SoylentNews is people
SoylentNews
Molly de Blanc writes at that it has been one year since the World Wide Web Consortium (W3C) sold out. It was then they, including Tim Berners-Lee himself, decided to incorporate Encrypted Media Extensions (EME) into web standards signalling an end to the open Web. She covers how it happened, what has transpired during the last year in regards to EME, and what steps can be taken.
Digital Restrictions Management exists all over the world in all sorts of technologies. In addition to media files, like music and film, we can find DRM on the Web and enshrined in Web standards. As a Web standard, its use is recommended by the World Wide Web Consortium (W3C), making it not only easier, but expected for all media files on the Web to be locked down with DRM.
It's been a year since the the W3C voted to bring Encrypted Media Extensions (EME) into Web standards. They claimed to want to "lead the Web to its full potential," but in a secret vote, members of the W3C, with the blessing of Web creator Tim Berners-Lee, agreed to put "the copyright industry in control" of media access. The enshrinement of EME as an official recommendation is not how we envision the "full potential" of the Web at the Free Software Foundation (FSF).
(Score: 2, Interesting) by Anonymous Coward on Wednesday September 19 2018, @02:47PM (21 children)
how about we hijack this thread to post how-tos on ... err... how to bring back the right-click menu in all browsers on all embedded media files, especially the right-click-menu entry: "save as..."?
(Score: 2) by RS3 on Wednesday September 19 2018, @03:01PM (9 children)
Simple: use an older browser (in addition to a new one).
Sometimes, because javascript code blocks all kinds of things including "right-click", but the thing you want is pulled in through javascript, you have to do a bit more work.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @04:27PM (8 children)
Using an old browser is a bad idea considering the numerous security holes in browsers of a few years ago.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @05:40PM (7 children)
Using Windows is a bad idea. In a normal OS, one runs browser under a separate user and then hijacking it cannot do squat.
(Score: 3, Interesting) by unauthorized on Wednesday September 19 2018, @06:50PM (5 children)
No idea about OSX or BSD, but running a browser as a different user under Linux is a massive PITA. You cannot run another X program in the same X session without sharing your session key (which is a security hole since X trusts all local applications by default), running it into it's own screen and switching (which is all kinds of inconvenient) or creating a dummy X session for the browser and streaming it somehow.
On the plus side, what Linux does have is apparmor and selinux, which can lock down a browser quite well without account-based isolation, but unfortunately they need to be manually configured for most user-friendly distros.
Not that Windows is any better mind you, at least X has the decency to secure access to itself since it doesn't secure running applications from each other, the win32 API has no internal security whatsoever and doesn't even warn you about the security risks if you try to spawn a GUI application as a different user. No idea if the new toolkit is any better, but knowing modern Microsoft, most security development time has probably gone in securing the toolkit against the user.
(Score: 3, Informative) by maxwell demon on Wednesday September 19 2018, @07:18PM (2 children)
You know that you can also use ssh with another account on your local machine? And that SSH knows how to forward X sessions?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by unauthorized on Wednesday September 19 2018, @08:47PM
Yes, I did allude to remoting into an X session. Did you even read my comment?
This still suffers from all kinds of integration issues such as not getting audio without some pulse voodoo and not having access to downloads by default and a plethora of other discrepancies compared to running it in the same user session. My argument is that it's a PITA and a very atypical user experience, not that it cannot be done.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @11:09PM
You should also investigate firejail [wordpress.com] (namespace sandbox, Linux only) and Xpra [xpra.org] (X11 version of screen/tmux and sandboxing). That way programs should be unable (or have it hard, exploits will always be there) to access unrelated files or poke at other X11 clients.
(Score: 2) by bzipitidoo on Wednesday September 19 2018, @08:38PM (1 child)
It's not that big a pain. This works for me:
user$ sudo xhost+
user$ su otheruser
otheruser$ firefox
It's not 100% secure-- it is possible that instance of firefox can do a screen scrape. But I figure that in combination with making sure nothing sensitive is on any display is good enough to defeat 99.99% of attempts to breach it.
(Score: 4, Informative) by unauthorized on Wednesday September 19 2018, @09:02PM
Never use xhost+, that gives front door access to everything X controls for everyone on your entire network. At least use "xhost +localhost", which still gives access to all input and display devices to every local process, but at least it keeps everything that can reach your local network from doing so.
Either way, ssh tunneling or sharing the X cookie is far safer.
(Score: 0) by Anonymous Coward on Wednesday September 19 2018, @09:20PM
Eh, funny how you could do this in XP. Guess XP wasn't Windows.
(Score: 2) by ikanreed on Wednesday September 19 2018, @03:30PM (9 children)
well, the trick of it is: what are you trying to save?
The background of current element? The background of an ancestor? The content of ::before selector? The content of an img tag(this one should still be easy)?
Your browser assumes most of that is extraneous and devs exploit that fact to make hard to save web pages. Maybe a "choose media from page" browser extension could be a useful thing to write.
(Score: 5, Informative) by bart9h on Wednesday September 19 2018, @03:54PM
For video, youtube-dl, despite the name, can download from over a thousand different sites [github.io].
(Score: 4, Insightful) by Arik on Wednesday September 19 2018, @03:57PM (7 children)
The browsers have been pushing more and more of their job back on the websites for years, so this is the result. The big companies (and many others) craft malicious webpages and the browsers bend over backwards to assist them. By the time we get to someone that gives a fig for the user, you're talking about an extension developer, who can only use the facilities provided by the browser (and knows that what the brower gives, it can take away.)
If laughter is the best medicine, who are the best doctors?
(Score: 4, Insightful) by ikanreed on Wednesday September 19 2018, @04:00PM (1 child)
And really, the only solution is the death of google, facebook, amazon, twitter, reddit, and every other dungheap that just "wraps" the internet's core design in a proprietary, walled-garden cocoon.
And since that's not gonna happen, the misery will continue forever.
(Score: 0) by Anonymous Coward on Saturday September 22 2018, @01:34AM
WTF are you complaining about in terms of twitter and reddit? Both have APIs. Reddit doesn't require an account to read for even its NSFW sections. Both have TBs worth of archives online anyone can download and play around with. They are two of the most open sites online. No one is hosting archives of SoylentNews articles. Here, go download all of Reddit nicely packaged by month: https://files.pushshift.io/reddit/ [pushshift.io] How is that a walled garden?
(Score: 4, Informative) by bzipitidoo on Wednesday September 19 2018, @05:22PM
I've had good results with Video Download Helper plugin in Firefox. Even works with the latest (post 56) versions.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @02:44AM (2 children)
Something tells me you've never used youtube-dl much, or at all? youtube-dl is the king when it comes to saving multimedia from the web. Just keep it up to date, which is simple.
I don't disagree about browsers.
JavaScript should just die already. YouTube requires it. Now Twitter seems to, too, giving you two bullshit error messages if you don't enable it.
(Score: 2) by Arik on Thursday September 20 2018, @03:37AM (1 child)
However I was looking for something more generic.
If laughter is the best medicine, who are the best doctors?
(Score: 2, Touché) by Anonymous Coward on Thursday September 20 2018, @04:48AM
It's not an extension. It is not an addon. It has nothing to do with Firefox.
https://rg3.github.io/youtube-dl/ [github.io]
It is powerful. It can be used with mpv, smplayer, and so on. It's cross platform, it's open source.
AND IT HAS NOTHING TO DO WITH FIREFOX.
(Score: 0) by Anonymous Coward on Thursday September 20 2018, @09:14AM
A local News site was running like a dog. Open umatrix. Over 99 cookies being set. More than 50 scripts. Just by the news site without counting third party. Block scripts and xhr and cookies. Page loads in second.
(Score: 3, Informative) by RamiK on Wednesday September 19 2018, @03:55PM
Shift+Right click should work.
compiling...