Thanks for building this and inspiring so many to pursue their dreams. The story of how you did this has always been motivation to go start new things. Good luck with whatever you do next.
Sujal
Dude, that's not true. ESPN charges over 2 dollars a subscriber for every subscriber that has access to ESPN. Since it's on most basic tiers, that means that ALL of you are contributing 2+ dollars per month to ESPN. Since it's one of the biggest reasons a large group of people get cable, it makes sense for the cable companies and ESPN. But that dollar amount (around 100 mil households, IIRC * 12 * 2.70) is billions. Now, ESPN is in it's own price bracket for basic cable, but even if you dropped that to.50 or.25, it's still hundreds of millions.
getting on basic cable can be a sweet deal for popular channels. I'm not sure where the bottom is on subscriber fees, so maybe there are a lot of channels that are in the pennies range or part of a bundle that costs.50 or a dollar. It would be great for cable companies to disclose these fees so consumers would understand what was going into their bills.
Sujal
I don't think bloglines executes JS in the feed. Sure, it's web-based, but it scrubs out script and object/embed tags. I've tried various methods of embedding YouTube or Google Video players into my blog posts, and they never show up in BlogLines.
They do work in my desktop aggregator (NetNewsWire) and I've seen it work in some other aggregators.
except that you can't detect certain things... like whether positioning or the box model works differently in Opera vs. Firefox vs. IE. It's not detectable. Therefore, it helps to know what the browser is because I know how the design I'm implementing is supposed to look. I know the browser quirks. I can compensate for them if I can tell you're using Opera 6, say.
True, there are sites that use the UA field and browser detection to be stupid (e.g. blocking browsers they don't like), but there are far more common use cases where sites simply use it to tweak a box model or serve a different CSS file. These are small things that make the experience better. I don't see why this makes people "idiots" when all they're trying to do is make the site look right for whatever browser you're using.
they're regular old bonds... we've been paying them back already as part of the big bucket of debt maintenance money... They're going to continue to be part of that budget. Defaulting on them, which is what you're suggesting, is probably a bad thing.
You're also assuming indefinite deficits which isn't necessarily true...
The last time they raised social security taxes was when they created the trust fund... the bonds mature in 3 or 5 years intervals so it's not like we're not already paying those bonds back.
Isn't the social security trust fund the biggest part of the "intragovernmental debt?" It needs to get paid back... it's ostensibly owed to the rest of us.
not having the libraries makes it useless... as one of the parent posters said, they skipped the hard part and the part that would convince those of us who are concerned about Microsoft's past behavior from believing that they really want it to be cross platform.
So sure, if they release the engine, it's technically "cross-platform" but it's not cross-platform in any meaningful way.
seriously... the trend is there, but not as pronounced at this example site they've provided. I work at a major sports site and I just checked... today's traffic is 94% IE, 5.7% Moz-based browsers, and the rest "other." Other seems to include Safari, btw. This is based on number of visitors (and that number, fwiw, is in the millions).
Granted, 6 months ago (before the CERT or ISC or whoever advisory to switch browsers, that was at 3%, so it has doubled.;-)
Also, most of the engineers and many of our producers have switched over to Moz for development, so I think the early adopter trend (as exemplified by sites like Engadget) is probably fairly significant.
Sujal
You're missing the point. In either case, I don't think there is a problem..../etc/mailcap or the registry system. GNOME uses this same type of feature, KDE does, Windows, OS X, etc. The point you're missing is that no other OS installs a "run any program the remote host specifies" protocol handler. That is the problem, not the integration. This problem doesn't exist on other platforms because they don't register a shell: protocol that can execute anything.
Unless you're arguing that no OS should have this kind of integration (associating a program/helper for a URL scheme)... All you've said is that the user should be prompted... except no user wants to be prompted. Furthermore, it doesn't actually change any of the underlying code. If you want a user validation in between with a "always remember my choice" checkbox, great.
Still don't understand why we need a shell: handler.
the silly part is, btw, that your entire security flaw is that there isn't a prompt. You don't see anything wrong or different in the fact that a URL doesn't tell the OS what code to run... In other words, a remote site doesn't really know what's going to happen on the client computer. Except with the shell: handler.
But whatever, you clearly think it's a bug in Moz, and I honestly don't care anymore. I'm not on Windows, and I think the integration is fine. I don't understand why shell: is actually runs a program (shouldn't you have to do something like run(file://path/to/executable) ? ) I'm waiting for an exploitable bug in Flash... then you'll argue that plugins should prompt the user before they run...
right, but how does mozilla know that a particular URL is not valid? So, "shell:" seems obvious to you, but it wasn't registered by Mozilla. Windows has a handler called shell. Mozilla is simply doing what the OS provider says to do... hand off unknown protocols to the local system to see if you have helper applications (for example, telnet:// or ssh://).
We agree about the stupidity of a shell:// handler... but Mozilla didn't provide it. I'm not sure what "valid data" they should be checking for here... the only thing I see at this point is that they need to start maintaining a black list of protocol schemes... Of course, if a particular bit of spyware/adware becomes popular, for example, they'll just be chasing down changing schemes.
Mozilla doesn't do what you described... it doesn't hand off any executable to the OS.
Your analogy isn't quite right... let's think about this another way... you have a plugin you've installed that has a security flaw in it. Is Mozilla (or IE or any other browser) responsible for the security flaw?
The registration of external protocol handlers is common practice across different platforms and browsers. I use OS X primarily at work and at home. I also run Linux here and have a Windows laptop at work. All three platforms use external protocol handlers to register helper applications.
The part that I think is significant is that the OS registered a protocol handler that isn't safe in an internet context. So, you either blame the browser for doing what the OS manufacturer recommends you do... or you blame the fool who wrote the insecure protocol handler (and why the hell would you want a "run any program" protocol handler????)
don't take this the wrong way, but it may have to do with how you're driving... manual transmissions get you the potential to have better mileage, but don't guarantee it. For example, you could run your car at 4K RPM at 25mph all the time. Or you could speed on the highway (EPA mileage numbers are at 55 or 65, i think).
I say this because I noticed on my Matrix (XRS) that I was getting like 24-25 mpg instead of 30. I was able to get much closer to the 30 mpg when I followed the shift points described in my manual to the letter instead of my normal gun it in first acceleration. I also took 5 mph off my speed when I go to work, and I'm consistently up near 30.
To the guy below who talks about not caring about mileage, well, it's not putting me in the poor house or anything, but if I can save $5 a week in gas, I'd rather do that. Especially since my car requires premium fuel.
Screw the implications for connectivity... if it's easy enough to break into rooms like this to steal crap... how hard is it to install sniffers and loggers? How often do people check the unmanned rooms? I realize the amount of data that would be generated, but presumably you could filter or do something with fast enough hardware or specialized equipment (I'm thinking big budget crime, not podunk credit card theft).
That bugs me more than people bringing down the Internet via theft...
The Web100 project might give you insights and technical information about tuning your OSes to get maximum performance from your high speed network. While they are mostly concerned with WAN tuning (this project is affiliated with Internet2, the underlying problems discussed (and the testing software they offer) should provide you with clues on maximizing performance on your LAN.
As for fragmenting down, it might be easier to do that with a router that you actually have software control over (i.e. an old, low power linux box). I don't really have any experience with this on a home network, so...
who is getting hurt by page rank? hurt in the sense of real harm... I'm so confused by everyone equating losing a few places on Google's results to death or dismemberment...
If you're talking about legal harm, then people should go ahead and sue... that's the whole point of the legal system. But to claim that google is broken or responsible for this guy's embarrassment is wrong.
Oh come on... search engine != car cruise control... especially since I've yet to see a cruise control control steering.;-)
Who's getting run over in your analogy? I'm not following who the victim is that's getting "run over" in the Google case...
Finally, I'm not arguing that Google is perfect or that they shouldn't pay attention to the google bombs or link farms... I'm sure they do (someone above linked to the person who is responsible for that). I'm simply arguing that it works well and that people who fret about the end of Google's value are overreacting.
On the contrary, that's what makes PageRank valuable... by using the terms used by people to link to a particular page, they reflect real phrases used by real people to refer to a particular page. Whether your particular search is satisfied is a different problem that I just don't think is really affected much...
Why?
Because I haven't see these problems affecting Google results in a meaningful way... I have yet to actually search for a google bombed topic.. I mean, who actually searches for miserable failure? When someone starts google bombing "mozilla oji domain validation bug" I'll get worried...
right, but what's wrong with that? Let me put this another way: What should Google do about it?
The algorithm is working as well as it's supposed to. People are generating content in the sense that they are posting an opinion on the web about Michael Moore and the search term. Why is that Google's problem?
They're not really tricking the search engine... they're simply generating content. The search engine is picking up the fact that a lot of people believe a term is associated with a particular page...
Isn't that what a search engine is supposed to do? I mean, if you search for a concept on the web, you should find what people believe is the relevant content for that term... it's not hijacking. It's simply reflecting the terms people use to refer to a particular page.
To say that Google needs to do something about this is silly. The algorithms are working as intended. If you disagree with the opinion of the people making the connection between the term and the page, well, take it up with the people making the links or make your own links to the "right" place.
Slashdot Mirror
Thanks for building this and inspiring so many to pursue their dreams. The story of how you did this has always been motivation to go start new things. Good luck with whatever you do next. Sujal
Dude, that's not true. ESPN charges over 2 dollars a subscriber for every subscriber that has access to ESPN. Since it's on most basic tiers, that means that ALL of you are contributing 2+ dollars per month to ESPN. Since it's one of the biggest reasons a large group of people get cable, it makes sense for the cable companies and ESPN. But that dollar amount (around 100 mil households, IIRC * 12 * 2.70) is billions. Now, ESPN is in it's own price bracket for basic cable, but even if you dropped that to .50 or .25, it's still hundreds of millions.
getting on basic cable can be a sweet deal for popular channels. I'm not sure where the bottom is on subscriber fees, so maybe there are a lot of channels that are in the pennies range or part of a bundle that costs .50 or a dollar. It would be great for cable companies to disclose these fees so consumers would understand what was going into their bills.
Sujal
I don't think bloglines executes JS in the feed. Sure, it's web-based, but it scrubs out script and object/embed tags. I've tried various methods of embedding YouTube or Google Video players into my blog posts, and they never show up in BlogLines.
They do work in my desktop aggregator (NetNewsWire) and I've seen it work in some other aggregators.
Sujal
True, there are sites that use the UA field and browser detection to be stupid (e.g. blocking browsers they don't like), but there are far more common use cases where sites simply use it to tweak a box model or serve a different CSS file. These are small things that make the experience better. I don't see why this makes people "idiots" when all they're trying to do is make the site look right for whatever browser you're using.
Sujal
Anywho, this is unproductive. Believe what you will.
You're also assuming indefinite deficits which isn't necessarily true...
The last time they raised social security taxes was when they created the trust fund... the bonds mature in 3 or 5 years intervals so it's not like we're not already paying those bonds back.
Isn't the social security trust fund the biggest part of the "intragovernmental debt?" It needs to get paid back... it's ostensibly owed to the rest of us.
So sure, if they release the engine, it's technically "cross-platform" but it's not cross-platform in any meaningful way.
Sujal
seriously... the trend is there, but not as pronounced at this example site they've provided. I work at a major sports site and I just checked... today's traffic is 94% IE, 5.7% Moz-based browsers, and the rest "other." Other seems to include Safari, btw. This is based on number of visitors (and that number, fwiw, is in the millions). Granted, 6 months ago (before the CERT or ISC or whoever advisory to switch browsers, that was at 3%, so it has doubled. ;-)
Also, most of the engineers and many of our producers have switched over to Moz for development, so I think the early adopter trend (as exemplified by sites like Engadget) is probably fairly significant.
Sujal
Unless you're arguing that no OS should have this kind of integration (associating a program/helper for a URL scheme)... All you've said is that the user should be prompted... except no user wants to be prompted. Furthermore, it doesn't actually change any of the underlying code. If you want a user validation in between with a "always remember my choice" checkbox, great.
Still don't understand why we need a shell: handler.
the silly part is, btw, that your entire security flaw is that there isn't a prompt. You don't see anything wrong or different in the fact that a URL doesn't tell the OS what code to run... In other words, a remote site doesn't really know what's going to happen on the client computer. Except with the shell: handler.
But whatever, you clearly think it's a bug in Moz, and I honestly don't care anymore. I'm not on Windows, and I think the integration is fine. I don't understand why shell: is actually runs a program (shouldn't you have to do something like run(file://path/to/executable) ? ) I'm waiting for an exploitable bug in Flash... then you'll argue that plugins should prompt the user before they run...
Sujal
you're not differentiating between a protocol handler and /bin/sh... this is just silly.
They didn't set it up... this is the way the OS asks applications to behave. You're misstating the way it works.
Right. This is getting silly.
Sujal
We agree about the stupidity of a shell:// handler... but Mozilla didn't provide it. I'm not sure what "valid data" they should be checking for here... the only thing I see at this point is that they need to start maintaining a black list of protocol schemes... Of course, if a particular bit of spyware/adware becomes popular, for example, they'll just be chasing down changing schemes.
Sujal
Your analogy isn't quite right... let's think about this another way... you have a plugin you've installed that has a security flaw in it. Is Mozilla (or IE or any other browser) responsible for the security flaw?
The registration of external protocol handlers is common practice across different platforms and browsers. I use OS X primarily at work and at home. I also run Linux here and have a Windows laptop at work. All three platforms use external protocol handlers to register helper applications.
The part that I think is significant is that the OS registered a protocol handler that isn't safe in an internet context. So, you either blame the browser for doing what the OS manufacturer recommends you do... or you blame the fool who wrote the insecure protocol handler (and why the hell would you want a "run any program" protocol handler????)
Sujal
I say this because I noticed on my Matrix (XRS) that I was getting like 24-25 mpg instead of 30. I was able to get much closer to the 30 mpg when I followed the shift points described in my manual to the letter instead of my normal gun it in first acceleration. I also took 5 mph off my speed when I go to work, and I'm consistently up near 30.
To the guy below who talks about not caring about mileage, well, it's not putting me in the poor house or anything, but if I can save $5 a week in gas, I'd rather do that. Especially since my car requires premium fuel.
Sujal
That bugs me more than people bringing down the Internet via theft...
sujal
As for fragmenting down, it might be easier to do that with a router that you actually have software control over (i.e. an old, low power linux box). I don't really have any experience with this on a home network, so...
Sujal
If you're talking about legal harm, then people should go ahead and sue... that's the whole point of the legal system. But to claim that google is broken or responsible for this guy's embarrassment is wrong.
OK, this is getting tiring.
Who's getting run over in your analogy? I'm not following who the victim is that's getting "run over" in the Google case...
Finally, I'm not arguing that Google is perfect or that they shouldn't pay attention to the google bombs or link farms... I'm sure they do (someone above linked to the person who is responsible for that). I'm simply arguing that it works well and that people who fret about the end of Google's value are overreacting.
Sujal
Sujal
Why?
Because I haven't see these problems affecting Google results in a meaningful way... I have yet to actually search for a google bombed topic.. I mean, who actually searches for miserable failure? When someone starts google bombing "mozilla oji domain validation bug" I'll get worried...
Sujal
The algorithm is working as well as it's supposed to. People are generating content in the sense that they are posting an opinion on the web about Michael Moore and the search term. Why is that Google's problem?
Sujal
Isn't that what a search engine is supposed to do? I mean, if you search for a concept on the web, you should find what people believe is the relevant content for that term... it's not hijacking. It's simply reflecting the terms people use to refer to a particular page.
To say that Google needs to do something about this is silly. The algorithms are working as intended. If you disagree with the opinion of the people making the connection between the term and the page, well, take it up with the people making the links or make your own links to the "right" place.
Sujal