If a website is to provide non-free content in terms of videos and documents, how is one about to serve this kind of content? I don't want to write an occasionally connected desktop application (similar to iTunes) that prevents to easily share bought content so I have a few questions about this:
Documents: What's best document format for this kind of scenario that would prevent one to share it freely after it was bought?
If I think of PDF it's a great format so people can't temper with its content and they will actually see what you created, but the problem is that after one obtains it, it can easily get shared with others. Either having password or not.
Videos: If supporting video it's probably wise to use some public (may be payable as well) service that can handle video streaming like YouTube (which is AFAIK not able to have a non-public videos).
I'm well aware that there is no 100% perfect solution that prevents it all, but having a 90% successfully locked down content is still better than hoping people won't share something that can easily be shared.
Can you list a few websites that do a similar thing. I may learn a lot from them. And please provide some guidelines I should follow in this regard.
Is there maybe a similar to PDF document format that has built in security capabilities? Commercial even... It should support some kind of authorization functionality within that would work similarly to any software activation.
Note: I wasn't sure whether this should be posted on webapps.stackexchange.com or here but I decided it should be posted here because it's related to development. I'm generally interested in programmable approaches I could use.
Related
I'm developping an open source OTA update system for a few MCUs of a certain project. I wonder if there is some "standard" protocol for CAN-bus based bootloaders. Everything I saw online and in Application Notes from the chip manufacturers seem to be using their own brand of communication and thus their own specialized upload software too (mainly for demonstration for ANs).
My question is, am I missing something? Is there some standard way of doing this I'd rather adhere to, or should I just roll my own like they do and call it a day?
Features I'm interested in for the protocol side besides the obvious ones: checksumming, digital signatures, authenticated encryption.
Based on your tag, despite I do not see this from your question, I assume for now that you want to develop a boot-loader for automotive ECUs, which have a CAN connection.
The relevant protocols, which provide the services, are ISO 14229-3 or SAE J1939/73, with the first one much more common to my experience.
For development purposes, also ASAM MCD-1 XCP has support for that.
However, these are just the communication services and does not include usual usage patterns, which differ a lot across the OEMs.
For security, the German OEMs put a document together called "HIS Security. Module Specification", which I unfortunately did not find any more on the web.
They also have a blueprint for the design of a boot-loader.
However, this is anyway somewhat outdated, as boot-loaders today often are at least partially based on AUTOSAR, like the applications.
Last from them, you could also get a document partially specifying how the services above are used for flashing an ECU.
If you need further input, feel free to ask.
However, you will need yourself access to the non-free industry standards and recommendations.
What is a good reason to choose reCAPTCHA over a well known and tested captcha generator on the server. Is it just philanthropy (helping with digitizing texts) or are there other good reasons.
reCAPTCHA is rather neat. Not only does it stop spammers but it helps digitize books. Each word that appears in the captcha has actually been scanned in from a book but sometimes the character recognition is off so the computer my save some gibberish of a sentence without knowing any better.
See the image off their site:
By making people type in what they think the word is, it helps create a digital copy of the book or word that was scanned with accuracy while at the same time checking what the user submit, comparing it to other's submissions, and determining if the user is human or not.
For that reason I use reCAPTCHA. I'm not just selfishly protecting my site, I'm providing a service for others.
Not only that but it's fairly simple to implement and provided by a reliable company (Google).
The question was "why should I use it"; that question must include "why shouldn't I use it", so some criticisms:
Recaptcha volunteers your users to be OCR monkeys, without bothering to ask their opinion.
It requires that you advertise recaptcha in the captcha widget, which isn't always appropriate.
It's a web service, which means there's no hard guarantee it'll still exist a week or a year or two years from now. (Google has crippled or removed public, widely-used APIs in the past, such as their translation API.)
It only supports web pages, loading everything with scripts and iframes. It doesn't have a proper API, so if you ever want to have an iOS or Android app that logs into your system, and need to show a captcha there, you'll be out of luck.
You have no control over the complexity of the generated captcha. Captchas always have a tradeoff between how hard they are to read and how difficult they are to OCR. There are no knobs to adjust, based on how important stopping robots is to your use case. If they decide to make the captchas much harder to read (which they've done at times), and this becomes a nuisance to your users, there's nothing you can do about it.
reCAPTCHA is quite good. Most other generators are broken easily while reCAPTCHA usually gets good scores.
Another good thing is that it has the accessiblity button so that it would read the text.
This is an old threat but I would just like to confirm that in my case we used reCAPTCHA on a number of Drupal 6 websites in combination with the Honeypot module. We did that to stop automated spam user registrations.
I presume these user accounts were being created automatically by desktop applications such as SEnuke XCr and XRumer with the aim of then posting spam. They create the user account but they rarely do anything further but I found it annoying. Further reading on this subject can be found here: How to prevent spam user registrations? (links to an article on Drupal.org).
I can confirm that the above reduced my spam user registrations from a little over 100 a day to none at all.
We need to register our IP address on which server would be running. Its seems some what risky. So we might be required to change registration work flow in case of use of reCAPTCHA.
I'm looking at designing and building out a system that would allow A/B testing of different flows in an iOS app (e.g. registration flow, log-in flow, purchasing flow).
A system that comes to mind initially looks like:
app pings server, server responds giving list of resources (which could include some links to xib files)
if the user does not have those xibs on disk, download them and save them to disk
when the view controller is presented, load from the xib if it has been downloaded (else default to the one the app was shipped with)
Does anyone have any thoughts on this idea or any insights on this system?
NOTE: I am not trying to implement a system where I can add new features. Right now, I'm focusing on changing flows, like the text and views a user will see. I'm not looking into a discussion of whether this violates the App Store rules, but if you would like to do so - go for it!
This is possible, but I don't know if I would download XIBs to the device. Seems a little risky to me.
Apple did a talk at WWDC 2010 where they address this exact issue, and they recommend building the interface using (more or less) Plists or JSON to describe the UI elements and their functions, and building up the views dynamically. It's well worth watching as it brings up a lot of smaller issues that aren't immediately obvious, but it requires a developer account to access it).
This would be an interesting system to use. I wonder if one could write a shell script to replace the old binary of an app with a new one. I know it would probably be more complicated then just that, but it would be cool to do. I would definitely use this for in house apps, or personal tools. Its to bad the apple wouldn't allow it, unless someone could secretly slip it past them :-)
I say go for it. You seem to have a pretty good idea of what you want to do and how you want to do it. Changing the UI based on responses from a server isn't uncommon, but I guess downloading xib files from the server is. I don't see why it wouldn't work though and I don't think it would be rejected by Apple, but you never know.
I've spend a fair amount of time on website optimization (YSlow, Google's Page Speed, etc), and now I'm thinking more and more about improving the accessibility of my websites.
However, it seems like that they are competing interests at times. If I include separate style sheets for screen readers, mobile devices, etc, those are additional files to download. Similarly, there are many files that would be unnecessary for visitors using screen readers, mobile devices, etc.
So where does that leave us? Server-side browser sniffing? I imagine that would only help in a limited set of cases. Are there teams out there (e.g. at Google or Yahoo) that are actively working on these issues or have come out with some recommended practices?
One interesting approach that I read about for this optimizing the request size but maintaining accessibility is to store the accessibility class (screen reader, mobile device, etc.) in the session. In the case that the accessibility class is not stored in the session (for instance, first page load - session start), send all style sheets (etc), and detect the accessibility class using Javascript. Send this back and store it in the session for the future. Where the session does store the accessibility class, simply transmit only the appropriate style sheet (etc).
Sniffing of user agent (browser or otherwise) is hardly a strange technique these days, and frameworks such as jQuery or dojo do it on your behalf anyway, so, why not take advantage of it? Just make sure you let your user override things by some explicit but simple action (for those times in which the sniffing heuristics get it wrong).
Well, I wouldn't worry too much about the stylesheets for the different platforms, since they're pretty much downloaded once and then cached. I would strongly recommend designing for accessibility first and optimizing the downloads second.
I have a Mailman managed list with years of history that I want to migrate into a web-based forum. Things it would be nice to do:
Keep the mailing list going for those who are used to and prefer it to a web interface, but have it integrate with the web-forum activity.
Take the web-based forum posts, and send them out to the mailing list.
I have run sites based on phpBB, Drupal, Simple Machines, etc., and am able to do a little bit of coding if that was what was required to integrate some package into Mailman, or replace it entirely. But I'm unaware of what is available, commercial, or open-source, that could accomplish this. I am also open to replacing Mailman, if the candidate package can perform its functions reasonably well and integrate well into its own forum.
Even if the phpBB/mail2forum option is using the older version, it is a nice option. OpenSceneGraph just implemented this for their long running mailing list, and it seems to work flawlessly. It's the only option I've seen that allows for forum posts and mailing list messages to work very seamlessly, and has the means to allow for tags to separate forum subjects from mailing list posts, etc.
Their v2 dev works with phpBB3, too - so if you're willing to live on the bleeding edge, that might be an option.
So far, here's what I've looked into:
Drupal, with its Mailmanager and Listmanager modules, though I've been having trouble turning on the IMAP feature so it can talk to my mail box (clients can access it fine), and the Drupal's forum module isn't really up to the feature level I'd like.
PhpBB, mail2forum, though it looks like currently it only works with the older phpBB version, so not really an alternative for me.
The only one that seems to really "work" is FUDforum and its maillist.php module, which integrates directly at the procmail level, nice. I can take all my Mailman archives and "formmail -ds" them directly into a chosen forum.
I've started a bounty for this issue, I'm looking for something, even commercial, that really integrates the email interface into the forum experience for the end users, particularly the handling of accounts. With FUDforum I'm still going to have to resolve the separation of the Mailman accounts from the FUDforum accounts.
I ran across this on the web: http://mail2forum.com/
I haven't used it but it looks promising and has both a 1.2 stable version and a 2.0 development version, so it's not a derelict SourceForge project with 1 developer and no commits, or anything :)
Theoretically my org may use it at some point in the next year or two, but we have to finish our own Listserv to Mailman transition first.
Well, based on what you've said (first, that you're able to do a bit of coding and second that FUDForum would work for you except for the issue of maintaining list membership, have you considered that:
Mailman stores its user information in a plain text file and
FUDForums stores its user information in a single sql table
The obvious solution would be to declare one of these master (probably FUDForum, since it looks as if it holds a proper superset of the Mailman info) and have a little script/cron job that copied changes from the master to the slave.
A passing note -- neither of these systems appears very secure (actually, they both look leaky as all get out) and combining them may well reduce the collective security even further. If you are doing anything even remotely confidential you should rethink your goals, and in any case you should take appropriate steps to protect your system from attack.
I know an SME which switched from the mailing list to phpBB!
If you want to keep your mailing list, you have also to maintrain it.
Finally the people I know diabled the mailing list service.