SoylentNews is people
SoylentNews
from the honestly,-it's-for-your-own-good... dept.
Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. That means websites using long-life SSL/TLS certs issued after the cut-off point will throw up privacy errors in Apple's browser.
The policy was unveiled by the iGiant at a Certification Authority Browser Forum (CA/Browser) meeting on Wednesday. Specifically, according to those present at the confab, from September 1, any new website cert valid for more than 398 days will not be trusted by the Safari browser and instead rejected. Older certs, issued prior to the deadline, are unaffected by this rule.
By implementing the policy in Safari, Apple will, by extension, enforce it on all iOS and macOS devices. This will put pressure on website admins and developers to make sure their certs meet Apple's requirements – or risk breaking pages on a billion-plus devices and computers.
[...] Shortening the lifespan of certificates does come with some drawbacks. It has been noted that by increasing the frequency of certificate replacements, Apple and others are also making life a little more complicated for site owners and businesses that have to manage the certificates and compliance.
"Companies need to look to automation to assist with certificate deployment, renewal, and lifecycle management to reduce human overhead and the risk of error as the frequency of certificate replacement increase," Callan told us.
We note Let's Encrypt issues free HTTPS certificates that expire after 90 days, and provides tools to automate renewals, so those will be just fine – and they are used all over the web now. El Reg's cert is a year-long affair so we'll be OK.
GitHub.com uses a two-year certificate, which would fall foul of Apple's rules though it was issued before the cut-off deadline. However, it is due to be renewed by June, so there's plenty of opportunity to sort that out. Apple's website has a year-long HTTPS cert that needs renewing in October.
Microsoft is an interesting one: its dot-com's cert is a two-year affair, which expires in October. If Redmond renews it for another two years, it'll trip up over Safari's policy.
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @03:24PM (41 children)
Wooosh?
Can anyone point to a nice diagram that shows the layered nature of an Internet stack? My limited understanding is that the transport layer (including UDP) is several layers away from clients like FireFox and using UDP directly will be transparent to FireFox (etc).
(Score: 0) by Anonymous Coward on Tuesday February 25 2020, @09:58PM (40 children)
Not whoosh, as far as I can tell.
The original statement was to "use UDP instead of HTTP" in regards to JavaScript or other code running on the browser engine accessing server APIs. That code is limited to whatever the engine API the browser makes available. This means that the engine API would have to expose some sort of UDP call in order to directly use UDP. The only directly exposed UDP service is WebRTC in the vast majority of browsers and even that requires following the application flow and creating peer connections. Other than that, they are all some form of HTTP connection. So no, you can't just "use UDP instead of HTTP" inside the browser, as you are stuck with whatever they give you.
Regardless, most browsers use SOCK_STREAM in their socket() calls in the HTTP network engine, rather than SOCK_DGRAM, so they don't have to do the work themselves. You have to specify the AF and SOCK (as you can't depend on the defaults) when creating a socket(), so the type of socket you get is anything but transparent to the browser itself. I'd suggest looking up a basic socket() HOWTO, if you'd like to know more.
(Score: 2) by barbara hudson on Wednesday February 26 2020, @02:12AM (39 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday February 26 2020, @02:23AM (38 children)
What JavaScript API allows you to send arbitrary UDP packets?
(Score: 2) by barbara hudson on Wednesday February 26 2020, @02:45AM (37 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday February 26 2020, @02:52AM (36 children)
None of that answers the question: What JavaScript API allows you to send arbitrary UDP packets?
(Score: 2) by barbara hudson on Wednesday February 26 2020, @03:01AM (35 children)
No API - plain ordinary Javascript. Read a book. The stuff that people don't know how to write any more because they need a fucking pre-made API from github or stackoverflow for everything.
This reminds me of the c++ idiots who need the STL for everything because they don't know how to manage memory, create and free stuff, make their own objects, just glue together stuff others created. And then we wonder why code is so crappy. Glue and caulking are not the way to do things.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday February 26 2020, @03:09AM (34 children)
Somewhere I'd have to call one of the functions provided with some sort of data. So, I'll phrase it this way:
I have the data "Hello, World!" What JavaScript would I have to include in the script tag of my HTML page so the browser engine of the client sends that as the only data in UDP to the server located at 23.239.29.31?
(Score: 2) by barbara hudson on Wednesday February 26 2020, @05:18AM (33 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday February 26 2020, @06:07AM (32 children)
What is this magical non-API call then that lets you send arbitrary UDP data as its sole payload? You claim it already exists for scripts in the browser, you should know what it is. The reason why you won't name it is because you can't name it because it doesn't exist.
(Score: 2) by barbara hudson on Wednesday February 26 2020, @10:05PM (31 children)
And that's the sad commentary on today's fucked up "web developers." Think everything has to be developed by someone else and turned into an API so they don't have to have any understanding whatsoever of what they're doing - just find some shit on github and glue it together.
Same thing happened with quite a few other programming languages to "make them more accessible". "We need an API." No, you don't. People using whole frameworks to do a stupid mouse roll-over or an image zoom. Javascript has made people stupid AND lazy.
Everything you need an API to do, you can do without an API in ordinary Javascript. Didn't you know that?
I like to think of it as going along the philosophy of "Comments? It was hard to write, it should be hard to read." I still comment code, but not much. It's not easy maintaining comments and code in sync, so the cure is to go minimalist. So someone who needs excess comments hopefully won't screw around with the code because they'll realize they don't understand it.
This is not github. This is not stackexchange. This is not some stupid bootcamp. I totally oppose using frameworks, have for decades. If you need a framework, it just says you have gaps in your knowledge you need to attend to. What good is it to be able to do something quicker if you don't really understand what you're doing? If the framework goes in a different direction? It changes features you depended on? It disappears? It ends up with malware or spyware? You won't even know how to fix or remove it. So you'll waste time looking for an older version, or another framework, because you haven't mastered the basics.
Kind of like the "UX Experts" who think they know crap because they can pump out .psd files of "what it should look like."
Go read the O'Reilly Javascript books. You won't need a framework or an API for anything.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Thursday February 27 2020, @02:48AM (30 children)
Again, the reason why you won't name it is because you can't name it because it doesn't exist. Especially because, at a minimum, you'd have to call one of the kernel's network or device driver's interface somewhere in there because no browsers are crazy enough control the hardware directly. Except those aren't available in the browser's JavaScript engine either, so you'd have to call one of the interfaces they do expose. Hence why you can't prove me wrong by showing some interface that isn't actually an interface capable of doing what you claimed.
(Score: 2) by barbara hudson on Thursday February 27 2020, @03:07AM (29 children)
Bunch of crybabies. Go read a book and actually learn something so you can do more than cut-and-paste "coding ".
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Thursday February 27 2020, @06:18AM (28 children)
As I said, at a minimum you'd have to call out to the kernel or device driver since you don't possess the necessary privilege to touch the hardware directly (just like any other unprivileged user space application regardless of the language it was written in). Except the browser engines don't let you call out in such a fashion to either the kernel or drivers. So please, tell us all this magical way you send UDP packets with an arbitrary payload without talking to the kernel's network interface, the device drivers, or any other API from inside the browser's JS engine.
(Score: 2) by barbara hudson on Friday February 28 2020, @02:08AM (27 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Friday February 28 2020, @02:43AM (26 children)
So you don't need to use a kernel or device driver interface at a minimum from inside the browser? Interesting. How does literally no one else on the planet know that browsers run as a privileged processes to enable its direct access to the hardware bus and exposed that access to the JavaScript engine?
(Score: 2) by barbara hudson on Friday February 28 2020, @03:01AM (25 children)
You obviously don't understand what "privileged access" means. There's privileged access to memory and function calls on a local computer (server or client), and then there's privileged ports (any port below 1024, which it is understood that the server listening on that port probably is running as a privileged user, often root) Browsers can make calls to any remote port lower than 65536. It's up to the server to allow or deny. See /etc/hosts.
Again, you obviously do not have the depth of knowledge required to understand if you think that the client (web browser) would somehow need privileged access. It doesn't - otherwise the internet wouldn't work.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Friday February 28 2020, @03:59AM (3 children)
Oh, so you aren't talking about direct access to the hardware and acknowledge ring protection and its layers privilege. Great! Then that means, as I previously pointed out before, that you would have to use one of the interfaces of the kernel or driver that is talking to the hardware. Which directly negates your repeated assertion that you don't need to use one. And to pile on, such interface would have to be exposed in the browser's JavaScript engine in order for the JavaScript to talk to the kernel or driver. Except, as I also previously pointed out, they aren't.
(Score: 2) by barbara hudson on Friday February 28 2020, @05:19PM (2 children)
Better yet, log in so we can all have a good laugh.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Friday February 28 2020, @08:03PM (1 child)
Exactly, the JavaScript running in the browser's engine doesn't directly access the hardware or talk to the kernel. So it has to use the engine's API in its standard library in order to affect the hardware and send packets of any kind.
(Score: 2) by barbara hudson on Saturday February 29 2020, @03:45AM
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Friday February 28 2020, @08:56AM (20 children)
Actually, maybe we should take this step by step. You'll note that most of these are Yes/No or short answer.
Do you think that A. all processes can talk directly to the hardware bus, or B. only those belonging to the proper protection ring? An "A" or "B" alone will suffice.
Do you think any of the big web browsers run a process that has access directly to the hardware bus through either of those mechanisms? Y/N
If the browser doesn't have access to the hardware directly, do you concede that it must do so through another process, such as the kernel or device driver? Y/N
If it does do it through the kernel or device driver, does it do it through some sort of interface? Y/N
If it does do it through an interface, is it composed of exposed calls (such as "system calls") or another mechanism? Short answer
Regardless of the mechanism to communicate to the driver/kernel does the browser have to expose it in some manner in the JavaScript engine to the code running on said engine for the code to be able to use it? Y/N
Or, if the browser has direct access to the hardware, does the browser A. expose an interface in the JavaScript engine so the code is able to use the hardware or B. give code running in the JavaScript engine direct access to the hardware, or C. use some other mechanism? "A", "B" or "C" only will suffice.
If there is an interface from either of the previous two questions, is it exposed the JavaScript running inside the browser engine as A. Calls or B another mechanism? A or B will do fine here too.
If another mechanism, what is that mechanism? Short answer.
If there is direct access to the hardware given to the JavaScript running on the browser engine, how does it take advantage of said hardware? Short answer.
(Score: 2) by barbara hudson on Friday February 28 2020, @05:16PM (19 children)
The same applies to the server. As long as the underlying hardware layer can send and receive the packets, it doesn't matter what the upper layers
Upper layers take care of things like accepting or rejecting packets and assembling them into streams of data. That's why you can put an ethernet card into promiscuous mode and read ALL the packets on the network, and not just those addressed to your machine - because the hardware is capable of accepting all packets irrespective of destination. It's also why you can give one ethernet card multiple ethernet addresses.
When sending and receiving data, web browsers don't give a shit about the underlying hardware layers and have no need to directly access them. Same with all other client/server programs. It's because of multiple layers of abstraction.
So, as I said before, go read a book. In fact, I'd suggest you read many books, because you don't have a clue about what you're asking about and it's not my job to beat up on you for your failure to RTFM.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Friday February 28 2020, @08:01PM (18 children)
Great. I was right, you do understand that browser processes don't talk directly to the hardware. This means that they use an exposed interface (usually system calls) of the OS and can't do anything network wise without one. Which means that the web browser would likewise have to expose some sort of interface to the JavaScript running in the JS engine that ends up talking to that OS interface. Now, by definition, that interface exposed in the engine would have to be in the engine's standard library. Which means the JavaScript running in the engine would have to use the API of the library in order to use the interface for anything to work its way down through the engine to the OS's interface in order to send anything across the wire.
(Score: 2) by barbara hudson on Saturday February 29 2020, @03:38AM (17 children)
Fuck are you stupid! Troll is troll.
There is no javascript api for any of those protocols. None. Grow the fuck up and RTFM/
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday March 04 2020, @05:44AM (16 children)
Exactly, that is what I've been saying the whole time. Now for the next step, the browser doesn't expose any builtins, language features, or interfaces, whether in the language's standard library or the "Web API," that allows access to the network stack below the presentation level (and only a limited few even allow presentation level access), which means there is literally no way for JavaScript running in the browser engine to do arbitrary UDP packets.
(Score: 2) by barbara hudson on Wednesday March 04 2020, @12:17PM (15 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday March 04 2020, @08:35PM (14 children)
No, because the browser has APIs in the WebAPI library that allow it to do HTTP requests. Perhaps you have heard of XMLHttpRequest objects or fetch(), among others. No such interfaces exist for sending arbitrary UDP packets.
(Score: 2) by barbara hudson on Wednesday March 04 2020, @09:07PM (13 children)
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Thursday March 05 2020, @07:15AM (12 children)
I'm not wrong. In fact, if you were correct, you would have have just mentioned what those interfaces are while mixing it with the insults you impotently hurl. Same as if I made the same claim about C not having such an interface, you would have pointed out the Berkeley/POSIX/Win32 socket API in the C standard library. The fact that you won't cite the interface for web JavaScript running in the browser engine to do arbitrary UDP speaks volumes and illuminates the real reason being the fact you can't point to something that doesn't exist.
(Score: 2) by barbara hudson on Thursday March 05 2020, @05:06PM (11 children)
It's been proven that people who say "fuck off" to idiots once in a while live longer. So I am enjoying my inner bitch.
Real life example - a dentist broke my upper jaw. She was insolvent, so suing her would have been pointless. The reason she was insolvent was untreated bipolar disorder, which made it impossible to run a structured practice - always late, high assistant turnover, periods where she went from a screaming fit to locking herself in the office and melting down.
Years later, she's still plagued by the same demons. As far as I'm concerned, it's karma. If I had followed through with an official complaint, she would have been forced to get help. After all her threats to try to stop me from filing a complaint with the regulators, I decided that giving her exactly what she wanted was the best punishment. Same thing here. Only someone incredibly insecure would give two shits about "proving" themselves to an anonymous idiot. And only an idiot would think such a tactic would work. So fuck you, idiot.i owe you nothing.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Thursday March 05 2020, @08:11PM (10 children)
And yet you keep coming back with how it is somehow my lack of education, when it is you talking out of your ass. You probably painted yourself into a corner, realized your mistake, and therefore all you have left is obfuscation. Same as how I showed two interfaces for HTTP, by now it would have been drastically easier to show what language feature, standard library, Web API, etc. interface allows you to do UDP from the web platform in the browser's JavaScript engine, rather than bore everyone with stories of your Dentist.
(Score: 2) by barbara hudson on Thursday March 05 2020, @08:59PM (9 children)
Except that I have zero reason to give in to your juvenile taunts. Grow up. You are an anonymous idiot and I owe you nothing. I don't owe you consideration, nor respect, nor information.
What's in it for me to give you the knowledge that I worked hard to obtain? We have no relationship, you came off as an asshole right from the start, so not only do I have any reason to help you; I have plenty of reasons not to.
At this point even if you were offering to pay for the information, I'd say no. Technically I was paid to show another employee how to do it, I developed it on company time, maybe you should ask my former boss for a license if you're that desperate. But you're not - you're just mentally masturbating, with no real practical use for it. But if you're serious, $25,000.00 would incentivize me to go through my archives from 15 years ago. You'll even get a tax deduction since I'll declare it.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Thursday March 05 2020, @11:46PM (8 children)
All this talk and you still can't point to anything. People are free to do a web search or go through the JavaScript language reference and built-in browser libraries and interfaces in the JS engine for web code and they will quickly see that there is no way to do what you claim. Since you can't win on merit and point to something that doesn't exist, I guess you are going for attrition.
(Score: 2) by barbara hudson on Friday March 06 2020, @12:34AM
I'm quite willing to. The price is $25,000. Put up or shut up.
I no longer give away code for free. Open source has a revenue problem. I've made that quite clear. $25,000.
Either you have a need for the code, in which case you will pay for it, or you don't need it, in which case you're just being a jerk-off.
But the days of fixing other people's problems for free are long gone. I got paid for it once, I'm not going to just give up up to some asshole on the Internet for free.
10% will be donated to soylentnews.org. After all, why not? It's tax deductible.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 2) by barbara hudson on Friday March 06 2020, @12:38AM (6 children)
You'll never find it online. I had a hunch, tested it, and it worked. In other words, not something a script weenie would ever think of. You'll never find an API because it doesn't exist. As I said repeatedly.
But there are clues, even in this thread. But you'll never see them because you can't do original work. So, $25,000 for the code, which, if you need it, you will pay. Or stop wasting my time.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Friday March 06 2020, @01:21AM (5 children)
Wasting your time? You didn't have to post two vacuous posts. That was your choice. Although it is interesting to see how much your story has changed and how much effort you are wasting against something you yourself are calling a waste of time. Again, far less to have just cited the interface, language feature, or whatever imagined construct in the first place. But then again, you can't demonstrate the existence of something that doesn't.
(Score: 2) by barbara hudson on Friday March 06 2020, @02:04AM (4 children)
Considering I got paid for it over a decade ago and we still have web morons claiming it's not even possible, it obviously has economic value. The original implementation was for detecting bots clicking on ads. Obviously you want the least overhead possible so the user doesn't notice the extra cpus used to track them. Bot activity was a problem for the search engine I worked for. It affected ad revenue.
I'm a bit surprised that nobody else has figured this out in the intervening decade and a half - just goes to show that people can't think outside the box.
We both know you have no use for the implementation because you're just a no-talent web monkey at best, but there's a non-zero chance that at some future date someone who actually needs this and realizes that I'm for now still the only game in town will see this and we'll come to a deal. I don't buy lottery tickets, but the odds of a payoff are greater than getting $25k from the lottery and there's no cost of entry. Logic dictates that if I can turn the screws on you at the same time, why not?
After all, your arguments have established that it's not something readily available anywhere else, even considered impossible. So if anyone wants it for bot detection, more responsive games, remote monitoring, etc, they'll pay, since there is no open source version and people like you can not figure it out even with hints.
Last hint - you need to study the development history of languages, not just the language itself, if you really want to do interesting things. But that requires curiosity, something you lack in sufficient quantity.
So why would I just give it away to a moron web monkey?
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Monday March 09 2020, @07:53PM (3 children)
Sure, they will come to you. You are "offering to sell" something that not only doesn't exist but isn't even yours according to you own posts. Something you came up with but everyone else says doesn't exist, and even the people who write the engines, say was purposefully left out. No wonder no one has come knocking on your door, they are too busy negotiating with the people selling bridges. Especially since the only way to hear about this magical invention is interweaved between your ostentatious pomposity. May want to work on your sales skill.
Not that it will help much since it is quickly became apparent that you don't know what an interface in general or API in specific is, given one of your other posts about how there isn't one because "browser is providing services to the javascript engine, same as the operating system is providing services to the browser". The funny thing is that they do it through an interface, usually an API. Similar to how the browser was written using the libc or other library API of the OS, which was written using the kernel's user space API in turn.
(Score: 2) by barbara hudson on Tuesday March 10 2020, @12:59AM (2 children)
The chance might be 1 in 10,000, but why not take it? After a lifetime, I've probably got a ton of stuff I don't consider all that big a deal that others still haven't figured out, same as others in the biz can say. Forgotten technological solutions that cut through the crap that has accreated around software in the last 30+ years.
Stuff that shitty web "programmers" never knew. Ways of looking at problems that shitty web "programmers" cannot even begin to conceive.
It's like the old joke - you want a good c or c++ program, hire a c developer. You want a good Java program, hire a c programmer. It's a joke, but it's funny because it's true.
Fucking no-nothing web monkeys. Step out of your little microcosm and take a decade or two in the real world.
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
(Score: 0) by Anonymous Coward on Wednesday March 11 2020, @07:33PM (1 child)
Even if it did exist, you admitted to stealing it. But again, it doesn't exist. So the odds are definitely lower than 1 in 10,000. They specifically left out the ability to directly use packets that low on purpose. But if it makes you feel better, I'll pencil you in after the interview I am conducting with the astronaut that landed on Jupiter.
(Score: 2) by barbara hudson on Thursday March 12 2020, @02:07AM
I created it. How can I "steal" what I created? It wasn't created on my employer's dime, I just showed a co-worker how to do it. Unlike where you live, people here own what they create on their own time. Uless you're stupid enough to sign a contract that makes everything you do, did, or will do in the future your employer's property (which doesn't stand up in court here anyway, so sign away, but YMMV if you live somewhere else).
Look, I gave more than enough clues for anyone with enough experience to figure it out. You're obviously not in that group, but that is not my problem. Your childish attempts to get me to reveal how I did it ("either post the API or it doesn't exist" was just one example, because web monkeys need an API to do everything, even mouse rollovers, image zooms, and fetching new data from the server, none of which require an API).
SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.