Forgot your password?
typodupeerror

Comment: Re:To what end? (Score 1) 140

by Arker (#47427281) Attached to: After NSA Spying Flap, Germany Asks CIA Station Chief to Depart
"My impression, also from German newspapers etc., is that most germans including politicians are truely mad and are seriously considering to cool down relations with the USA."

As they should be, frankly the reaction seems inexplicably mild.

Can you imagine the reaction if the shoe was on the other foot? If this was a BD spy caught infiltrating the CIA?

A 'cool down' in relations would be a serious understatement.

Comment: Re: haven't we learned from the last 25 exploits? (Score 1) 68

by Arker (#47426261) Attached to: 'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials
"Over the years, I've done a lot of work with games and simulations for training."

OK. That really doesnt have anything to do with the web, however. Sure, the web can be used to deliver the project - that doesnt mean it has to actually run inside the browser. There is a HUGE difference.

"We could not have produced this educational game with just HTML."

I get where you are coming from but I still think it's far off the mark. The web is not a game platform, that is not it's purpose, so 'we could not do games this way' is not a very telling criticism.

You can use better tools to make the games, and use the web merely to deliver the game. Where is the problem with that?

It would NOT be slower, clunkier, or more prone to error. It could be done using exactly the same technologies in virtually exactly the same way - the only difference would be very slightly less easy to get it started, and in return for that, your browser is no longer a malware vector.

Or, it could be done using technologies better suited for the purpose, in which case I would expect the results to be less clunky, faster, and more stable - but the development process would be more expensive as well.

I get why you would want to use RAD to lower costs, just not why you see the tiny convenience of running in the browser automatically as worth the cost of turning the web into a malware distribution network.

Comment: Say what you will about the US (Score 4, Interesting) 87

But there are no credible reports of the US allowing criminals to just wantonly defraud Russian and Chinese citizens. While all of our governments spy on each other (and each other's economies), the US at least tends to take a dim view toward its citizens committing criminal acts against foreigners.

Comment: Re:haven't we learned from the last 25 exploits? (Score 1) 68

by Arker (#47420705) Attached to: 'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials
"An HTML-only web is great for relatively static content, but not so great for anything much beyond that. "

This sounds like nonsense to me, but I will give you the benefit of the doubt and ask you for *concrete* examples of what you are talking about. I have yet to be cited a single good example here - very often what is being done would work just fine in HTML, with less overhead, but the 'designers' just do not understand HTML, or have any desire to learn it, so they do things this way instead.

Certainly javascript can produce a slicker appearance and make certain things a bit smoother - but to do so it sacrifices device-independence and browser agnosticism - critical advantages that underlie the success of the web and whose loss can only undermine it.

Now if you build a proper web page, and then *enhance* it with javascript sanely, preserving graceful fallbacks, that would be fine. You can have your slick interface without sacrificing the web. And I can choose to avoid your slick interface so as not to sacrifice my security.

The 'designers' that cant be bothered to do that, and the suits that keep them employed, are the reason we cant have nice things. In this case, javascript.

"Is it so difficult to grok why you might want content to change on the client?"

Not difficult to understand why it was desired.

The point is it's harmful and been proven harmful, and far too harmful for the small advantages it brings to outweigh that.

Comment: She's taking a stand for her own irresponsibility (Score 2, Insightful) 308

by MikeRT (#47418265) Attached to: Tor Project Sued Over a Revenge Porn Business That Used Its Service

Seriously? Under what logic is it okay to publicly disseminate, often for the express purpose of humiliation, someone else's private photographs whether obtained illegally, surreptitiously, or shared in confidence with you?

You're missing the point. It's not ok, but it is a highly foreseeable consequence of taking nude photographs, much less disseminating them. You'd have to live under a rock and have a Pollyannaish view of human relations in 2014 to have no idea that this is a common consequence. Most often now, it probably happens because someone believes they are special and they won't fall victim to what so many others in their demographic have suffered. In that sense, it is precisely the sort of behavior one expects of a child because children and adolescents are almost completely incapable of believing "you're not special and it could damn well happen to you too."

Comment: Why yes, we should blame the victim here (Score 5, Insightful) 308

by MikeRT (#47417491) Attached to: Tor Project Sued Over a Revenge Porn Business That Used Its Service

Don't want your nudes to end up in public? Don't take nudes that you wouldn't want the public to see. Then you can be a true victim. The whole concept of "revenge porn," insofar as it applies to nudes and porn freely made and disseminated, is ever so much "I want my freedom.... but I don't want my choices to have consequences of which I don't approve."

We have a term for that behavior. It's called behaving like a child.

Comment: De river, she is deep (Score 2) 554

by fyngyrz (#47417253) Attached to: Normal Humans Effectively Excluded From Developing Software

"Complex" is not for laymen. There is only so much that you can do with any "appliance". Beyond that, you actually have to know what you are doing. This "problem" has nothing to do with programming.

This. Thinking about the web apps I've written, most of them required fairly deep knowledge in the area of the app -- auroras, photography, specialized group management, history, genealogy, measuring instruments, Chinese, retail procedure -- all areas an interested party could potentially bring to the table.

But the tools to instantiate, manipulate and present those ideas? Those simply don't exist in "amateur" form -- I had to create them. And in doing so, I used knowledge starting with HTML and CGI and CSS, but which extended well into Python, (replaced Perl), C, SQL, a fair bit about the underlying structure of the host OS(s), knowledge of how to structure an application in the first place, and to wrap it all together, a fairly deep knowledge of what's efficient and what isn't.

Now I will admit that I am particularly resistant to Other People's Code, partially because I am unwilling to be subject to other people's bug fix schedules (or lack thereof), and permissions (or lack thereof) and functinonal choices (or lack thereof); and partially because the more stuff I write, the more handy tools of my own I have to bring to bear on the next problem that depend on no one but myself and the host language(s) -- which frankly is quite enough dependency for me anyway. Plus it's been writing all this stuff that's made me a decent programmer in the first place. So even if there *were* a library out there to generate general purpose readout dials, I wouldn't have used it; the result would have been the same. All my own code. Not the least bit reluctant to reinvent the wheel.

Still, the idea of making all that stuff both available and trivially usable (and that's what we're talking about here, because a non-programmer will have to hit this at a trivial level) seems to me to have been tried multiple times in multiple venues, and to have failed every time. Personally, I think it's because as programmers, we underestimate the complexity because we've internalized so much; we can't see the actual level of difficulty very well, because it starts out relative to our own skills. This has resulted in quite a few attempts to "make it easy", and none of them have hit any serious stride. The best any of these can boast is a small following making very limited applications, if you really want to stretch what "application" means.

I don't think the idea is ready to fly. The only context I can visualize this actually working is where you have some *very* smart software that can take an abstract description and write code *for* you. That software would have to be (a) very damned smart and (b) conversant with an enormous range of general human knowledge. Right now, as far as I know, that's the precise description of a competent applications programmer. And nothing else.

Comment: Re:Normal? (Score 1) 554

by fyngyrz (#47416991) Attached to: Normal Humans Effectively Excluded From Developing Software

Ideas don't arrive in convenient order. Interruptions occur. The world is not a smooth surface, it's full of bumps, pits and detours. Sometimes (as here) there are even reasons to top post. Such as, so someone will actually see it. So get over it. Notably, the AC comment you're objecting to contributed more to the conversation than yours (or mine) does. There's a lesson there.

Comment: WTF are they talking about? (Score 1) 554

by MikeRT (#47414887) Attached to: Normal Humans Effectively Excluded From Developing Software

We live in the golden age of low barrier to entry programming. I'm 31 (upper bounds of millennial). When I started, JavaEE in its earlier stages or .NET were the only choices outside of C/C++ that a typical graduate could get. Now you have Node, Python, Ruby, PHP, Groovy and all sorts of easy to use languages. FFS, JavaScript is now a serious career choice where it was considered a skill that no serious developer needed when I was in college (2001-2005).

I swear, some people won't be happy until the machine becomes sentient, writes the code they really meant to write (originally express in plain English, probably at a 6th grade level) and then gives them all of the credit at review time.

Comment: Re:haven't we learned from the last 25 exploits? (Score 1) 68

by Arker (#47414205) Attached to: 'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials
"If you want the web to be useful, you should be pushing for only the most minimal use of Javascript."

When this crap first started getting pushed, a lot of us saw the potential problems coming and objected. We were assured it was only to be used to 'spice up' webpages, not to replace them.

Such assurances are obviously shit. If it's allowed to use it, then the lowest common denominator of self-proclaimed 'designers' can, will, and must overuse it. This overuse expands steadily and predictably until and unless there is effective pushback. Today we have reached the point where the typical corporate 'website' (and I use scare quotes because these things are NOT websites, at all) consists of hundreds of executable files, fetched from dozens of different servers, all of which the browser is expected to suck in and execute without so much as giving you a warning.

And contrary to the hilarious suggestion I see at the top of many many webpages today ("Enable Javascript for a better user experience") this does not bring with it any substantial improvements for the user. Quite the contrary, it results in a worse immediate experience (no, I didnt want a dozen popups, autoplaying video presentations, and a huge advertisement that floats over the text so I cannot see it!) and also in the longer term (like a week later when you discover that some random ad server sent your browser a rootkit and it happily executed it, oops!.)

But the point is history has proven this is a bad code drives out good situation. If it's allowed, it will take over, just like a weed.

Turn off javascript. See the web as it really is. And support the web that still exists, before it's too late.

Comment: Re:say wha? (Score 4, Insightful) 68

by Arker (#47412415) Attached to: 'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials
"English translation: as usual, Flash is useless except as a vector for malware, viruses, trojans and keyloggers. Remove Flash from your system."

That's actually not quite true. Flash is a great way to develop simple games quickly and cheaply.

The problem isnt Flash itself (which is on the whole a fine product, used correctly) but the idea of using Flash as a substitute for a webpage, the installation of it as a browser plugin, and the auto-execution of it by the browser. None of that should be tolerated.

It's still possible to get a standalone flash interpreter and only feed it local, vetted files, which is really fine (or as close to fine as lots of other things you do every day, at least.)  But Adobe seems to be trying their best to discourage that and force everyone to use it as an auto-enabled browser component instead. The one way to use the program that causes major problems is also the one way they want you to use it.

Everyone who has been infected as a result of this should really get together and sue these arseholes, because money is the only language they understand.

Comment: Re:haven't we learned from the last 25 exploits? (Score 5, Insightful) 68

by Arker (#47412367) Attached to: 'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials
Excellent advice.

Expect to be flamed into oblivion by all the 'web devs' that cant be bothered to learn how HTML works and rely on this crap instead, though.

The web - the real web, the HTML web, appears to be shrinking at the moment. New content is often hidden behind some kind of opaque app crap for no apparent reason and with no actual webpage for fallback (thanks google!) and old content occasionally gets removed as well. Each time this happens, it makes it even harder and less likely to revive the healthy web we once built with such love and care.

And naturally the people that are making a profit on this crap will just keep right on cranking it out as long as that is true.

The real victims here are future generations, who should inherit that world-wide web, but are set to inherit something entirely different - and inferior in every way (when judged from the users perspective - from the perspective of big Advertising of course the story will be different, but we built this web for humans, not for marketing.)

Comment: Re:I doubt the dna stuff will come true (Score 1) 347

by Arker (#47410185) Attached to: Here Comes the Panopticon: Insurance Companies
"The real problem we are having is not the loss of privacy per se, it's the abuse of private information. Most people are fine letting Onstar know their current location. We are not fine with Onstar telling anyone that information - not the police, not our wife, not our boss. "

It sounds more like the real problem is that people are so stupid they do not realize that you cannot have your cake and eat it too. If Onstar has the information, others will be able to obtain it, whether by hook or crook.

If you want your privacy you must defend it consistently, not only when it is convenient and inexpensive to do so.

"I've seen the forgeries I've sent out." -- John F. Haugh II (jfh@rpp386.Dallas.TX.US), about forging net news articles

Working...