I think in that case it might a matter of length, rather than symbols, but I've never put in the effort to pin down the problem exactly, now that my password manager settings work.
Like, I caught them doing the "ask for FQDN but reject FQDNs" a couple of weeks ago in either Route53 or something immediately adjacent (i.e. where people who know better should have been involved), yesterday SageMaker stopped launching kernels because of a "known issue" (don't worry, it doesn't meet the definition of downtime though), and today I had to diagnose an unresponsive control panel by opening the console and digging up a REST error response that they didn't bother to handle in any way.
Everything about AWS is not merely broken and half-assed, but fractally so, so that even after using a service for years you are still uncovering severe caveats and awkward limitations. Password validation traps fit that pattern to a T.
I do now have a hyphen in my last name which is not accepted everywhere. Some companies accept the hyphen but replace it with a space (some credit cards), some reject the hyphen so I either make it all one word or add my own space.
That's incredibly obtuse of them; what possible reason could they have for doing that?
Essentialy, if your site targeted every age demographic or even had a preference for older and/or less tech savy demographics, how can you prioritize the edge case that <0.00001% of your users has their own lastname.tld vs is entering an incorrect email address.
I agree that it's a huge UX problem - one of the reasons why a lot of online checkout processes have you type your email address in two separate fields, twice. Without some guardrails in place, there is probably a not insignificant number of people who typo their email address in a single field, or type a malformed address, and then complain to customer service or their credit card company when they never receive an emailed invoice.
Worse case scenario, you could use firstname.lastname@example.org. Even something like 1.lastname.com would likely work.
I suppose it depends on your reasons for using your own domain in the first place but having to employ the use of a gmail acount negates a lot of the privacy & security of a personal domain IMO.
I have in the past normalized email addresses per the rules I know specific providers have to help people login. Did I sign up with mike+hn@ or mike+hackernews@?
For example: email@example.com.
Nobody blocks dots in email addresses, although I have had some sites in the past email me using the first part of my email address as my name; it's amusing to open an email from example.com saying "Hi, example.com!"
For any programmer that's ever tried to validate email addresses it's an eye opener.
Other hosts (e.g. Mailbox.org, the host I'm with now) can support the feature as well, with some configuration.
- The History of the URL, https://blog.cloudflare.com/the-history-of-the-url/
(Notice how the “.” isn’t included in the hyperlink)
The root has children like "com", "net", "uk", etc.
There are DNS records at the root level. Try this command:
host -t ANY .
It used to be pretty common to put your organization's domain in /etc/resolv.conf so that you can use the short version of a hostname. If your company is example.com and you have example.com in the DNS search path, you can type a command like "ping www", and it will do the same thing as "ping www.example.com". Most software still supports this, but it isn't used by that many people. (Some organizations don't put their domain in /etc/resolv.conf, and many users don't know they can abbreviate hostnames in this way.)
You would typically use the trailing dot if you want to be sure the DNS lookup doesn't use the search path and checks only against the root of the DNS namespace. You also use the trailing dot in some data files for DNS servers.
In many cases the trailing dot is not necessary, practically speaking, because the DNS resolver has special logic where if you give it a string that contains any dots (not just trailing), the search order is rearranged to try the root first instead of last. (In /etc/resolv.conf, this is controlled by the "ndots" option.)
So if you look up "www.example.com", it will check for the existence of "www.example.com." before it checks for "www.example.com.example.com." instead of the other way around. Which is good because only the first is likely to exist. If you look up "www", it will check for "www.example.com." before it checks for "www.", which again is a good heuristic because again the first is the one that likely exists.
> When / how / why would you use the trailing dot?
> The presence of a host subcomponent within a URI does
not imply that the scheme requires access to the given host on the
Internet. In many cases, the host syntax is used only for the sake
of reusing the existing registration process created and deployed for
DNS, thus obtaining a globally unique name without the cost of
deploying another registry. However, such use comes with its own
costs: domain name ownership may change over time for reasons not
anticipated by the URI producer. In other cases, the data within the
host component identifies a registered name that has nothing to do
with an Internet host. We use the name "host" for the ABNF rule
because that is its most common purpose, not its only purpose.
So, the fact that the host part of http(s) URLs are resolved using DNS is not a limitation of the URL spec. Instead that's an implementation restriction.
The thing that really annoys me though isn't email address handling. It's credit card number and social security number entry fields.
For credit cards, the number of times you should have to specify which type of card you're entering is literally zero. All credit cards of the same type (e.g. Visa) begin with the same number sequence. Visa always starts with 4, so, if I type 4 as the first digit, just call it a Visa card. Do the Luhn checksum validation to make sure it's a valid number and that I probably entered it correctly, and try to run the charge. If it fails, then provide an appropriate error message.
For SSN fields, the thing that annoys me is that there are basically 2 common ways of entering the number: XXX-XX-XXXX and XXXXXXXXX. So many sites and apps only accept one of the two and will complain about the other. It's ridiculous, because the presence or absence of the dashes literally has no bearing on the validity of the number. Just let me enter it the way I want.
Dear everyone: Denmark does NOT have states. Literally dozens of times have I encountered a form that absolutely requires that I input something in the state field before they will ship my stuff. A sufficiently motivated individual could traverse the major landmasses of Denmark by bicycle in about a day, we don't need no damn states.
I usually put in "NULL" for state, and hope something breaks.
(Also, nowhere in the world except the US has "zip codes", and about 60 countries don't even have an equivalent postal code at all...)
Well, that hasn't stopped similarly-sized Switzerland with 26 cantons. ;)
The worst are the companies who (somewhat strictly, to varying degrees) verify the address of credit cards. I've barely managed to always verify by shortening into a grotesque form of the address that logistically makes no sense, but is apparently just close enough to match whatever fuzzy formula is used (eg. Levenshtein distance).
I know what you mean for a different reason. Explaining that yes, my street name really starts with the word “Avenue” is getting really old.
Enter number, result is: 125-535-2112 .
On the plus side it was predictable and I was able to eventually enter the number something like 2153552121 and have it appear on page as 123-555-1212. When I encountered this a second time a few days later (reordering due to DOA) I discovered pasting the entire number in allowed the 'automatic' nature to add dashes correctly.
The correct answer to me is to strip out non-numbers and then verify the number is a valid phone number (which should be easier than programmatically determining names or dates).
Laziness seems most likely for that reason, but, on top of that, it's not like you even have to go to Stack Overflow to find an implementation. Wikipedia has one! Wiki. Pedia.
Just take my input, run the checksum, check that my expiration date isn't in the past and that the CVV value is the correct number of digits, and just run the charge. It's not like if I mistype my MasterCard's first digit as a 4 that it's going to work anyway. Just do the checks that are feasible, and then just run the charge.
From what I can recall, the number of times I've had to specific what type of card I have when filling out an online form is zero, because every form I can remember using did autodetect it. I admit I'm fairly young (only have had a card for 10-12 years), but from the amount of frustration you seem to have about this, I feel like you must have run into it much more recently than that.
(I'm not going to say MAY because I can't remember the exact wording, but I did have cause to look it up recently.)
In the same way, if a website does not do www->nowww / nowww->www redirect (example.com / www.example.com), you might have www version be logged in and nowww version be logged out or vice versa (depending how exactly it creates its cookies).
Is there no simple way to accomplish the same in a browser extension without bringing in some crazy AI solution? Just read the webpage as it is rendered to an actual human, identify the x/y coordinates of the element, pass that to Firefox/Chrome/Safari's element selector, and delete. Voila!
I'm sure there's a very good reason why this exact solution just doesn't work, but I'd love to hear it explained, because it seems so simple to me. Then again I'm a backend guy, and I just don't even know frontend.
> identify the x/y coordinates of the element
This wouldn’t be too too hard to implement using `document.elementsFromPoint(x, y)`. This part isn’t the problem.
Also, the problem with OCR/CNN solutions are that you have to render ahead (i.e. parts of the page that you haven't scrolled to yet) to remove ads without being disruptive to the website's content flow.
The word "promoted" might not even appear as text, it might be simply a series of divs with one letter each (out of order, of course) and then visually defined with CSS.
The browser doesn't know it's rendering a word, it only knows it's rendering a series of divs with one letter on each, and it absolutely can't know what the visual representation of the divs spell.
What you are proposing is another crazy AI solution, OCR.
Which would mean to render the document, using pattern recognition delimit the area with the sponsored post, then pass those coordinates to the browser in order to select the currently visible element, then delete it.
Even then I could think of a thousand ways to beat this, because OCR can't see invisible things and you can do all sorts of fun stuff with invisible styling, and it'd be the same game of cat and mouse the ad blockers are currently running but at a higher level of abstraction.
In case anyone interested: https://github.com/dawnerd/ublock-filters/blob/master/sites/...
EDIT: I don't think UBlock Origin has acceptable ads anymore :)
uBlock Origin has _never_ had "acceptable" (or any other kind) of ads.
I went on to investigate on it, and couldn't find much on UBlock Origin having acceptable ads. Some shady UBlock Origin-like websites claimed that, but UBlock Origin itself blocked them.
I'm wrong about UBlock Origin having acceptable ads, from what I gathered. Thank you for questioning my claims, swinglock.
I've experimented with them here and there, and tend to find that the unintended consequences are as much of a hassle as the ads.
I keep meaning to try a PiHole but I'm not sure I'll have much better luck.
That is a rare thing for me these days with uBlock Origin. I assume you're referring to broken websites when using ad blocking.
IOW I've found it easier to tolerate ads and slow sites "functioning as intended" than the much-less-frequent but far-more-maddening broken functionality that takes me "longer than it should" to troublehsoot.
I'm not sure I've used uBlock though, mostly ABP over the years.
I mean, I hope all adblock users are aware that if everyone did as they do, the content they enjoy would not exist.
Is it really all that unreasonable, as a consumer, to favor certain monetization schemes over others?
I block trackers, which blocks most ads on the web, but Youtube’s ads are not affected by this, and I’m perfectly fine with that.
Step 1 - open your site. Can't see it? I try to allow JS in NoScript
Step 2 - Still can't see your site due to shitty various techniques? Then I re-enable NoScript and add it to blacklist to never land on it ever.
Step 3 - You're not unique, your info is duplicated by several other dozens as well.
Implementing a network feature, I had to poke a service server. But the OS DNS resolver returned broken results and sometimes hanged or crashed the system.
After a lot of head scratching and exchanges with the first party support, we found the issue to be a misread of the cache line of the CPU, delivering broken data to the OS and causing havok.
The problem was that as the cache line was 32 bytes, if the url being resolved was exactly 32 bytes long, it would trigger this edge case (probably the OS missing the ending null character).
The first party support said there was nothing they would do to solve this and suggested creating an DNS alias, but the domain was a third party address specific per project which in our case with our project codename was 32 bytes, they also were unwilling to modify or create aliases.
My solution was to add a dot in the address and this fixed it, as now the address was 33 bytes and the CPU fetched two cache lines. The first party technical support was surprised by the fix and called it "sneaky ;)"
It's a commonly forgotten edge case, websites forget to normalize the hostname, the content is still served, but there's no hostname match on the browser so no cookies and broken CORS - and lots of bigger sites use a different domain to serve ads/media with a whitelist that doesn't contain the extra dot
So a machine with a search domain of 'foo.com' looking up 'www.google.com' should ideally seek the record for 'www.google.com.foo.com' first. Conversely, looking up 'www.google.com.' is more specific and returns google's ip even if 'www.google.com.foo.com' were to exist.
The reason it's not common is because all DNS client behaviors have been modified for convenience to avoid this; in basically every resolver any query containing at least one dot is automatically treated as if it were a fully qualified name. So behind the scenes, the DNS resolver is caring very much about the trailing dot and adding it to nearly every query; it's just typically hidden from users.
Like most nice things, it gets ruined once everybody starts using it.
(I find it ironic that their "polymer" redesigned site is also ridiculously slow and bloated, yet my computer, which is many years old now, has zero problems playing the videos themselves; somehow it takes more resources to render a UI --- which I could probably make easily in static HTML --- than to play an HD video...?)
Comments are essentially a tiny subset of the features of an Internet forum, which is definitely possible with static HTML. (Some things come naturally with that too, such as pagination so you can continue reading from exactly where you left off without the cursed O(n^2) of "infinite" scrolling.)
I thought annotations disappeared long ago?
That's one which could do with some AJAX, but...
I remember using a few in the early 2000s which didn't require JS either, and probably worked on a similar principle.
What exactly is that?
For a link like this (this one is not actually age restricted or NSFW):
Just visit this instead:
This one is a lot more interesting, though. I guess I assumed that sites wouldn't even respect the FQDN like that, but it's definitely interesting to see a changed site returned instead.
"YouTube Red" sounded like some adult service. Whereas YouTube Premium leaves most people knowing what it is before you tell them.
I'm also a Youtube Premium subscriber, but a creator told me that Google pays less after my views than views from non-premium youtube viewers.
What? It feels like a deterrent to me.
Citation needed, please?
But even then, if they're stalking you already, why would you pay them money for this "privilege"?
The only exception so far has been Firefox's new thing because it feels weird giving a third party all of my internet browsing history.
The added benefit of listening to audiobooks on YouTube while doing other things on your phone make it worth it.
YouTube premium = no ads, Spotify + audible + supporting creators + more productivity on mobile (pip mode). Also you can download videos for a flight/later.
I prefer supporting creator directly.
I for the most part don't watch Netflix or Hulu anymore. When a big show comes along I'll watch it, but I really enjoy watching other people talk about things they love.s
edit: add "origin" qualifier
Telling someone non-technical "go install extension ABC" is pretty risky. They might find and install "uBlock Original BETTER AND FASTER" that comes with a bitcoin miner or something worse. Even as someone "tech literate", I sometimes find it quite hard to verify the authenticity of downloads like this.
Also relevant in this case, when there is a reasonable option to pay to remove ads from something I use frequently, I do it. YT is $10/mo, it's worth it to me.
So does the web browser and almost every other application you
install on your desktop.
> It's scary giving extensions this much access
No, it's scary giving random websites so much power like it's
bit less scary.
That's why I prefer to support creators via Patreon. Then 80%+ of the money goes directly to the creator, and none to YT.
1) it doesn't come installed by default (too difficult)
2) technology should be secure by default (naivete)
3) nothing to hide and do want to support the sites (don't steal)
Not at all. I'm willing to be open to and read any scientific study that says otherwise. Bear in mind, I definitely have a critic's heart for it.
Please remember the context to which I replied:
> The amount of people I know who don't use adblocker/ublock etc is ridiculous. Many are non-technical, but it's not any more difficult than installing an app on your phone. Does anyone know if there is some philosophy to this I don't understand?
@Avicebron clearly stated that they don't understand why people don't use adblockers even though it's "not any more difficult than installing an app". I provided three examples from non-technical family, meaning: I do talk to my family and they did explain why they don't or didn't use adblockers.
I'm trying to say that asking for source perhaps means that you didn't talk to your own friends and family (or other non-technical acquaintances) and ask why they don't use adblockers. Or if you did talk then you didn't listen, you didn't think about it in their perspective.
Perhaps your own people will have different reasons than the ones I presented. Just off the top of my head, a reason that didn't come up would be "work doesn't permit it"; my family aren't encumbered by employers who strictly determine what software is installed.
I donate to a few creators. As for YouTube, Google can close it down for all I care, we'll figure it out. We'd probably better off, in fact.
EDIT: interesting thought experiment. Adblock is so universally adopted through aggressive marketing that ad supported internet as we know it is forced to adapt...where does it go?
That all said - geocities existed back in the day without getting much out of the proposition except some minor side-loaded ad revenue and network value. So I don't think a content host would ever be in a position where they find no benefit in hosting and, again, hosting is so incredibly cheap to do at scale that only a very marginal value is required to get into the black.
1. So a word-press site is going to have a lot of wp-* styles all over the place - but wordpress doesn't force a giant WP logo in the top-left of everyone's site.
I've worked for two companies that made most of their money from (online) advertising. While working for those companies it was important for me to experience the web as our users would --- mostly without an adblocker, and trying to avoid overpowered hardware; my users were running mostly low end android phones, so it I've got a GalaxyS or a Pixel, what I experience is nothing like what they experience.
I'm not working there anymore, so maybe I'll do an adblocker eventually, but I'm IT support for my family, and it helps if I can se what they see, and I don't want to manage adblockers for them, so....
I don't watch much YouTube. Before the pandemic, maybe 60 minutes a week. (Now zero.) I saw maybe one 15 second commercial each week, which didn't seem so horrible that I'd need to block it.
15 seconds ads are the non-skippable ones. The skippable may be 5 minutes long or more - that's fine when you can actually skip them, but it's a pain when you have your hands busy.
In both cases (both now without an ad-blocker, and in a hypothetical future where ad-blockers are impossible due to DRM) the experience is terrible.
I still think there's a lot farther it could still go. The fact that ads can mostly be blocked by using domain filters suggests that the "bad guys" aren't really trying yet.
I prefer the internet of today to one where all content is DRM locked.
I don’t use an adblocker at all these days, but even when I did I made sure to specifically whitelist YouTube ads. People deserve to get paid for their work and running 30 seconds of ads before a 20 minute video is a fair trade.
As far as I know, most people who make money from Youtube videos do not have a contract with Youtube. There are plenty of stories of Youtube changes that strongly impact the monetization - most recently: .
I believe it's better to support content creators themselves (e.g., directly, or via a Patreon or something similar) than indirectly-no-strings-attached-I-hope-having-my-privacy-violated-gets-you-some-something.
Furthermore: the way advertisements work has become so nefarious, that basically your browser is sleeping around with 30-50 random unknown third parties on just about every site you visit. And browser STDs are rampant across the web. Browse safely, use a browser condom, i.e., an ad blocker.
The point is that not watching ads actively screws YouTubers over, although the way you phrased it does establish some safe moral distancing from the implications of your actions. The fact that YouTube takes advantage of content creators is no excuse for denying content creators money, which is precisely what an adblocker does.
> I believe it's better to support content creators themselves (e.g., directly, or via a Patreon or something similar)
This is true and I do it for people I watch regularly. But I am not going to donate directly if I only watch one video, even if I really enjoy it. Patreon is not an adequate substitute for most YouTubers. Pretending it is just dodges the actual implications of using an adblocker.
And adblockers are not adequate malware protection, even against malicious ads. Adblockers should not be giving you a false sense of security about this (let alone be used for such a condescending argument).
There are plenty of other content blockers available in the App Store too though
There's also no reason to give out 10 bucks to Google where only peanuts of that will go to the creators when you can split it across creators directly through Patreon or even a bulk donation once a year.
I "actually support" the creators by donating directly to them instead.
PS: I'm not against paying, I am a paying customer of both Spotify and Google Drive.
Also apparently even demonetized videos/channels still get paid something when you watch.
I use F-Droid whenever I can but only for NewPipe I started to actively avoid it. YouTube occasionally changes it's HTML and breaks NewPipe, the app starts crashing and while it usually gets fixed quickly and the apk gets uploaded to GitHub, F-Droid still takes weeks to update it. Last update was about 2 weeks late, that's when I uninstalled the F-Droid version and started installing it directly from the GitHub releases page. Unfortunately for time critical bug fixes F-Droid still has a lot to improve.
A useful feature you forgot is the AMOLED theme. Also subscribing to channels without having to use a YouTube account.
Some ongoing discussion on this issue thread here. https://github.com/TeamNewPipe/NewPipe/issues/1981
Upside is one less native app on my devices.
There is a hosted instance at https://invidio.us if you want to check it out, but for continuous usage I highly recommend deploying your own as it's much faster.
It doesn't really affect whether you can trust it or not, but it's probably unreasonable to expect them to deliver something they don't have.