Well, hello there friend. It must have been very uncomfortable to sit in a cryo cam for all these years, but while you were gone messaging apps have become more relevant than SMS-es and any carrier trying to ban them is to have a fecal storm on the matter, with billions of users for WhatsApp, FacebookMessenger, Hangouts, Viber, Line and whatnot.
They claimed it's TextSecure's algorithm, but, client is closed-sources, so who's going to check? Also, big question is key handling - if server assigns them or even generates them or at least verifies them - then whole "end-to-end" is just theater. I would believe them if key verification was given into user's hands and client's code was opensourced to check that it won't start black carbon/copying all the messages to some "friendly third parties".
The problem with WhatsApp is that it is closed-source, so you can't really check. You'll have to take their word for it. Also, they facilitate key exchange, so the whole "end-to-end" stuff is actually moot, since user is taken out of the loop and server can, at any time re-negotiate the keys and verify that MITM as a person A, that person B is trying to get in contact with. So it's all, once again, a lot of buzzwords, and zero security.
Well, let's go over this once more: Browser only shows "filler" tiles, that other companies pay to have there. Like an ad sticker on a wrapping paper on your brand new and free car. Firefox does not send any information to ad agencies, does not help them track you or do a full sweep of your activity (looks at chrome).
If you are so against predefined content, how come you were so totally OK all these years with Google search coming as default and Firefox getting a ton of money for it?
Now to adress the "bloated" part. Show me a slimmer browser, that uses less resources while retaining the same functionality? Browsers have become an OS in itself for running webapps. Don't like it - use mailer daemon to mail you the webpages you'd like to see. Richard seems to get along just fine doing that.
As for Pale moon - I am yet to see any usefull changes. They cut out features they don't like, claim they are faster and better, but except for dropping CPU's without SSE no useful optimisations have been introduced. The moment FF shuts down, Pale Moon is going down just as quickly without a main project to hold on to and to port all the changes from.
And last, but not least - when was the last time you donated to developers, that work hard just so that you and every other person on Earth has a reliable, auditable, privacy-caring, open-source browser? Donated code maybe, or at least filed a comprehensive bug report with logs and a case to reproduce?
Everyone's entitled to their own opinion and choice of browsers. But taking a dramatic stance and feeling all betrayed is way out of bounds. I draw the line at browsing experience and user tracking - as long as Firefox doesn't do anything that hurts end-user, they are fine to pursue other means of monetization, as long as the money goes to developing a better software.
I judge by what's been actually done, not by hysteria, that a lot of people like to fuss up around any issue as long as it has trigger words that get them going. They see an article titled "Mozilla adds ads" and they start running around with a sign "The end is nigh" without even familiarizing themselves with the issue and coming up with "ad absurdum" arguments.
Sure, I mean who cares about the truth as long as we can run around screaming bloody murder and probably soiling ourselves in the process. The "ad tiles" are placed on quick dial instead of empty ones until users get them filled with their browsing history or just drag and dropb pinned stuff from their bookmarks. That's it. But everyone and their dog are starting to whine and threatening to go to Chrome or Pale moon, which is twice as funny as just the wining, because if first browser was built by an advertising company for tracking users and increasing ad efficiency, while the other is nothing but a measely fork, sucking on Firefox codebase and proud of removing a lot of features (websockets anyone? Nah, who needs direct calls from browser, let's all use proprietary Skype), while it is Mozilla that keeps improving JS and HTML rendering engines and yet still keeps all the customizability that was there to begin with.
But that's all you need. User have control over their own bandwidth, you can't ask to prioritize your traffic over someone else's traffic. ISPs should provide a pipe with a fixed bandwidth the user pays for. And user can decide what traffic to prioritize inside his own network. That's it.
Supermarkets have a much lower entry barrier, small need for infrastructure and are forced to adapt to buyers' habits, not vice versa. ISPs on the other hand, hold a monopoly in most places while providing critical infrastructure. Your comparison is totally invalid.
Because Net Neutrality is exactly this: not discriminating traffic based on its origin or type. Providing internet as a pipe, not a toll-road. But ISPs want to have control over what is being sent over that pipe and extort money from services not to throttle them. This "fast lane" is not a dedicated line provided straight to your home to show you youtube, nope, it's a reserved bandwidth (from the bandwidth you paid for) that will be used to deliver you content from services that agreed to pay the ISP for not throttling them.
"No, sir, this is the windows, that doesn't run windows apps. Well, I mean it does, but only the new, Metro, I meant Modern Interface (or whatever MS rebrands their interface to this time). To run old windows apps you'll need a different kind of windows."
I guess someone at MS thought that after using FUD on Linux and seeing it's success they should try go and FUD themselves in hopes of having the same effect.
The thing that shines most of all is lack of VPN support. We all know how corporate world hates to use secure connections for their employees. Oh, wait...
Because Google is not interesting in developing an offline OS. They are interesting in rushing everyone into " the cloud" (read: their services) so that they sift through your data, catalog you and sell you off by a dozen to advertisers, while still milking you for "extra storage" in the said cloud.
That's you answer. Don't worry about "web focus", MS is moving there as well. Hint: see how easy it is to skip registering with MS online account when installing Windows8 and, consequently, when updating it to Windows 8.1
>> Make everything into one big integrated binary instead of something that you can see into or hack on.
Last time I checked - source was available. And several distributions have written shims to replace parts of systemd. If you can't fiddle with anything but a shell script - tough luck, buddy.
Mailservers don't talk PGP. Even being encrypted it's armored in base64 encoding and transmitted as plaintext. And mail client either knows what to do with it, or not. So, nope, no fallback possible, because you can never know if particular person is going to read it through a client that supports encyption or not. But if you have his\her public key, you might as well assume, that client does know ho decrypt it and if you don't - you can't encrypt it anyway.
Unless the deveopment is done outside of US. Because in that case you can use the letter to wipe your, let's say tears of joy and carry on writing the project. Unless, ofcourse you are planning to visit US any time in the future.
Like it or not, but it's not a silver bullet. There is a lot of people who are disconent with Facebook as IM. Believe it or not, but around here people use Skype, WhatsApp and XMPP for IMs, facebook being the last place you'd think to reach a person.
As much as you (and Facebook execs) 'd like Facebook to be "one size fits all" - it's far from that.
Tell any decent IT security manager that you would like to use facebook as company IM and watch him laugh his behind off.
The encryption you are talking about is client-to-server, the encryption the article is talking about is server-to-server. If both are on, the only parties who know about the content of chats is: 1 You 2 Whoever you are messaging 3 Server
To drop the server from the list, you will need end-to-end encryption. Like OTR or GPG.
Well, google sued CM to stop them distributing GPlay. And you can't sell any device with GPlay on it, if Google doesn't give OK for that and you don't negotiate some secret terms and pass their "certification".
And yes - Google Play Store is NOT included in AOSP and doesn't ship with AOSP or any derivatives, unless manufacturer passed the certifications, details of which are discussed on a per-case basis with Google and are subject to NDA.
>> They currently are behind development of the most popular (And open source!) mobile OS out there,
And they are quietly dragging all the open source parts into closed source framework called Google Services, trying to create a vendor lock-in for the apps, so that it's impossible to run software on AOSP without Google Services Framework, which is closed source and completely controled by google. Messaging app is gone (hangouts to the rescue), so is Gallery (hello Google+ Photos, yuck) and a lot of other, smaller things are all being sucked into closed source with their open source variants being left behind and abandoned.
>> the most popular (and "mostly" open source) desktop browser out there
_mostly_ open source. Do you even listen to yourself? Chrome has a fair share of closed source code with important functionality. Chromium is impaired compared to Chrome in terms of functionality.
>> having given very solid reasons for why they dont do security theatre with their Chrome password store
You mean encrypting user passwords with user key and allowing to self-host open source synchronization servers, like firefox does is "theater" ?
>> Im not clear in what sense you could consider them to be "rotting".
In the sense that google stopped being on the forefront of open web and started trying to become the web. Because it's easier to earn money this way. And in the short run, you might even score a nice bonus. As for the long run - who cares for the long run, when there is a nice cash bonus?
Universities, a lot of businesses, non-profits, all use XMPP because it's pretty mush the only solution that doesn't make you give up your information and can host inhouse (without costing an arm and a leg and forcing you into a vendor lock-in).
Even if you give up and drop XMPP, you will still need to use Skype, Google, WhatsApp and whatnot (all of them, not just one), because my communication circle stretches across target audiences of all those messengers and there is no silver bullet (one ideal messenger that would satisfy all people) as sometimes people want completely different things and one messenger cannot satisfy all of them.
>> Anyway, I guess people like the comfort and convenience of walled gardens.
People like comfort and convenience. Corporations love walled gardens, because they can use vendor lock-in to try and leverage their userbase into bringing more people into the same trap.
Most people won't care who pays for the services they use until the information they provided will be used against them, or until they'll lose everything at a blink of an eye for violating some ToS, it'll be too late by then, but, well, some people only learn the hard way.
They did explain. You just didn't listen good enough. XMPP interoperability wouldn't let google force people into their services and would let people run third-party services and yet enjoy the luxury of communicating with those, who used Google as their one-stop-shop for all online needs. Clearly that had to be stopped. I'm expecting a similar move for GMail, only much swifter (those damn users are too used to the stupid idea of email being cross-server, not being locked-in).
That's BS. All this achieves is pushes you into the same zoo of IM clients that stretches from the 90-s. ICQ, Odigo, MSN, Gadu, Skype, XMPP and now all the mobile IMs are all dreaming of being The One. I'm so glad all this corporate "there can be only one and it should be us" broke out after email was standartized. Because right now, several decades from it's invention, we're still stuck with it. No matter how ugly or unsuitable for modern needs the protocol is and how many ugly hacks have been applied to it. Just because this is the only universal communication method. You can send a message and receiver will get it regardless of what mail service it uses.
Back in the day google's tech team though that something similar should be done for IM market and supported XMPP. But then, they decided that this product was too good, to let other people, who don't use google's services to use it to contact the ones already in the Google's web of services. "Everyone should get a google ID." And now hopes of other players are even dimmer than they ever were. Looks like my dream, where people from facebook, google, univercity network and some corporate IM system can get into one conference and chat is a pipe dream.
I don't care for internal protocols, features and such. I just want interoperability between servers. Let john@google.com message jane@facebook.com and any other server that has supported XMPP server. I worked great for email, by the hell do you try to introduce walled gardens and cause pain to your users?
Slashdot Mirror
Well, hello there friend. It must have been very uncomfortable to sit in a cryo cam for all these years, but while you were gone messaging apps have become more relevant than SMS-es and any carrier trying to ban them is to have a fecal storm on the matter, with billions of users for WhatsApp, FacebookMessenger, Hangouts, Viber, Line and whatnot.
They claimed it's TextSecure's algorithm, but, client is closed-sources, so who's going to check? Also, big question is key handling - if server assigns them or even generates them or at least verifies them - then whole "end-to-end" is just theater. I would believe them if key verification was given into user's hands and client's code was opensourced to check that it won't start black carbon/copying all the messages to some "friendly third parties".
The problem with WhatsApp is that it is closed-source, so you can't really check. You'll have to take their word for it. Also, they facilitate key exchange, so the whole "end-to-end" stuff is actually moot, since user is taken out of the loop and server can, at any time re-negotiate the keys and verify that MITM as a person A, that person B is trying to get in contact with. So it's all, once again, a lot of buzzwords, and zero security.
a. Telephone
b. Personal Computer
c. Email
d. Internet
h. Cellular Phones
i. Smart Phones
All hit stage 5 of mass acceptance at work before hitting mass acceptance.
Well, let's go over this once more:
Browser only shows "filler" tiles, that other companies pay to have there. Like an ad sticker on a wrapping paper on your brand new and free car. Firefox does not send any information to ad agencies, does not help them track you or do a full sweep of your activity (looks at chrome).
If you are so against predefined content, how come you were so totally OK all these years with Google search coming as default and Firefox getting a ton of money for it?
Now to adress the "bloated" part. Show me a slimmer browser, that uses less resources while retaining the same functionality? Browsers have become an OS in itself for running webapps. Don't like it - use mailer daemon to mail you the webpages you'd like to see. Richard seems to get along just fine doing that.
As for Pale moon - I am yet to see any usefull changes. They cut out features they don't like, claim they are faster and better, but except for dropping CPU's without SSE no useful optimisations have been introduced. The moment FF shuts down, Pale Moon is going down just as quickly without a main project to hold on to and to port all the changes from.
And last, but not least - when was the last time you donated to developers, that work hard just so that you and every other person on Earth has a reliable, auditable, privacy-caring, open-source browser? Donated code maybe, or at least filed a comprehensive bug report with logs and a case to reproduce?
Everyone's entitled to their own opinion and choice of browsers. But taking a dramatic stance and feeling all betrayed is way out of bounds. I draw the line at browsing experience and user tracking - as long as Firefox doesn't do anything that hurts end-user, they are fine to pursue other means of monetization, as long as the money goes to developing a better software.
I judge by what's been actually done, not by hysteria, that a lot of people like to fuss up around any issue as long as it has trigger words that get them going. They see an article titled "Mozilla adds ads" and they start running around with a sign "The end is nigh" without even familiarizing themselves with the issue and coming up with "ad absurdum" arguments.
Sure, I mean who cares about the truth as long as we can run around screaming bloody murder and probably soiling ourselves in the process. The "ad tiles" are placed on quick dial instead of empty ones until users get them filled with their browsing history or just drag and dropb pinned stuff from their bookmarks. That's it. But everyone and their dog are starting to whine and threatening to go to Chrome or Pale moon, which is twice as funny as just the wining, because if first browser was built by an advertising company for tracking users and increasing ad efficiency, while the other is nothing but a measely fork, sucking on Firefox codebase and proud of removing a lot of features (websockets anyone? Nah, who needs direct calls from browser, let's all use proprietary Skype), while it is Mozilla that keeps improving JS and HTML rendering engines and yet still keeps all the customizability that was there to begin with.
Apple was forced to get read of DRM by court order, not by competition.
But that's all you need. User have control over their own bandwidth, you can't ask to prioritize your traffic over someone else's traffic. ISPs should provide a pipe with a fixed bandwidth the user pays for. And user can decide what traffic to prioritize inside his own network. That's it.
Supermarkets have a much lower entry barrier, small need for infrastructure and are forced to adapt to buyers' habits, not vice versa. ISPs on the other hand, hold a monopoly in most places while providing critical infrastructure. Your comparison is totally invalid.
Because Net Neutrality is exactly this: not discriminating traffic based on its origin or type. Providing internet as a pipe, not a toll-road. But ISPs want to have control over what is being sent over that pipe and extort money from services not to throttle them. This "fast lane" is not a dedicated line provided straight to your home to show you youtube, nope, it's a reserved bandwidth (from the bandwidth you paid for) that will be used to deliver you content from services that agreed to pay the ISP for not throttling them.
Well, this.
"No, sir, this is the windows, that doesn't run windows apps. Well, I mean it does, but only the new, Metro, I meant Modern Interface (or whatever MS rebrands their interface to this time). To run old windows apps you'll need a different kind of windows."
I guess someone at MS thought that after using FUD on Linux and seeing it's success they should try go and FUD themselves in hopes of having the same effect.
The thing that shines most of all is lack of VPN support. We all know how corporate world hates to use secure connections for their employees. Oh, wait...
Because Google is not interesting in developing an offline OS. They are interesting in rushing everyone into " the cloud" (read: their services) so that they sift through your data, catalog you and sell you off by a dozen to advertisers, while still milking you for "extra storage" in the said cloud.
That's you answer. Don't worry about "web focus", MS is moving there as well. Hint: see how easy it is to skip registering with MS online account when installing Windows8 and, consequently, when updating it to Windows 8.1
>> Make everything into one big integrated binary instead of something that you can see into or hack on.
Last time I checked - source was available. And several distributions have written shims to replace parts of systemd. If you can't fiddle with anything but a shell script - tough luck, buddy.
Mailservers don't talk PGP. Even being encrypted it's armored in base64 encoding and transmitted as plaintext. And mail client either knows what to do with it, or not. So, nope, no fallback possible, because you can never know if particular person is going to read it through a client that supports encyption or not. But if you have his\her public key, you might as well assume, that client does know ho decrypt it and if you don't - you can't encrypt it anyway.
Unless the deveopment is done outside of US. Because in that case you can use the letter to wipe your, let's say tears of joy and carry on writing the project. Unless, ofcourse you are planning to visit US any time in the future.
Like it or not, but it's not a silver bullet. There is a lot of people who are disconent with Facebook as IM. Believe it or not, but around here people use Skype, WhatsApp and XMPP for IMs, facebook being the last place you'd think to reach a person.
As much as you (and Facebook execs) 'd like Facebook to be "one size fits all" - it's far from that.
Tell any decent IT security manager that you would like to use facebook as company IM and watch him laugh his behind off.
The encryption you are talking about is client-to-server, the encryption the article is talking about is server-to-server. If both are on, the only parties who know about the content of chats is:
1 You
2 Whoever you are messaging
3 Server
To drop the server from the list, you will need end-to-end encryption. Like OTR or GPG.
Well, google sued CM to stop them distributing GPlay. And you can't sell any device with GPlay on it, if Google doesn't give OK for that and you don't negotiate some secret terms and pass their "certification".
And yes - Google Play Store is NOT included in AOSP and doesn't ship with AOSP or any derivatives, unless manufacturer passed the certifications, details of which are discussed on a per-case basis with Google and are subject to NDA.
>> They currently are behind development of the most popular (And open source!) mobile OS out there,
And they are quietly dragging all the open source parts into closed source framework called Google Services, trying to create a vendor lock-in for the apps, so that it's impossible to run software on AOSP without Google Services Framework, which is closed source and completely controled by google. Messaging app is gone (hangouts to the rescue), so is Gallery (hello Google+ Photos, yuck) and a lot of other, smaller things are all being sucked into closed source with their open source variants being left behind and abandoned.
>> the most popular (and "mostly" open source) desktop browser out there
_mostly_ open source. Do you even listen to yourself? Chrome has a fair share of closed source code with important functionality. Chromium is impaired compared to Chrome in terms of functionality.
>> having given very solid reasons for why they dont do security theatre with their Chrome password store
You mean encrypting user passwords with user key and allowing to self-host open source synchronization servers, like firefox does is "theater" ?
>> Im not clear in what sense you could consider them to be "rotting".
In the sense that google stopped being on the forefront of open web and started trying to become the web. Because it's easier to earn money this way. And in the short run, you might even score a nice bonus. As for the long run - who cares for the long run, when there is a nice cash bonus?
Universities, a lot of businesses, non-profits, all use XMPP because it's pretty mush the only solution that doesn't make you give up your information and can host inhouse (without costing an arm and a leg and forcing you into a vendor lock-in).
Even if you give up and drop XMPP, you will still need to use Skype, Google, WhatsApp and whatnot (all of them, not just one), because my communication circle stretches across target audiences of all those messengers and there is no silver bullet (one ideal messenger that would satisfy all people) as sometimes people want completely different things and one messenger cannot satisfy all of them.
>> Anyway, I guess people like the comfort and convenience of walled gardens.
People like comfort and convenience. Corporations love walled gardens, because they can use vendor lock-in to try and leverage their userbase into bringing more people into the same trap.
Most people won't care who pays for the services they use until the information they provided will be used against them, or until they'll lose everything at a blink of an eye for violating some ToS, it'll be too late by then, but, well, some people only learn the hard way.
They did explain. You just didn't listen good enough. XMPP interoperability wouldn't let google force people into their services and would let people run third-party services and yet enjoy the luxury of communicating with those, who used Google as their one-stop-shop for all online needs. Clearly that had to be stopped. I'm expecting a similar move for GMail, only much swifter (those damn users are too used to the stupid idea of email being cross-server, not being locked-in).
That's BS. All this achieves is pushes you into the same zoo of IM clients that stretches from the 90-s. ICQ, Odigo, MSN, Gadu, Skype, XMPP and now all the mobile IMs are all dreaming of being The One. I'm so glad all this corporate "there can be only one and it should be us" broke out after email was standartized. Because right now, several decades from it's invention, we're still stuck with it. No matter how ugly or unsuitable for modern needs the protocol is and how many ugly hacks have been applied to it. Just because this is the only universal communication method. You can send a message and receiver will get it regardless of what mail service it uses.
Back in the day google's tech team though that something similar should be done for IM market and supported XMPP. But then, they decided that this product was too good, to let other people, who don't use google's services to use it to contact the ones already in the Google's web of services. "Everyone should get a google ID." And now hopes of other players are even dimmer than they ever were. Looks like my dream, where people from facebook, google, univercity network and some corporate IM system can get into one conference and chat is a pipe dream.
I don't care for internal protocols, features and such. I just want interoperability between servers. Let john@google.com message jane@facebook.com and any other server that has supported XMPP server. I worked great for email, by the hell do you try to introduce walled gardens and cause pain to your users?