1. 17

    Dug a little deeper… this Instart thing is no joke http://go.instartlogic.com/AppShield-Ad-Integrity-Data-Sheet.html

    Web publishers make simple DNS changes to flow the network domains that carry their HTML through the Instart Logic system. This allows our system to inject a small piece of JavaScript that can detect the presence of ad blockers. When an ad blocker is detected, the JavaScript-based virtualization layer Nanovisor, together with our intelligent cloud-based, machine learning platform, encrypts and delivers all the elements of the page using the customer’s existing delivery services.

    As a result, each resource on the page, and any signals and actions such as measurement beacons or user clicks, will have its URL encrypted and obscured. This renders ad blockers ineffective, as they can no longer search for patterns which would indicate a resource is related to advertising.

    The result is simply the experience that the web publisher intended on delivering to the end user with no changes to the ad delivery or measurement systems; end users have no need to be aware the technology is even being used.

    For now it looks like their tech mainly targets Chromium-based browsers. If you use Chrome, look into the uBO-Extra plugin (not necessary for Firefox).

    1. 10

      In my opinion browser vendors themselves need to take action and block this so hard that companies doing this are put out of business.

      Otherwise this approach will be the only one left in a few years, with more ethical actors which allow users to decide how they want to read content gone out of business.

      That it mainly targets Chromium-based browsers is kind of ironic for me: I migrated from Firefox after 15 years of loyal use to a closed-source, Chromium-based browser (Vivaldi) yesterday.

      1. 10

        Consider for a moment that it’s browser vendors who have created all the tools necessary to make this happen.

        1. 2

          There’s a couple of issues with browser vendors doing this themselves.

          First, it’s a moving target: maintaining a block list takes continuous effort. False positives, new technologies, anti-block strategies, domains changing hands - it’s a fair amount of effort to keep on top of things like this.

          Second, this would mean that browsers are then policing the web. There’s an argument that this is bad: you are then trusting your browser to tell you what’s OK, and what’s not OK, to view. I’ll leave a detailed discussion of this to others, but I hope it’s obvious what issues that might raise.

          1. 7

            Right now, I am trusting my web browser not to issue 3rd party HTTP requests under disguise. This is honesty and transparency towards the end-user, rather than policing: I should be allowed to block any outgoing connection from my computer at my discretion.

            If someone maliciously undermines one of the staples of the internet (DNS), especially to allow a corporate, for-profit entity to do something on my computer against my will, I would like for my browser vendor to act accordingly.

            1. 1

              For what it’s worth, I believe Instart uses first-party subdomains. You could allow requests from www.example.com, and disallow from 7zs4gc2n.example.com or similar fishy-looking subdomains.

            2. 2

              With that reasoning brwosers should stop asking for permission to display site notifications, requests for location, and allow access to microphone and webcam by default.

              What’s wrong with it if you consider users’ machines to be just temporary extensions to tracking companies’ ad-serving networks?

              The reason why I want browser vendors to step in is that no company will care if their action lands them on a blocklist of an extension they never even heard of. But if the response is “if you do this, you will land on Google’s/Mozilla’s/Microsoft’s shit list” then these practices will stop within minutes of the announcement.

              1. 3

                I tried fairly hard to phrase my comment in a way that didn’t disagree. I just wanted to point out some of the reasons why browser vendors might now have done this themselves already.

                Circumventing intended behaviour is definitely something they should prevent, but that might be more of a technical issue.

            3. 2

              This is where Brave browser + Basic Attention Token could actually be a viable option.

              1. 1

                with more ethical actors which allow users to decide how they want to read content gone out of business.

                If Users care about using browsers that let them decide how they want to read content, then the actors would not go out of business.

                If Users don’t care, then I don’t see why such a actor should exist.

                I don’t see why you need to invoke the great vendors to decide for us what can or cannot be allowed. Not to mention, if you ought to be allowed to run whatever code you want on your machine, that should include dodgy javascripts. You don’t have to go to these websites and I don’t see why they shouldn’t be allowed to choose who gets to access their contents.

                1. 1

                  I think I could agree with this stance if I had infinite time and energy to put into securing my browser.

                  I spend quite a bit of time reading about privacy issues and taking steps to protect myself, and it still doesn’t feel like enough.

                  It’s not that users don’t care, it’s that they don’t care enough to take full responsibility for their privacy. What are we supposed to do, write our own browsers from scratch?

                  In fact there is probably a meta level to it as well: people haven’t invested the time/effort to educate themselves about privacy issues. How many people would care about these things, but simply don’t know?

                  Furthermore, the whole point of this technology is to secretly bypass content blockers - users have already made the explicit choice to not see this sort of content! Who in their right mind “wants” to run code which hides itself from the developer console to avoid detection? It’s like arguing “if you didn’t want headlice you shouldn’t have let the louse live in your hair.”

            1. 10

              The only thing that keeps me sane is using weechat to connect: https://github.com/wee-slack/wee-slack

              I relay it over to Emacs using https://github.com/the-kenny/weechat.el which is almost as nice as my regular IRC client.

              1. 6

                Author of weechat.el here. Any feedback? I’m aware of performance problems when connecting to a big list of channels, as well as the missing auto-fetch history. Anything else you’d like to see? :)

                1. 1

                  Thanks! The only thing that confused me was that it seems to use a white face for your own nick, which makes it invisible in the default color theme, so I had to remove "white" from weechat-color-list. Easy fix once you realize what’s going on, but very confusing at first.

                  Also I’ve noticed sometimes the unread-tracking is a bit unreliable. However, this might be because I sometimes keep the web client open, and I’m not sure how that interacts with unreads. I will try to see if I can get more details about this and report an issue if so.

                  1. 2

                    As for the color: Yes, we just copied the original colors from weechat itself, which is made for a dark theme. I’ll add a task to my list to create a more compatible color theme for bright emacses.

                    When I developed weechat.el there wasn’t an acceptable way to sync unread status. I haven’t tracked the relay protocol for quite some time now, but I’ll check if it’s possible now. It’s actually a feature I’d like to see too.

                    1. 1

                      Oh, one thing I just remembered is that it was very surprising to me that weechat-tracking doesn’t track unread messages at all by default but only tracks mentions. It would be helpful to make that clearer or make the default match other clients.

                2. 9

                  I did this for a while, but then it felt like my irc safe-haven was infected by slack and it made me sad, so I stopped doing that. Now at least if I’m staring at a terminal I can be in my happy place and properly brace myself before I switch to a browser window.

                  1. 4

                    Personally, I use the web client. It has almost all the features of the desktop client and I can turn off desktop notifications, making the only actual notifications, then, the favicon updates which aren’t nearly as jarring.

                    I think I’d prefer to use something else entirely, like your setup, but for some reason I’ve not taken any time to try it out. I do fear that I might become complacent or something and forget that I hate slack… because I’m not actually using slack, I’m using a chat service that feels like irc, and that’s dangerous.

                    Slack actually bothers me more because the model is fundamentally different than what I’m used to–1 network, multiple channels. Where as in slack there are multiple networks and multiple same topic channels. “But, irc has multiple networks, too?” Yes, but the official communities will hang out on freenode#lobsters, or freenode#racket, or efnet#mtg (idk?), not create a whole network about golang, and then have a separate channel, in each network, about Battle Star Galactica, essentially making BSG discussion so bifurcated it doesn’t even happen anywhere.

                    1. 2

                      It has almost all the features of the desktop client

                      Because they’re the same thing. Thanks Electron!

                      1. 1

                        Of course! The things that don’t work tend to be the shortcuts for switching rooms, or searching, and things of that nature–which is fine. The harder it is for me to waste time chat the less I’ll do. Get those conveniences outta my life, dammit!

                    2. 2

                      I’ll need to take a look at this. It won’t help that much, but it’d at least make extracting/searching a lot easier than the official client. Thanks for the suggestion.

                        1. 1

                          I tried to get that working first, but it was extremely unreliable at the time. Maybe it’s gotten better; this was about 6 months ago.

                          1. 1

                            Aah, it has improved considerably in the recent months.

                        2. 1

                          I’m extremely tempted, in my bid to not use graphical apps unless required, to connect to slack via the IRC bridge using suckless’ ii to script some grepping for notifications and piping those to dunst. I have a very hard time not responding to the shiny dot saying “NEW CONTENT HAS APPEARED.” I’d rather make it deliberate to catch up on content once every 2 hours (that’s only 4 times a day) for some timeboxed period of time than constantly monitor it. Bonus: More free ram.

                        1. 7

                          Got tired of running go test in a terminal inside Emacs so I wrote a plugin to do just that. Who knew writing Emacs plugins was so much fun and easy.

                          1. 2

                            This is neat! I pretty much exclusively use compilation-mode for this purpose, which works fairly well. But, I don’t have an easy story for “run test at point”!

                            1. 1

                              Thanks! I’m a bit confused, what do you mean with story?

                              1. 1

                                I just mean, i have no way to do what squeak does without typing the whole go test command out.

                                1. 1

                                  Ah, right. That’s precisely what I wanted to do with it, since go-mode already provides function name detection. I also wanted something to make it easy re-run tests while modifying the package code.

                                  I was thinking of expanding it into other things, e.g., go build which would detect errors Flycheck doesn’t usually detect (like missing packages or undefined variables), and generally using the oracle tool to do all kinds of magic (find usages). So the plan is not to be exclusively a test utility library, but more of a utility kit on top of go-mode. Time will tell!

                            2. 1

                              Not to discourage you about your plugin, but have you used the M-x compile. You can run compile once, set it to go test -v, this will open a new window with the result and clickable line errors, and after that you can do M-x recompile to re run go test. You can utilize it for build or any other option you need from the go toolkit.

                              Compilation manual

                              1. 3

                                I have. The behaviour, usability and appearance of M-x compile are exactly the reasons why I wrote this plugin.

                                To be specific, I did not want to:

                                • …initially write the compilation command after typing M-x compile
                                • …have a new buffer appear every time the command runs
                                • …read a bunch of redundant information that can be compressed into a single line
                                • …type the name of a single test after go test -run ... myself
                                • alter the test to be run when I want to run another unit test

                                What I did want was something that

                                • provides simple bindings that do what I mean and work in any Go file
                                • requires no typing effort
                                • compresses information into a concise one-liner
                                • IDEs have already provided since the early 00s

                                I understand the point of M-x compile is generic and the point of this plugin is to be specific.

                                In the future I’ll implement highlighting of succesful and unsuccessful tests using Flycheck or something that lets me put stuff into the gutter.

                              2. 1

                                Nice! I’ve been using flymake plus a custom script for the last couple years. Basically by default go build is ran. If I’m editing a _test.go file then go test is ran. go vet is run on everything.

                                1. 1

                                  Thanks a lot!

                                1. 1

                                  Nice idea. Can’t help thinking that some element of curation is needed?

                                  Example - I can search for “date” or “time” under PyPI and there are plethora of options, but what I really need is someone pointing out the arrow library which IMHO is the only one you need.

                                  1. 2

                                    Thanks, I’m working on ways that people can curate collections of libraries to make the best ones easier to find. The Pypi area of the site is slightly lacking at the moment as I’ve not been able to get as much info as I’d like from their JSON API, as I get more information on which libraries depend on arrow it should naturally rise up the rankings.

                                  1. 1

                                    On a related note, is http://producingoss.com/ a good read? Is it relevant for people who want to figure out how they can contribute to open source projects?

                                    1. 5

                                      For context, FIPS means “US Federal Information Processing Standards that specify requirements for cryptography modules. ” ( from http://wiki.openssl.org/index.php/Category:FIPS_140 )

                                      1. 3

                                        On somewhat similar lines, learning how to freelance/consult would be a great way of learning many of the negotiation tactics. (I learned it mostly from Ramit Sethi’s Earn1K course).