The NSPCC is one of those charities that I often feel like I want to support (because who doesn't want to help children have a better life, right?) but then I see how they act or something they say in reality and I wonder whether we really see the world the same way at all.
This is sad, because maybe somewhere there is a child losing out because of it. However, I have to think not just of what might happen to unlucky children in terrible cases today but also what kind of world I think all children deserve to live in both today and tomorrow.
I want to believe that organisations like the NSPCC and for that matter government-run social services are working towards a better world for those children. I also don't doubt that the overwhelming majority of people working in those roles have good intentions. But the obvious fear-mongering and nanny state tendencies really concern me and make me very wary of lending any active support to this kind of organisation.
It's actually disturbingly similar to the debate about terrorism. There are bad people in the world, and good people really do get hurt by them. No-one disputes this, or the desirability of keeping everyone safe. But there is no such thing as 100% safety in the world, if you let rhetoric and fear created by outlying cases, however horrific, overtake logic and reason in policy-making, you can wind up doing more harm than good because of the other consequences.
Parenting 101: Stuff is going to happen with your kid. Your goal isn't to magically prevent it, because you can't. Your goal is to keep it to a level where you can support your kid until they can cope with it independently, and stop anything disastrous from happening along the way.
All valid points, and it certainly doesn't help when politics defeats reasonable proposals like creating a dedicated.xxx TLD that would allow most of the heavy stuff to be blocked in practice for most kids most of the time. I imagine the porn industry, at least the legitimate/legal parts of it, would have supported such a measure in practice, and it makes it relatively simple to block that content objectively by opting in to whatever child-friendly access plan your ISP offers with minimal risk of false positives.
But for younger kids it's much simpler. In the UK, a child aged 12 has normally just moved up into secondary school. No child that age needs their own smartphone, or unsupervised Internet access in their own room at home. Get them a feature phone if they need one. Set up a computer they can use in the family room at home. Show them that there is more to life than being on-line 24/7 anyway. Such simple and (one would think) obvious steps instantly reduce the problem to primarily one of peer pressure and what they can get via their friends. That will obviously be more than nothing in the real world, but probably far less than if they can spend several hours a night curiously looking around the whole Internet to find stuff they really don't understand yet.
Teenagers will watch porn. Teenagers will have sex. To the parents out there: don't make it taboo, make it safe. Those are two different things.
I couldn't agree more, but I'd also add that helping them to find good information when they're ready for it is probably the best thing a parent can do to support a child of that age.
On the evidence so far, the problem with older, sexually active teenage kids and Internet porn is more the unrealistic expectations that the porn creates. This can lead to peer pressure to do a lot more, potentially with more dangerous, distressing and/or permanent consequences, than previous generations did when they fooled around at the same age.
That makes it more important than ever for kids to understand STIs, contraception, the right to say no at any time, and the importance of respecting others' wishes. These aren't exactly the first priority in most porn.
Oh, I've seen it with plenty of people who otherwise exhibit much greater than average intelligence and capacity for critical thinking too. Becoming a parent seems to create a reality distortion field around a surprising number of people.
However, this failing certainly isn't universal among parents, nor does it mean that people with more rational and reasoned positions should not challenge this kind of foolishness. It is, after all, likely to be better for all children if their parents act responsibly, supervise them properly when they are younger, and support them as they do grow up and become young adults.
Which surely brings us to the next question, which is why any 12-year-old has unsupervised access to systems where they could receive such images regularly enough to be concerned about being addicted (whatever that actually means if it's judged from the perspective of a 12-year-old). There is no law that says the moment a child is old enough to go to school on their own they also need an iPhone, a laptop in their own room at home, and an unrestricted data plan in each case.
Sure, it seems inevitable that any child will be somewhat exposed to these things. If nothing else, the kid who does have access because they're a bit older or their parents are a bit more generous is going to be everyone's new best friend. Still, it doesn't look like we're talking about incidental or exceptional exposure to things they don't fully understand here, it looks like we're talking about a sustained pattern and direct access.
...a recent Childline poll found nearly one in 10 12-13 year olds were worried they were addicted and 18% had seen shocking or upsetting images...
In other news, around 10% of parents apparently have no idea how to supervise their 12-13 year old children when they go on-line. Maybe we should treat the problem, not one particular symptom? Age-checks on porn sites aren't going to stop those same inadequately supervised children from being groomed for other things, or subject to hate attacks by classmates at school, or any number of other threats that come with an open communication system like the Internet.
Dude, basically 20 years in prison over social inconvenience and 30k dollar?
It seems what he was actually on trial for was the identity theft and extortion side of his behaviour rather than the act of leaking (or helping to leak) the personal photos. So in that sense, maybe the punishment was on the harsh side, though given the number of victims I don't think it was entirely unreasonable, and apparently neither did the legal system if the theoretical maximum sentence would have been significantly longer (or, as others have pointed out, life on a three-strikes rule had he been tried for multiple felony offences successively).
As it happens, I would hold him morally responsible for the leaks and the resulting distress as well, so I have little sympathy in this case. But yes, we should separate personal feelings from hopefully more objective legal rulings, so let's do that.
This guy seems to have a pattern of damaging behaviour, and has reportedly shown no remorse at any stage in the proceedings. That means if he gets out of jail before being sufficiently rehabilitated, assuming that such rehabilitation is even possible in his case, it is extremely likely that he will reoffend. As the law does increasingly recognise the damage caused by revenge porn itself, and in general has long recognised that sexual crimes have serious consequences for their victims that go beyond mere monetary loss, we should consider the likelihood that he will commit such crimes if released too soon and the preventable damage those crimes would cause. This is a person who destroys lives.
In that context, a sentence of just a couple of years, so he's probably out in maybe a year in reality, does little to protect society against his future actions. Any level of monetary fine seems unlikely to have much effect at all in terms of either avoiding future criminal behaviour on his part or protecting the rest of society from him. So this seems like a case where he probably does need to be in prison, or otherwise contained, for a considerable period for the protection of others.
Given what a horrible personal violation this must feel like for the victims, both the original act of disclosure and then using it as leverage for financial gain, and given how many victims he seems to have had and the sustained and systematic way in which he seems to have exploited them over a long period, I have no sympathy in this case.
Also, this guy made $30K, but if he actually serves anything like his full sentence will be spending over 150,000 hours "earning" it, for an hourly rate of pay of about 20 cents. Apparently as well as failing at being a human being, this guy also fails at business.
I doubt that will be much consolation to anyone who was a victim here, but I hope they will at least get some sense of closure and of justice being done as much as it can be under the circumstances.
Sadly, no. While MP4 has effectively won the battle to be the de facto standard video format, support for it still isn't completely universal and probably never will be until the patent issues are irrelevant. And of course there are numerous different variations that all typically end in.mp4 so you're also stuck with either inefficient encoding for widest possible support or smaller files but limited range.
As for controls, I have lost track of how many times even the same browser has changed its controls within the past 2 years. There is basically no standardisation across browsers at all. It doesn't matter much if you're building YouTube or Vimeo, when it's obvious which parts of the page are videos. However, if you want to integrate video content into a more general page the same way you'd use an image, having no idea whether your visitors will even get any indication that it actually is a video, or where that indication will be if so, makes it absurdly difficult to present the content well across browsers without going 100% custom controls and ignoring the built-in browser ones entirely (which then runs into numerous JS bugs, causing problems of their own).
What is this "regular HTML video" you're talking about? I'm talking about the new HTML5 media elements, things like <video>.
And Flash has been a viable technology for implementing these kinds of features for a very long time, and still would be had it not been deliberately sabotaged by the likes of Apple and Google for their own purposes. Ignoring your apparent personal prejudice, why objectively should I as a professional web developer not have been using such tools if they get the best results for my clients?
Believe it or not, a majority of big-name sites are still using Flash, along with open-source JS players.
Exactly. Sites now have to provide the same functionality twice, because the browsers have made such a mess of standardisation that you can't rely on a single implementation to actually work portably.
It seems to me you're complaining that using new features that aren't yet standardized, aren't yet standardized. I can sympathize with your frustration, but then if you don't like it, don't use them.
Unfortunately, in the real world, that is often not an option. If your client wants multimedia elements on their site, you're going to need HTML5 multimedia elements despite the fact that numerous aspects of how they work aren't standardised. And just to be clear, this is stuff that has been available in browsers for 5+ years now. It's hardly some new development, and failure to standardise effectively after such a long period is just a demonstration of how worthless some of these standardisation processes have become.
Ultimately, what matters is whether your site works in visitors' browsers. Standards are only a means to that end, and validation in turn is only useful if you have useful standards to validate against. Since a lot of the web standards today are borderline worthless due to their instability and/or their failure to specify so many aspects that make a difference in practice, validation doesn't really give you the assurance you seek of compatibility either across today's browsers or with future browsers.
Once again, I'm not saying the world wouldn't be a better place if you did have that assurance or that I agree with the path the browser makers and standards bodies have chosen to follow. I'm just saying that as a web developer you have to play the cards you've been dealt, and I don't see formal validation as improving your chances to any useful degree today.
That's why you don't use newer features until they're absorbed by the standard.
Well, OK, so when should I expect that I can build a brochure site for a hotel that uses HTML5 videos and have one video format and one set of custom controls to work with? Because the world has moved on and Flash is no longer a viable option for this kind of work despite offering those advantages for many years, thanks to much the same browser developers who can't get their act together and actually provide a better replacement. They can't even manage to make the default "this is a video" overlay look the same, or even put it in roughly the same place so you can design placeholder graphics accordingly.
If your company's video site actually is YouTube then this kind of problem probably doesn't affect you all that much. However, for normal web sites that are just trying to take advantage of multimedia as part of the presentation, HTML5 audio and video are a bad joke, and the punchline is that all the much better technologies that used to be viable alternatives have been deliberately killed off anyway.
You may not care for the practice, but nothing leaves my hands into production until it validates
But this brings us back to the original question from my first post in this thread: why? What objective advantage do you or your employer/client gain by insisting on such compliance?
I do sympathise with your position, in that it should be an advantage to follow standards, and browser compatibility now and in the future should be practically guaranteed by doing so. The world would be a better place if this were the reality. But it isn't, and so pragmatically, I'd rather build web sites and apps that work than sites and apps that dogmatically tick the right boxes even though it requires more effort and offers no demonstrable benefit.
Were you doing websites 10 or 15 years ago? I was. Browser compatibility today is phenomenal in comparison.
Yes, I was, and I respectfully disagree. Browsers today do a lot more, but frequently the support for newer features is so specific to each browser and in some cases so unstable that it is completely useless for real world projects, it requires silly amounts of boilerplate and prefixing (= will break at some future point you can't predict, so also useless for production sites that won't have ongoing maintenance), or at best it requires implementing something in multiple independent ways.
An example of useful standardisation would have been all browsers using the same default stylesheet. Imagine how much developer time could have been saved and how many glitches could have been avoided over the years if we had never needed things like CSS resets or Normalize.
If it breaks my JS or CSS, I won't use it unless the stakeholder absolutely insists.
But the point is that these non-standard-compliant implementation techniques don't break anything in practice, because every browser is tolerant of them and will always remain so because far too much would break otherwise. The only downside to not following those standards is that someone can complain you're not following their preferred standards. And someone always will, but unless it really does matter (for example, because it excludes customers and damages your bottom line, or it actually does undermine some sort of accessibility aid) you can just ignore them.
In my opinion governments should require that their sites are passing the HTML Validator and CSS validator tests.
Genuine questions: Who do you think that would help, and why?
This kind of validation can be useful if you need to follow a standard for something to work. If browsers all followed proper de jure standards then this would offer a useful benefit for compatibility, particularly forward compatibility with future browsers.
Unfortunately, most of the major browsers today do not do this at all consistently. Even some of the people writing the standards have basically given up. (HTML5 "living standard"? Seriously? If it changes arbitrarily then it's not a standard.)
The de facto standards that actually matter are how real browsers behave, which dictate whether your page looks right in the browsers your visitors are using today. Nothing else you do today is guaranteed to work tomorrow without regular attention anyway, which is foolish regression from the situation a few years ago for which we can thank Google and Mozilla, but it's the reality all the same.
In my entire career doing Web work -- which is measured in decades -- I'm not sure I have ever seen an example where a project was objectively better off because it routinely enforced having valid mark-up and stylesheets. I have, however, seen plenty of cases where someone has deliberately deviated from W3C standards for a specific, useful reason.
For example, Google have been known to omit mark-up that they were sure wasn't necessary in any browser in order to save a few bytes. Multiply those bytes by a bazillion visitors to their site every day and that's a lot of traffic saved overall. Another common case is trendy MVC frameworks like Angular, which often use non-standard attributes on HTML elements for their own purposes. They could use standard "data-*" attributes, but once you've got a few of those sitting on many elements in your mark-up, it's just noise and excess weight, so they use their own prefix for namespacing instead. And yet, I don't see anyone claiming that either Google's search engine or Angular as a JS framework have failed as a result of these heinous crimes...
However, we don't normally award punitive damages in civil cases here in the UK, so even if there is a definitive judgement at some stage that Google was invading privacy and failing to protect personal data, it seems unlikely they will suffer more than a token slap on the wrist from a privacy regulator provided that they cease and desist (as it appears they already have). Unfortunately, civil trials here are not very effective at recognising damage that comes in forms other than actual financial loss and doing much to compensate for it and/or discourage similar behaviour in the future.
Hopefully though, the rise of MOSS compliant payment processors should make the system easier to follow - you just put a disclaimer up that final price will be based on the buyers VAT rate, and let the payment processor calculate the right rate and store the records.
Which is, of course, contrary to consumer protection laws in much of Europe. Merchants are often required by law to show tax-inclusive prices for B2C sales. (For anyone interested: I have now received conflicting advice on this from official sources in my own government, indicating that X+VAT pricing is now magically acceptable for this purpose again, despite it largely defeating the point of the previous consumer protection rule by hiding the bottom-line price in early advertising.)
The big problem with the new VAT rules isn't the principle of charging in each customer's home nation, if that just means looking up the rate for a given country from a database instead of using a fixed rate. It's a mild inconvenience, but it's an hour or two of programming work for someone, and with MOSS it's maybe an extra hour to file an additional tax return once per quarter.
For a lot of merchants (though certainly not all and particularly not the really tiny ones) the problem isn't even the need to impose VAT on transactions instead of having a threshold. As I understand it, some businesses selling digital goods in EU states didn't have VAT thresholds before anyway, so they already had reporting requirements here, and in places like the UK that did have a minimum threshold before VAT was compulsory, some merchants would have chosen to register for VAT voluntarily anyway because it was advantageous in terms of reclaiming VAT on their expenses.
IMHO the largest and most enduring problems with the new VAT rules are actually all the other things that came along with charging at customer-local rates, from conflicts with pre-existing laws on things like consumer protection and data protection (or potential conflicts, with inconsistent advice coming even from government departments) to the fact that you also have to match the entire VAT regime in each country not just the rate, which means things like knowing which rates apply to which products or services and the local geographical issues (I hope you're not just looking up a tax rate by ISO country code like, you know, everyone, because that doesn't actually work reliably). And of course you require a standard of evidence for the customer's location that will be literally impossible for many small merchants to comply with; at present, I don't see how it's possible for any fully automated system to be 100% reliable here, even for big payment services with dedicated resources and access to all the relevant raw data, because of those local issues of different interpretations of which product/service types get which tax rates and the local geographical anomalies.
The best part of all is that even the EU didn't manage to publish an accurate source of current VAT rates across all affected states in time for the deadline. The information on their own web site was actually wrong for several weeks after the switchover, because Luxembourg changed their VAT rate on the same day. And no-one wanted the data in an actually useful form so you could do something stupid like importing it into a database, right? PDFs running to dozens of pages that you can scan for relevant information are so much more useful.
Hilariously, Luxembourg are actually being compensated by the EU for these changes anyway, so all the arguments about preventing exploitation of low tax rates by different nations within the EU doesn't look so noble any more either.
Somebody who can't pay attention to the street signs shouldn't be driving.
No, they shouldn't, but some of them are going to anyway. Since your loved ones will therefore be just as injured/dead if they are the unlucky ones who get hit by a bad driver who was going too fast, dismissing technology that might help those bad drivers to be better, safer drivers seems uncalled for.
Yes its a To big to Fail problem, just in another form.
If anything is too big to fail, you are usually better off making it fail anyway as soon as possible to minimise the damage. Some of the problems in the global financial industry today aren't because of inherent weaknesses in the system. Instead they have been caused precisely by allowing organisations to grow too big, or perhaps more accurately by allowing them to take on disproportionate levels of risk, and then supporting those organisations at government level instead of allowing them to go under when they should have.
If your browser throws errors on just about ever site you visit pretty soon "many" people will start using another browsers.
But it won't, because plenty of other CAs are used and plenty of sites don't use HTTPS routinely yet. All the big sites, the Facebooks and Googles and Amazons of the world, would have switched to another CA within an hour. All the truly security-sensitive organisations like your bank or card company or government would update their certificates very quickly as well.
CAs determined to protect their reputation at a time when their industry would inevitably be seriously damaged in the credibility stakes might take longer to issue things like EV certificates as they made a point of fully validating the organisations requesting them. However, basic HTTPS access and the highly recognisable padlock symbol would be back on all the big sites almost immediately. The worst they would likely suffer would be a few minutes of downtime (assuming organisations on that scale don't routinely have back-up certificates with a completely independent chain on permanent stand-by anyway) and maybe a slight increase in customer support calls as genuinely security-conscious users noticed the lack of EV identity for a while.
Meanwhile, any browser that didn't remove a known-compromised CA from its trusted list very quickly would be vulnerable to justified criticism and no doubt plenty of rhetoric built on top about being insecure, and how users mustn't use that browser to visit safe sites like their bank or someone will empty their account. The geeks would get hold of the story first, of course, but as soon as it made front-page news (and something on this scale probably would) everyone would be talking about it that day.
Trusting many different CAs has proven to be a bad idea
Trusting any one of many different CAs has obvious vulnerabilities, as this case demonstrates (and it's not exactly the first time the problem of an untrustworthy CA has been observed in the wild). The current CA system isn't really a web of trust, because it ultimately depends on multiple potential single points of failure.
One way or another, in the absence of out-of-band delivery of appropriate credentials, you have to trust someone, so I suspect the pragmatic approach is to move to a true web-of-trust system, where you trust a combination of sources collectively but never trust any single source alone, and where mistrust can also be propagated through the system. Then at least you can still ship devices/operating systems/browsers seeded with a reasonable set of initial sources you trust, but any single bad actor can quickly be removed from the trust web by consensus later while no single bad actor can undermine the credibility of the web as a whole. Such a system could still allow you to independently verify that the identity of a system you're talking to via out-of-band details if required.
It seems like we probably agree on the general idea here, but I was impressed on a recent visit to a museum where they had mobile apps you could download in advance and WiFi available on-site. Together these let you choose from a number of recommended tours based on duration and topic(s) and then guided you around with directions, highlights, and more in-depth background on various other exhibits you'd pass along the way if you were interested. It was a well made presentation that someone had obviously worked hard to put together, and the only thing that was a little awkward was walking around holding a tablet with headphones plugged in for the whole visit. That's an area where I could see an unintrusive headset might be an advantage.
People where hostile to people with Cell phones in the 1980's
And today there are quiet carriages on trains, coffee shops with no-phones policies, and generally if you're the guy who talks really loud on the phone then everyone around you still gets annoyed and may actually challenge you if you carry on for long.
And that's for a device that is just an interruption, not a device that a lot of people perceive to be an inherently creepy invasion of their privacy literally because someone just looked at them funny.
In general Google Glass may or may not make it.
I expect technology similar to Google Glass will make it, but I also suspect it will be used primarily for specific applications where it has a clear benefit. I don't think anything too similar will be worn by a lot of people all the time in the near future.
For example, someone walking around a museum might borrow some sort of headset that guides them on a tour and provides background information about each exhibit they are looking at. Staff at a warehouse used for on-line grocery shopping might have a headset that guides them to collect the items purchases in the most efficient way.
However, I think perhaps the tide is already starting to turn against mass surveillance culture, intrusive personalised advertising, and the like. Surely it's only going to get more hostility as things like insurance premiums that people see directly in their bank balance become ever more customised behind the scenes, and as more people suffer significant problems due to identity theft or embarrassing disclosures themselves or know close friends or family members who have.
In fact, I wonder whether even the US government, not exactly a bastion of privacy advocacy, might be having second thoughts about how much personal data is casually thrown around, now that hostile forces are openly doxxing US service personnel and encouraging allies within the US to attack those people and their families at home, as was reported this week.
So if I were going to place a long-term bet on new technologies tomorrow, I certainly wouldn't be backing an obviously intrusive device like the previous Google Glass, complete with tiny camera, always-on microphone, and wireless connection to the mothership. On the other hand, build a device with similar useful features but a less goofy design, and then back it with a widely-advertised and genuine emphasis on privacy so it didn't engender the same degree of hostility from others nearby, and you might be on to something.
Slashdot Mirror
The NSPCC is one of those charities that I often feel like I want to support (because who doesn't want to help children have a better life, right?) but then I see how they act or something they say in reality and I wonder whether we really see the world the same way at all.
This is sad, because maybe somewhere there is a child losing out because of it. However, I have to think not just of what might happen to unlucky children in terrible cases today but also what kind of world I think all children deserve to live in both today and tomorrow.
I want to believe that organisations like the NSPCC and for that matter government-run social services are working towards a better world for those children. I also don't doubt that the overwhelming majority of people working in those roles have good intentions. But the obvious fear-mongering and nanny state tendencies really concern me and make me very wary of lending any active support to this kind of organisation.
It's actually disturbingly similar to the debate about terrorism. There are bad people in the world, and good people really do get hurt by them. No-one disputes this, or the desirability of keeping everyone safe. But there is no such thing as 100% safety in the world, if you let rhetoric and fear created by outlying cases, however horrific, overtake logic and reason in policy-making, you can wind up doing more harm than good because of the other consequences.
Parenting 101: Stuff is going to happen with your kid. Your goal isn't to magically prevent it, because you can't. Your goal is to keep it to a level where you can support your kid until they can cope with it independently, and stop anything disastrous from happening along the way.
All valid points, and it certainly doesn't help when politics defeats reasonable proposals like creating a dedicated .xxx TLD that would allow most of the heavy stuff to be blocked in practice for most kids most of the time. I imagine the porn industry, at least the legitimate/legal parts of it, would have supported such a measure in practice, and it makes it relatively simple to block that content objectively by opting in to whatever child-friendly access plan your ISP offers with minimal risk of false positives.
But for younger kids it's much simpler. In the UK, a child aged 12 has normally just moved up into secondary school. No child that age needs their own smartphone, or unsupervised Internet access in their own room at home. Get them a feature phone if they need one. Set up a computer they can use in the family room at home. Show them that there is more to life than being on-line 24/7 anyway. Such simple and (one would think) obvious steps instantly reduce the problem to primarily one of peer pressure and what they can get via their friends. That will obviously be more than nothing in the real world, but probably far less than if they can spend several hours a night curiously looking around the whole Internet to find stuff they really don't understand yet.
Teenagers will watch porn. Teenagers will have sex. To the parents out there: don't make it taboo, make it safe. Those are two different things.
I couldn't agree more, but I'd also add that helping them to find good information when they're ready for it is probably the best thing a parent can do to support a child of that age.
On the evidence so far, the problem with older, sexually active teenage kids and Internet porn is more the unrealistic expectations that the porn creates. This can lead to peer pressure to do a lot more, potentially with more dangerous, distressing and/or permanent consequences, than previous generations did when they fooled around at the same age.
That makes it more important than ever for kids to understand STIs, contraception, the right to say no at any time, and the importance of respecting others' wishes. These aren't exactly the first priority in most porn.
Oh, I've seen it with plenty of people who otherwise exhibit much greater than average intelligence and capacity for critical thinking too. Becoming a parent seems to create a reality distortion field around a surprising number of people.
However, this failing certainly isn't universal among parents, nor does it mean that people with more rational and reasoned positions should not challenge this kind of foolishness. It is, after all, likely to be better for all children if their parents act responsibly, supervise them properly when they are younger, and support them as they do grow up and become young adults.
Which surely brings us to the next question, which is why any 12-year-old has unsupervised access to systems where they could receive such images regularly enough to be concerned about being addicted (whatever that actually means if it's judged from the perspective of a 12-year-old). There is no law that says the moment a child is old enough to go to school on their own they also need an iPhone, a laptop in their own room at home, and an unrestricted data plan in each case.
Sure, it seems inevitable that any child will be somewhat exposed to these things. If nothing else, the kid who does have access because they're a bit older or their parents are a bit more generous is going to be everyone's new best friend. Still, it doesn't look like we're talking about incidental or exceptional exposure to things they don't fully understand here, it looks like we're talking about a sustained pattern and direct access.
...a recent Childline poll found nearly one in 10 12-13 year olds were worried they were addicted and 18% had seen shocking or upsetting images...
In other news, around 10% of parents apparently have no idea how to supervise their 12-13 year old children when they go on-line. Maybe we should treat the problem, not one particular symptom? Age-checks on porn sites aren't going to stop those same inadequately supervised children from being groomed for other things, or subject to hate attacks by classmates at school, or any number of other threats that come with an open communication system like the Internet.
Probability of causing life-changing damage to victims: 100%.
Probability that as a result he would sooner or later be charged with serious financial and/or sexual crimes: close to 100%.
Probability that such crimes would result in a multi-year jail term on conviction: close to 100%.
Probability of achieving life-changing profits for self even under idealised conditions: close to 0%.
Even from a ruthless profit-making perspective, his odds of success were always negligible. This guy is a failure any way you look at it.
Dude, basically 20 years in prison over social inconvenience and 30k dollar?
It seems what he was actually on trial for was the identity theft and extortion side of his behaviour rather than the act of leaking (or helping to leak) the personal photos. So in that sense, maybe the punishment was on the harsh side, though given the number of victims I don't think it was entirely unreasonable, and apparently neither did the legal system if the theoretical maximum sentence would have been significantly longer (or, as others have pointed out, life on a three-strikes rule had he been tried for multiple felony offences successively).
As it happens, I would hold him morally responsible for the leaks and the resulting distress as well, so I have little sympathy in this case. But yes, we should separate personal feelings from hopefully more objective legal rulings, so let's do that.
This guy seems to have a pattern of damaging behaviour, and has reportedly shown no remorse at any stage in the proceedings. That means if he gets out of jail before being sufficiently rehabilitated, assuming that such rehabilitation is even possible in his case, it is extremely likely that he will reoffend. As the law does increasingly recognise the damage caused by revenge porn itself, and in general has long recognised that sexual crimes have serious consequences for their victims that go beyond mere monetary loss, we should consider the likelihood that he will commit such crimes if released too soon and the preventable damage those crimes would cause. This is a person who destroys lives.
In that context, a sentence of just a couple of years, so he's probably out in maybe a year in reality, does little to protect society against his future actions. Any level of monetary fine seems unlikely to have much effect at all in terms of either avoiding future criminal behaviour on his part or protecting the rest of society from him. So this seems like a case where he probably does need to be in prison, or otherwise contained, for a considerable period for the protection of others.
Given what a horrible personal violation this must feel like for the victims, both the original act of disclosure and then using it as leverage for financial gain, and given how many victims he seems to have had and the sustained and systematic way in which he seems to have exploited them over a long period, I have no sympathy in this case.
Also, this guy made $30K, but if he actually serves anything like his full sentence will be spending over 150,000 hours "earning" it, for an hourly rate of pay of about 20 cents. Apparently as well as failing at being a human being, this guy also fails at business.
I doubt that will be much consolation to anyone who was a victim here, but I hope they will at least get some sense of closure and of justice being done as much as it can be under the circumstances.
Now, let's be fair here. Big Media need all the help I can get. I mean, how many movies we think of as blockbusters never actually make a profit?
Sadly, no. While MP4 has effectively won the battle to be the de facto standard video format, support for it still isn't completely universal and probably never will be until the patent issues are irrelevant. And of course there are numerous different variations that all typically end in .mp4 so you're also stuck with either inefficient encoding for widest possible support or smaller files but limited range.
As for controls, I have lost track of how many times even the same browser has changed its controls within the past 2 years. There is basically no standardisation across browsers at all. It doesn't matter much if you're building YouTube or Vimeo, when it's obvious which parts of the page are videos. However, if you want to integrate video content into a more general page the same way you'd use an image, having no idea whether your visitors will even get any indication that it actually is a video, or where that indication will be if so, makes it absurdly difficult to present the content well across browsers without going 100% custom controls and ignoring the built-in browser ones entirely (which then runs into numerous JS bugs, causing problems of their own).
What is this "regular HTML video" you're talking about? I'm talking about the new HTML5 media elements, things like <video>.
And Flash has been a viable technology for implementing these kinds of features for a very long time, and still would be had it not been deliberately sabotaged by the likes of Apple and Google for their own purposes. Ignoring your apparent personal prejudice, why objectively should I as a professional web developer not have been using such tools if they get the best results for my clients?
Believe it or not, a majority of big-name sites are still using Flash, along with open-source JS players.
Exactly. Sites now have to provide the same functionality twice, because the browsers have made such a mess of standardisation that you can't rely on a single implementation to actually work portably.
It seems to me you're complaining that using new features that aren't yet standardized, aren't yet standardized. I can sympathize with your frustration, but then if you don't like it, don't use them.
Unfortunately, in the real world, that is often not an option. If your client wants multimedia elements on their site, you're going to need HTML5 multimedia elements despite the fact that numerous aspects of how they work aren't standardised. And just to be clear, this is stuff that has been available in browsers for 5+ years now. It's hardly some new development, and failure to standardise effectively after such a long period is just a demonstration of how worthless some of these standardisation processes have become.
Ultimately, what matters is whether your site works in visitors' browsers. Standards are only a means to that end, and validation in turn is only useful if you have useful standards to validate against. Since a lot of the web standards today are borderline worthless due to their instability and/or their failure to specify so many aspects that make a difference in practice, validation doesn't really give you the assurance you seek of compatibility either across today's browsers or with future browsers.
Once again, I'm not saying the world wouldn't be a better place if you did have that assurance or that I agree with the path the browser makers and standards bodies have chosen to follow. I'm just saying that as a web developer you have to play the cards you've been dealt, and I don't see formal validation as improving your chances to any useful degree today.
That's why you don't use newer features until they're absorbed by the standard.
Well, OK, so when should I expect that I can build a brochure site for a hotel that uses HTML5 videos and have one video format and one set of custom controls to work with? Because the world has moved on and Flash is no longer a viable option for this kind of work despite offering those advantages for many years, thanks to much the same browser developers who can't get their act together and actually provide a better replacement. They can't even manage to make the default "this is a video" overlay look the same, or even put it in roughly the same place so you can design placeholder graphics accordingly.
If your company's video site actually is YouTube then this kind of problem probably doesn't affect you all that much. However, for normal web sites that are just trying to take advantage of multimedia as part of the presentation, HTML5 audio and video are a bad joke, and the punchline is that all the much better technologies that used to be viable alternatives have been deliberately killed off anyway.
You may not care for the practice, but nothing leaves my hands into production until it validates
But this brings us back to the original question from my first post in this thread: why? What objective advantage do you or your employer/client gain by insisting on such compliance?
I do sympathise with your position, in that it should be an advantage to follow standards, and browser compatibility now and in the future should be practically guaranteed by doing so. The world would be a better place if this were the reality. But it isn't, and so pragmatically, I'd rather build web sites and apps that work than sites and apps that dogmatically tick the right boxes even though it requires more effort and offers no demonstrable benefit.
Were you doing websites 10 or 15 years ago? I was. Browser compatibility today is phenomenal in comparison.
Yes, I was, and I respectfully disagree. Browsers today do a lot more, but frequently the support for newer features is so specific to each browser and in some cases so unstable that it is completely useless for real world projects, it requires silly amounts of boilerplate and prefixing (= will break at some future point you can't predict, so also useless for production sites that won't have ongoing maintenance), or at best it requires implementing something in multiple independent ways.
An example of useful standardisation would have been all browsers using the same default stylesheet. Imagine how much developer time could have been saved and how many glitches could have been avoided over the years if we had never needed things like CSS resets or Normalize.
If it breaks my JS or CSS, I won't use it unless the stakeholder absolutely insists.
But the point is that these non-standard-compliant implementation techniques don't break anything in practice, because every browser is tolerant of them and will always remain so because far too much would break otherwise. The only downside to not following those standards is that someone can complain you're not following their preferred standards. And someone always will, but unless it really does matter (for example, because it excludes customers and damages your bottom line, or it actually does undermine some sort of accessibility aid) you can just ignore them.
In my opinion governments should require that their sites are passing the HTML Validator and CSS validator tests.
Genuine questions: Who do you think that would help, and why?
This kind of validation can be useful if you need to follow a standard for something to work. If browsers all followed proper de jure standards then this would offer a useful benefit for compatibility, particularly forward compatibility with future browsers.
Unfortunately, most of the major browsers today do not do this at all consistently. Even some of the people writing the standards have basically given up. (HTML5 "living standard"? Seriously? If it changes arbitrarily then it's not a standard.)
The de facto standards that actually matter are how real browsers behave, which dictate whether your page looks right in the browsers your visitors are using today. Nothing else you do today is guaranteed to work tomorrow without regular attention anyway, which is foolish regression from the situation a few years ago for which we can thank Google and Mozilla, but it's the reality all the same.
In my entire career doing Web work -- which is measured in decades -- I'm not sure I have ever seen an example where a project was objectively better off because it routinely enforced having valid mark-up and stylesheets. I have, however, seen plenty of cases where someone has deliberately deviated from W3C standards for a specific, useful reason.
For example, Google have been known to omit mark-up that they were sure wasn't necessary in any browser in order to save a few bytes. Multiply those bytes by a bazillion visitors to their site every day and that's a lot of traffic saved overall. Another common case is trendy MVC frameworks like Angular, which often use non-standard attributes on HTML elements for their own purposes. They could use standard "data-*" attributes, but once you've got a few of those sitting on many elements in your mark-up, it's just noise and excess weight, so they use their own prefix for namespacing instead. And yet, I don't see anyone claiming that either Google's search engine or Angular as a JS framework have failed as a result of these heinous crimes...
However, we don't normally award punitive damages in civil cases here in the UK, so even if there is a definitive judgement at some stage that Google was invading privacy and failing to protect personal data, it seems unlikely they will suffer more than a token slap on the wrist from a privacy regulator provided that they cease and desist (as it appears they already have). Unfortunately, civil trials here are not very effective at recognising damage that comes in forms other than actual financial loss and doing much to compensate for it and/or discourage similar behaviour in the future.
Tell that to your six-months-ago self, who wrote the mess you've been debugging all week. :-)
Hopefully though, the rise of MOSS compliant payment processors should make the system easier to follow - you just put a disclaimer up that final price will be based on the buyers VAT rate, and let the payment processor calculate the right rate and store the records.
Which is, of course, contrary to consumer protection laws in much of Europe. Merchants are often required by law to show tax-inclusive prices for B2C sales. (For anyone interested: I have now received conflicting advice on this from official sources in my own government, indicating that X+VAT pricing is now magically acceptable for this purpose again, despite it largely defeating the point of the previous consumer protection rule by hiding the bottom-line price in early advertising.)
The big problem with the new VAT rules isn't the principle of charging in each customer's home nation, if that just means looking up the rate for a given country from a database instead of using a fixed rate. It's a mild inconvenience, but it's an hour or two of programming work for someone, and with MOSS it's maybe an extra hour to file an additional tax return once per quarter.
For a lot of merchants (though certainly not all and particularly not the really tiny ones) the problem isn't even the need to impose VAT on transactions instead of having a threshold. As I understand it, some businesses selling digital goods in EU states didn't have VAT thresholds before anyway, so they already had reporting requirements here, and in places like the UK that did have a minimum threshold before VAT was compulsory, some merchants would have chosen to register for VAT voluntarily anyway because it was advantageous in terms of reclaiming VAT on their expenses.
IMHO the largest and most enduring problems with the new VAT rules are actually all the other things that came along with charging at customer-local rates, from conflicts with pre-existing laws on things like consumer protection and data protection (or potential conflicts, with inconsistent advice coming even from government departments) to the fact that you also have to match the entire VAT regime in each country not just the rate, which means things like knowing which rates apply to which products or services and the local geographical issues (I hope you're not just looking up a tax rate by ISO country code like, you know, everyone, because that doesn't actually work reliably). And of course you require a standard of evidence for the customer's location that will be literally impossible for many small merchants to comply with; at present, I don't see how it's possible for any fully automated system to be 100% reliable here, even for big payment services with dedicated resources and access to all the relevant raw data, because of those local issues of different interpretations of which product/service types get which tax rates and the local geographical anomalies.
The best part of all is that even the EU didn't manage to publish an accurate source of current VAT rates across all affected states in time for the deadline. The information on their own web site was actually wrong for several weeks after the switchover, because Luxembourg changed their VAT rate on the same day. And no-one wanted the data in an actually useful form so you could do something stupid like importing it into a database, right? PDFs running to dozens of pages that you can scan for relevant information are so much more useful.
Hilariously, Luxembourg are actually being compensated by the EU for these changes anyway, so all the arguments about preventing exploitation of low tax rates by different nations within the EU doesn't look so noble any more either.
Somebody who can't pay attention to the street signs shouldn't be driving.
No, they shouldn't, but some of them are going to anyway. Since your loved ones will therefore be just as injured/dead if they are the unlucky ones who get hit by a bad driver who was going too fast, dismissing technology that might help those bad drivers to be better, safer drivers seems uncalled for.
Yes its a To big to Fail problem, just in another form.
If anything is too big to fail, you are usually better off making it fail anyway as soon as possible to minimise the damage. Some of the problems in the global financial industry today aren't because of inherent weaknesses in the system. Instead they have been caused precisely by allowing organisations to grow too big, or perhaps more accurately by allowing them to take on disproportionate levels of risk, and then supporting those organisations at government level instead of allowing them to go under when they should have.
If your browser throws errors on just about ever site you visit pretty soon "many" people will start using another browsers.
But it won't, because plenty of other CAs are used and plenty of sites don't use HTTPS routinely yet. All the big sites, the Facebooks and Googles and Amazons of the world, would have switched to another CA within an hour. All the truly security-sensitive organisations like your bank or card company or government would update their certificates very quickly as well.
CAs determined to protect their reputation at a time when their industry would inevitably be seriously damaged in the credibility stakes might take longer to issue things like EV certificates as they made a point of fully validating the organisations requesting them. However, basic HTTPS access and the highly recognisable padlock symbol would be back on all the big sites almost immediately. The worst they would likely suffer would be a few minutes of downtime (assuming organisations on that scale don't routinely have back-up certificates with a completely independent chain on permanent stand-by anyway) and maybe a slight increase in customer support calls as genuinely security-conscious users noticed the lack of EV identity for a while.
Meanwhile, any browser that didn't remove a known-compromised CA from its trusted list very quickly would be vulnerable to justified criticism and no doubt plenty of rhetoric built on top about being insecure, and how users mustn't use that browser to visit safe sites like their bank or someone will empty their account. The geeks would get hold of the story first, of course, but as soon as it made front-page news (and something on this scale probably would) everyone would be talking about it that day.
Trusting many different CAs has proven to be a bad idea
Trusting any one of many different CAs has obvious vulnerabilities, as this case demonstrates (and it's not exactly the first time the problem of an untrustworthy CA has been observed in the wild). The current CA system isn't really a web of trust, because it ultimately depends on multiple potential single points of failure.
One way or another, in the absence of out-of-band delivery of appropriate credentials, you have to trust someone, so I suspect the pragmatic approach is to move to a true web-of-trust system, where you trust a combination of sources collectively but never trust any single source alone, and where mistrust can also be propagated through the system. Then at least you can still ship devices/operating systems/browsers seeded with a reasonable set of initial sources you trust, but any single bad actor can quickly be removed from the trust web by consensus later while no single bad actor can undermine the credibility of the web as a whole. Such a system could still allow you to independently verify that the identity of a system you're talking to via out-of-band details if required.
It seems like we probably agree on the general idea here, but I was impressed on a recent visit to a museum where they had mobile apps you could download in advance and WiFi available on-site. Together these let you choose from a number of recommended tours based on duration and topic(s) and then guided you around with directions, highlights, and more in-depth background on various other exhibits you'd pass along the way if you were interested. It was a well made presentation that someone had obviously worked hard to put together, and the only thing that was a little awkward was walking around holding a tablet with headphones plugged in for the whole visit. That's an area where I could see an unintrusive headset might be an advantage.
People where hostile to people with Cell phones in the 1980's
And today there are quiet carriages on trains, coffee shops with no-phones policies, and generally if you're the guy who talks really loud on the phone then everyone around you still gets annoyed and may actually challenge you if you carry on for long.
And that's for a device that is just an interruption, not a device that a lot of people perceive to be an inherently creepy invasion of their privacy literally because someone just looked at them funny.
In general Google Glass may or may not make it.
I expect technology similar to Google Glass will make it, but I also suspect it will be used primarily for specific applications where it has a clear benefit. I don't think anything too similar will be worn by a lot of people all the time in the near future.
For example, someone walking around a museum might borrow some sort of headset that guides them on a tour and provides background information about each exhibit they are looking at. Staff at a warehouse used for on-line grocery shopping might have a headset that guides them to collect the items purchases in the most efficient way.
However, I think perhaps the tide is already starting to turn against mass surveillance culture, intrusive personalised advertising, and the like. Surely it's only going to get more hostility as things like insurance premiums that people see directly in their bank balance become ever more customised behind the scenes, and as more people suffer significant problems due to identity theft or embarrassing disclosures themselves or know close friends or family members who have.
In fact, I wonder whether even the US government, not exactly a bastion of privacy advocacy, might be having second thoughts about how much personal data is casually thrown around, now that hostile forces are openly doxxing US service personnel and encouraging allies within the US to attack those people and their families at home, as was reported this week.
So if I were going to place a long-term bet on new technologies tomorrow, I certainly wouldn't be backing an obviously intrusive device like the previous Google Glass, complete with tiny camera, always-on microphone, and wireless connection to the mothership. On the other hand, build a device with similar useful features but a less goofy design, and then back it with a widely-advertised and genuine emphasis on privacy so it didn't engender the same degree of hostility from others nearby, and you might be on to something.