be effective, wait until it's actually their fault.
Meanwhile here in AU, it's quite common to see dual-sided speed signs. The "front" has the normal road speed (which might be 110km/h - around 70mph). The "back" has a roadworks speed limit of 40km/h (25mph). Watch for shenanigans as the Ford sees the wrong sign on the wrong side of the road (not uncommon either) and suddenly decides the road is 1/3 of the normal speed.
Generally they break (or crack) or gradually turn from transparent to white translucent (normally called "cloudy"). Either way, you learn not to do that.
No, they actually usually mean LPG. I think it's only the US that conflates these terms (IME most other countries call the liquid fuels for vehicles "petrol" and "diesel"). In a gas attack, the criminals generally bring along a compressed cylinder of LPG - open the valve and the pressure causes the flammable and explosive gas to be expelled, into the air vents of the ATM. Add sparks and boom.
None of these protect against a volume-oriented DDoS. Many are DoS only (single / few sources) and do not apply when every IP on the Internet appears to be sending thousands of requests, or more likely, responses. Further, you've completely ignored spoofing of addresses combined with amplification attacks (send out a 64 byte DNS request pretending to be the DDoS target, get 4kB sent to the target). Finally, regardless of the 50-100Gbps pipes MS, Sony and Amazon no doubt have, they're useless when there's 1Tbps of amplified crap directed down the pipes. With the example above, you'd only need about 4Gbps of bandwidth total (40 cheap VPS on "100Mbps" connections) to generate 256Gbps of DDoS.
When 256Gbps of rubbish arrives at your servers or firewalls... registry settings and kernel tweaks do jack (note that CloudFlare was hit 11 months ago with more than 400Gbps of DDoS, so this is not implausible!)
And since it seems it was apk I'm replying to... I'm actually half surprised you didn't try to claim that a HOSTS file would magically help.
But would you also take JUST Fox News for $20 a month, with no other channels, or Fox + 20 channels of crap for $10 a month? Because that's the type of "offer" the content networks generally make.
Buddy, you can get a certificate for less than FIVE US dollars per year. Is that too much for you?
Actually yes, frankly it is. Because according to Google's overpaid, brain-dead Chrome developers, I need one for the KVM, one for each of the management cards in the servers, one for each of the appliances I have (from DVRs to firewalls etc), one for each little device with a web server (assuming it even supports writing a certificate to storage, and config for HTTPS), one for each workstation or server with an app or config UI. Quick count for my house alone... 47 certs excluding the devices that quite literally have NO way to store and use a cert. I simplified too by assuming the devices supporting certs can handle SHA256 (thanks Google for THAT little recent shitfight). And the certs don't support SANs nor do CAs allow local names, so I have to use the correct FQDN all the time now (no more http://dvr/ or typing the IP - now it's https://dvr.private.example.co...). And what have I gained? I've had to spend $230+ and several hours of work to avoid irrelevant anti-sec warnings, on devices no-one can get to except me. It's bulldust.
And that adequately reflects the rest of the world how? I have customers with multiple 5Mbps connections (literally the best they can get, there IS NO FIBER) at $400/month. They have dozens of users, 10-100MB files to send and receive, every day, and therefore a local caching proxy is the only way they can get any reasonable web access at all. But go on believing the rest of the world is like your little Utopia.
No - this problem is solved with SNI (Server Name Indication) which is part of all the current browsers, and has been for a while now. The client tells the server which certificate to return (which hostname it's going to ask for) in plaintext. There's probably a module you need for Apache to support this - IIS finally does it natively, so I'm sure it was already there in Apache/nginx.
Slashdot Mirror
Only if your issue fits in a small number of categories and you live in the right country. Issues like "I live on a street that has been there for five years, but you still think it's non-existent" apparently don't qualify as needing correction.
Because everyone has perfect sight, wants the same size browser window as the developer, browses at 100% zoom level, with the same fonts, on the same screen resolution, with the same sub-pixel rendering, right? Sure, we're all machines.
Those silly users with their 4K screens should just set them all to 1366x768 like the crappiest notebook LCDs! Jaggies forever! Screw mobile users, damn hipsters can get stuffed.
You're right. Fuck screen readers, accessibility, personalization and anyone with even the slightest disability (colourblind? Sure, we've got burnt umber on light green for you!). Because the designer's view of perfection is what everyone should see, dammit, even if they can't read a word. Design over function.
Of course, if you're being sarcastic, then sure. But you might want to make it more obvious.
Wow, you're optimistic. I figured about 3 minutes.
They're not that non-standard. Lots of them are USB3 nowadays, and the prices aren't THAT insane (e.g. $100-$300 depending what you need).
I've had a comparable one for my notebook and work notebook, it's two cables to be up and working with the high-res screen, mouse, keyboard, anything else USB and a GbE. It's almost easier than a model-specific dock because you don't have to work out where the locating pins go (but you do need to deal with the 4-dimensional USB connector). It's a short step from that to USB 3.1 single cable, with the dock delivering power and connectivity, and I fully expect Targus or their ilk to produce a "one size for all" - an adapter for the notebook power into the dock, and a single USB to the notebook.
Then where, exactly, should the information be provided? Does each product need to come with a paper leaflet? Do you assume all consumers have ubiquitous Internet access such that they can hit the company website to see what's in a product? Or should they all register all product recipes with a central government agency? In my experience if a company isn't forced to toe the line like this, the ingredients will be listed on the back of a tomato sauce sachet in 1pt yellow on white type, which can be found "on display in the the cellar, in the bottom of a locked filing cabinet, stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard." [Douglas Adams, paraphrased].
It's called LetsEncrypt. You only have to turn over appropriate access to your server to client software (even though to trust it you'd have to review the code or write it yourself). And your web server has to be able to access the LE servers, so you (currently at least) have to permit outbound access from a device providing the website (there are larger configs where you could mitigate that somewhat but this is the simple case).
The client hits the LE servers, gets a string to write to a server-specified location (/.well-known/acme-challenge/URI). Oh, and that retrieval by LE is done over HTTP, so there's NO chance that could ever be subverted.
And because we need to ~double the amount of data used by all the hamster forums, cat videos and aircraft curation guides, especially when a lot of the world's users are on slow or data-limited connections?
Look. I get that it's good to ensure that there's no injected content, and that you know you're connected to the site you want - but that's only true for 1% of the population. The rest of the world wouldn't know the difference between https://www.example.com/member... and https://www.example.com.member.... Both "secure" because they're HTTPS, right?
Factor in all the browsers deciding that privately-signed sites are worse than plain http, that no-one needs to actually SEE the protocol, or the URL, that all the certs are issued by a cabal of companies who just see the benefit of charging for a NUMBER, but barely doing validation ... but sure. "Adding security". Right.
That's a ~95% solved problem and has been for decades. Room key on thick plastic block, block goes in a cradle inside the door, activating power to the room. Pull the key to leave and everything goes off.
Worked in the 90's at least when I started traveling for work, and it wasn't just in big city hotels then. Perspex blocks don't have to be smudge-free, don't need extra power of their own, won't break down, are significantly cheaper, can't be trivially hacked to screw with every other room in the hotel - no this is a solution looking for a problem.
Just ... 24/7/52.
Can I select which day (annually) during which I'm excluded from surveillance?
This is why no-one trusts the media. I doubt even the most fervent anti-CC campaigner believes this to be true. And while I don't think climate change itself is a hoax, I'm far less convinced that it's a death sentence (e.g. as far as I know we've had higher levels of CO2 in the atmosphere in the past without all life dying).
Is this like the other Meraki stuff where you have to pay Cisco licensing each year to be able to continue to use and manage the hardware (without paying the license it's a brick)? If so it may not be the best solution (also consider - to manage the device you have to have it connected to the cloud, so if that connection goes away or gets flakey, you're SOL).
Plus you have the delightful experience of buying new hardware rather than continuing to use existing stuff if you don't want to pay the danegeld any more.
For those reasons I can't recommend Meraki kit (unless I'm wrong and it's changed) - try the Ubiquiti or Microtik kit instead, or Sophos Home Edition, or frankly anything else that doesn't have continuing payment requirements.
Because this is a direct outcome of configuring secure-by-default. It's there to stop people shooting themselves in the foot the first time they try. Don't like it? Try one of the FIFTEEN WAYS you can run a powershell script without requiring a policy change.
I personally prefer #9 but YMMV.
And why should developers and other companies "benefit from Java API's good design with $0 license payment"? That's exactly why Oracle are introducing their Licensed Java Developer program. For only $10,000 per annum, you can be certified to write code that uses the Java API. If you're writing for a company, that company will need to be part of the Licensed Java Application program too, at $25,000 per annum. Extra programs can be brought under the same company umbrella for just $5,000 each. Please note that this program only covers internal applications used by staff, and interested organisations should ensure they comply with the Licensed Java User and Licensed Java Non-Staff User agreements. Applications and code delivered over the Internet will require the organisation owning the code to comply with the terms of the Licensed Java Internet Application agreement, and pay the annual $100,000 fee to Oracle.
You might need a few <sarcasm> tags there, but I do wonder how far Oracle will try to push this.
The next problem though is this. If the Java API is copyrighted, then _any_ API must also be copyrighted. Thus the following are also all copyrighted works which you can't use without the owner's permission:
You.can't specify a level of complexity (it will be gamed) so you cannot avoid even the simplest "API"s from being copyrighted. It's not quite "the end of the world" but it's a pretty good attempt.
No, unless it is or can be economically comparable to costs at the time it is commercially available, it's next to useless. You seem to have forgotten inflation, price gouging, increases in demand from consumers etc.
You're suggesting that if it's commercially available in (say) 10 years, and approximately a 1:1 direct replacement for fossil diesel, it has to sell for about $2.80 a gallon (at today's prices from some presumably US site called "Daily Fuel Gauge Report"), even if fossil diesel is selling for $6.00 a gallon. That's illogical.
Imagine you have a power supply with a 0V ground, a +5V supply and a +12V supply.
Now connect a resistive load with the input lead on +12V and the ground lead on +5V. You now have a +7V delta and are treating the +5V supply line as if it were ground.
Often done in building PCs to be quieter (as the fans move less air, but are significantly quieter).
Yes, OK, somehow it's Microsoft's fault that the web developers completely failed to produce a site that works in real IE. So by that logic, it is also Mozilla's fault that Firefox doesn't work, and Google's fault that Chrome doesn't? Of course not. You just wanted an excuse to play in the big boy pool didn't you? "See, I'm just like you popular kids and I fit in because I'm copying your behaviour, two seconds after you do it".
Where's your browser, AC? Which browser deployed across millions of PCs did you write? And why won't you take responsibility for it failing to work with this site? And why do you and Google and Mozilla and Microsoft keep disagreeing on the way the box model works, and where the lines go, and what spacing is what? Oh, because the spec is ambiguous you say? Still must be your fault then!
I'm all for bashing Microsoft when they do stupid stuff. But if you want to be effective, wait until it's actually their fault.
Meanwhile here in AU, it's quite common to see dual-sided speed signs. The "front" has the normal road speed (which might be 110km/h - around 70mph). The "back" has a roadworks speed limit of 40km/h (25mph). Watch for shenanigans as the Ford sees the wrong sign on the wrong side of the road (not uncommon either) and suddenly decides the road is 1/3 of the normal speed.
Generally they break (or crack) or gradually turn from transparent to white translucent (normally called "cloudy"). Either way, you learn not to do that.
No, they actually usually mean LPG. I think it's only the US that conflates these terms (IME most other countries call the liquid fuels for vehicles "petrol" and "diesel"). In a gas attack, the criminals generally bring along a compressed cylinder of LPG - open the valve and the pressure causes the flammable and explosive gas to be expelled, into the air vents of the ATM. Add sparks and boom.
Noticing does not mean we care :).
Karma -= 100...
None of these protect against a volume-oriented DDoS. Many are DoS only (single / few sources) and do not apply when every IP on the Internet appears to be sending thousands of requests, or more likely, responses. Further, you've completely ignored spoofing of addresses combined with amplification attacks (send out a 64 byte DNS request pretending to be the DDoS target, get 4kB sent to the target). Finally, regardless of the 50-100Gbps pipes MS, Sony and Amazon no doubt have, they're useless when there's 1Tbps of amplified crap directed down the pipes. With the example above, you'd only need about 4Gbps of bandwidth total (40 cheap VPS on "100Mbps" connections) to generate 256Gbps of DDoS.
When 256Gbps of rubbish arrives at your servers or firewalls ... registry settings and kernel tweaks do jack (note that CloudFlare was hit 11 months ago with more than 400Gbps of DDoS, so this is not implausible!)
And since it seems it was apk I'm replying to ... I'm actually half surprised you didn't try to claim that a HOSTS file would magically help.
But would you also take JUST Fox News for $20 a month, with no other channels, or Fox + 20 channels of crap for $10 a month? Because that's the type of "offer" the content networks generally make.
Buddy, you can get a certificate for less than FIVE US dollars per year. Is that too much for you?
Actually yes, frankly it is. Because according to Google's overpaid, brain-dead Chrome developers, I need one for the KVM, one for each of the management cards in the servers, one for each of the appliances I have (from DVRs to firewalls etc), one for each little device with a web server (assuming it even supports writing a certificate to storage, and config for HTTPS), one for each workstation or server with an app or config UI. Quick count for my house alone ... 47 certs excluding the devices that quite literally have NO way to store and use a cert. I simplified too by assuming the devices supporting certs can handle SHA256 (thanks Google for THAT little recent shitfight). And the certs don't support SANs nor do CAs allow local names, so I have to use the correct FQDN all the time now (no more http://dvr/ or typing the IP - now it's https://dvr.private.example.co...). And what have I gained? I've had to spend $230+ and several hours of work to avoid irrelevant anti-sec warnings, on devices no-one can get to except me. It's bulldust.
And that adequately reflects the rest of the world how? I have customers with multiple 5Mbps connections (literally the best they can get, there IS NO FIBER) at $400/month. They have dozens of users, 10-100MB files to send and receive, every day, and therefore a local caching proxy is the only way they can get any reasonable web access at all. But go on believing the rest of the world is like your little Utopia.
No - this problem is solved with SNI (Server Name Indication) which is part of all the current browsers, and has been for a while now. The client tells the server which certificate to return (which hostname it's going to ask for) in plaintext. There's probably a module you need for Apache to support this - IIS finally does it natively, so I'm sure it was already there in Apache/nginx.