On 210505-11:17+0300, Jean Louis wrote: > * Miroslav Rovis <[email protected]> [2021-05-04 19:58]: Hi Jean! > > > > I've tried to find out who the webmasters are on the > > related main page and around with no success, so I'm > > asking about it here. Still not clear about who the webmaster is.
But since you're on bugs at gnu (as your email says), I hope my lead and your explanation is sufficient to make the change, and I hope it will just happen, silently is fine for me. > > https://media.libreplanet.org/u/libreplanet/m/locking-the-web-open-a-decentralized-web-that-can-operate-as-free-software-does/ > > This is because their webmaster have designated all video links to > automatically preload: This is the (small) modification to put in effect: > preload="auto" > > instead it should be: > > preload="none" or > preload="metadata" to get only some basic information of video > > and they should use poster option to let the user see only a > screenshot from video. It is this: > The problem is that people working on those websites usually have > enough money and very good Internet and they assume that all of the > planet is the same, somehow funny when conference is planet related. > > In many countries people pay good amounts for data, and often Internet > is not fast, it could take many hours to load such video. It is also that analysis is more than an order of magnitude slower than simple browsing. I can't know what I take into my machine quickly even with year 2020 launched modern (commodity) processor machine (AMD Ryzen 7 Pro 4750G), with unnecessary preloading like this, that only analysis can tell what it (likely) is. What I mean is, it took a couple of minutes to preloading-imposed download into browser cache a good portion of grandsun1715.webm file, but when, seeing the quick growing of the network trace and understanding that some unexpected traffic was happening, I cut the network connection (physically), and went on to analyse with Wireshark and some scripts of mine, it took me many hours to reach to my conclusion, because Wireshark, Tcpdump, and other are good tools, but the network is not optimized for analysis, it's optimised for quick use, not analysis... So, many hours it took me to analyze and reach to my (probable) conclusion, including the failed decryption of exactly the huge unexpected download. That basically means that possibly there was MiTM and spoof that happened as well. Hope not, but thearetically possible. To me, knowing what gets into my machine --and the browser is the most used for intrusion, has the attack surface ridiculously huge and hard to control-- is as important as free software and hardware. Free software and hardware must be safe, else my freedom can easily be compromised and hence it's not freedom anymore. [*] > This is the accused snippet: > > <video controls > preload="auto" class="video-js vjs-default-skin" > data-setup='{"height": 720, > "width": 1280 }'> > <source src="/mgoblin_media/media_entries/2335/grandsun1715.webm" > > type="video/webm; codecs="vp8, vorbis"" > /> > <div class="no_html5">Sorry, this video will not work because > your web browser does not support HTML5 > video.<br/>We recommend you install a <a > href="https://libreplanet.org/wiki/Libre_Browsers_Lib > > +re_Formats">freedom-respecting browser which supports free formats</a>!</div> > </video> > > If you have some extension in the browser, you may protect yourself. > KB > > In Firefox-based browsers, it is possible to change the behavior by > going to Preferences ↝ Privacy & Security ↝ Permissions ↝ Autoplay > and then blocking both audio and video. Good advice. [...] > - MediaGoblin or webmasters should not impose auto preloading; > > > Jean > ------- [*] I must depart on this tangent here. I know I belong to very rare kind of people who try to control their machines by, among other things, (continuous) network inspection, which means TLS-decryption of (all) traffic and reading what happened. The Freedom of users need people who will do this. I use Pale Moon, and I also use Firefox nightly (much less, because the maverick Pale Moon inspires much more confidence to me than big tech Mother of his), because, appart from Google's Chrome (which is out of consideration for me, Google is the world's top unofficial spying company, covered by advertizing) they are the only easily set up TLS-decrypting browsers that I currently know of. For less familiar readers: https://wiki.wireshark.org/TLS Debian Firefox package and I also think other even freer browsers do not have TLS decryption available other than if you patch them and recompile. And not simple patches are needed any more (as it used to be several years ago), but very complex. So if anybody familiar with browser authoring/packaging and TLS read here, bear in mind this issue when creating/rewriting or packaging a browser that will fully serve libre users. -- Miroslav Rovis Zagreb, Croatia https://www.CroatiaFidelis.hr my PGP-key: https://www.croatiafidelis.hr/FCF13245ED247DCE443855B7EA9884884FBAF0AE.asc
signature.asc
Description: PGP signature
_______________________________________________ libreplanet-discuss mailing list [email protected] https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss
