You are absolutely correct.

The hacker controlled/malicious browser simply morphs the incoming JS as it comes off the wire (e.g. a filter on the socket data) to do whatever is necessary to bypass any real security check and return the "I am safe" result.

It could (e.g.) simply reverse the sense of:

if (bad_security_here()) ...

Into:

if (! bad_security_here()) ...

Or, do whatever else is necessary to nullify the security check.

Client side security checks are largely meaningless! If you control the browser, you can hack it any way you want, and you control what the JS does/can do.

A native app might be harder to morph, but, ultimately, the same technique can be applied [by patching binary bytes] to nullify the security checks.

They are only useful as a "health checkup" for a legitimate user's browser. But, Google's stated goal was:

As I mentioned above, [real] crooks can easily get around this, so this is faux security at best.

At worst [as others have mentioned], foisting Javascript on users that do not want it, opens a gigantic Pandora's box of security holes for other sites that might download malicious javascript code.

Probably. IIRC ...

MRAM consumes less power than DRAM (vs. more). MRAM is _faster_ than DRAM (and is as fast as L2 cache).

It also has a very small bit cell size (so very high density).

So, it beats out 3D-XPoint (aka Optane) on almost every point.

Also, MRAM doesn't "wear out". From what I've read, 3D-XPoint is better than flash on this, but, eventually, has a wear out point.

There is one small advantage to having a PDF viewer in the browser, but it's a [beneficial] side effect for a missing browser feature.

If you do a google search for something and on the results page is a link to a PDF, the link _isn't_ a direct link to the final PDF file. It's a "result" link that actually points to google (e.g. google?url?sa=t&foo=bar). It redirects when you actually click on it. So, if you right click and select "copy link location", you'll get the link pointing to google and not the final site URL.

For ordinary site links, you just click on the search page link and when you land you have the final link in the page URL, which you can bookmark, copy, etc.

For PDFs, if your action is to run Adobe Reader, it will download the PDF but it loses the sense of the final link. With the embedded viewer, the final link is available in the viewer window's URL, just like an ordinary web page.

I just tried the two top links and get:

Actually, IIRC, they didn't copy the signatures. When you build an android app, you use Oracle's JDK [and/or openJDK or some such] and get the signatures from that. Just like if you were using the JDK to create your own Java [non-Android] app. Otherwise, anybody writing Java code would be in the same boat.

Oracle has a copyright on the API. Oracle was trying to convert this to a "patent" on it. If Oracle had a patent [which they can't get], then Google would not have been able to create the underlying [Dalvik] from scratch re-implementation of the JVM.

If Oracle had won here, ironically, they would have had to open source the code to their database software. They port to Linux and it had GPL v2 [as does glibc, etc.]. Also, they use C, and the ISO C spec has a copyright.

If Oracle had won, anyone writing a C program would have had to make a royalty payment to ISO.

Further, the stdio.h that comes with glibc has a copyright. That doesn't prevent BSD from creating their own stdio.h [they are both built from scratch, even if they both define similar things to implement the POSIX specifications]. Actually, if Oracle had prevailed, all Linux implementations, gcc, glibc would be shut down because POSIX [specs] could never have existed. POSIX specs were a "clean room" reimplementation of the _specifications_ of interfaces and programs that had copyrights (i.e. AT&T had copyrights on the _Unix_ man pages for open/close/read/write and other system calls and utilities like ls/df/du, etc.)

Wired http://www.wired.com/ has started doing that and I've started not visiting their site, even though I whitelisted them so I could do it for free. Screw them ...

On the other hand, Stack Overflow https://stackoverflow.com/ has stated publicly that they are fine with ad blockers. Their reasoning is that if you're running one, you don't want ads, and wouldn't click on any if you saw them.

Actually, what seems to have happened is that they _did_ have a backup. But, they had to roll back to an old one.

Maybe they used Azure for their backup ...

I've been on slashdot for years and just started with stackoverflow/stackexchange three months ago. I did about five other posts here and they're somewhat based on my SO experiences. SO's code is proprietary, but they also base it on markdown. Maybe cut a deal?

Adopt a reputation system similar to stackexchange. Right now, _everybody_ [who has been on slashdot for any length of time] gets posts started at +2.

The highest a post can is +5.

But, why not allow posts starting at +10 for users who have earned that by having a history of making good posts

Allow anyone with sufficient reputation to be able to cast unlimited votes [ala reddit or stackexchange]. The same rules should apply. If you post on a given page, your moderation doesn't count.

Ironically, of late, when I have mod points to use, I can't seem to find a page I wish to moderate [or feel qualified to do so]. When I _don't_ have mod points, I find pages I _would_ like to moderate.

Moderation should _not_ be completely anonymous. If a person upvotes/downvotes, anybody should be able to agree/disagree. This is like fine tuned metamoderation and the result should accrue to the moderator's reputation in some fashion.

Users should also be able to moderate as to whether the post is on topic or not. The post may be brilliant, insightful, etc. but not really related to the TFA. So, how about "on topic"/"off topic" votes.

This should have gone in my other post: http://ask.slashdot.org/commen... but how about allowing users to sort posts dynamically based on different criteria for each page

Provide the ability to edit posts [possibly for a fixed period of time, say 5-10 minutes]. The edits should be discoverable by anyone (e.g. "show older versions" button). And/or allow the ability to _append_ to posts.

There are many scenarios where a poster forgets some trivial detail and posts [it happens a lot]. They reply to their own post with a correction. This adds to clutter. Also, many repliers never see such corrections and the poster gets hammered based solely on the first message, even though they've already done their "mea culpa".

Also, someone who is quite knowledgeable about a given topic may not be able to provide all the relevant knowledge they have in a single sitting. They may wish to trim one post, reorganize it, to make things more clear, without having to do a separate post [which probably won't be seen anyway].

Right now, slashdot is _just_ a chat room of sorts. Except for the links to the TFA, there is no long term value to the thread posts. Very few people will revisit a slashdot page, looking for reference material. Even the "ask slashdot: how do I handle this situation?" pages that can have a lot of useful advice [and do not have a TFA] are difficult to use for that purpose.

Right now you can only set a message visibility level based on score for your entire account.

On a given page, usually the first posted threads are _long_ and usually off-topic to TFA [or drift that way quickly]. This is more prevalent the more difficult the [scientific] topic is. Fewer people understand it, but still want to post.

For example, a post about a discovery at CERN might generate a long thread about the merits of government funding of research. Fair enough. But, for someone looking for a discussion of the true scientific data, etc. would have to scroll through all that. That's a lot of work to get to the more germane posts/threads that usually appear nearer the bottom of the page.

How about a collapse/expand button on _each_ message that will collapse/expand [expose/hide] everything under it.

This would help reduce the effect of the "early posters" that "shanghai" a page with topics that are only obliquely connected with the central topic of a given page.

Now, I'm _not_ against oblique threads. Some are actually interesting. If people wish to reply under these, all to the good.

But, we should give users more ability to filter out the threads they're _not_ interested in reading, or more importantly, scrolling over to get to the threads they _are_ interested in.

On stackexchange, any user can see upvotes/downvotes/comments/etc within 10 minutes [automatically updated on the top bar]. No waiting a day or two to see replies, comment moderation, etc.

Require all ACs to have a valid login [or have a way to differentiate them internally].

On a given page, the first AC poster is known as AC#1. The AC second poster [if different] is AC#2. And, so on ...

That way, we can see if different ACs are having a conversation [which is fine], or we just have one AC running amok and creating a phony conversation with themselves, just to stir things up.

On another page, the numbers start from 1 (i.e. _no_ correlation between AC#1 on page X and AC#1 on page Y).

This preserves anonymity but also gives a particular page more sanity. It might cut down on the anonymous trolling that seems to have taken over Slashdot.

Several AC's replied to me about speed of light being [roughly] one foot per nanosecond [which I had forgotten]. So, 13.7 us is 13,700 ns, or 13,700 feet, or 2.5 miles [just as you said]. Wow! I know that GPS receivers [try to] use several satellites. Can they compensate for this without an almanac update [automatic or manual]? Or, if they use the faulty one, what happens? Would they try to average it in or reject it as too far off the average of the others?