User talk:Tepples/Slashdot signatures

From Pin Eight
Jump to: navigation, search

Slashdot and HTTPS[edit]

The sig in question is about SNI, but that's not what I'm discussing here. Also, I am not a registered Slashdot user.
If "All web sites should go completely SSL..." then isn't it hypocritical for Slashdot itself to limit HTTPS access to premium subscribers? Would you prefer that they eliminate the "free registration" tier (thus requiring subscription fees for all registered users) in exchange for making the site HTTPS only? Or did you have something else in mind?

Other sites with similar policies include, MediaFire, and historically the Google Maps API. I can understand how might be more strapped for cash than Slashdot. For a site that really needs to limit HTTPS to premium users, what best practices do you suggest? Putting secure and insecure content on separate domains might be a start. Eighty5cacao 21:51, 12 April 2011 (MST) (last edit 21:01, 20 July 2011 (MST))

First, read Adam Langley's analysis of how HTTPS raised Gmail's server load by 1%, and how Google reduced round trips. For the smallest sites on entry-level shared hosting, I imagine the biggest costs are for the cert and the IP address, as my sig implies. If you're still not convinced, prepare an analysis of why a web site "really needs to limit HTTPS to premium users", that is, why the web site would be unprofitable if all users used a web browser extension like HTTPS Everywhere. Then run the analysis past the maintainer of HTTPS Everywhere for their input. --Tepples 05:49, 13 April 2011 (MST)
I had already read that, and I already use HTTPS Everywhere (but I do not participate on their mailing list); sorry for not specifying such. I was mainly questioning whether Slashdot is the best place to raise such an issue; I'd imagine that their policy originates from a time when the computational costs were relatively greater, though I'm not sure how the cost-benefit analysis would justify maintaining the same situation now.
I intended to mention GotFreeFax as another example of HTTPS for premium users only, but it wasn't loading for me at the time I wrote the OP. It's a better example because they are probably spending most of their money running the fax lines rather than just the website. Eighty5cacao 06:50, 13 April 2011 (MST) (last edit 09:46, 13 April 2011 (MST))

For the record, this has been discussed on Slashdot here, but I see no comment from any reputable authority qualified to discuss Slashdot's financial situation. Eighty5cacao 22:08, 19 April 2011 (MST)

And today I felt like discussing it again in a comment to a story about Internet Archive going HTTPS-by-default. Watch replies, provided it doesn't get moderated to oblivion. --Tepples (talk) 00:08, 26 October 2013 (UTC)
I'm pretty sure that it was about major ad networks, none of which supported HTTPS until September 2013. And as of the Ides of March 2016 (today), Slashdot is available to all through HTTPS. --Tepples (talk) 23:55, 15 March 2016 (UTC)


To truly satisfy the pedants, any discussion of the Facebook issue would need to address why you did not sign up later, once registration was more open — though I suppose the answer is rather obvious...

COI declaration: I have a Facebook account, but I will not disclose my real name just to let you or anyone else verify this. I never use "like"/"share" widgets found on external sites. I would probably not be on Facebook now were it not for the insistence of an immediate family member several years ago during my undergrad studies. Eighty5cacao 15:29, 4 August 2011 (MST) (last edit 21:37, 4 August 2011 (MST))

I wrote about why I didn't sign up later in this Slashdot journal entry. I'm trying to see if there's anyone on Slashdot both 1. pedantic enough to tell me it's been opened, and 2. willing to explain what I could get out of a membership. --Tepples 06:17, 5 August 2011 (MST)
Whoops. I thought the "obvious" answer would have something to to with Facebook's poor track record on privacy. COI declaration continued: I have found Facebook useful for communicating with classmates whose email addresses are difficult to obtain otherwise or who prefer to use email only for serious academic business. That should be enough explainin' for now... For what it's worth, I also considered User talk:Tepples as a venue for this discussion, since your user page also mentions the issue, though I decided otherwise because (1) pedantry is commonly associated with Slashdot and (2) I didn't want to bury a couple of ongoing threads there. Eighty5cacao 08:56, 5 August 2011 (MST) (last edit 16:24, 5 August 2011 (MST))
Clarification: The word "there" at the end of the preceding sentence was intended to refer to User talk:Tepples. Eighty5cacao 18:56, 8 September 2011 (MST)

Choice of URL shortener[edit]

If you are already using protocol-relative URIs to save on character count, then why aren't you using as your URL shortener? Obviously the domain name is shorter, but I am thinking of something else: AFAIK, is the only major URL shortener to support HTTPS. (This matters so that premium Slashdot subscribers browsing in HTTPS won't encounter breakage; then again, any such user is probably smart enough to fix the URI scheme manually after copypasting to the address bar.) Does Slashdot block the posting of links but not TinyURL links? Does not allow free users to create human-readable shortlinks? Eighty5cacao 23:05, 8 November 2011 (MST)

Libya asserts jurisdiction over sites on its .ly TLD, and at least during the Qaddafi days, Libya used this jurisdiction to censor I could use until the new Libyan government decides what policy it wants to implement. --Tepples 05:06, 9 November 2011 (MST)
It appears that Twitter's now supports HTTPS as well. However, it is irrelevant to our discussion because generation of short links requires a Twitter account. Eighty5cacao 11:19, 20 March 2012 (MST)

...and the original premise of this discussion is invalid now that TinyURL and support HTTPS as well. Eighty5cacao 00:26, 9 May 2012 (MST)

Various exceptions[edit]

You say "This has exceptions, such as non-MMO computer games." Well, some non-MMO computer games. You can make computer games free software too, and possibly even charge money for a telephone call for live hints if you like to.

You say "Turing completeness is not enough. Also consider efficiency and I/O capability." Well, also programmability. At least I like to have command-line interfaces and stuff; UNIX ways work pretty well. Of course you are correct it isn't Turing-complete.

You say "Some people block ads because the site puts a 200 kilobyte Flash ad on a 20 kilobyte article"; that I agree, although not necessarily due to how much money it cost, but because it can make it slow, and I don't want to install Flash, and sometimes it get in the way of the text. I don't mind unobtrusive text ads though.

You have some links that include the domain name but omit only the protocol. This is generally a bad idea in my opinion, although one thing it can help with is links to other domain names within the same group (such as Wikimedia Foundation and so on); in such a case it helps that you will retain the security setting.

I also don't like URL shorteners in general, and that they should always be avoided when possible. (There might be reasons to use them, but usually they should be avoided as much as possible)

They say "Access sucks; PostgreSQL rules." Well, I prefer SQLite, although that's just my preference. I wrote several extensions to add various functionality (including one to parse JSON data), but still no extension to do graphics as far as I know.

You say "The real problem with the implementation of global menu in Unity is that the user can't see the menu to aim at it until the mouse pointer is already at the top." I think you can hold down ALT and then it also displays the menu and you can pick one by the underlined letters. I haven't used a computer with Unity in a while so I may be wrong.

You mention hosts files. I use that feature myself; to avoid annoyances as well as to be able to connect to the router with a name, and if needed, I can add names for other computers on the local network too.

You mention "For one thing, a personal computer obeys the person who owns it. Even if a user doesn't immediately need the flexibility that a personal computer offers, a personal computer gives the owner room to grow." That I agree; I want a computer I can program.

Your link about "Emacs is one big copyright infringement" doesn't work (although I do prefer vi over emacs, but that's just my opinion). -- 06:36, 1 March 2015 (UTC)

(I have no official affiliation with Tepples; I have not been officially designated to speak for him.)
In response to the concerns about protocol-relative URLs and URL shorteners, keep in mind that Tepples was working with a limited character count. Some of the protocol-relative links may have been objectively incorrect due to a lack of valid HTTPS support on the target site, but as Slashdot only provides HTTPS for premium subscribers, Tepples considered this an acceptable compromise.
I agree that there is generally no reason for a webmaster or content creator to make protocol-relative clickable links to third-party sites ("clickable" as in <a>, not <script> etc.), except in the special case that both the referring and target sites require SNI for a valid certificate to be obtained. (This is true of Pin Eight itself but not Slashdot, as far as I know.)
As most of this page is an archive of previously-used signatures, I believe Tepples does not intend to make edits solely to "fix" links in signatures that he already used. --Eighty5cacao (talk) 18:01, 1 March 2015 (UTC)
Everything Eighty5cacao wrote is true. I've figured out how to keep it an archive while retaining the ability to revive a sig. But nowadays, I'm more likely to make posts like these on my microblog, unless they're specifically related to a topic that has appeared in several Slashdot stories over the past couple weeks. My microblog host limits posts to 140 Unicode characters but includes its own URL shortener and doesn't require the <a href="..."> tag for links.
As for preferring vi because of copyright infringements in GNU Emacs, that was facetious. I was referring to Emacs not including Bison source for a grammar. Another nowadays would be how Tetris v. Xio interacts with one of the amusements. (The author of Tetris is an out enemy of free software.) But personally, I'm more likely to use GNU nano or the Alpine composer (pico) from which it was cloned. --Tepples (talk) 03:05, 3 March 2015 (UTC)

I am aware that my previous statement that "there is generally no reason ... to make protocol-relative clickable links to third-party sites" needs to be revisited, at least for links between Pin Eight and NESdev articles, in light of personal MITM proxies being a significant use case for people with low-bandwidth, high-latency, low-reliability, and/or metered Internet connections. --Eighty5cacao (talk) 16:18, 11 January 2017 (UTC)

More comments on 2015 and 2016 stuff[edit]

I prefer POTS lines over cellular, for several reasons.

I agree that login with HTTP authentication (basic or digest) is better than using cookies, although I also agree that the common browsers need to be fixed to add a logout option (by some keystroke combination, perhaps). (In one case I have worked around this problem by adding a file to my server that requires authentication but rejects any username, allowing you to override valid authentication with invalid one and therefore relogin. But this isn't so good because it is a server-side solution, rather than client-side.)

For hosts files, putting in the operating system the capability to set not only A record but also DNS providers for subdomains, would help a bit too. Alternatively, just run a local DNS server!

I don't play game on tablet because I don't like tablet computer. Also, many game just work better by keyboard and/or mouse.

And, you mention a comment about someone who said you don't need JavaScript webapps, which I agree but there are many other alternatives. Other protocols can be used for many things, and for interactive stuff used on a server, there is Telnet and SSH. For remote database access, I think a SQLite extension to access it through a virtual table module would be better. There are also many other kind of VMs to consider, such as even "Famicom VM". (Providers, can, of course, provide implementations of these things as webapps if they want to, but other way should be possible too, even if they are just APIs/protocols.)

-- 23:39, 2 September 2016 (UTC)