For those not familiar with U.S. Federal budgeting, the President traditionally submits a budget proposal every year. There is no legal requirement to do so, but it has been done since the first President. The budget submitted has no legal significance at all and is sometimes simply ignored by the House of Representatives. The Constitution requires all legislation related to authorization and appropriation must originate with the House. Once approved by the House, it moves to the Senate. They may amend the legislation and, once both houses approve, it is then sent to the President for signature or veto. This is the first and only legal involvement of the President. If vetoed, it may still be approved if 2/3 of both houses agree to do so.
Both sides of this current sad parody of a government of statesmen blame the other for everything including things over which they have no control. Neither side is willing to compromise in any meaningful way and even auto commercials claim that only the weak ever compromise.
I agree with all of the issues with any disclosure of the private key except the first amendment issue. The first amendment protects an individual's right to say what he or she wants (with certain exceptions). It has nothing to say about forced disclosure of information. That comes under the fourth and fifth amendments. In this case it would not seem that the fifth is really applicable as there seems no way that this could incriminate Apple or any Apple employee, so it's the fourth that needs to be considered, There is a LOT of case law and IANAL, so I won't speak to it.
More significantly is the perception of the capabilities of the FBI's computer experts. I can assure you that they have talented people more that capable of finding the code that counts login failures and NOT calling the routine to reset the phone. They could probably build an iOS version that completely skipped the need to login, at least on a 5C which I believe lacks some of the hardware that enforces security policy in 6 and later phones.
In the end, the signing key is really the ultimate issue. It is literally the key to the kingdom and to all of the data on every iPhone and iPad.
This capability is not one Apple came up with. It has long been a capability of FreeBSD and probably other BSD systems. It can be overridden if you know what you are doing, but it is an added safety belt to save you from yourself.
As someone who WAS there, working with the security community dealing with the Morris work in 1988 and the WANK worm shortly after and as the author of the first detailed analysis of WANK (Worms Against Nuclear Killers) while at Lawrence Livermore National Laboratory, I was there when the term "cracker" was born. I can credit folks like Russell Brand (not THAT Russell Brand) with the creation of the term.
This was before the commercial Internet, before TCP/IP, and in a day when no one thought twice about having an open "guest" account on a system because computer security was not an issue. People who played around with computer code and modified system kernels, as opposed to those designing or writing them, were referred to as "hackers". We were professionals who did custom modifications to software and wrote tools to analyze them. At the time I had licensed access to the source code for a variety of systems of that day including AT&T Unix, RSX-11M, IAS, and VMS. Things like custom system calls, an un-delete command, code to allow a co-processor (FPS AP-120B) to directly access a computer's file system. These were what I was paid to do and I, like many I worked with.I called myself a hacker. I hacked code.
When the first transmittable worms, viruses, and trojans appeared, the people who wrote them were also "hackers", but those of us who hacked code legitimately didn't much care to be lumped in with the bad guys, so the term "cracker" was devised. It never really caught on. To most people, hackers are bad guys. It's unfortunate, but the horse has left the barn, and is now dead and continues to be beaten to a rotten pulp.
To this day, in the developer community the term "hacker" retains its original meaning, It's someone who hacks code, often to fix or work around limitations or bugs or to add new functionality. They still hold "hackathons" to work as a group on resolving very complex issues in open source projects and understand what "hacker" means in that context and just live with the fact that the general public has a slightly different idea of whet the word means.
A few years ago, Verizon employed some to the best people in the best people in the world to handle network and routing security. They were very responsive to reports of address hijacking and related issues. Those folks have all left Verizon since they bought UUnet, though the rush for the door didn't start until about 4 years ago.
This all happened about the time I left the operational world and started moving into retirement, so I don't know the people who replaced them, but I am sure that, if they were replaced at all, that the new people were not of the caliber of those who left.
As is often the case, network security seems to have been declared a low priority at Verizon. after all, it does not make them any money. Of course, if they become known for bad security, it could have an impact on the bottom line at some point.
These are not the sort of issues that most are concerned with, though they are legitimate. As far as spying goes, leased lines are no more immune from targeted attacks (specific wire taps) than any other connection, though they do avoid mass data collections (e.g. GCHQ data sweeps).
The point of the article is that common issues with "normal" networks such as congestion and data loss need magical networking. My point was that leased lines are not a solution to the general problems that are most likely to cause a remote surgery to fail and don't mitigate the most intractable issues that remote manipulation of vital or critical "things". Their only real benefit is eliminating congestion and a minor side benefit is keeping data away from mass surveillance.
FWIW, I have been involved network configuration for trans-continental physics experiments (San Diego control of New Jersey hardware) and am very aware of the issues. We had our own switched network, ESnet, running over leased lines with known and stable latency and used CoS capability to provide best possible connectivity, but all experiments were designed to be "fail safe" so that network disruption would not damage the equipment, though it could cause the experiment to fail.
Why would you think that a leased line is immune to noise and other sources of data loss? There is absolutely no physical difference in lines. Yes, there is no congestion, but that is far easier to deal with than line noise, cosmic rays and backhoes.
on a computer that filled a room and whose user interface had moving parts which could physically injure the careless.
OK, I must know. Exposed tape reels from before the cool vacuum chamber tape drives? Carelessly designed card punch or printer paper output path?
OK. In my youth (early 70s) I worked on a computer in which the logic was all carried in the doors. They swung open and, being full of vacuum tubes, probably weighed in at around 100 Kg. Get hit in the head by one of these and you might wake up next week (or you might not).
To turn on the computer, you had to open the door (see above as a risk to others), reach past the exposed + and - 100 VDC buses, grasp the rubber grip on the drum memory drive shaft with your right had and spin the drum. Then you immediately turned on the power (remember the exposed power buses) with the left hand. If you didn't spin the drive, the electric motor generated too much torque for the system to handle and you got to spend a half hour replacing the sheared pin in the link between the motor and the drive shaft. See how many ways you can get hurt just turning the monster on.
If you find this hard to believe, visit either the Smithsonian in D.C. or the Computer History Museum in Mt. View, CA and looked at the Bendix (or CDC) G15 computer from the 1950s. Both had G15s on exhibit last I knew.
This is just the case of one small computer from the dark ages. You could also look up the IBM Photostore (which stored high density data on film) or the Datacell (both IBM and CDC made similar ones) for examples of computer hardware that could seriously hurt you. And these don't touch the more common risks from IBM Hollerith card hardware.
You learned Photoshop first with no pre-suppositions of how to do things. You moved to GIMP and nothing was where you expected to find it. Exactly the problem I experiences with Photoshop. But I won't defend the GIMP design as it is really terrible. But that does not make Photoshop good.
I do find it interesting that you mention brush and pencil characteristics. I have to say that I had a terrible time with these when I first used Photoshop.
As a matter of clarification, I am NOT a graphics expert in any way. I use mostly Photoshop (four year old version) these days and I know how to do the things I need to do. I don't use large portions of its capabilities and this may have produced a different reaction than pros or serious graphics amateurs might have.
I'd say it's an all out war for worst design between GIMP and Photoshop. I really, really hate the design of both.
Many people complain about the GIMP, but I started there and then had to learn Photoshop. The only reason people complain about GIMP is that they learned to use Photoshop first.
Then again, Apple, who used to be king of very functional design has thrown that all away in the search for "clean" appearance... whether or not it is consistent or usable and Google (Android) seems determined to follow.
Three years ago the Donald tweeted "Ugly wind turbines have destroyed the entrance to Palm Springs, CA. These monstrosities are ruining landscapes all over the globe -- expensive and bad electric".
In a local TV interview he expanded on the tweet."The turbines are made in China for the most part and certainly outside the United States, but mostly in China. They are a bird killing machines, they kill birds,"
Current estimates are that windmill are the cause of 3 out of every 100,000 human-related bird deaths and are way, way below #1, windows (think "Trump Tower") and #2, domestic cats. As to the place of manufacture, at least those windmills are imported from the USA. Yes, Made in America. But the Donald has never been one to let facts interfere with a good sound byte.
When something bad happens, we normally look for the guilty party or at least a scapegoat. Now we get "was hidden". Who hid it? What individual inserted CISA into the budget bill? Why don't all the major news outlets say "Rep. Smith inserted CISA into the budget bill"?
"Those who love sausage and the law should never watch them being made."
I'm afraid I have seen that these things are often totally anonymous and untraceable. You see, when a law is passed by both houses, the two versions seldom are quite identical and the bill goes to a committee to iron out the differences. In "conference" lots of people who work for representatives from both houses work to incorporate changes agreed to, but they generate the actual wording that is voted on. They have been known to slip in something that some congress critter wants and, once the bill is approved by both houses, unless it is really significant or really bad, it's left alone.
At a place where I worked we were allocated a fair chunk of money that was expected to have gone to the NSF. It really ticked off some NSF folks we worked with, not to mention requiring us to re-start a project we had dropped with the certainty that it would not receive any funding the following year.
Embarrassing to say the least. We worked with our D.C. office to try to track it down, but we never could find out if someone thought that they were doing us a favor or trying to screw us. They did the latter.
As is all too common these days, both the summary and article are right, but the headline is wrong. Jeff Kell did not invent BITNET (Because It's Time NETwork or Because It's There NETwork). BITNET was developed in the early '80s by Ira Fuchs of CUNY and Greydon Freeman, Inc. of Yale. It was an early store and forward network based on IBM protocols.
Both the summary and article correctly credit Jeff with the invention of BITNET RELAY which was a predecessor of IRC. It was important, but was just a component of BITNET.
If governments urge you not use a specific type of encryption, then you know you are using it right.
Remember that the government warned against the use of DES a few years ago because it WAS open to attack, though it took a few month for the drtails to become widely known. If you use DES today, you KNOW that anyone can crack it, so the warning was exactly right.
I'd say that having its own port assignment speaks mostly to the project's age... back when getting a port assigned just required a quick note to Jon Postel.
In 1971 I took the required freshman Engineering slide rule class. Not too difficult as I had been using my father's K+E Log-log Duplex Decatrig for many years and my father had taught me many tricks to squeeze out one more significant digit. (I still have it.) Not only was it dropped from requirements, but it was not even taught the next year. I still think it was a bad idea.
I also took tube design (valve to you Brits) and I still think that what I learned there was invaluable even though I never worked on any tube circuit other than CRTs and Thyratrons.
Slide rules still catch errors that a calculator won't.
yes, you have to be hit with the stupid stick to get on a jury
Or maybe a lawyer does.
I was selected for a jury when my employer of 35 years was one of the defendants. I just assumed I'd be kicked by the plaintiff at once, but the lawyer in the lung cancer case (asbestos) said I was fine. I'd like to think I'd be unbiased, but...
The judge had more sense and met in chambers with the attorneys after which another juror and I were sent home. (The other juror had a close business relationship with a different defendant.)
I am a Comcast customer and everyone using their "home gateway" (most customers) are providing free, limited bandwidth access to other Internet customers who are within range. As I walk the dogs I find that I am almost continuously connecting to one house or another. Same when driving around. My phone checks for adequate performance when connecting, but hangs onto the connection even though throughput is about 10 bytes per second. and, even when the signal is lost, it takes about 20 seconds before giving up.
I am forced to turn off WiFi to listen to stream or even get a sports score update. Then I get home and forget to turn on the WiFi and THAT is when I waste a bunch of my data allowance.
As to not noticing the switch-over, streaming apps do have a noticeable "glitch" when moving from WiFi to LTE. It's quite likely that you would notice. The app has to detect the change, open a connection via the LTE address and start the new stream running before the buffer empties... when the low quality can only be detected until the buffer is already shrinking rapidly. There are several tricks apps can use to minimize the delay, but I have yet to find one that does the switch transparently on audio, let alone video.
I think you miss the point, With all the ad scripts in so many pages, it was taking many seconds for anything to render. Users complained to Google, Mozilla, Apple, etc about this. The web site running the ads also complained. No one was happy. The easiest way to make people happier (NOT happy) was to start displaying the rendered main page as soon as possible instead of waiting for all of the called JavaScript to be rendered. I believe Chrome was first, but I suspect others followed quickly when Chrome started picking up more users. It is probably universal by now. I only run Firefox and Chromium, so I can't say anything about others.
This changed the behavior in the manner you described with NO change to the website or the ads and is really unavoidable. There MAY be a way to override this, but most sites would never do this, as it would return the long delay before a page will start to be displayed. Too many users will just give up. A study by Yahoo about 5 yeas ago showed a significant decline of completed renderings of its pages if they took over 3 seconds to start displaying. That means real $$$. Sites could reduce ads, but that also costs $$$. Result... You lose.
I run NoScript which nicely resolves the issue as the advertising scripts appear to be rendered instantly, but the typical user would not put up with the issues NpScript causes.
This is not actually malicious, but an artifact of the rendering engines and the order in which they render things.
If they choose to wait for all of the external references to other JavaScript stuff and render when this is all processed, all pop-ups and other content will appear it their specified locations, but it often takes so long to do this, due to those ads, that some browsers are rendering as soon as the main script is processed and then "adjusting" positions or adding pop-ups late... often very late. Of course, it is possible that some designers are deliberately taking advantage of this.
This is quite likely a response to the many complaints of the delays before the page starts rendering by users and webmasters. On some things, you just can't win.
I'm seriously questioning why a university feels the need to have a Director of Climate Change Communication.
Hmm. From some comments (and threats) I've seen levelled at those who do climate research, it's probably a good idea. Silly mistakes and such could have very nasty results.
If this is running as part of regular Windows Update, I'm curious to know whether or not this is going to just start installing the update to windows 10 without asking the user at some point.
I made the mistake of allowing the installation of new Defender signatures yesterday and what should appear but "Windows 10 downloading"! Looks like updating anything will trigger the download. I was VERY annoyed.
Slashdot Mirror
For those not familiar with U.S. Federal budgeting, the President traditionally submits a budget proposal every year. There is no legal requirement to do so, but it has been done since the first President. The budget submitted has no legal significance at all and is sometimes simply ignored by the House of Representatives. The Constitution requires all legislation related to authorization and appropriation must originate with the House. Once approved by the House, it moves to the Senate. They may amend the legislation and, once both houses approve, it is then sent to the President for signature or veto. This is the first and only legal involvement of the President. If vetoed, it may still be approved if 2/3 of both houses agree to do so.
Both sides of this current sad parody of a government of statesmen blame the other for everything including things over which they have no control. Neither side is willing to compromise in any meaningful way and even auto commercials claim that only the weak ever compromise.
I agree with all of the issues with any disclosure of the private key except the first amendment issue. The first amendment protects an individual's right to say what he or she wants (with certain exceptions). It has nothing to say about forced disclosure of information. That comes under the fourth and fifth amendments. In this case it would not seem that the fifth is really applicable as there seems no way that this could incriminate Apple or any Apple employee, so it's the fourth that needs to be considered, There is a LOT of case law and IANAL, so I won't speak to it.
More significantly is the perception of the capabilities of the FBI's computer experts. I can assure you that they have talented people more that capable of finding the code that counts login failures and NOT calling the routine to reset the phone. They could probably build an iOS version that completely skipped the need to login, at least on a 5C which I believe lacks some of the hardware that enforces security policy in 6 and later phones.
In the end, the signing key is really the ultimate issue. It is literally the key to the kingdom and to all of the data on every iPhone and iPad.
I'd like to see auto-refresh available as an option, though. It could be annoying, but I really liked it.
This capability is not one Apple came up with. It has long been a capability of FreeBSD and probably other BSD systems. It can be overridden if you know what you are doing, but it is an added safety belt to save you from yourself.
This was before the commercial Internet, before TCP/IP, and in a day when no one thought twice about having an open "guest" account on a system because computer security was not an issue. People who played around with computer code and modified system kernels, as opposed to those designing or writing them, were referred to as "hackers". We were professionals who did custom modifications to software and wrote tools to analyze them. At the time I had licensed access to the source code for a variety of systems of that day including AT&T Unix, RSX-11M, IAS, and VMS. Things like custom system calls, an un-delete command, code to allow a co-processor (FPS AP-120B) to directly access a computer's file system. These were what I was paid to do and I, like many I worked with.I called myself a hacker. I hacked code.
When the first transmittable worms, viruses, and trojans appeared, the people who wrote them were also "hackers", but those of us who hacked code legitimately didn't much care to be lumped in with the bad guys, so the term "cracker" was devised. It never really caught on. To most people, hackers are bad guys. It's unfortunate, but the horse has left the barn, and is now dead and continues to be beaten to a rotten pulp.
To this day, in the developer community the term "hacker" retains its original meaning, It's someone who hacks code, often to fix or work around limitations or bugs or to add new functionality. They still hold "hackathons" to work as a group on resolving very complex issues in open source projects and understand what "hacker" means in that context and just live with the fact that the general public has a slightly different idea of whet the word means.
A few years ago, Verizon employed some to the best people in the best people in the world to handle network and routing security. They were very responsive to reports of address hijacking and related issues. Those folks have all left Verizon since they bought UUnet, though the rush for the door didn't start until about 4 years ago.
This all happened about the time I left the operational world and started moving into retirement, so I don't know the people who replaced them, but I am sure that, if they were replaced at all, that the new people were not of the caliber of those who left.
As is often the case, network security seems to have been declared a low priority at Verizon. after all, it does not make them any money. Of course, if they become known for bad security, it could have an impact on the bottom line at some point.
These are not the sort of issues that most are concerned with, though they are legitimate. As far as spying goes, leased lines are no more immune from targeted attacks (specific wire taps) than any other connection, though they do avoid mass data collections (e.g. GCHQ data sweeps).
The point of the article is that common issues with "normal" networks such as congestion and data loss need magical networking. My point was that leased lines are not a solution to the general problems that are most likely to cause a remote surgery to fail and don't mitigate the most intractable issues that remote manipulation of vital or critical "things". Their only real benefit is eliminating congestion and a minor side benefit is keeping data away from mass surveillance.
FWIW, I have been involved network configuration for trans-continental physics experiments (San Diego control of New Jersey hardware) and am very aware of the issues. We had our own switched network, ESnet, running over leased lines with known and stable latency and used CoS capability to provide best possible connectivity, but all experiments were designed to be "fail safe" so that network disruption would not damage the equipment, though it could cause the experiment to fail.
Use a leased line.
Problem solved.
Your max is 100 miles anyway.
Why would you think that a leased line is immune to noise and other sources of data loss? There is absolutely no physical difference in lines. Yes, there is no congestion, but that is far easier to deal with than line noise, cosmic rays and backhoes.
Or maybe it should be "without cyber terrorists... who is there to fight online hackers?"
Did their mothers never tell them that two wrongs don't make a right? You need at least three lefts to make a right, or something.
The correct quotation (from The Harvard Lampoon's Deterioata) is "Two wrongs don't make a right, but three lefts do."
on a computer that filled a room and whose user interface had moving parts which could physically injure the careless.
OK, I must know. Exposed tape reels from before the cool vacuum chamber tape drives? Carelessly designed card punch or printer paper output path?
OK. In my youth (early 70s) I worked on a computer in which the logic was all carried in the doors. They swung open and, being full of vacuum tubes, probably weighed in at around 100 Kg. Get hit in the head by one of these and you might wake up next week (or you might not).
To turn on the computer, you had to open the door (see above as a risk to others), reach past the exposed + and - 100 VDC buses, grasp the rubber grip on the drum memory drive shaft with your right had and spin the drum. Then you immediately turned on the power (remember the exposed power buses) with the left hand. If you didn't spin the drive, the electric motor generated too much torque for the system to handle and you got to spend a half hour replacing the sheared pin in the link between the motor and the drive shaft. See how many ways you can get hurt just turning the monster on.
If you find this hard to believe, visit either the Smithsonian in D.C. or the Computer History Museum in Mt. View, CA and looked at the Bendix (or CDC) G15 computer from the 1950s. Both had G15s on exhibit last I knew.
This is just the case of one small computer from the dark ages. You could also look up the IBM Photostore (which stored high density data on film) or the Datacell (both IBM and CDC made similar ones) for examples of computer hardware that could seriously hurt you. And these don't touch the more common risks from IBM Hollerith card hardware.
I do find it interesting that you mention brush and pencil characteristics. I have to say that I had a terrible time with these when I first used Photoshop.
As a matter of clarification, I am NOT a graphics expert in any way. I use mostly Photoshop (four year old version) these days and I know how to do the things I need to do. I don't use large portions of its capabilities and this may have produced a different reaction than pros or serious graphics amateurs might have.
Many people complain about the GIMP, but I started there and then had to learn Photoshop. The only reason people complain about GIMP is that they learned to use Photoshop first.
Then again, Apple, who used to be king of very functional design has thrown that all away in the search for "clean" appearance... whether or not it is consistent or usable and Google (Android) seems determined to follow.
In a local TV interview he expanded on the tweet."The turbines are made in China for the most part and certainly outside the United States, but mostly in China. They are a bird killing machines, they kill birds,"
Current estimates are that windmill are the cause of 3 out of every 100,000 human-related bird deaths and are way, way below #1, windows (think "Trump Tower") and #2, domestic cats. As to the place of manufacture, at least those windmills are imported from the USA. Yes, Made in America. But the Donald has never been one to let facts interfere with a good sound byte.
When something bad happens, we normally look for the guilty party or at least a scapegoat. Now we get "was hidden". Who hid it? What individual inserted CISA into the budget bill? Why don't all the major news outlets say "Rep. Smith inserted CISA into the budget bill"?
"Those who love sausage and the law should never watch them being made."
I'm afraid I have seen that these things are often totally anonymous and untraceable. You see, when a law is passed by both houses, the two versions seldom are quite identical and the bill goes to a committee to iron out the differences. In "conference" lots of people who work for representatives from both houses work to incorporate changes agreed to, but they generate the actual wording that is voted on. They have been known to slip in something that some congress critter wants and, once the bill is approved by both houses, unless it is really significant or really bad, it's left alone.
At a place where I worked we were allocated a fair chunk of money that was expected to have gone to the NSF. It really ticked off some NSF folks we worked with, not to mention requiring us to re-start a project we had dropped with the certainty that it would not receive any funding the following year.
Embarrassing to say the least. We worked with our D.C. office to try to track it down, but we never could find out if someone thought that they were doing us a favor or trying to screw us. They did the latter.
As is all too common these days, both the summary and article are right, but the headline is wrong. Jeff Kell did not invent BITNET (Because It's Time NETwork or Because It's There NETwork). BITNET was developed in the early '80s by Ira Fuchs of CUNY and Greydon Freeman, Inc. of Yale. It was an early store and forward network based on IBM protocols.
Both the summary and article correctly credit Jeff with the invention of BITNET RELAY which was a predecessor of IRC. It was important, but was just a component of BITNET.
If governments urge you not use a specific type of encryption, then you know you are using it right.
Remember that the government warned against the use of DES a few years ago because it WAS open to attack, though it took a few month for the drtails to become widely known. If you use DES today, you KNOW that anyone can crack it, so the warning was exactly right.
I'd say that having its own port assignment speaks mostly to the project's age... back when getting a port assigned just required a quick note to Jon Postel.
In 1971 I took the required freshman Engineering slide rule class. Not too difficult as I had been using my father's K+E Log-log Duplex Decatrig for many years and my father had taught me many tricks to squeeze out one more significant digit. (I still have it.) Not only was it dropped from requirements, but it was not even taught the next year. I still think it was a bad idea.
I also took tube design (valve to you Brits) and I still think that what I learned there was invaluable even though I never worked on any tube circuit other than CRTs and Thyratrons.
Slide rules still catch errors that a calculator won't.
yes, you have to be hit with the stupid stick to get on a jury
Or maybe a lawyer does.
I was selected for a jury when my employer of 35 years was one of the defendants. I just assumed I'd be kicked by the plaintiff at once, but the lawyer in the lung cancer case (asbestos) said I was fine. I'd like to think I'd be unbiased, but...
The judge had more sense and met in chambers with the attorneys after which another juror and I were sent home. (The other juror had a close business relationship with a different defendant.)
I am a Comcast customer and everyone using their "home gateway" (most customers) are providing free, limited bandwidth access to other Internet customers who are within range. As I walk the dogs I find that I am almost continuously connecting to one house or another. Same when driving around. My phone checks for adequate performance when connecting, but hangs onto the connection even though throughput is about 10 bytes per second. and, even when the signal is lost, it takes about 20 seconds before giving up.
I am forced to turn off WiFi to listen to stream or even get a sports score update. Then I get home and forget to turn on the WiFi and THAT is when I waste a bunch of my data allowance.
As to not noticing the switch-over, streaming apps do have a noticeable "glitch" when moving from WiFi to LTE. It's quite likely that you would notice. The app has to detect the change, open a connection via the LTE address and start the new stream running before the buffer empties... when the low quality can only be detected until the buffer is already shrinking rapidly. There are several tricks apps can use to minimize the delay, but I have yet to find one that does the switch transparently on audio, let alone video.
I think you miss the point, With all the ad scripts in so many pages, it was taking many seconds for anything to render. Users complained to Google, Mozilla, Apple, etc about this. The web site running the ads also complained. No one was happy. The easiest way to make people happier (NOT happy) was to start displaying the rendered main page as soon as possible instead of waiting for all of the called JavaScript to be rendered. I believe Chrome was first, but I suspect others followed quickly when Chrome started picking up more users. It is probably universal by now. I only run Firefox and Chromium, so I can't say anything about others.
This changed the behavior in the manner you described with NO change to the website or the ads and is really unavoidable. There MAY be a way to override this, but most sites would never do this, as it would return the long delay before a page will start to be displayed. Too many users will just give up. A study by Yahoo about 5 yeas ago showed a significant decline of completed renderings of its pages if they took over 3 seconds to start displaying. That means real $$$. Sites could reduce ads, but that also costs $$$. Result... You lose.
I run NoScript which nicely resolves the issue as the advertising scripts appear to be rendered instantly, but the typical user would not put up with the issues NpScript causes.
This is not actually malicious, but an artifact of the rendering engines and the order in which they render things.
If they choose to wait for all of the external references to other JavaScript stuff and render when this is all processed, all pop-ups and other content will appear it their specified locations, but it often takes so long to do this, due to those ads, that some browsers are rendering as soon as the main script is processed and then "adjusting" positions or adding pop-ups late... often very late. Of course, it is possible that some designers are deliberately taking advantage of this.
This is quite likely a response to the many complaints of the delays before the page starts rendering by users and webmasters. On some things, you just can't win.
is the Director of Climate Change Communication,
I'm seriously questioning why a university feels the need to have a Director of Climate Change Communication.
Hmm. From some comments (and threats) I've seen levelled at those who do climate research, it's probably a good idea. Silly mistakes and such could have very nasty results.
Lawyers trump marketing every time.
If this is running as part of regular Windows Update, I'm curious to know whether or not this is going to just start installing the update to windows 10 without asking the user at some point.
I made the mistake of allowing the installation of new Defender signatures yesterday and what should appear but "Windows 10 downloading"! Looks like updating anything will trigger the download. I was VERY annoyed.