And all of that work should be done by the application authors, not people who work on the OS who don't know what they are doing. I repeat: Ability to work on an operating system doesn't mean you know squat about sanely-coded and presented applications.
This dynamic is why Firefox on FOSS systems is slow and feature-poor: A party that can't possibly take responsibility for all the apps being offered is inserting themselves between the application users and the authors, degrading what is otherwise a top-notch effort (Firefox).
Think about that the next time radio buttons disappear after selecting (only on Linux Firefox for years), self-update keeps prompting when it couldn't even work, users are urged to "get the latest!" while they are forced to wait weeks (or forever) after their Mac and PC colleagues have upgraded, and when you click on a link and get prompted to "select application" to open with... and the dialog doesn't show applications but the Unix filesystem instead.
Self-updating applications is an application feature, not an OS feature. People need approachable ways to install new and updated apps on OSes that are older than a few months! No one should be forced to the bleeding edge of OS releases every 6 months just to upgrade their apps.
It all speaks of an OS that isn't feature-stable enough to give app developers a chance to properly target and integrate with the system. This problem of poor testing and integration arising from poor targetability is repeated over the whole spectrum of available applications.
Stop releasing every 6 months and get the distro managers out of the applications.
PS- I would also like to state what a POS the Slashdot editor has become.
It proves that religion has long been a useful justification for seizing wealth and power, mainly because religion is a tool for putting something (a policy, a war, your social network) beyond argument. And for that very reason, unlike with other justifications, the religious ones have tended to remain unchallenged for hundreds of years.
I don't know if the Honduran constitution has a mechanism to remove a sitting president from office, but it was pretty clear that he was absolutely on his own.
"On his own" except for a large backing from the populace.
I don't know if their constitution has an impeachment mechanism either, but I do know that any body of law that puts itself beyond even a supermajority vote is an anti-democratic tyranny.
Let's face it, NXserver may have fixed a performance issue but as I recall it still couldn't enable you for common remote situations, like connect to an existing desktop or share an application window with someone else (at least not without resorting to VNC). You were still limited to viewing one app by only one person, so an app window launched on my machine by a remote NX user wasn't even visible to me locally. If the remote user logged into the existing 'Burz' desktop, they would get a separate instance of it.... not very useful.
I remember reading this was a limitation of X11 and/or NXserver internals. If its the former, then we really need to wake up and dump this architecture quick. If the latter, then hopefully Google will be able to contribute in these areas.
Also, NXserver made you reconfigure ssh to where key-only logins weren't possible. Hampering ssh like this shouldn't be necessary.
Re:Authentication goes both ways.
on
R.I.P. FTP
·
· Score: 1
Checking fingerprints is simple and the "normal users" you are referring to happen to be system admins.
Apply a trivial malware DNS hijack. Against a full-blown PKI. And we're still screwed, because most users don't understand the threat, and click through warning after warning.
This seems more aimed at https, but I'll bite: The users at least have the opportunity to learn about the warning, which is better than the alternative. But it seems to me that most of the ignoring is done by techies when they are asked what the warnings mean.
The only issue I have with that view is the fact that most IT types aren't trying to educate people about link security, or even telling them what a browser is. That vast ocean of ignorance reflects poorly upon US not them!
A good tunnel will keep you safe and allow you to capitalize on the rogue's motives.
Your suggestion also highlights the god awful ignorance being spouted by Fox and Symantec in the article. Slashdot should be ashamed at posting such a crappy article that doesn't even mention SSL or VPNs as a safety measure!
As I was saying, its more a matter of FOSS devs ignoring non-technical use cases, not just users.
If Bob can't use his email or spreadsheet effectively on the FOSS platform, he is going to be more apt to go (back) to the Apple or MS platform even if he is highly technical. In the end, most technical Linux users will probably reserve Linux mainly for niche functions while they spend most of their time on Mac & Windows for office- and arts-related work flows.
I'm not sure why Firefox (the main FOSS exception, since it is quite excellent) runs poorly on Linux. Not only does my cursor disappear more, but all the way through version 2.x the radio buttons would disappear when clicking on them (kind of a show stopper). I think the relative formlessness of the "Linux desktop" contributes to a situation where Mozilla does less testing for each distro than they do for Windows and OS X, leaving the distros to carry out testing for the last mile.
Mozilla also doesn't even create proper packages for Linux users to download. They may feel it is too difficult to target so many distros and so many different versions of each distro (and provide tech support for all that variety).
But then I had a big 'No friggin way' moment right at the end:
Do you know why so much open source software sucks? It's because the programmers suck! They don't measure themselves against any standard of excellence. They stop when something works, ignoring the fact that it doesn't work well. It's plain old slob apathy.
That wording is just far too broad a brush to use, even in this "Apple desktop" context.
If we considered the great breadth of FOSS software we'd have to conclude that excellence is a FOSS hallmark, but only for projects that have are targetting a technical or programmer user base. This is critical! It means that FOSS programmers are disconnected from non-technical users (more aptly, non-technical use cases, where fir instance Bob
Never mind, my text cursor in Ubuntu's Firefox just disappeared again and I'm tired of trying to figure out where it is for adjustments and corrections. Back to my Mac...
The one company to really take a unixish kernel and succeed with it? Apple.
That's because Apple have made it an attractive platform for writing applications. They have a rich set of relatively stable APIs and ABIs.
On a typical Linux distro (Ubuntu too), you can't just write a program and expect it work work on anyone else's Linux desktop. How will your teachers, friends or associates try out your Linux programs without encountering dependency hell? And then there is the question of wildly varying system defaults.
The whole idea of "Linux desktop" being discussed for long years here and on other FOSS sites is a total red herring. There is no well-defined, easily-targetted Linux desktop platform. NONE.
Which is why Apple called their new OS "Mac OS X' and not "Apple BSD". Similarly, Google uses "Android" and not "Android Linux" etc.
As for Google's new offering it seems hardly worth calling an OS if a person cannot install their own software on it. It's a thin client.
Perhaps it would be more effective to modify Firefox so that it will only execute scripts from other domains which are directly referenced by the original domain. That seems much safer to me.
The page from the primary domain refers to scripts on those other domains as a matter of trust. If CNN doesn't trust a domain's scripts, then they won't refer to them in the first place!
OTOH if the http connection is being attacked (say from an infected system on the LAN) and references to bad domains are being injected, then that could be a real problem but not one that is solved by this new feature. Only https would prevent this attack.
When it comes to one-off, build to order software made for specific clients (instead of something that has to be off-the-shelf for a general audience) I can agree with everything you said.
But I'm referring to non-custom software aimed at a type of user (say, someone who would like to organize and edit their collection of video tapes) or even just 'anybody'.
Its true that simply asking them will seldom work. You may have to study them, or focus-group them. Or you may need a visionary with special insight to the consumer mind dreaming up things the rest of us didn't know we liked or needed. So even adding Designers to a project may still leave it short of necessary insight and product focus.
I don't think anyone asked some users what they wanted, or asked a Designer about appropriate UIs, and as a result came up with Skype or Bryce or OS X. These things may have been involved in those products' development, but they obviously required more than that.
To summarize: Developers shouldn't be in charge of GUIs. Even if those GUIs are only intended for other developers.
I would add: Developers shouldn't be in charge of platforms, especially if those platforms are intended for end-users.
One of the main problems of most FOSS projects trying to produce normal 'everyman' apps and OS's is they they are primarily coding (and trying to design) to show off to each other. They aren't connected with the end-users' interests and expectations in meaningful ways, so even when going for maximum polish they end up with something impressive or passable mainly to very advanced users. These FOSS devs also tend to have poor software methodology which further prevents them from cataloging and prioritizing users' wants and needs (requirements and use cases anyone??).
As a KDE fan, I have to say a lot of KDE stuff falls into this category of the "candy-fied yet inaccessible". On sites like kde-apps they are very into showing off kool 'end-user' type stuff to each other without any thought as to offering solutions with feature stability.
Ah, feature-stability. That's what the supposed "Desktop Linux" platform would have if it were a platform. But its not. There is nothing that specifies a set of rich and modern features/behaviors that would cause either a budding application developer or a typical end-user to feel reassured and at-home as they try to write-for and use various Linuxes. Such a specification would entail making an "interface contract" to non-peers (non-system-coders, i.e. end users) when these coders are really only thinking about the reactions of their peers.
Its the applications that 'sell' the system. As young application developers cut their teeth they are almost certain to start with and stick with a highly targettable (well-defined) platform. And they will learn first the suggested coding styles at Apple Developer Connection or MSDN, starting with the default toolsets offered (Xcode, Visual Studio). At some point inspiration will strike them and (unless its web-centric) they will try out their ideas in these nurturing environments first.
eBay barely works in Firefox if you're a Seller. And even then, some nice features will be missing or broken (in-browser image editing, and certain Paypal-based label printing functions -- the ones that use a combination of Java and embedded PDF, ironically).
OTOH, now that Macs have a much larger market share, and Chrome is out there too, maybe it is time for Mozilla to push the 100% standards compliant agenda (instead of the wannabe-IE-compatible one). All together, these browsers should get the laggard web developers to wake up.
Yes, all the correspondence you send via email could be cryptographically signed, quite possibly preventing a forgery attempt (or keeping it from being taken seriously by anyone).
Rather than start w/ his example, consider the attacks seen after the Kaminsky announcement: MX records were being forged. Now I can poison an ISP's caches w/ the wrong records for email of any site and all of your email will go through me.
Hold on there. Are you suggesting that a worthwhile email service wouldn't use SSL? What if these crummy services that were attacked also fail to use DNSSEC?
WRT the video, at Blackhat there was a presentation [greyhatindia.com] demoing the creation of forged SSL certs using weak CAs.
Ah, so that's it. Only the central bureaucrat can be trusted to run everything ship-shape.
DNSSEC address issues that include the Kaminsky cache poisoning attack from last summer. The idea of DNSSEC is that when you get a DNS record back, you can use crypto to verify that it the actual record (such as the IP address(es) for a web site) served by a domain.
Pardon me, but that is dumb. Almost all of the overhead in asymmetric crypto (used by DNSSEC and SSL) is in the initial or verification stages. SSL already does that job but gives us actual encryption and privacy of our data for very few extra CPU cycles.
Show me where DNSSEC verification saves resources over using SSL and I just might reconsider my position that DNSSEC is a solution looking for a problem.
That's why I think the submitter is misinterpreting the bill (or at least the intent). By his/her thinking, all data that moves between private parties online would have to be priced.
But I get the impression that the bill is trying to give the state a handle on sales tax like it has with 'brick and morter' merchants.
I would say the submitter was being paranoid... that is if the **AA media gangs didn't have such a record of abusing the law.
Slashdot Mirror
And all of that work should be done by the application authors, not people who work on the OS who don't know what they are doing. I repeat: Ability to work on an operating system doesn't mean you know squat about sanely-coded and presented applications.
This dynamic is why Firefox on FOSS systems is slow and feature-poor: A party that can't possibly take responsibility for all the apps being offered is inserting themselves between the application users and the authors, degrading what is otherwise a top-notch effort (Firefox).
Think about that the next time radio buttons disappear after selecting (only on Linux Firefox for years), self-update keeps prompting when it couldn't even work, users are urged to "get the latest!" while they are forced to wait weeks (or forever) after their Mac and PC colleagues have upgraded, and when you click on a link and get prompted to "select application" to open with... and the dialog doesn't show applications but the Unix filesystem instead.
Self-updating applications is an application feature, not an OS feature. People need approachable ways to install new and updated apps on OSes that are older than a few months! No one should be forced to the bleeding edge of OS releases every 6 months just to upgrade their apps.
It all speaks of an OS that isn't feature-stable enough to give app developers a chance to properly target and integrate with the system. This problem of poor testing and integration arising from poor targetability is repeated over the whole spectrum of available applications.
Stop releasing every 6 months and get the distro managers out of the applications.
PS- I would also like to state what a POS the Slashdot editor has become.
It proves that religion has long been a useful justification for seizing wealth and power, mainly because religion is a tool for putting something (a policy, a war, your social network) beyond argument. And for that very reason, unlike with other justifications, the religious ones have tended to remain unchallenged for hundreds of years.
I don't know if the Honduran constitution has a mechanism to remove a sitting president from office, but it was pretty clear that he was absolutely on his own.
"On his own" except for a large backing from the populace.
I don't know if their constitution has an impeachment mechanism either, but I do know that any body of law that puts itself beyond even a supermajority vote is an anti-democratic tyranny.
Let's face it, NXserver may have fixed a performance issue but as I recall it still couldn't enable you for common remote situations, like connect to an existing desktop or share an application window with someone else (at least not without resorting to VNC). You were still limited to viewing one app by only one person, so an app window launched on my machine by a remote NX user wasn't even visible to me locally. If the remote user logged into the existing 'Burz' desktop, they would get a separate instance of it.... not very useful.
I remember reading this was a limitation of X11 and/or NXserver internals. If its the former, then we really need to wake up and dump this architecture quick. If the latter, then hopefully Google will be able to contribute in these areas.
Also, NXserver made you reconfigure ssh to where key-only logins weren't possible. Hampering ssh like this shouldn't be necessary.
Checking fingerprints is simple and the "normal users" you are referring to happen to be system admins.
Apply a trivial malware DNS hijack. Against a full-blown PKI. And we're still screwed, because most users don't understand the threat, and click through warning after warning.
This seems more aimed at https, but I'll bite: The users at least have the opportunity to learn about the warning, which is better than the alternative. But it seems to me that most of the ignoring is done by techies when they are asked what the warnings mean.
The only issue I have with that view is the fact that most IT types aren't trying to educate people about link security, or even telling them what a browser is. That vast ocean of ignorance reflects poorly upon US not them!
A good tunnel will keep you safe and allow you to capitalize on the rogue's motives.
Your suggestion also highlights the god awful ignorance being spouted by Fox and Symantec in the article. Slashdot should be ashamed at posting such a crappy article that doesn't even mention SSL or VPNs as a safety measure!
As I was saying, its more a matter of FOSS devs ignoring non-technical use cases, not just users.
If Bob can't use his email or spreadsheet effectively on the FOSS platform, he is going to be more apt to go (back) to the Apple or MS platform even if he is highly technical. In the end, most technical Linux users will probably reserve Linux mainly for niche functions while they spend most of their time on Mac & Windows for office- and arts-related work flows.
I'm not sure why Firefox (the main FOSS exception, since it is quite excellent) runs poorly on Linux. Not only does my cursor disappear more, but all the way through version 2.x the radio buttons would disappear when clicking on them (kind of a show stopper). I think the relative formlessness of the "Linux desktop" contributes to a situation where Mozilla does less testing for each distro than they do for Windows and OS X, leaving the distros to carry out testing for the last mile.
Mozilla also doesn't even create proper packages for Linux users to download. They may feel it is too difficult to target so many distros and so many different versions of each distro (and provide tech support for all that variety).
But then I had a big 'No friggin way' moment right at the end:
Do you know why so much open source software sucks? It's because the programmers suck! They don't measure themselves against any standard of excellence. They stop when something works, ignoring the fact that it doesn't work well. It's plain old slob apathy.
That wording is just far too broad a brush to use, even in this "Apple desktop" context.
If we considered the great breadth of FOSS software we'd have to conclude that excellence is a FOSS hallmark, but only for projects that have are targetting a technical or programmer user base. This is critical! It means that FOSS programmers are disconnected from non-technical users (more aptly, non-technical use cases, where fir instance Bob
Never mind, my text cursor in Ubuntu's Firefox just disappeared again and I'm tired of trying to figure out where it is for adjustments and corrections. Back to my Mac...
The one company to really take a unixish kernel and succeed with it? Apple.
That's because Apple have made it an attractive platform for writing applications. They have a rich set of relatively stable APIs and ABIs.
On a typical Linux distro (Ubuntu too), you can't just write a program and expect it work work on anyone else's Linux desktop. How will your teachers, friends or associates try out your Linux programs without encountering dependency hell? And then there is the question of wildly varying system defaults.
The whole idea of "Linux desktop" being discussed for long years here and on other FOSS sites is a total red herring. There is no well-defined, easily-targetted Linux desktop platform. NONE.
Which is why Apple called their new OS "Mac OS X' and not "Apple BSD". Similarly, Google uses "Android" and not "Android Linux" etc.
As for Google's new offering it seems hardly worth calling an OS if a person cannot install their own software on it. It's a thin client.
Perhaps it would be more effective to modify Firefox so that it will only execute scripts from other domains which are directly referenced by the original domain. That seems much safer to me.
The page from the primary domain refers to scripts on those other domains as a matter of trust. If CNN doesn't trust a domain's scripts, then they won't refer to them in the first place!
OTOH if the http connection is being attacked (say from an infected system on the LAN) and references to bad domains are being injected, then that could be a real problem but not one that is solved by this new feature. Only https would prevent this attack.
When it comes to one-off, build to order software made for specific clients (instead of something that has to be off-the-shelf for a general audience) I can agree with everything you said.
But I'm referring to non-custom software aimed at a type of user (say, someone who would like to organize and edit their collection of video tapes) or even just 'anybody'.
Its true that simply asking them will seldom work. You may have to study them, or focus-group them. Or you may need a visionary with special insight to the consumer mind dreaming up things the rest of us didn't know we liked or needed. So even adding Designers to a project may still leave it short of necessary insight and product focus.
I don't think anyone asked some users what they wanted, or asked a Designer about appropriate UIs, and as a result came up with Skype or Bryce or OS X. These things may have been involved in those products' development, but they obviously required more than that.
To summarize: Developers shouldn't be in charge of GUIs. Even if those GUIs are only intended for other developers.
I would add: Developers shouldn't be in charge of platforms, especially if those platforms are intended for end-users.
One of the main problems of most FOSS projects trying to produce normal 'everyman' apps and OS's is they they are primarily coding (and trying to design) to show off to each other. They aren't connected with the end-users' interests and expectations in meaningful ways, so even when going for maximum polish they end up with something impressive or passable mainly to very advanced users. These FOSS devs also tend to have poor software methodology which further prevents them from cataloging and prioritizing users' wants and needs (requirements and use cases anyone??).
As a KDE fan, I have to say a lot of KDE stuff falls into this category of the "candy-fied yet inaccessible". On sites like kde-apps they are very into showing off kool 'end-user' type stuff to each other without any thought as to offering solutions with feature stability.
Ah, feature-stability. That's what the supposed "Desktop Linux" platform would have if it were a platform. But its not. There is nothing that specifies a set of rich and modern features/behaviors that would cause either a budding application developer or a typical end-user to feel reassured and at-home as they try to write-for and use various Linuxes. Such a specification would entail making an "interface contract" to non-peers (non-system-coders, i.e. end users) when these coders are really only thinking about the reactions of their peers.
Its the applications that 'sell' the system. As young application developers cut their teeth they are almost certain to start with and stick with a highly targettable (well-defined) platform. And they will learn first the suggested coding styles at Apple Developer Connection or MSDN, starting with the default toolsets offered (Xcode, Visual Studio). At some point inspiration will strike them and (unless its web-centric) they will try out their ideas in these nurturing environments first.
Or thank NoScript, rather.
Flash is now a significant malware vector.
eBay barely works in Firefox if you're a Seller. And even then, some nice features will be missing or broken (in-browser image editing, and certain Paypal-based label printing functions -- the ones that use a combination of Java and embedded PDF, ironically).
OTOH, now that Macs have a much larger market share, and Chrome is out there too, maybe it is time for Mozilla to push the 100% standards compliant agenda (instead of the wannabe-IE-compatible one). All together, these browsers should get the laggard web developers to wake up.
Yes, all the correspondence you send via email could be cryptographically signed, quite possibly preventing a forgery attempt (or keeping it from being taken seriously by anyone).
It might be interesting to have the VPN software tell client programs (browsers) to flush cache whenever the former makes or breaks connection.
not just CO2 emissions.
Libertarian Paradise
If anything had us doubting they maintain their position with criminal means, this should remove the uncertainty.
Rather than start w/ his example, consider the attacks seen after the Kaminsky announcement: MX records were being forged. Now I can poison an ISP's caches w/ the wrong records for email of any site and all of your email will go through me.
Hold on there. Are you suggesting that a worthwhile email service wouldn't use SSL? What if these crummy services that were attacked also fail to use DNSSEC?
WRT the video, at Blackhat there was a presentation [greyhatindia.com] demoing the creation of forged SSL certs using weak CAs.
Ah, so that's it. Only the central bureaucrat can be trusted to run everything ship-shape.
I feel so much safer......
DNSSEC address issues that include the Kaminsky cache poisoning attack from last summer. The idea of DNSSEC is that when you get a DNS record back, you can use crypto to verify that it the actual record (such as the IP address(es) for a web site) served by a domain.
Pardon me, but that is dumb. Almost all of the overhead in asymmetric crypto (used by DNSSEC and SSL) is in the initial or verification stages. SSL already does that job but gives us actual encryption and privacy of our data for very few extra CPU cycles.
Show me where DNSSEC verification saves resources over using SSL and I just might reconsider my position that DNSSEC is a solution looking for a problem.
MS is advertising that Windows has a backdoor now??!
I really don't see how else 'plug in USB device and collect live data' can be interpreted.
Here is my urgent advice for Linux users:
sudo apt-get remove w32codecs w64codecs silverlight msttcorefonts
That's why I think the submitter is misinterpreting the bill (or at least the intent). By his/her thinking, all data that moves between private parties online would have to be priced.
But I get the impression that the bill is trying to give the state a handle on sales tax like it has with 'brick and morter' merchants.
I would say the submitter was being paranoid... that is if the **AA media gangs didn't have such a record of abusing the law.