"It's not a bug, it's a feature" of most modern web browsers. A https page that includes content fetched using http is called a "mixed content" page. Radiooooo over https still fetches the songs via http requests, and so many browsers block these requests.
It’s for listening to clips of old music, not email or banking. It’s literally replicating data that is otherwise being publicly broadcast through the air unencrypted.
my ISP doesn't do this currently. reason is actually that I don't see any reason why the app should be using mixed_content to begin with. In the age of letsencrypt you can easily get certificates, so the only reasons I can think of are a) performance overhead due to TLS, b) storage of audio tracks done on 3rd party domains due to cost/limits.
a) is a non-issue in 2020
b) not extending trust to 3rd party domains is literally why allowing mixed_content is a terrible idea
TLS is anything but a non-issue. TLS accounts for roughly 40% of the CPU and 45% of the memory bandwidth on our CDN nodes.
I work for Netflix on our CDN. I wrote much of the FreeBSD kernel TLS layer, and am working with several vendors on hardware TLS offload to eliminate this overhead. Hopefully your statement will be correct soon :)
I agree that you have compute overhead which you need to account for.
At least for SaaS companies it's not really a technical hurdle that blocks anyone from running their service, except maybe for those who are already very large (Netflix obvioulsy) and have scaled and optimized so well that it makes sense for further reducing this additional cost. You're in a unique position I think and you are lucky to work on a cool project like this.
But I have not seen any places where this was at all an urgent on a clients or employers agenda. It is a budgeting issue (if you're buying) or pricing issue (if you're selling), but it's not an technical problem that needs to be solved in any place other than hyper-scaling companies/stacks.
Terminating TLS and (load-balancing it) is not really what prevents a cash strapped start-up from scaling, nor is it super high priority in large companies who are able to throw a little extra money at this problem. Those companies who still have skilled innovators around solves the problem like you do at Netflix, in older industries (banks come to mind) they just by OTS or have a consulting company implement some "bespoke solution".
It's a "problem" most SaaS businesses can carry with them for a long time, until they have room to address it.
obviously this sounds like a cool project to dive into but quite rare too! enjoy it, I know I would :)
I get that. but how would you allow the mixed content on a per site basis? sure I could use another browser that ignores the security just for this one page. how else would you do it without editing about:config and then switching back, is there a extension or something that can do that on a per-site basis?
It's a shame this isn't working in a secure way and out of the box on modern browsers.
I have been wondering why it stopped working for me half the time about a year and a half ago, and you just now made that click in my head haha, cheers for that.
The new one added a breaking bug. With the old address I can option select the text with a mouse to copy/paste. It may not seem a big deal, but many of the strings for foreign songs are not ASCII so they are hard to type otherwise.
Many of the songs can't even be ID'd by Shazam and are not on Apple Music.
I have this same experience almost every time my wife comes back from a record store, the library gift shop, or a thrift store.
Digital services like to talk about the tens of millions of songs and videos they have. They don't like to talk about the hundreds of millions of songs and videos they don't have. And probably never will.
One clarification: The dates specify the date of release, right? I went to the site expecting to hear popular songs from that era/region, but I've never heard of any of the songs it plays.
https://radiooooo.com/ doesn't work because it's trying to XHR the http version of the site which gets blocked. The other .app domain works fine though, like you said.
I could see they are using three.js for a visual library, but I couldn't tell what they were using for audio. Maybe they are interacting with the web audio api directly, since they are only playing a single piece at a time. I didn't hear in fade in/out or more advanced functionality.
It's interesting to see that the map reshapes as you move through the decades. Germany splits into two and then goes back to one, Africa and the Indian subcontinent get progressively decolonized, etc. It's not perfect, particularly in east Asia (Taiwan is always independent and Korea is always two countries, and neither are ever colonized by Japan), but what's there is fun to see.
80 comments
[ 3.7 ms ] story [ 157 ms ] thread(For fun see also https://en.m.wikipedia.org/wiki/Backmasking)
a) is a non-issue in 2020
b) not extending trust to 3rd party domains is literally why allowing mixed_content is a terrible idea
I work for Netflix on our CDN. I wrote much of the FreeBSD kernel TLS layer, and am working with several vendors on hardware TLS offload to eliminate this overhead. Hopefully your statement will be correct soon :)
At least for SaaS companies it's not really a technical hurdle that blocks anyone from running their service, except maybe for those who are already very large (Netflix obvioulsy) and have scaled and optimized so well that it makes sense for further reducing this additional cost. You're in a unique position I think and you are lucky to work on a cool project like this.
But I have not seen any places where this was at all an urgent on a clients or employers agenda. It is a budgeting issue (if you're buying) or pricing issue (if you're selling), but it's not an technical problem that needs to be solved in any place other than hyper-scaling companies/stacks.
Terminating TLS and (load-balancing it) is not really what prevents a cash strapped start-up from scaling, nor is it super high priority in large companies who are able to throw a little extra money at this problem. Those companies who still have skilled innovators around solves the problem like you do at Netflix, in older industries (banks come to mind) they just by OTS or have a consulting company implement some "bespoke solution".
It's a "problem" most SaaS businesses can carry with them for a long time, until they have room to address it.
obviously this sounds like a cool project to dive into but quite rare too! enjoy it, I know I would :)
It's a shame this isn't working in a secure way and out of the box on modern browsers.
this site is pure awesome
One minor glitch -- user registration form wouldn't work for me.
It told me there was an error, therefore "my email must already be registered".
I wish the initial modal dialog was easier to close and that the current track ID was reflected in the URL bar, e.g. http://radiooooo.com/?track/df3115c7-4eea-4d26-aba9-3c190542...
I have this same experience almost every time my wife comes back from a record store, the library gift shop, or a thrift store.
Digital services like to talk about the tens of millions of songs and videos they have. They don't like to talk about the hundreds of millions of songs and videos they don't have. And probably never will.
There very few songs from my country though. Going to upload some.
My only issue is the Taxi dialog didn't seem to position correctly in Chrome on my Android, and I couldn't accept or dismiss it.
How did the author manage to keep playing music after forwarding me to the iTunes store? iframe or something?
Similar idea, no map, but supports community editing & many sort patterns & ratings. Open Source.
An up to date revision of the site is available at: https://radiooooo.app
Here's a little helper script to listen Radiooooo from the command line: https://github.com/vikbez/radiooooo-cli