What it takes to create more great app is more about a decent support for modern form elements than a new way to tweak stupid useless dom elements endlessy. How about native table with locked rows/tables ? How about native searchable combos ? etc etc etc... Yes, we can reinvent this weel forever via jQuery + some plugin +..., but it takes so much wasted energy to do so.
Another language is not necessary a bad thing, it's just not a priority to me. Far from that. Javascript is quite decent when you take the time to use it rigth.
The visibility doesn't make it so bugs don't exist. It makes them more likely to be found. This one existed and was found.
I see another lesson here. We (i mean, people in the IT industry) rely on ultra sensible piece of code like openssl, and we blindly use it. We don't question much about how the way this software is created and by who. That's the problem. We put our trust on something we know very little about. Discovering the small team coding openssl is quite a surprise to me. I feel really ashamed to discover this that late. How stupid is that... The feeling that "because so many smart people use openssl must imply strong coding reviews and intense testing" is just plain wrong, period. I should have known that before. I should have care. Open source makes possible to educate yourself on stuff like that.
The lesson is enormous, and comes with an great price tag.
How many of this kind of software is vulnerable and used by all our clients ? How can we improve this efficiently ? Is the openssl a unique case study, or is [your favorite software's name] equally risky ? Real questions with tough answers...
Still, I feel open source will shorten the path to solutions more than closed sources would, as long as we change some important things in our habits. Just my one cent anyway.
there's a huge benefit to NOT being the most common user OS.
For years, People keep saying windows attacks are maily/solely related to the OS dominance. Knowing how UNIX and WINDOWS systems work, I knew this reasoning was biased at best. With the market share that apple (and google) now has (all platforms), this logiq no longer works well. Windows viruses/malware are numerous because this OS is really really bad when it comes to system protection. The structure of the OS is faulty, period. None of the windows version has been able to fix that. That is the main reason.
One of the worst experience I had was fixing a project on msaccess, one of those GUI based coding environment.
MSaccess intend to provide a graphical UI to create database driven apps. I've seen people creating programs this way without having much "text programming language" knowledge, and those program somehow "do the job". As much as I hate ms access, I have to admit it give some people a way to turn ideas into computer programs, without text programming language.
At some point, the same people have more needs, and msaccess becomes unpractical for them. They need people like me (we all need money) to "fix" or "expand" their program, and this is where it turns into nighmare. Graphical UI won't do 100% of the job, and you need to add little TEXT program snipsets here and there (formulas, routines, whatever). This makes the program very very hard to maintain, having pieces of code disseminated in hundred of places, with no way to get a global view of the software.... Needless to say, this also make future changes even more complex and expensive.
This is to me one of the key feature of text programming environment: you can have a global picture of your coding, organized in folders, files, etc. You can grep code parts, find them, merge them, split them, reorganized them, comment them, keeping the whole project well organized all along its evolution.
The only thing I would like more than text file is a rich-text programming language that makes possible to add visually rich comments, designs, etc, but keeping the useful part (the program) purely textual.
This reasoning does not work (at least not everywhere)
Let's take an example. We have some corporation that provide banking and medical insurance services (and giving good prices when using both). Are you really okay with them crossing both data to evaluate the risk with granting you a loan ? I'm not. They technically "own" both data. I'm okay is they ASK me about my health, that's a different thing. They could event ask me the permission to read medical files as long as I can reply "no".Nobody will force me to answer this question If I don't want.
That's just an example. We may find tons like that.
I'm glad some country attempt to put some rules here. France is one of them; you have to inform regulator about what data is saved in your business, and HOW you'll use them. This is largely inefficient obviously, due to lack of power. This is what needs to be fixed.
Can someone please name for me a single site that obtains my consent before storing cookies in my terminal?
Many sites started to do this recently (slashdot to name one), but I find this rather useless since most people have no clue about what a cookie really is. What matters is what google (and others) do with your data, speciffically with the help of 3rd party sites.
This is the worst kind of law
Yeah, you're right, let's do nothing instead... no, kidding, I find this fair and balanced, even though the fine is ridiculously low. Google think they don't have to comply local regulation, this has to be fought.
The french regulation used to have true power and has a good sense of what is ok and what is not in term of data collection and privacy. This became less and less true over time (thanks french politics) and their role is now really limited with the boom of data collection era. This sucks. We need more of this. A lot more. This has to start somewhere, and I'm hoping this is the begining of something here.
Beeing bloated, buggy, resource consuming, useless, unremovable and unstable seems to be the natural way AV softtware evolve. Some are faster than others; McAfee and Norton reached this evolution milestone long time ago, AVAST and friends are joining the club those days. I have "fixed" about 10 computers the last 2 months, uninstalling this shitware from friends's computer, now using microsoft security software. Not sure there is a solution to this madness....
Notably, people keep thinking "I'm safe because I've Norton/McAfee/whatever ; this can't be the cause of my computer problems". At this, they've been really really good.
The NSA really bet that, over time, none of the thousands of employees having access to this data would leak some of it ? That's really stupid at best. If something is weak, it's by design here. Yes, it takes some real guts to do this leak, but that had to happen. I am actually glad it did.
Some people have a near religious approach about what a browser should do, and what it should not. For those guys, the browser is a piece of code that render a "document" ; this is by no mean a way to implement GUIs. The other part of the world is fighting hard to implement GUIs in browsers, and making sure that their GUIS work well in every browser ! Sadly, the standardization groups have many of the first category, and few of the second. And franckly, that really sucks.
Why not aknowledging that a browser, in 2013, is a piece of code that implement rich terminal capabilities and also (mainly?) intend to serve GUIS for apps ? From there, we could add rich UI elements to the totally outdated and pathetic form elements collection that HTML implements. A lot of people spend a hell of time to workaround CSS/DOM oddities or limits, simply because the web technologies was not made for GUIs... Such a move would likely to be way more useful than many recent additions to web standards.
That being said, I don't think CSS and DOM are inherently bad. They allow very powerful things indeed, as well as javascript does.
"Flash Can Rob 2 Hours From MacBook Air's Battery Life" should be "Ads can rob 2 hours from macbook air's (and anything else) battery life", I presume.
It seems that most people who complain about memory usage don't know how memory is managed on modern operating systems, so they go all apeshit about "OMG HELP linux is using so much memory it sux0rz!!!"
I agree with you on that, but feel like the diagnostic is somehow... opposite: "it seems that linux developers fail to show memory usage in a way that average user can understand".
6. Dealing with memory leaks on most browsers (ex: ff) is nearly impossible
On your #2 point, my experience is that coding for: FF3, Safari4, Chrome and IE8, is no longer a compatibility nightmare. Dealing with performances and memory remain a nightmare on my view (except on Chrome which rocks on garbage collecting).
Memory usage comes with a bad side effect: memory fragmentation, which tends to eat a significant share of CPU cycles for no reason other than allocate/reorganize/etc memory blocs. That's a problem.
Seeing how well FF shows on TFA is just amazing to me. My own experience tells me the contrary: FF performs bad when it comes to memory usage and, more importantly, leaks. At some point, just exiting FF (usualy because it reached the swap area) on my linux box takes about 30s. ff guys think using the exit() syscall is not good enough, hence ff tries to unallocate everything before exiting, which takes forever and tells a lot on how the memory is badly fragmented with tons of leaked small memory blocs.
I gave safari a run on my web app, which uses a lot of clientside scripting and has been designed to "work" on FF, IE7, chrome. I did not optimize anything for any browser, it was just a test to make sure I would make mac users happy. I was amazed by performances, really. The JS runtime is way better than anything else I've tested, and even beats chrome which is also really good. More importantly, it seems almost immune from memory leaks, compared to ff3 which needs a restart when approaching 1GB.
Your solution might works for 5% of the population; the remaining 95% will keep buying preinstalled machines running windows, macosx and occasionaly linux, and won't have a clue about what is an OS and how to install them. Maybe my numbers are wrong, but the figure is probably accurate and I fail to see how more (some?) courtesy from microsoft would change that. End user education is necessary, but not really practical.
As noted by many Perl fans (like I am) you do not write in Perl - you think in Perl
I usually say something slightly different to people that I'm teaching perl: when writting perl, you think algorythm and data structure more than anything else, and that's what matters. You don't waste much of your time to fight with dumb API, stupid syntaxes or strange behaviors (php anyone). Perl is sometimes intimidating for outsiders, partly due to the way some people overuse its felxibility, but there is an easy way to write clean code without much of the glue you usually need in some alternate languages.
Having arrays, hashes and regexps natively accessible is one of the killing feature. I only miss a better prototyping in method/function calling.
Slashdot Mirror
What it takes to create more great app is more about a decent support for modern form elements than a new way to tweak stupid useless dom elements endlessy. How about native table with locked rows/tables ? How about native searchable combos ? etc etc etc... Yes, we can reinvent this weel forever via jQuery + some plugin + ..., but it takes so much wasted energy to do so.
Another language is not necessary a bad thing, it's just not a priority to me. Far from that. Javascript is quite decent when you take the time to use it rigth.
The visibility doesn't make it so bugs don't exist. It makes them more likely to be found. This one existed and was found.
I see another lesson here. We (i mean, people in the IT industry) rely on ultra sensible piece of code like openssl, and we blindly use it. We don't question much about how the way this software is created and by who. That's the problem. We put our trust on something we know very little about. Discovering the small team coding openssl is quite a surprise to me. I feel really ashamed to discover this that late. How stupid is that... The feeling that "because so many smart people use openssl must imply strong coding reviews and intense testing" is just plain wrong, period. I should have known that before. I should have care. Open source makes possible to educate yourself on stuff like that.
The lesson is enormous, and comes with an great price tag.
How many of this kind of software is vulnerable and used by all our clients ? How can we improve this efficiently ? Is the openssl a unique case study, or is [your favorite software's name] equally risky ? Real questions with tough answers...
Still, I feel open source will shorten the path to solutions more than closed sources would, as long as we change some important things in our habits. Just my one cent anyway.
there's a huge benefit to NOT being the most common user OS.
For years, People keep saying windows attacks are maily/solely related to the OS dominance. Knowing how UNIX and WINDOWS systems work, I knew this reasoning was biased at best. With the market share that apple (and google) now has (all platforms), this logiq no longer works well. Windows viruses/malware are numerous because this OS is really really bad when it comes to system protection. The structure of the OS is faulty, period. None of the windows version has been able to fix that. That is the main reason.
One of the worst experience I had was fixing a project on msaccess, one of those GUI based coding environment.
MSaccess intend to provide a graphical UI to create database driven apps. I've seen people creating programs this way without having much "text programming language" knowledge, and those program somehow "do the job". As much as I hate ms access, I have to admit it give some people a way to turn ideas into computer programs, without text programming language.
At some point, the same people have more needs, and msaccess becomes unpractical for them. They need people like me (we all need money) to "fix" or "expand" their program, and this is where it turns into nighmare. Graphical UI won't do 100% of the job, and you need to add little TEXT program snipsets here and there (formulas, routines, whatever). This makes the program very very hard to maintain, having pieces of code disseminated in hundred of places, with no way to get a global view of the software.... Needless to say, this also make future changes even more complex and expensive.
This is to me one of the key feature of text programming environment: you can have a global picture of your coding, organized in folders, files, etc. You can grep code parts, find them, merge them, split them, reorganized them, comment them, keeping the whole project well organized all along its evolution.
The only thing I would like more than text file is a rich-text programming language that makes possible to add visually rich comments, designs, etc, but keeping the useful part (the program) purely textual.
I don't want to be opening/closing threads or anything like that
having the ability to close/open threads makes sense to me. Sadly, it's poorly implemented on beta.
they have all you need! for free.
I would pay for a slashdot version with >80% of articles about technology :)
Not sure people choosing to use a tablet want to see metro either....
This reasoning does not work (at least not everywhere)
Let's take an example. We have some corporation that provide banking and medical insurance services (and giving good prices when using both).
Are you really okay with them crossing both data to evaluate the risk with granting you a loan ? I'm not. They technically "own" both data.
I'm okay is they ASK me about my health, that's a different thing. They could event ask me the permission to read medical files as long as I can reply "no".Nobody will force me to answer this question If I don't want.
That's just an example. We may find tons like that.
I'm glad some country attempt to put some rules here. France is one of them; you have to inform regulator about what data is saved in your business, and HOW you'll use them. This is largely inefficient obviously, due to lack of power. This is what needs to be fixed.
Can someone please name for me a single site that obtains my consent before storing cookies in my terminal?
Many sites started to do this recently (slashdot to name one), but I find this rather useless since most people have no clue about what a cookie really is. What matters is what google (and others) do with your data, speciffically with the help of 3rd party sites.
This is the worst kind of law
Yeah, you're right, let's do nothing instead... no, kidding, I find this fair and balanced, even though the fine is ridiculously low. Google think they don't have to comply local regulation, this has to be fought.
The french regulation used to have true power and has a good sense of what is ok and what is not in term of data collection and privacy. This became less and less true over time (thanks french politics) and their role is now really limited with the boom of data collection era. This sucks. We need more of this. A lot more. This has to start somewhere, and I'm hoping this is the begining of something here.
Beeing bloated, buggy, resource consuming, useless, unremovable and unstable seems to be the natural way AV softtware evolve. Some are faster than others; McAfee and Norton reached this evolution milestone long time ago, AVAST and friends are joining the club those days. I have "fixed" about 10 computers the last 2 months, uninstalling this shitware from friends's computer, now using microsoft security software. Not sure there is a solution to this madness....
Notably, people keep thinking "I'm safe because I've Norton/McAfee/whatever ; this can't be the cause of my computer problems". At this, they've been really really good.
Bah....
The NSA really bet that, over time, none of the thousands of employees having access to this data would leak some of it ? That's really stupid at best. If something is weak, it's by design here. Yes, it takes some real guts to do this leak, but that had to happen. I am actually glad it did.
Some people have a near religious approach about what a browser should do, and what it should not. For those guys, the browser is a piece of code that render a "document" ; this is by no mean a way to implement GUIs. The other part of the world is fighting hard to implement GUIs in browsers, and making sure that their GUIS work well in every browser ! Sadly, the standardization groups have many of the first category, and few of the second. And franckly, that really sucks.
Why not aknowledging that a browser, in 2013, is a piece of code that implement rich terminal capabilities and also (mainly?) intend to serve GUIS for apps ? From there, we could add rich UI elements to the totally outdated and pathetic form elements collection that HTML implements. A lot of people spend a hell of time to workaround CSS/DOM oddities or limits, simply because the web technologies was not made for GUIs... Such a move would likely to be way more useful than many recent additions to web standards.
That being said, I don't think CSS and DOM are inherently bad. They allow very powerful things indeed, as well as javascript does.
Backdoors are complex to setup and hide; frontdoors are easyer and can remain unnoticed for very long sometimes.
"All problems in computer science can be solved by another level of indirection"
(David Wheeler)
So true....
42
Jeez, what a scoop. Isn't this feature all about tracking ?
"Flash Can Rob 2 Hours From MacBook Air's Battery Life" should be "Ads can rob 2 hours from macbook air's (and anything else) battery life", I presume.
FYI, "Duke Nukem Forever" is entirely coded in perl6. Hence the delay.
It seems that most people who complain about memory usage don't know how memory is managed on modern operating systems, so they go all apeshit about "OMG HELP linux is using so much memory it sux0rz!!!"
I agree with you on that, but feel like the diagnostic is somehow ... opposite: "it seems that linux developers fail to show memory usage in a way that average user can understand".
6. Dealing with memory leaks on most browsers (ex: ff) is nearly impossible
On your #2 point, my experience is that coding for: FF3, Safari4, Chrome and IE8, is no longer a compatibility nightmare. Dealing with performances and memory remain a nightmare on my view (except on Chrome which rocks on garbage collecting).
Memory usage comes with a bad side effect: memory fragmentation, which tends to eat a significant share of CPU cycles for no reason other than allocate/reorganize/etc memory blocs. That's a problem.
Seeing how well FF shows on TFA is just amazing to me. My own experience tells me the contrary: FF performs bad when it comes to memory usage and, more importantly, leaks. At some point, just exiting FF (usualy because it reached the swap area) on my linux box takes about 30s. ff guys think using the exit() syscall is not good enough, hence ff tries to unallocate everything before exiting, which takes forever and tells a lot on how the memory is badly fragmented with tons of leaked small memory blocs.
I gave safari a run on my web app, which uses a lot of clientside scripting and has been designed to "work" on FF, IE7, chrome. I did not optimize anything for any browser, it was just a test to make sure I would make mac users happy. I was amazed by performances, really. The JS runtime is way better than anything else I've tested, and even beats chrome which is also really good. More importantly, it seems almost immune from memory leaks, compared to ff3 which needs a restart when approaching 1GB.
Your solution might works for 5% of the population; the remaining 95% will keep buying preinstalled machines running windows, macosx and occasionaly linux, and won't have a clue about what is an OS and how to install them. Maybe my numbers are wrong, but the figure is probably accurate and I fail to see how more (some?) courtesy from microsoft would change that. End user education is necessary, but not really practical.
As noted by many Perl fans (like I am) you do not write in Perl - you think in Perl
I usually say something slightly different to people that I'm teaching perl: when writting perl, you think algorythm and data structure more than anything else, and that's what matters. You don't waste much of your time to fight with dumb API, stupid syntaxes or strange behaviors (php anyone). Perl is sometimes intimidating for outsiders, partly due to the way some people overuse its felxibility, but there is an easy way to write clean code without much of the glue you usually need in some alternate languages.
Having arrays, hashes and regexps natively accessible is one of the killing feature. I only miss a better prototyping in method/function calling.