It was a control panel for customer managment and the root of the problem was the server setup which I wasn't responsible for. Their in-house dev was an idiot who wasted his time writing an overly complex system and the client was a disagreeable cheepskate with a stupid shop that sold crap. I only took the job as a favor, it ate more time then I could bill hours, and I made it clear it was broken and they should do something about it.

Well put, and in my own defense at least I knew the setup was not how it should be and I made that clear, and that in the future if the app was to be worked on that is one thing that should be focused on. Particularly when it comes to testing I'd bet the vast majority of developers [to be honest, myself included] really know how to test for all common threat scenarios.

Hey I'm totally aware it's "wrong" and I would have loved to have done it properly, but this was a little shop with few users, limited cash (including to pay for implementation of the app) and an irregular setup. I just wanted to be done, the owner didn't care, so I kludged it and went on my way. The thing is a lot of setups end up like this and the fact that so many setups aren't the "ideal" and SSL is in a way complex by design (though setup now on things like nginx is cake!) I think a lot of things just end up being kludged and will remain broken untill something bad happens.

Cert price all depends on the type of cert. You're talking about a standard SSL cert, which in the case I outlined would have actually been OK but it would have required some extra setup (dynamic subdomains) and the client just didn't want to deal with it. Justa heads up in certain situations (eg: corporate certs + internationalized domains + multiple sub domains + weird proprietary auth crap for odd protocols + a badge that says the cert passes some standards body tests....) the cheapest possible cert will run well over $1,000.

BTW I really recommend StartSSL https://www.startssl.com/ if you are using standard certs. The prices (free for personal certs/low end schemes, unlimited plans for more robust and corporate certs). Service and support is also pretty good.

I myself have implemented them for shopping apps (SSL for anything dealing with user details, payment, etc.). When you're communicating with an external service that requires (or where you want to use) encrypted connections and that service only offers SSL (this is probably 90% of the time) you need to use it. Now the catch here is that the standard SSL handlers available to you in Android provide an "ideal" setup, where servers and certs are exactly as they "should" be. The problem is unless you are paying rediculous ammounts for dedicated SSL services and high quality certs your setup will not be the "ideal", and you'll have to make exceptions by overriding code.

As an example, in the shopping system I set up there were two sets of certs, one set was signed [payment gateway] the other wasn't [user control pannel]. I had to jump through a few hoops, and the app would be open for man-in-the-middle if set up right - but luckilly all they'd get would be user login details, address and phone number - billing is all external and requires a separate authorization.

-1 Troll!? Looks like some Oracle employees are are tromping around Slashdot now. Come on, what about my description wasn't completeley 100% accurate and detailed?

Let me tell you that, as a developer, you are exactly the type of person I want writing feature requests and bug reports. Those are all necessary or neat features, and your descriptions are good. It's a shame LO doesn't have a feature request section or a task list of requested features being implemented (just check https://www.libreoffice.org/get-involved/ , I didn't see it).

I mean honestly the only rebuttial I could provide would be for 2 + 3, which would be to use documentation/guide generation tools - but that's not a valid argument because the average office user would not be able to use most of the tools out there and those tools don't usually provide print-friendly output.

Thank you for the excellent reply.

I'll make it short: OO was taken over by Oracle. Oracle is full of jerks who hate freedom and love money. Major part of OO team forks OO to LO in order to save it from Oracle. OO usage drops and Oracle decides they don't want it so they give it to Apache, which seems to no be a foundation for software that people stopped caring about. Now we're here - keep using LO and ignore OO till it goes away or whatever.

This. I can't name a single feature that I need for business use that is not included in LO. I really wonder why parent is rated 5 Interesting.

Right, and especiialy with Open Source that comes down to selling software as a service or customization as a service. Having a core product OSS that you can offer as a service can also be beneficial in that you can develop a community of other developers doing the same, and contributing improvements and fixes in the proces (like getting ideas and code for free). Projects like Spree and Refinery CMS are great examples of this.

The gradient overlays and shadow underlays are in OSX/iOS interfaces, gradient overlays usually over fake wood or leather to make it look raised and the underlays to make it look like one UI element is sitting over another. Other than the fake wood/leather I actually like this style of UI, it's unobtrusive but gives an artificial 3Desque depth as well as softening some of the edges.

You have a point about the tiling on mobiles for sure. The thing is I would not say Metro does this well by restricting everything. Besides, why bother with windows phone just for the interface when you can change your home shell on Android? Even just a theme will replicate it, but in a more attractive format if you ask me: http://www.androidng.com/windows-phone-7-android-theme

I agree with the point that using faux object representations is cheap, wastes space, and can be lost on people for sure. But to go for Metro as an example of good design? Sorry, I'd take cheap wood and leather graphics with gradient overlays and shadow underlays any day of the week over that.