So I come from a webdev background; our formal practices for clients involve good release and change management, so I'm not a stranger to them.
However, while things like Drupal and WordPress are often used as the basis for client projects by companies that do that sort of "best practice", I think it's important to remember that for many users, it's basically the equivalent of installing a new application on their desktop computers - they just click a bunch of things and presto, it is online.
I guess there's an analogy to enterprise desktop environments where the desktops are locked down by IT and users can't install anything on there until it has gone through an extensive process.
Their shiny new Drupal or WordPress or whatever is now just an application running on someone else's computer. Like most desktop software it's a fully functioning "production" instance.
This is largely because of cheap hosting, the general "cloudification" of everything, and the externalities of many common hosting problems (e.g., spam, compromised sites being used as botnets, etc).
Just like casually installing Notepad++ on the desktop, there are plenty of times where setting up a production-only instance of Drupal/WordPress/etc is fine. We can't expect the average user to be an expert in web hosting, or Windows desktop management, or Linux firewall rules, or whatever.
I too have little confidence in Google's ability to make a messaging app that people will use.
For such a giant tech company with so many smart people I can't fathom how they've managed to screw up instant messaging so, so badly. They could have easily had the dominance they have with email if they'd just built a nice, simple, cross-platform version of the old Google Talk client.
Instead it mutated awkwardly into Hangouts, something which seems weirdly present in different forms on different devices and embedded into certain of their web applications, with varying levels of functionality.
It bugs me that there's no native Windows desktop client, just some Chrome "app" thing. It really bugs me that the mobile application is is kind of worse than ICQ was back in the 90s - the user list does not distinguish between users that are online, away, or offline. The default view is just a list of your previous conversations. It bugs me that they've hidden the logout option (Settings -> Account settings -> scroll to bottom -> sign out) to basically trick you into running it all the time.
I am very sure all of these 'features' are intentional and the result of UX experts studying how people use the application combined with how their biz people want people to use it. I know their goal was to make Hangouts more like an SMS tool - they want people sending messages regardless of online status. (I've never been a big SMS user so I don't know how important the SMS integration for an Internet-based messaging app is to civilians; maybe it's a bigger deal than I think?)
Before Hangouts almost everyone I know was on Google Talk. My relatives around the world used it as a standard communications tool for quick chats and voice chat. Since it has gone to Hangouts they have all (except for one uncle) abandoned it more or less completely - I never see them online any more and I never get any Hangout requests. They've all moved to Skype for voice chat. No idea what they use for messaging.
I don't want an intelligent assistant. I want to be able to send quick messages to people on my list. I want to know in advance if they're online, away, or offline. I want to be able to set my status to any of those states. I want it to be secure and preferably open source (... realising the latter is a long shot). I want it to NOT CHANGE every few months when some new UI/UX person gets a hold of it. I want it to be simple, stable and reliable.
Yes, but I'd like to see a modern take on what technology might actually be applicable in the near future - rather than future tech envisioned in 1966
Not that I disagree, but I just find it interesting to note that 1966 is a lot closer to when we as a species were last on the moon compared to now with all our new-fangled modern technology.
Hmm, I run Thunderbird on Windows 8.1 and don't really have slow performance problems. I wouldn't say it's super lightning fast but it's not too bad. The biggest problem I have is my main mail server is on the other side of the planet so the latency sometimes leads to weirdness, but when I'm local and using it it's fine.
I've got (as I discovered yesterday doing some maintenance) over 17GB of email in there dating back over 10 years. I'm actually generally more impressed with performance.
I still want to see a shitload more work on Thunderbird though. I totally agree with the rest of your post; there are few alternatives and most of the other "solutions" are useless. I was intrigued by the comment about the Pale Moon team fork but not enough to try it (yet).
I mean I guess I can imagine Carly Fiorina, as a mere ex-CEO of one of the largest technology companies in the world, might not have any idea how, like, technology actually works. But this whole conversation is so stupid.
What are these people anticipating? First of all they need to legislate that all crypto software has to have a back door. Leaving aside the security implications of that (which are immense), it means that any company that wants to make and sell crypto in the US will need to change their product lines.
Then to actually make this effective, they'd need to legislate that any company that wants to use crypto within the US must use software that meets this requirement. Without that, then any company that wants actual security will just be buying products (that actually are secure) from overseas and using them in the US.
I don't even know what would happen with people currently using non-crippled open source crypto. Would they be expected to pull it out and replace it with a government approved commercial solution? Would someone create a fork of the open source products that had some back door?
To me every comment made by these clowns just demonstrates a complete lack of awareness about how software works, what open source is, and how tech people think.
Seems bizarre that a company in Yahoo's situation would be doing M&As with companies that are not clearly wildly profitable. Trying to pick winners in startup space is something VCs should be doing; I'd not be impressed if I was a Yahoo shareholder.
All their acquisitions should be being done because it's more effective for them to invest shareholder money in the acquisition than it is to developed the equivalent product/revenue stream/service internally.
It's not really clear if the acquisitions of startups are really dice rolls from this document, which is pretty high level - it doesn't really show how they align with Yahoo's core business, etc. But it's certainly the implication.
If you're going to be playing M&A games with random startups, probably better to be doing it in the really really early stages so you're not spending millions per acquisition.
I was an original Yahoo search user back in the day, but I can't remember the last time I used a Yahoo product.
Everyone on Slashdot already knows Mozilla seem to have lost their way. I wrote Forgetting Firefox a while back (which ran on Slashdot), bemoaning the problems - but more to the point, trying to draw attention that mail and groupware should be the next big challenge Mozilla pick up.
Sadly, this new statement implies they're going in the opposite direction.
Mozilla, you already won the browser wars. There's a lot of other work to do.
Their official blog post actually has a PDF link - not sure if they've updated it since releasing the (weird) DOCX file, or if the DOCX came from another source.
I'm using a copy of SecureCRT that I bought over 10 years ago (actually probably closer to 15 now). It has worked flawlessly on every version of Windows I've had during that time.
It is nicely portable between new machines too; I just have to keep a registry file with the license info in the directory to import when I move to a new system.
I suspect at some point it might just break. But I'm pretty happy with the mileage I've gotten out of it!
I guess these are the same spies that are trying to hack into my website every night! I guess they're lucky they're only getting Chinese and Russian ones!
Seriously though, three news articles are linked to in this story and zero of them have any more information that differentiates this even remotely from the standard brute force hacking attempts that I'm sure everyone that reads Slashdot puts up with on a daily basis on their various servers and systems.
As far as I can tell for anyone in IT here in Australia, there's no way to distinguish this from an actual threat from foreign nation states attempting to CYBER-espionage us, and just the typical random background noise of automated exploit scriptkiddie stuff.
Any real tech journos want to try to get some actual information?
As someone too young to have seen slide rules, I nonetheless loved this quote when I read it in Asimov's "I, Robot":
So they waited and relaxed until the drawing-board men and the slide-rule boys had said âoeOK!â
Despite the references to the nerd technology of the time, the intent of the sentence is so clear that it brought a smile to my face, thinking of the nerds that would have read that back when it was written and instantly feeling a sense of recognition.
Thanks for mentioning that. I was curious as to how they did that kind of thing; after your post I had a quick Google and found some of the images - all watermarked terribly by Getty; maybe there are better ones elsewhere but I was fascinated:
I've had a great experience with TWC in Columbus OH, I had an problem about 6 weeks ago that meant Internet was going up and down. They sent someone out and fixed it within a day.
They also gave me a credit without me asking for it. It was small (under 10 bucks I think, maybe 10% of my bill) but I was impressed. Maybe it is different because other providers are available in my area.
I noticed the other day that ASIO (Australian Security Intelligence Organisation) throws a SHA-1 warning in Chrome ("This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private").
1) Is this a terribly big deal and, as Chrome (i.e., Google) warns, should I be massively concerned that our chief intelligence agency is running with algorithms that are considered obsolete by the infosec community?!
or
2) Have they carefully looked at all the known SHA-1 weaknesses (and presumably several that are not known to the wider public) and determined the risk is acceptable and that (for example) people applying for jobs on their website are not in danger of having their details compromised?!
I'm surprised (maybe I shouldn't be) about the narrative and comments (particularly on Slashdot) around these kind of events. Lots of calling people out as "SJW" to justify what seems to be horrible childish responses to trying to have a conversation, or over-the-top political correctness gone mad trying to apply general principles to weird random exceptional social/cultural issues.
What is far more interesting to me (as a non-American) is the ease at which free speech is thrown aside. I think the First Amendment is one of the most amazing things in any culture; the fact that it is enshrined into US law at such a low level is fascinating.
The entire point of 1A (to me) seems to be to give people the freedom to ALWAYS be able to use speech to push for causes they believe in. Threaten violence to shut down speech is clearly a first class douche maneuver in any circumstance, but seeing it happen in the US - where the right to do so is baked into the Constitution that so many of its citizens are so proud of - is especially depressing.
SXSW, as a conference, has a duty of care to its attendees. Threats of violence (... particularly in the US where one of the other popular amendments increases the risk) need to be taken seriously, even though I'm sure most of us would agree these threats are mostly from impotent keyboard warriors. So their stance is understandable. But it still makes me sad.
I pulled it out of my pocket about an hour ago and it was off. I'd just gotten it off the charger - it only had about 35% battery left, but it definitely was nowhere near running out.
This happens to me about once every 4-6 weeks. Seems to be totally random. Stock phone running latest official OS.
If it was happening frequently I'd be pretty sad but as it is I just see it as me leaving my computer on for more than a month and it deciding it needs a break and crashing.
Not sure if that was sarcastic, but OP is correct (with the addition of synthetic materials). I live by the ocean where the UV index is almost always extreme. Rash guards/wetsuits can cover most of your body and really are the best way to protect against the sun if you spend any amount of time in the water. It doesn't wash off and you don't miss spots (it's also it's better for the environment for those that care about it).
Rashies are very common in Australia at the beach (I wear one any time I go into water at all because it's so much easier than sunscreening my body).
For summer sports though they're not really an option. Cricket is manageable; you can wear long sleeves and pants and hats and be covered. But for more active sports (e.g., I play soccer) wearing long clothes is very uncomfortable.
I've been in the US for most of summer and play soccer several times a week during the day so have become more familiar with local sunscreen options. Almost looking forward to winter where I/have/ to wear long clothes. Back home I try to play soccer at night!
Given the description, it sounds like they're ripe for some additional regulation.
While I don't disagree, it should be noted that one of the reasons companies don't ship internationally is to preserve their local distribution models. From Australia it's often impossible to buy certain big brands (IIRC, things like North Face) from places like Amazon - they have local distribution locked down so they can control the price points globally (Moosejaw have a list of some of these brands.
As a result, reshippers became quite popular in Australia. So much so, that our national postal service actually created a dedicated reshipping agency called ShopMate!
I've thought for a while an international collaboration between taxi companies via open source would be a great way for them to combat Uber. Rather than spin off a million of their own crappy little apps with terrible user experience, they could all be working together to make a nice piece of software they can all use.
One of the reasons Uber is great (for me anyway) is it works really really well when traveling. You turn up at a new place, load the app, and you know it will work. I can get a price estimate in an entirely new city while I'm on the plane waiting to disembark. A collaborative approach between taxi services would allow for the same kind of thing internationally.
There's all the usual benefits of an an open source app as well; I'd feel much more comfortable - I don't like all the permissions required (Android) and the mystery behind the Uber app.
- it does things to your computer that you did not ask it to do
Like a bug?
- it downloads software you did not ask it to download
Like all Google software that auto-updates?!
- it gathers data from your computer and sends it to distant servers without your knowledgeable permission (agreeing to a fine-print multi-page EULA is not knowledgeable permission)
The most interesting thing in the summary is that they're using PayPal over Bitcoin (or other cryptocurrencies). Is this because they're clueless noobs who can't be bothered to figure out how to use Bitcoin? Is it because PayPal is so terrible at stopping accounts engaged in this kind of abuse that they can still make a shitload of money before they're blocked? Is it because they've found Bitcoin is not useful or flexible enough?! So many questions!
Slashdot Mirror
So I come from a webdev background; our formal practices for clients involve good release and change management, so I'm not a stranger to them.
However, while things like Drupal and WordPress are often used as the basis for client projects by companies that do that sort of "best practice", I think it's important to remember that for many users, it's basically the equivalent of installing a new application on their desktop computers - they just click a bunch of things and presto, it is online.
I guess there's an analogy to enterprise desktop environments where the desktops are locked down by IT and users can't install anything on there until it has gone through an extensive process.
Their shiny new Drupal or WordPress or whatever is now just an application running on someone else's computer. Like most desktop software it's a fully functioning "production" instance.
This is largely because of cheap hosting, the general "cloudification" of everything, and the externalities of many common hosting problems (e.g., spam, compromised sites being used as botnets, etc).
Just like casually installing Notepad++ on the desktop, there are plenty of times where setting up a production-only instance of Drupal/WordPress/etc is fine. We can't expect the average user to be an expert in web hosting, or Windows desktop management, or Linux firewall rules, or whatever.
As Marc Andreessen said yesterday on Twitter, "Google employees will really enjoy using this"!
I too have little confidence in Google's ability to make a messaging app that people will use.
For such a giant tech company with so many smart people I can't fathom how they've managed to screw up instant messaging so, so badly. They could have easily had the dominance they have with email if they'd just built a nice, simple, cross-platform version of the old Google Talk client.
Instead it mutated awkwardly into Hangouts, something which seems weirdly present in different forms on different devices and embedded into certain of their web applications, with varying levels of functionality.
It bugs me that there's no native Windows desktop client, just some Chrome "app" thing. It really bugs me that the mobile application is is kind of worse than ICQ was back in the 90s - the user list does not distinguish between users that are online, away, or offline. The default view is just a list of your previous conversations. It bugs me that they've hidden the logout option (Settings -> Account settings -> scroll to bottom -> sign out) to basically trick you into running it all the time.
I am very sure all of these 'features' are intentional and the result of UX experts studying how people use the application combined with how their biz people want people to use it. I know their goal was to make Hangouts more like an SMS tool - they want people sending messages regardless of online status. (I've never been a big SMS user so I don't know how important the SMS integration for an Internet-based messaging app is to civilians; maybe it's a bigger deal than I think?)
Before Hangouts almost everyone I know was on Google Talk. My relatives around the world used it as a standard communications tool for quick chats and voice chat. Since it has gone to Hangouts they have all (except for one uncle) abandoned it more or less completely - I never see them online any more and I never get any Hangout requests. They've all moved to Skype for voice chat. No idea what they use for messaging.
I don't want an intelligent assistant. I want to be able to send quick messages to people on my list. I want to know in advance if they're online, away, or offline. I want to be able to set my status to any of those states. I want it to be secure and preferably open source (... realising the latter is a long shot). I want it to NOT CHANGE every few months when some new UI/UX person gets a hold of it. I want it to be simple, stable and reliable.
Please start here Google!
Reminder that this Dilbert exists:
http://dilbert.com/strip/2014-...
Yes, but I'd like to see a modern take on what technology might actually be applicable in the near future - rather than future tech envisioned in 1966
Not that I disagree, but I just find it interesting to note that 1966 is a lot closer to when we as a species were last on the moon compared to now with all our new-fangled modern technology.
Hmm, I run Thunderbird on Windows 8.1 and don't really have slow performance problems. I wouldn't say it's super lightning fast but it's not too bad. The biggest problem I have is my main mail server is on the other side of the planet so the latency sometimes leads to weirdness, but when I'm local and using it it's fine.
I've got (as I discovered yesterday doing some maintenance) over 17GB of email in there dating back over 10 years. I'm actually generally more impressed with performance.
I still want to see a shitload more work on Thunderbird though. I totally agree with the rest of your post; there are few alternatives and most of the other "solutions" are useless. I was intrigued by the comment about the Pale Moon team fork but not enough to try it (yet).
I mean I guess I can imagine Carly Fiorina, as a mere ex-CEO of one of the largest technology companies in the world, might not have any idea how, like, technology actually works. But this whole conversation is so stupid.
What are these people anticipating? First of all they need to legislate that all crypto software has to have a back door. Leaving aside the security implications of that (which are immense), it means that any company that wants to make and sell crypto in the US will need to change their product lines.
Then to actually make this effective, they'd need to legislate that any company that wants to use crypto within the US must use software that meets this requirement. Without that, then any company that wants actual security will just be buying products (that actually are secure) from overseas and using them in the US.
I don't even know what would happen with people currently using non-crippled open source crypto. Would they be expected to pull it out and replace it with a government approved commercial solution? Would someone create a fork of the open source products that had some back door?
To me every comment made by these clowns just demonstrates a complete lack of awareness about how software works, what open source is, and how tech people think.
Good luck, USA. You're going to need it.
Seems bizarre that a company in Yahoo's situation would be doing M&As with companies that are not clearly wildly profitable. Trying to pick winners in startup space is something VCs should be doing; I'd not be impressed if I was a Yahoo shareholder.
All their acquisitions should be being done because it's more effective for them to invest shareholder money in the acquisition than it is to developed the equivalent product/revenue stream/service internally.
It's not really clear if the acquisitions of startups are really dice rolls from this document, which is pretty high level - it doesn't really show how they align with Yahoo's core business, etc. But it's certainly the implication.
If you're going to be playing M&A games with random startups, probably better to be doing it in the really really early stages so you're not spending millions per acquisition.
I was an original Yahoo search user back in the day, but I can't remember the last time I used a Yahoo product.
Basically the only reason I'd want to have the burden of billions of dollars is to use them to try to make the world a better place.
Everyone on Slashdot already knows Mozilla seem to have lost their way. I wrote Forgetting Firefox a while back (which ran on Slashdot), bemoaning the problems - but more to the point, trying to draw attention that mail and groupware should be the next big challenge Mozilla pick up.
Sadly, this new statement implies they're going in the opposite direction.
Mozilla, you already won the browser wars. There's a lot of other work to do.
Their official blog post actually has a PDF link - not sure if they've updated it since releasing the (weird) DOCX file, or if the DOCX came from another source.
I'm using a copy of SecureCRT that I bought over 10 years ago (actually probably closer to 15 now). It has worked flawlessly on every version of Windows I've had during that time.
It is nicely portable between new machines too; I just have to keep a registry file with the license info in the directory to import when I move to a new system.
I suspect at some point it might just break. But I'm pretty happy with the mileage I've gotten out of it!
I guess these are the same spies that are trying to hack into my website every night! I guess they're lucky they're only getting Chinese and Russian ones!
Seriously though, three news articles are linked to in this story and zero of them have any more information that differentiates this even remotely from the standard brute force hacking attempts that I'm sure everyone that reads Slashdot puts up with on a daily basis on their various servers and systems.
As far as I can tell for anyone in IT here in Australia, there's no way to distinguish this from an actual threat from foreign nation states attempting to CYBER-espionage us, and just the typical random background noise of automated exploit scriptkiddie stuff.
Any real tech journos want to try to get some actual information?
As someone too young to have seen slide rules, I nonetheless loved this quote when I read it in Asimov's "I, Robot":
So they waited and relaxed until the drawing-board men and the slide-rule boys had said âoeOK!â
Despite the references to the nerd technology of the time, the intent of the sentence is so clear that it brought a smile to my face, thinking of the nerds that would have read that back when it was written and instantly feeling a sense of recognition.
Thanks for mentioning that. I was curious as to how they did that kind of thing; after your post I had a quick Google and found some of the images - all watermarked terribly by Getty; maybe there are better ones elsewhere but I was fascinated:
http://www.gettyimages.com.au/...
I've had a great experience with TWC in Columbus OH, I had an problem about 6 weeks ago that meant Internet was going up and down. They sent someone out and fixed it within a day.
They also gave me a credit without me asking for it. It was small (under 10 bucks I think, maybe 10% of my bill) but I was impressed. Maybe it is different because other providers are available in my area.
I noticed the other day that ASIO (Australian Security Intelligence Organisation) throws a SHA-1 warning in Chrome ("This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private").
https://www.asio.gov.au/About-...
Still almost two years left on the cert.
So I wonder:
1) Is this a terribly big deal and, as Chrome (i.e., Google) warns, should I be massively concerned that our chief intelligence agency is running with algorithms that are considered obsolete by the infosec community?!
or
2) Have they carefully looked at all the known SHA-1 weaknesses (and presumably several that are not known to the wider public) and determined the risk is acceptable and that (for example) people applying for jobs on their website are not in danger of having their details compromised?!
I'm surprised (maybe I shouldn't be) about the narrative and comments (particularly on Slashdot) around these kind of events. Lots of calling people out as "SJW" to justify what seems to be horrible childish responses to trying to have a conversation, or over-the-top political correctness gone mad trying to apply general principles to weird random exceptional social/cultural issues.
What is far more interesting to me (as a non-American) is the ease at which free speech is thrown aside. I think the First Amendment is one of the most amazing things in any culture; the fact that it is enshrined into US law at such a low level is fascinating.
The entire point of 1A (to me) seems to be to give people the freedom to ALWAYS be able to use speech to push for causes they believe in. Threaten violence to shut down speech is clearly a first class douche maneuver in any circumstance, but seeing it happen in the US - where the right to do so is baked into the Constitution that so many of its citizens are so proud of - is especially depressing.
SXSW, as a conference, has a duty of care to its attendees. Threats of violence (... particularly in the US where one of the other popular amendments increases the risk) need to be taken seriously, even though I'm sure most of us would agree these threats are mostly from impotent keyboard warriors. So their stance is understandable. But it still makes me sad.
You can turn off XML-RPC by setting this filter in (for example) wp-config.php:
add_filter('xmlrpc_enabled', '__return_false');
I pulled it out of my pocket about an hour ago and it was off. I'd just gotten it off the charger - it only had about 35% battery left, but it definitely was nowhere near running out.
This happens to me about once every 4-6 weeks. Seems to be totally random. Stock phone running latest official OS.
If it was happening frequently I'd be pretty sad but as it is I just see it as me leaving my computer on for more than a month and it deciding it needs a break and crashing.
Not sure if that was sarcastic, but OP is correct (with the addition of synthetic materials). I live by the ocean where the UV index is almost always extreme. Rash guards/wetsuits can cover most of your body and really are the best way to protect against the sun if you spend any amount of time in the water. It doesn't wash off and you don't miss spots (it's also it's better for the environment for those that care about it).
Rashies are very common in Australia at the beach (I wear one any time I go into water at all because it's so much easier than sunscreening my body).
For summer sports though they're not really an option. Cricket is manageable; you can wear long sleeves and pants and hats and be covered. But for more active sports (e.g., I play soccer) wearing long clothes is very uncomfortable.
I've been in the US for most of summer and play soccer several times a week during the day so have become more familiar with local sunscreen options. Almost looking forward to winter where I /have/ to wear long clothes. Back home I try to play soccer at night!
Given the description, it sounds like they're ripe for some additional regulation.
While I don't disagree, it should be noted that one of the reasons companies don't ship internationally is to preserve their local distribution models. From Australia it's often impossible to buy certain big brands (IIRC, things like North Face) from places like Amazon - they have local distribution locked down so they can control the price points globally (Moosejaw have a list of some of these brands.
As a result, reshippers became quite popular in Australia. So much so, that our national postal service actually created a dedicated reshipping agency called ShopMate!
I've thought for a while an international collaboration between taxi companies via open source would be a great way for them to combat Uber. Rather than spin off a million of their own crappy little apps with terrible user experience, they could all be working together to make a nice piece of software they can all use.
One of the reasons Uber is great (for me anyway) is it works really really well when traveling. You turn up at a new place, load the app, and you know it will work. I can get a price estimate in an entirely new city while I'm on the plane waiting to disembark. A collaborative approach between taxi services would allow for the same kind of thing internationally.
There's all the usual benefits of an an open source app as well; I'd feel much more comfortable - I don't like all the permissions required (Android) and the mystery behind the Uber app.
- it does things to your computer that you did not ask it to do
Like a bug?
- it downloads software you did not ask it to download
Like all Google software that auto-updates?!
- it gathers data from your computer and sends it to distant servers without your knowledgeable permission (agreeing to a fine-print multi-page EULA is not knowledgeable permission)
This is a good one though.
Another good hypothesis!
The most interesting thing in the summary is that they're using PayPal over Bitcoin (or other cryptocurrencies). Is this because they're clueless noobs who can't be bothered to figure out how to use Bitcoin? Is it because PayPal is so terrible at stopping accounts engaged in this kind of abuse that they can still make a shitload of money before they're blocked? Is it because they've found Bitcoin is not useful or flexible enough?! So many questions!