Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment I agree this is "bad" (Score 2) 27

Any time you keep credentials on a public hub is just a bad thing to do (in a "cross the streams" sense), and I addressed that in a blog entry back when bots were finding thousands of Amazon AWS and S3 OAuth credentials and secret keys made public on github.

But I do wonder, for libraries that give you an API token to use (Flickr, Trello), how should one use it in a pure html5 single-page client app, one that doesn't use any server proxy middleware. E.g., except for securing the API key, there's no reason for a flickr photo slideshow to ever need to talk to my own server: it should just talk to Flickr directly. Routing everything through my server as a proxy just for the API key would be horribly inefficient and expensive on my bandwidth, as well as unnecessarily slow.

But if I just leave the API key in the app's scripts, it can, with a little bit of research in the web console, be found by anybody looking for it. Even if I were to encrypt it in some way, that encryption could be cracked easily because everything needed to decode it could also be found because it all is in the javascript somewhere.

So what if any is the solution for efficient CORS-based HTML5 single page apps for APIs that require a key that you should attempt to secure in some way to prevent others from using the key to create abusive applications of their own?

Comment I18N a cost, but US rights getting harder (Score 5, Interesting) 158

It really has nothing to do with international rights. Cost may be a factor, but it isn't the most important right now. They can license whatever the studios will sell them.

The studios aren't selling.

The reason is that they figure they've got the killer show that is enough to get them to install the service for just that studio's output. HBO and Starz are already exclusives (with HBO recently revoking Netflix's license with Sesame Street), Disney's working on theirs, CBS has forked off their own instead of signing on to Hulu with the other networks.

At $15/m, they figure they've got the one killer show that is enough to get that monthly subscription, and they're gambling they're right by taking their material off of Netflix.

In the end, "cutting the chord" is not going to save anybody any money, because instead of paying cable $99+ / month for shows and HBO, they're going to have to sign on to 7 services to get the same shows they want to watch, resulting in the same $99/month.

Comment Re:Open source Picasa (Score 3, Interesting) 86

well, to get us to use the cloud for that, they would need to have their cloud-editing tools not suck.

They bought picnik and totally ran it into the dirt, where all that is left is a handful of astronomy-named one-shot filters that make me miss instagram, and i've never actually installed instagram for f's sake.

Otherwise, you can do more editing on your phone/tablet than you can on your desktop, and that is one gigantic bit of what-the-f round two. The idea that mobile should be *better* than desktop is an attitude I will simply never ever understand.

Comment Devices for non-nerds don't need nerd-features (Score 2) 66

So the hardware and the O/S is a little limiting? Fine. It isn't the type of device you need.

On the other hand, all of the ridiculous levels of settings and personalizations and all that on a 5.1.1 or 6.0 Android box is too much for my parents to want to argue with.

There's something to be said for "works well enough". As developers we should not forget that, lest a simpler product line come along and put your complex fully-featured super-product out to dry, no matter what features the new upstart is missing.

I'm not saying Amazon's Fire will do that to Android, as the tablet market right now is still pretty large and has room for all (and of course, Fire could easily re-enable Android features they've suppressed at a moment's notice should the demand truly be there). But it is something to consider that not all products are the right fit for all audiences.

I have a Fire that I use for reading at night (Feedly, Pocket, and Facebook - all the links i've saved throughout the day - and kindle books if i'm still awake after all that). It works perfect for that purpose (I also use it as test platform for my apps since i'm targeting that easier-to-use market).

But I take a Samsung Tab 4 with me during the day, because that's the better one for when I want interactive stuff or games or things that require Google Play Services and all that.

Right tool for the right job and the right audience.

(That said, FireOS 5 did have a few really annoying bugs I've had to work around, but nevermind... :) )

Comment Word: being bought by google actually sucks. (Score 4, Insightful) 167

Pretty much everybody and everything Google has acquired, they've pretty much killed off. They bought Picasa, and are finally killing it with a product that has FAR fewer features (and nothing to replace the capabilities of the desktop app at all).

They bought picnik a few years ago, made it the online editor for Picasa and google+ photos for a while, but then over time ditched ALL of it in favor of a handful of crappy instagram filters.

So all of the features, all of the tech, all of the MONEY in Picasa and Picnik is gone. Utterly gone. No legacy left. Google, once the most functional of photo online services out there, is now a second-hand copy of Apple's iCloud...just as everybody was basically complaining that Apple's online/mobile photo approach is damned annoying and nobody wants it and they're all out looking for something better.

At least Flickr has actually *added* functionality (as well as performance) in the last few years. I just hope whomever they get sold to will be able to keep it alive.

Comment Re:That's a shame (Score 2) 167

oh, it is easy: it is just like Apple's photos app. strictly chronological on date-taken (unless there's no exif data, in which case it is by date created or last update or, well, whatever, who cares). Plus albums. Unlike Picasa (but like Flickr) you can put a photo into multiple albums without it making copies of it.

And unlike the Android, the web version doesn't mix-n-match your online photos with the ones on your phone as if there was no difference between them.

Beyond is one hell of a step backwards as far as features go.

Comment Re:I hope they keep the Picasa desktop app around. (Score 3, Informative) 167

It is on the slate to be removed. Existing copies still work, but 1) no updates (so an O/S or library change that breaks it is permanent), and 2) no promises that it will still be able to upload files after the transition.

Yes, very frustrating, as it is my primary post-processing tool.

Comment Medical and Financial? keep google out (Score 1) 110

You lost me when you mentioned financial records and health record. the health stuff is locked down by law, under HIPAA regulations. Google has no business in that space, especially not in a manner for pushing advertising recommendations to us. the last thing i want is to get *targeted* ads to me over my...not saying what my problem is. Get the drift?

Financial records are the same, though with less legal protection. The main inference they can get from that for advertisers is "are they rich"? Targeted ads based on the likelihood of whether or not i spend 50 or 500 for dinners on the road (or can afford to pay off my credit card or have extensive college debt)? (or more specifically, what is my company, or the government, willing to pay when i expense it). Is that really the future of Google you want to encourage?

It certainly isn't the future I want. while I agree that the idea of personal digital agents is inevitable, Google, which still makes most of its money on advertising and can improve its revenue by targeting, is the LAST company I want to have the ability to target me that closely. I won't hide that I have a kid, a dslr camera, a large music collection, and a hobby of visiting disney and national parks, but i still draw the line on my privacy somewhere.

Comment "not my fault" (Score 1) 434

If Samsung was willing to send upgrades to my not-even-2-year-old devices, I'd be upgraded by now.

Google doesn't have to sell the upgrade features to the end users. Google has to sell the upgrade to the OEMs (especially Samsung) to make them be willing to make the upgrade available for "old" devices (given that, today, 'old' means 9 months or less). Samsung and ASUS are more willing to let these older devices rot, under the expectation that they'll buy something new and get the upgrade then, so what is the point of back-porting it?

Google needs to better market the OS to the OEMs, not to Slashdot.

Slashdot Top Deals

Lend money to a bad debtor and he will hate you.