Forgot your password?
typodupeerror

Comment: Re:haven't we learned from the last 25 exploits? (Score 1) 68

by dgatwood (#47420303) Attached to: 'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

How does one embed "JavaScript URLs" in CSS?

Very easily, and because so few people know it is possible, it's a rather nasty vector for cross-site scripting attacks.

Also you seem to have no idea about where the web is headed or have heard about responsive design and SPA.

I'm well aware of responsive design. I think it's an abomination, because all it does is make it take two page loads to view your site instead of one, by ensuring that I have to first load your broken mobile site, then click the "full version" link. Every single freaking time I end up on a "responsive" mobile version of a website, I find myself locked out of features that I regularly use, and end up having to switch to the full desktop version of the site.

If you need much more than a couple lines of JavaScript and a custom stylesheet to support mobile devices, it invariably means that your site is badly designed (too complex) to begin with, and as soon as you release the mobile version of your site, you're almost certainly going to make me hate your guts and curse your name.

And SPA is even worse. If your site loads significantly faster as a web app, there's something wrong with your site. 99% of the time, most of the resources should be shared across pages, and only the text of the page should be changing. There's usually not an appreciable difference between the "load the full page" case and the "load the body of the page" case from a performance perspective unless something is very, very wrong. There are exceptions, such as storefronts that use precisely the same page layout for every page, but these are exceptions, not the rule, and even then, the extra savings in initial page load time just result in a customer sitting there wondering why there's no data on the page, and thinking your site is broken. The real problem is that every web engineer thinks their site is the exception to this rule, but most of those engineers are wrong.

More to the point, if I'm accessing your site often enough to care about performance, I'm going to download your native app instead of using your mobile site, because it will always be much, much more functional, with fewer limitations, more features, and better performance. If I'm going to your website, it's either because I don't care about performance or, more commonly, it is because your native app is missing features that are only on the full version of your site. Giving me a mobile version won't help with the second case, and the first case is largely unimportant for everybody but the site designers who are trying desperately to shave off a few bytes from their data bill.

BTW, it's possible to do a manifested web app (giving you all the advantages of heavy-duty caching of shared content) without using JavaScript for all your navigation. You just specify the base path of the content directory as an external URL (I forget the details) in the web app manifest. This approach is much, much more user-friendly than a SPA in my experience.

Comment: Re:Property Tax? (Score 1) 76

But the cost of providing those services isn't the same. First, the probability of a forest fire is roughly proportional to the area of land, because lightning doesn't care.

You are missing a key point. the land does not disappear if one person owns 50 acres or if 50 people own 1 acre each right next to each other. It is still there and still costs the same. Like you said, lightning doesn't care.

No, you are missing a key point. If it costs a million dollars to protect a city block that contains 50 homes, the cost per home is $20,000 per home. If it costs a million dollars to protect a city block that contains only one home, the cost per home is a million bucks. It is only fair that a homeowner in the second block should pay more, because the cost of defending his or her home is 50 times as much as the cost of defending a home in the first block. The more people that bear the burden, the less the burden for each person. This is just common sense.

Also, from a fire management perspective, the land does disappear if nobody builds on it. So that first house in a rural area imposes a much bigger burden on the system than subsequent homes. Unless there are homes that could eventually be at risk, modern fire management policies typically recommend letting forest fires burn themselves out. The reason fires get out of control is that we've spent decades over-managing forest fires, and we really need to stop doing that, or else they're just going to be worse the next time around.

Not really. Expensive homes are more likely to have high dollar security systems, cameras, and serial numbers recorded. Middle class homes would be a more probable target. Slums of course are still there as opportunity remains and according to the data, people with income of 7.500 or less are victims of theft and violent crimes like assault more than people with incomes over 75k.

Serial numbers don't make much difference if the person pawns it before you detect the theft. And security cameras don't help if the burglar knows they exist, because they'll just wear a mask to hide their faces, and park their car a block away or cover their plate.

Even things like utilities cost more for larger pieces of land, because the utility companies have to run their cables past your property to get to the next potential customer, and the longer your property is, the more it costs to do so. They only get one customer per property, so larger properties effectively raise the installation cost for everyone on your block.

They must do it different where you live. In my neck of the woods, the utility company will come a maximum of 25 feet into the property for their demarcation point. Anything after that and it is up to the property owner to run.

I'm talking about the length of the property, not the depth. And even for the depth, that's only true if there isn't a street behind you. Otherwise, at some point, they're going to have to make at least one run the entire depth of the piece of land to connect over to the next street. The cost to wire an area is proportional to the area. There's just no way to get around that. :-)

Only if you start with incorrect assumptions in the first place. But please tell me, how likely is it that someone would have a million dollar home on 50 acres of land with a falling down shack that someone thinks is stuffed full of goodies? The falling down shack is more likely on less expensive property or maintained. You see, rich people don't like looking at the trash we regular people have to put up with. The shack would likely either be repaired, removed, or replaced before it appears falling down.

Come again? As I said, house fires are inversely proportional to the cost of the home, which is precisely what you said while arguing with me....

Comment: Re:haven't we learned from the last 25 exploits? (Score 1) 68

by dgatwood (#47415511) Attached to: 'Rosetta Flash' Attack Leverages JSONP Callbacks To Steal Credentials

Nobody minds CSS much, so long as you don't allow embedding JavaScript URLs in it (which, unfortunately, browsers do).

The problem is not JavaScript, per se, so much as the fact that it is massively overused, breaking links, breaking back buttons, etc. Your documentation viewing experience does not demand a web app. It might benefit from some intelligent links that do special stuff if JS is enabled, but if you cannot make your site work with JS disabled, you're abusing JavaScript.

There are exceptions, mind you—sites where the core functionality is unavoidably tied to JavaScript (e.g. Google Docs). And I can even accept JavaScript for other content on that site that isn't tied to JavaScript, because after all, you can't avoid JS on such a site. The farther you get away from that scenario, the more annoying it is. And even on those sites, I expect the developers to have taken the time to ensure a good user experience—effort that, sadly, most web developers don't put in.

And yes, I've developed some pretty complex sites that use lots of JS code, but I've always made sure that at least the basic stuff doesn't require it, to the maximum extent practical.

Comment: Re:It's not just the refund (Score 1) 137

by dgatwood (#47395471) Attached to: Amazon Fighting FTC Over In-App Purchases Fine

This. And while the government is at it, please fine the bajeezus out of Amazon for having a "disable" switch on one-click that doesn't actually disable one-click in large parts of their website (e.g. Amazon Instant Video). I complained about this, and they said to set a PIN on the account to prevent purchases. Unfortunately, that also prevents streaming viewing, and there's no way whatsoever to prevent purchases or streaming of G-rated material, because there's no setting lower than "G".

Amazon has a lot of 'splainin' to do.

Comment: Re:Non-compete agreements are BS. (Score 1) 272

by dgatwood (#47386899) Attached to: Amazon Sues After Ex-Worker Takes Google Job

That doesn't actually make any sense whatsoever. There's nothing even remotely suspicious about a person trading a one-time benefit in recompense for an extended benefit he provides to another.

It is dubious when that one-time benefit can be taken away at any time, as a job can be, or can suddenly turn sour like a job can.

Comment: Re:Property Tax? (Score 1) 76

Do the math? What math, it's all the same. If the property has 1 mile road frontage or 10 feet, that 1 mile or road still needs all those services. If the property is valued at 10 dollars it still needs the same services as if the property is valued at 2 million dollars.

But the cost of providing those services isn't the same. First, the probability of a forest fire is roughly proportional to the area of land, because lightning doesn't care. Second, people are more likely to steal from big, expensive houses than slums, and people are more likely to build big, expensive houses on large pieces of land than small ones, so police protection tends to be (at least to some extent) proportional to land area as well.

Even things like utilities cost more for larger pieces of land, because the utility companies have to run their cables past your property to get to the next potential customer, and the longer your property is, the more it costs to do so. They only get one customer per property, so larger properties effectively raise the installation cost for everyone on your block.

And unless you're at the end of a street, the street has to go past your house, not just to it. Therefore, the cost is directly proportional to the width of the piece of land, so longer pieces of land should pay more in taxes. This also applies to the cost of fuel for police driving past your house when they patrol your neighborhood, the cost of running water pipes past your house for fire protection, etc.

In other words, the costs are almost all proportional to area.

That's changing the goal post a bit isn't it? Taxes do not pay the insurance coverage. the city or whatever government entity does not provide the insurance. More expensive property will cost more to insure primarily because it will cost more to replace anything of higher value. But the police and fire are not used more then cheaper properties.

Actually, they are, to some degree. When's the last time you heard of somebody breaking into a falling down shack because they thought the person might have stuff worth stealing? And as I said, forest fires are proportional to area. And house fires... well, those are more determined by the age of the home than anything else, so those tend to be inversely proportional to the cost of the home, but they're still mathematically related. :-)

Comment: Re:Bloodless surgery (Score 1) 1330

by dgatwood (#47359449) Attached to: U.S. Supreme Court Upholds Religious Objections To Contraception

Do your 'sincerely held religious beliefs' outlaw blood transfusions? Looks like your exployees are going to be paying for that themselves.

A health insurance plan tuned for the beliefs of Jehovah's Witnesses [jw.org] would still pay for blood substitutes [slashdot.org], iron supplements, and other expenses associated with bloodless surgery [wikipedia.org]. Some insurers might prefer bloodless surgery anyway because it keeps the insurer from having to pay for units of blood and pay to treat blood-borne diseases.

Now take it up a notch and consider religions that reject healthcare almost entirely, like Christian Science, or religions that insist on Eastern medicine, or.... At some point, you really do have to draw a line. The only question is where the line should be drawn. The easiest place to draw the line is "never allow exceptions". Everything from there gets progressively more complex.

Comment: Re:A win for freedom (Score 1) 1330

by dgatwood (#47359393) Attached to: U.S. Supreme Court Upholds Religious Objections To Contraception

There is no justification for forcing anyone to pay for anything. Not even spaghetti. Government economic coercion is the real "slippery slope". Contraceptives are predictable expenses and have no business being in insurance, abortion is an elective procedure and shouldn't be covered either.

Ignoring your last sentence (snipped), I mostly agree with you, but with an exception. Some use of contraceptives is not for prevention of birth, but rather to treat underlying medical conditions, such as ovarian cysts and endometriosis. If a policy excludes birth control, that exclusion should be allowed only when there is not a medically necessary reason for the prescription.

Oh, and the policies should also exclude other drugs that don't serve a medically necessary purpose, such as antihistamines (except for treatment of anaphylaxis), Levitra/Viagra/Cialis, etc.

Comment: Re:A win for freedom (Score 2) 1330

by dgatwood (#47359335) Attached to: U.S. Supreme Court Upholds Religious Objections To Contraception

...they are also free to work in another with/without religious beliefs who will purchase it.

Up until that bit, we were in agreement. However, that last part should really be left out of this discussion. The same faulty logic can literally be used to justify any level of abuse, legal or illegal:

  • You don't like the fact that you have to work a twelve-hour shift, seven days a week? You're free to work somewhere else.
  • You don't think our working conditions are safe? You're free to work somewhere else.
  • You want to get paid more than ten cents an hour? You're free to work somewhere else.

And so on. The fact of the matter is that people are not free to leave a job and take a job somewhere else. There's a very high cost to doing so. You must find the time to search for other jobs, interview for those jobs, get those jobs, and then leave. And when there are no jobs in your field nearby, you must move somewhere that has jobs. And when businesses are not regulated by laws that require certain minimum standards, those other jobs are likely to be equally bad.

As for the issue on the whole, I have mixed feelings. On the one hand, I don't like the idea of being forced to pay for things that go against my convictions. On the other hand, there's nothing stopping business leaders from professing adherence to churches that refuse all medical care, then disclaiming their responsibility to provide insurance entirely. It's hard to conceive of an exception that protects against the first situation without allowing businesses to abort coverage outright through legal maneuvering.

It will take the court granting certiorari on several other lawsuits before there's an adequate line established, and this case really should have been the last one granted cert, not the first, because there's likely to be an awful lot of abuse in the meantime as a result of this decision being interpreted in an overly broad fashion.

Comment: Re:Second key (Score 1) 560

Just so long as you're aware that "erase everything" is useless against law enforcement, who start by shutting down your system and cloning the drive, then booting your machine off of the clone. In fact, it's worse than useless, because it qualifies as attempting to destroy evidence, and is trivially provable by comparing the original to the clone. So you'll go to jail just for trying that.

The reason that every major university maintains a department of mathematics is that it's cheaper than institutionalizing all those people.

Working...