We managed to make a list of domains that are suffixes, why can’t we make a list of domains that are prefixes? Like “hey dipshit, just because a page is in a directory doesn’t mean it’s allowed to access outside of its directory”.
Just a shame that Firefox only has 6.98% of Chrome’s market share. Not sure how you can really challenge somebody when you’re not even 10% of their size.
Similarly, it’s almost impossible to avoid proprietary software or the tech giants. Consider this FOSDEM talk, where the executive director of the Software Freedom Conservancy admits to having proprietary software embedded inside her body, [sic] because that was the only option for a defibrillator. She advocates open-source software, and yet despite her best efforts, she’s a closed-source cyborg!
Oh heavens. The sky isn’t falling, Chicken Little.
This whole article reeks of explicit “holier-than-thou” attitudes until the last few paragraphs step away from it. I don’t need to think “What, you think you’re better than me?” because that’s the whole tone of 90% of the article.
I mean, I just use a Chromebook (biting the Google bullet because it’s fine) with an Ubuntu chroot. The length some people go to to use only FOSS software is ridiculous sometimes. I would have bit the bullet on internal wifi. If I have to buy a USB dongle to use something as simple as WIRELESS INTERNET, I’d rather not use the platform at all.
If I need proprietary firmware, I will (All CPUs load proprietary microcode, after all). If I have a choice, even if it’s a rocky road, I’ll pick the FOSS solution.
I would draw the line slightly further down the slope from you. If I need to use proprietary firmware to have a functioning computer, okay. If I need proprietary firmware for a chance at an essential function of the computer, okay then. If using only FOSS stuff would be a massive pain in the ass (defined as a road that isn’t a road but just a collection of sharp and jagged rocks)? I may just use the proprietary solution.
Basically, my philosophy is “FOSS or OSS where possible” (down to coding my own stuff sometimes if I can’t find it) and proprietary if necessary.
For example, given the choice between open-source Gambatte and proprietary BGB, I’ll take BGB all day. (Especially because beware, the dev, is open to bug reports and basically only keeps the code to himself because it’s in Pascal he doesn’t want endless forks.)
AMP “Real” URL: encouraging browsers to deceive us
CloudFlare and Google teamed up to develop a standard way to let your browsers lie about who’s behind your URL.
CloudFlare was already a master at impersonating websites by terminating TLS connections on their servers, but now they’re proposing that browsers connecting to an AMP cache (Google or CloudFlare) should lie about the URL, i.e. display https://tilde.news/foo instead of https://google.com/amp/….
They hide behind some crypto to make it look secure, but the problem is deeper. If we can’t trust our browsers to display the URLs we’re talking to, what can we trust? Hopefully this will be one more reason for people to drop out of Chrome and Google reach.
They saw a problem (people not being able to check that the site they’re reading is actually the site and not what Google says) and they fixed it, and now you’re complaining that the problem’s fixed? I swear, some people…
Well it only partially addresses the problem, following Google’s best interests. AMP was only a problem for website operators when it came to advertisement. Apart from such commercial concerns, AMP was just another web proxy, with its own dialect (because cooperating on advancing web standards would not advance Google specifically).
The culture of centralized gateways that AMP promotes is actually mostly a problem for end-users, for both censorship and surveillance concerns. I don’t know if it’s a problem where you reside, but for most of the world political repression and censorship are very real problems.
Google and Facebook have both tried in their way to create their private walled garden. And they’ve been very successful at that so far. Tying discovery to delivery in a centralized manner is a very subtle form of total control.. this is one of the possible futures of the internet, but for sure a scary one.
Not only am I 98% sure it was a joke (as I am 98% sure I’m walking into a whoosh right now), it replaced the oppressive HTML with the best, most free Gopher. All in all, an upgrade if you ask me.
By “kids” are you referring to elementary, middle, or high schoolers? Depending on what they are willing to take on, I have a few other guides that may be fun:
tinyraycaster - 4 part guide to making an old-school, Wolfenstein 3D-esque game in C++
Coding Math - This is less of a “make a game” series and more of a “understand how to use math to make games” series (e.g. how to use vectors to detect if your character is behind and facing another character to know if you can back-stab them)
There’s a little bit there for everyone. If they just want to make games and skip a lot of the cruft, they can always just download Unity and Blender and get right to it (and pick up C# along the way).
…I just want to teach some middle/high schoolers how to make a game. I chose Lua because it’s easy to pick up. 1-indexing sounds terrible to actual programmers, but these are just kids. I just want to give them ANYTHING better than Scratch.
Well, once they know how to make one game they may want to make more. Now you have a bunch of potential options for game #2 they can pursue, should they feel so inclined.
Maybe I’ll include that at the end of the workshop, as a sort of “congrats, you’ve finished a game project! you can make more professional games using these”.
However, for the purposes of the workshop, Lua is easiest. It’s logically sound to non-programmers (to a non-programmer, it’s hard to explain why the first item is 0 and not 1).
I always just tend to go with “You know how computers speak binary, which is just a bunch of ones and zeros? Well, they are also weird and start counting at 0 instead of 1. This will make more sense later on once we actually start programming things.”
But I also get your point of wanting to start simple with Lua, but making games like BYTEPATH is about as far as you can go with it until you start getting limited by how slow Lua is (hence why over half of those links use C++ or Java).
“I see you started with 1, computers start with 0 so let’s count off to 5 again but starting at 0”
“0. 1. 2. 3. 4. 5.”
“If you write down each of those numbers and count how many you have, you will notice you now have 6 numbers. So let’s do this one more time, but this time stop when you get to 4.”
“0. 1. 2. 3. 4.”
“Great, we are now starting at 0 and ended up with 5 numbers. This is how computers count to 5. An easy way to remember this is to compare this result, 0 1 2 3 4, with our first result, 1 2 3 4 5, which is just the same number subtracted by 1:”
1 - 1 = 0
2 - 1 = 1
3 - 1 = 2
4 - 1 = 3
5 - 1 = 4
“And voila! You can can now count like a computer, which is formally referred to as ‘zero-indexing’.”
I do not believe any of my examples used pygame. There is Python’s libtcod library for the Roguelike tutorial, but it is also a text-based game so does not have the usual performance hit that comes from making games in Python.
I was referring to the fact that you called LOVE slow when Python is the real slow one. LOVE2D uses LuaJIT (citation needed) so it runs fast enough to make a good program.
I was referring to LOVE2D being slow compared to using Java or C++, but I’d still standby the libtcod library for Python to easily be performant enough for any Rogeulike game you have in mind (again, it is only rendering ASCII and maybe some bitmaps).
The issue with this is that Rust isn’t that much more conducive than C. If I wasn’t going to write a C extension to Python (and I wasn’t about to) then what makes me want to make one in Rust?
Honestly, this is more of a gateway to trying out Rust with my existing Python code base without needing to commit to fully rewriting a project in Rust or find a project appropriate for Rust to try it out.
I’m not suggesting this should be the way to use Rust or if this should ever actually be used in production. Just as a way to get a feel for it an try it out (which is where I am at right now with Rust).
That being said, using multiple sandboxing frameworks at once does not really make anything more secure, so there is little point in trying to nest things like that.
Really? VMProtect combined with Denuvo stumped hackers for a long time.
Now, I don’t get why everyone hates Microsoft. I get that they’ve been terrible in the past, but at the same time, they’re making strides to be better.
A lot of it seems to be good-faith moves, like open sourcing DOS 1.5 and 2.0, etc. Something has certainly changed. If nothing else, old MS didn’t care about image.
obviously they want to make money. no amount of good faith can stand up to an accounting division that wants the company to make money. MS has picked up some bad principles that they still need to leave behind. doesn’t mean that everything they do is evil.
The problem I have with security tokens is the same as their strength: it cannot be done remotely. That means that no work can be done remotely, which seems to be bad.
what do you mean no work can be done remotely? it totally can. use gpg-agent to provide your ssh key. you can forward your gpg-agent on and use it to sign commits etc on remote machines.
While adding the requirement of having to physically insert or touch a device to a username and password may seem simple, it is something one can not do remotely.
sounds kinda like Bryan Lunduke’s arguments against https, “I can’t view it on netscape navigator, and of course properly setting stuff up is UNTHINKABLE”
Right, right, fuck people who are stuck on old systems or have slow satellite internet. It’s not like they’re deserving of any information on the internet, right?
Well, the issue isn’t exactly black and white here. There’s also the problem that many ISPs are none to inject other files (e.g. JavaScript files that do some non-sense) into HTTP sites, but are unable to do so with HTTPS. So it’s not just about user security, but also to ensure the delivered site is not tampered with along the way. Also, the web should be secure by default, not the other way around, so while this does hold back the always shrinking population of old/slow systems, this is the best route forward.
The thing is, though, that jan6’s argument against this seems so much like “hurr duh durr go go progress”. I agree, we should focus on pushing for faster Internet to more people and not hold back for the “lowest common denominators”, but at the same time, we shouldn’t completely ignore them for the sake of progress.
Also, I disagree that the web should be secure by default. The web was never meant to go this far. It was originally intended as a way for people at ARPA to connect between computers across the US. The infrastructure should have been designed security first if that was the goal.
did you even read comments of the original link?
also @“it wasn’t designed to be secure”…totally agree, but just TRY to get another protocol widely accepted…especially a “designed to be secure” one…
the web’s a pretty new place though, it was never meant to be accessible by billions of people either, nor attract the interest of capitalists and need special laws to be created, and such…
I’ve always found this whole “https everywhere” silly. Even when I had a web site with content on it, I didn’t want to pay for a certificate, and for https hosting, and I had no content deserving of being encrypted end-to-end.
And every response to him was “yes you need HTTPS, everyone needs HTTPS”. one person even linked to a site that was exclusively about why absolutely every site in existence needs HTTPS or else!!!!1!11!(one)!1(eleven)!
the easy solution to all of https is to properly use it… just don’t force-redirect to https…
let the browsers default to it, but not by force…
maybe show a little banner that says “we have https for you to use” but no rules that redirect http to https…
also,
The above statement from Seth is not true. With services like Let’s Encrypt. It is no longer a cash grab and provides people with free certificates with key rotation but I digress.
and
the ISPs themselves can execute man-in-the-middle attacks to:
insert their own advertising into your site
collect data on what your readers are viewing, and sell that data to whoever or whatever
censor/block/rewrite parts of your site
The first two are happening already; the third may be. If you’re cool with that, OK. I certainly wouldn’t be. I completely agree that this is a harsh penalty to impose on sites that are relatively static and simple or sites that are run by groups that don’t have the technical ability to implement https.
HTTPS is a solution – not a good one, I’ll grant, but I don’t think we have a better one.
(also I’ve yet to see a single hosting place that DOESN’T support hosting https)
I suppose I should amend my statement to “the modern web should be secure by default”. There’s no way we can un-open the Pandor’a box of people using the web for anything and everything including their kitchen sin. Since everyone is dumping information into it at an ungodly rate, of which includes personal/private information and sensitive information like bank card info, the default should be all this information being secure and encrypted until specified otherwise.
And the only way those without the latest and greatest are being left behind are in services where the vendor doesn’t care, no one has removed HTTP or preventing people from using it, for those who need it it’s there for developers to make light services for. Also, there seems to be new trends in trying to lighten up services anyways with things like this: https://medium.com/@addyosmani/the-cost-of-javascript-in-2018-7d8950fbb5d4
Showing the real-world cost of having sites be bloated and slow.
I still disagree with the idea that any web, modern or in general, should be “secure by default”. There’s no real reason to encrypt, say, a page on my thoughts about some drama somewhere that is inconsequential. Will an ISP attach ads? Do I care? It’s just something inconsequential about some drama. If an ISP wants to make money off it so be it.
Also, one thing that rubbed me the wrong was about your previous comment was the implication that the class of people with outdated tech is “always shrinking”:
…while this does hold back the always shrinking population of old/slow systems…
In a system where tech is always advancing, doesn’t it make more sense for the population of old and slow systems to grow, rather than shrink? For example, I have a Motorola Droid Bionic in my room. If something happens to my phone I may have to use it as a daily driver. It’s really slow. Now imagine people who don’t have or can’t get upgraded tech. Do we leave them behind for the sake of the “greater good”?
What I meant my an always shrinking of slow/old systems is systems right now that cannot load sites quickly. While many don’t like to acknowledge it, the Moore’s law is reaching a theoretically plateau with the issue of 10nm being too small to make accurate processors that are faster and continue to shrink in that direction. So even moving forward, all future devices should be able to handle rendering sites quickly, and older/slower systems are always breaking and being replaced (I.e. shrinking in population).
When I say secure should be the default, I mean that people should assume they’re putting HTTPS into their product rather than adding it later upon realizing that security is important at that layer, not that everyone should blindly follow that idea for sites like a blog.
I’m working on a revision of my paper after getting some thoughts from RMS. But I’m also thinking of breaking it up into a few papers focused on distinct ideas rather than trying to keep it all snarled up in one big paper. All I need is time. Does anyone have some time that I can borrow?
Ah, yes, AntonMcClure.com, the site of Anton McClure, featuring articles primarily written by Anton McClure, of AntonMcClure.com.
All jokes aside, nice article.
We managed to make a list of domains that are suffixes, why can’t we make a list of domains that are prefixes? Like “hey dipshit, just because a page is in a directory doesn’t mean it’s allowed to access outside of its directory”.
Just a shame that Firefox only has 6.98% of Chrome’s market share. Not sure how you can really challenge somebody when you’re not even 10% of their size.
Oh heavens. The sky isn’t falling, Chicken Little.
This whole article reeks of explicit “holier-than-thou” attitudes until the last few paragraphs step away from it. I don’t need to think “What, you think you’re better than me?” because that’s the whole tone of 90% of the article.
I mean, I just use a Chromebook (biting the Google bullet because it’s fine) with an Ubuntu chroot. The length some people go to to use only FOSS software is ridiculous sometimes. I would have bit the bullet on internal wifi. If I have to buy a USB dongle to use something as simple as WIRELESS INTERNET, I’d rather not use the platform at all.
I draw the line on firmware.
If I need proprietary firmware, I will (All CPUs load proprietary microcode, after all). If I have a choice, even if it’s a rocky road, I’ll pick the FOSS solution.
I would draw the line slightly further down the slope from you. If I need to use proprietary firmware to have a functioning computer, okay. If I need proprietary firmware for a chance at an essential function of the computer, okay then. If using only FOSS stuff would be a massive pain in the ass (defined as a road that isn’t a road but just a collection of sharp and jagged rocks)? I may just use the proprietary solution.
Basically, my philosophy is “FOSS or OSS where possible” (down to coding my own stuff sometimes if I can’t find it) and proprietary if necessary.
For example, given the choice between open-source Gambatte and proprietary BGB, I’ll take BGB all day. (Especially because beware, the dev, is open to bug reports and basically only keeps the code to himself because
it’s in Pascalhe doesn’t want endless forks.)CloudFlare and Google teamed up to develop a standard way to let your browsers lie about who’s behind your URL.
CloudFlare was already a master at impersonating websites by terminating TLS connections on their servers, but now they’re proposing that browsers connecting to an AMP cache (Google or CloudFlare) should lie about the URL, i.e. display
https://tilde.news/fooinstead ofhttps://google.com/amp/….They hide behind some crypto to make it look secure, but the problem is deeper. If we can’t trust our browsers to display the URLs we’re talking to, what can we trust? Hopefully this will be one more reason for people to drop out of Chrome and Google reach.
…Really?
They saw a problem (people not being able to check that the site they’re reading is actually the site and not what Google says) and they fixed it, and now you’re complaining that the problem’s fixed? I swear, some people…
Well it only partially addresses the problem, following Google’s best interests. AMP was only a problem for website operators when it came to advertisement. Apart from such commercial concerns, AMP was just another web proxy, with its own dialect (because cooperating on advancing web standards would not advance Google specifically).
The culture of centralized gateways that AMP promotes is actually mostly a problem for end-users, for both censorship and surveillance concerns. I don’t know if it’s a problem where you reside, but for most of the world political repression and censorship are very real problems.
Google and Facebook have both tried in their way to create their private walled garden. And they’ve been very successful at that so far. Tying discovery to delivery in a centralized manner is a very subtle form of total control.. this is one of the possible futures of the internet, but for sure a scary one.
This blows. I mean, if you’re going to deface a website, do the FBI, or Treasury department, not a website devoted to user freedoms.
Fucking dipshit script kiddies.
… and I’m apparently an idiot, who fails to look at a calendar to see what date it is.
Not only am I 98% sure it was a joke (as I am 98% sure I’m walking into a whoosh right now), it replaced the oppressive HTML with the best, most free Gopher. All in all, an upgrade if you ask me.
I’m thinking I’ll submit this to lobste.rs once it’s in a decent state.
You can also follow this blog series for creating the game BYTEPATH in LOVE2D: https://github.com/adnzzzzZ/blog/issues/30
my goal is to teach some kids at my school how to code a real game (we did CS First but that was Scratch and Scratch isn’t real coding :P)
By “kids” are you referring to elementary, middle, or high schoolers? Depending on what they are willing to take on, I have a few other guides that may be fun:
There’s a little bit there for everyone. If they just want to make games and skip a lot of the cruft, they can always just download Unity and Blender and get right to it (and pick up C# along the way).
…I just want to teach some middle/high schoolers how to make a game. I chose Lua because it’s easy to pick up. 1-indexing sounds terrible to actual programmers, but these are just kids. I just want to give them ANYTHING better than Scratch.
Well, once they know how to make one game they may want to make more. Now you have a bunch of potential options for game #2 they can pursue, should they feel so inclined.
Maybe I’ll include that at the end of the workshop, as a sort of “congrats, you’ve finished a game project! you can make more professional games using these”.
However, for the purposes of the workshop, Lua is easiest. It’s logically sound to non-programmers (to a non-programmer, it’s hard to explain why the first item is 0 and not 1).
I always just tend to go with “You know how computers speak binary, which is just a bunch of ones and zeros? Well, they are also weird and start counting at 0 instead of 1. This will make more sense later on once we actually start programming things.”
But I also get your point of wanting to start simple with Lua, but making games like BYTEPATH is about as far as you can go with it until you start getting limited by how slow Lua is (hence why over half of those links use C++ or Java).
The question is, how do you actually explain zeroindexing to the kids?
the index isn’t an ordinal number. it’s the offset from the beginning. the first elements is 0 distance from the beginning.
“Alright kid, count off to 5”
“1. 2. 3. 4. 5.”
“I see you started with 1, computers start with 0 so let’s count off to 5 again but starting at 0”
“0. 1. 2. 3. 4. 5.”
“If you write down each of those numbers and count how many you have, you will notice you now have 6 numbers. So let’s do this one more time, but this time stop when you get to 4.”
“0. 1. 2. 3. 4.”
“Great, we are now starting at 0 and ended up with 5 numbers. This is how computers count to 5. An easy way to remember this is to compare this result, 0 1 2 3 4, with our first result, 1 2 3 4 5, which is just the same number subtracted by 1:” 1 - 1 = 0 2 - 1 = 1 3 - 1 = 2 4 - 1 = 3 5 - 1 = 4
“And voila! You can can now count like a computer, which is formally referred to as ‘zero-indexing’.”
Slow? Perdon? Have you seen pygame’s performance? Absolute TRASH. love2d is fast enough to make a playable platformer that is enjoyable to play.
I do not believe any of my examples used pygame. There is Python’s libtcod library for the Roguelike tutorial, but it is also a text-based game so does not have the usual performance hit that comes from making games in Python.
I was referring to the fact that you called LOVE slow when Python is the real slow one. LOVE2D uses LuaJIT (citation needed) so it runs fast enough to make a good program.
I was referring to LOVE2D being slow compared to using Java or C++, but I’d still standby the libtcod library for Python to easily be performant enough for any Rogeulike game you have in mind (again, it is only rendering ASCII and maybe some bitmaps).
The issue with this is that Rust isn’t that much more conducive than C. If I wasn’t going to write a C extension to Python (and I wasn’t about to) then what makes me want to make one in Rust?
Honestly, this is more of a gateway to trying out Rust with my existing Python code base without needing to commit to fully rewriting a project in Rust or find a project appropriate for Rust to try it out.
I’m not suggesting this should be the way to use Rust or if this should ever actually be used in production. Just as a way to get a feel for it an try it out (which is where I am at right now with Rust).
what use is this?
Really? VMProtect combined with Denuvo stumped hackers for a long time.
eww, CloudFlare.
Could be worse. Could be Microsoft :P
Now, I don’t get why everyone hates Microsoft. I get that they’ve been terrible in the past, but at the same time, they’re making strides to be better.
there’s not much proof they’re trying to be “BETTER”, though they sure do try to APPEAR as to be less terrible
A lot of it seems to be good-faith moves, like open sourcing DOS 1.5 and 2.0, etc. Something has certainly changed. If nothing else, old MS didn’t care about image.
Trust it earned, not given. That being said, they are making strides in spying on their users…
obviously they want to make money. no amount of good faith can stand up to an accounting division that wants the company to make money. MS has picked up some bad principles that they still need to leave behind. doesn’t mean that everything they do is evil.
true. And they can choose to make money. I choose to not use MS software. At all.
and that’s your choice. but they aren’t a DDoS protection company that wants its hands on your domains too.
… yet… :P
The problem I have with security tokens is the same as their strength: it cannot be done remotely. That means that no work can be done remotely, which seems to be bad.
what do you mean no work can be done remotely? it totally can. use gpg-agent to provide your ssh key. you can forward your gpg-agent on and use it to sign commits etc on remote machines.
This makes it a highly effective and simple way to greatly limit damage and data theft from remote attackers.
At the same time, though, how do we know that someone is a remote attacker vs. a legitimate user attempting to log in remotely?
when they have the right credentials?
but an attacker can get the credentials. Isn’t that why we’re using security tokens?
the credentials don’t leave your yubikey
but why is that advantageous? what if you lose the yubikey?
if your private key is on disk or even in ram, it’s relatively easy to grab it.
keep a backup on a usb key in a safe somewhere. i broke one and recovered it.
The same thing that happens to everyone who goes through life without making any backups, sorrow and lots of heartache when trouble hits.
This is kinda within the sphere of the problems I’ve been working on the security space: manifesto
I mean, NK already has its own internet. But whatever…
We need some of these for ~team and ~your
some cat pics? or what do you mean?
Some of these for http error message :)
Maybe you could write an RFC…?
oooooo i like it!!
I like how he brings up GamerGate in a round-about way, as if he’s treating it like Voldemort.
I’m going to spare you having to read this entire rant in IRC, but if you want to know my thoughts, here they are: https://pastebin.com/8LPhAy7V
sounds kinda like Bryan Lunduke’s arguments against https, “I can’t view it on netscape navigator, and of course properly setting stuff up is UNTHINKABLE”
Right, right, fuck people who are stuck on old systems or have slow satellite internet. It’s not like they’re deserving of any information on the internet, right?
Well, the issue isn’t exactly black and white here. There’s also the problem that many ISPs are none to inject other files (e.g. JavaScript files that do some non-sense) into HTTP sites, but are unable to do so with HTTPS. So it’s not just about user security, but also to ensure the delivered site is not tampered with along the way. Also, the web should be secure by default, not the other way around, so while this does hold back the always shrinking population of old/slow systems, this is the best route forward.
The real answer is to push for faster Internet to be available to users, not to hold back the progress of the Internet for the lowest common denominators. Which, is something we might be seeing in the near future: https://www.fcc.gov/document/fcc-authorizes-spacex-provide-broadband-satellite-services
The thing is, though, that jan6’s argument against this seems so much like “hurr duh durr go go progress”. I agree, we should focus on pushing for faster Internet to more people and not hold back for the “lowest common denominators”, but at the same time, we shouldn’t completely ignore them for the sake of progress.
Also, I disagree that the web should be secure by default. The web was never meant to go this far. It was originally intended as a way for people at ARPA to connect between computers across the US. The infrastructure should have been designed security first if that was the goal.
did you even read comments of the original link?
also @“it wasn’t designed to be secure”…totally agree, but just TRY to get another protocol widely accepted…especially a “designed to be secure” one… the web’s a pretty new place though, it was never meant to be accessible by billions of people either, nor attract the interest of capitalists and need special laws to be created, and such…
I did, did you?
One guy stated:
And every response to him was “yes you need HTTPS, everyone needs HTTPS”. one person even linked to a site that was exclusively about why absolutely every site in existence needs HTTPS or else!!!!1!11!(one)!1(eleven)!
the easy solution to all of https is to properly use it…
just don’t force-redirect to https…
let the browsers default to it, but not by force… maybe show a little banner that says “we have https for you to use” but no rules that redirect http to https… also,
and
(also I’ve yet to see a single hosting place that DOESN’T support hosting https)
I suppose I should amend my statement to “the modern web should be secure by default”. There’s no way we can un-open the Pandor’a box of people using the web for anything and everything including their kitchen sin. Since everyone is dumping information into it at an ungodly rate, of which includes personal/private information and sensitive information like bank card info, the default should be all this information being secure and encrypted until specified otherwise.
And the only way those without the latest and greatest are being left behind are in services where the vendor doesn’t care, no one has removed HTTP or preventing people from using it, for those who need it it’s there for developers to make light services for. Also, there seems to be new trends in trying to lighten up services anyways with things like this: https://medium.com/@addyosmani/the-cost-of-javascript-in-2018-7d8950fbb5d4 Showing the real-world cost of having sites be bloated and slow.
I still disagree with the idea that any web, modern or in general, should be “secure by default”. There’s no real reason to encrypt, say, a page on my thoughts about some drama somewhere that is inconsequential. Will an ISP attach ads? Do I care? It’s just something inconsequential about some drama. If an ISP wants to make money off it so be it.
Also, one thing that rubbed me the wrong was about your previous comment was the implication that the class of people with outdated tech is “always shrinking”:
In a system where tech is always advancing, doesn’t it make more sense for the population of old and slow systems to grow, rather than shrink? For example, I have a Motorola Droid Bionic in my room. If something happens to my phone I may have to use it as a daily driver. It’s really slow. Now imagine people who don’t have or can’t get upgraded tech. Do we leave them behind for the sake of the “greater good”?
What I meant my an always shrinking of slow/old systems is systems right now that cannot load sites quickly. While many don’t like to acknowledge it, the Moore’s law is reaching a theoretically plateau with the issue of 10nm being too small to make accurate processors that are faster and continue to shrink in that direction. So even moving forward, all future devices should be able to handle rendering sites quickly, and older/slower systems are always breaking and being replaced (I.e. shrinking in population).
When I say secure should be the default, I mean that people should assume they’re putting HTTPS into their product rather than adding it later upon realizing that security is important at that layer, not that everyone should blindly follow that idea for sites like a blog.
cmccabe’s paper should be finished at some point; I may beat him to the punch of the first paper published though, so we’ll see!
wait what paper are you working on? something RMS can review? :P
sadly, no. but vil can review it :P
that still doesn’t answer what the paper is on!
it’s going to be about tilde.chat and the mess we’re making with that :P
such a mess ;)
I’m working on a revision of my paper after getting some thoughts from RMS. But I’m also thinking of breaking it up into a few papers focused on distinct ideas rather than trying to keep it all snarled up in one big paper. All I need is time. Does anyone have some time that I can borrow?