ever hear the phrase "those with the best intentions can do the most damage?"
The one that everyone (or so it seems) parrots and no one actually believes? If you did the only logical choice would be to vote for those with the worst intentions. If you do not, you don't believe that best intentions cause the most damage, if you don't believe it you should stop saying it.
The case against Google would be much stronger if it was not a default. It's much easier to believe that they went the technical workaround route to make multi service login work so as not to bother the user with changing a "broken" default. Had it been off by default the argument that Google deliberately ignored the users wishes would be more convincing as then the users actual wishes would be known, an obscure (in function, not location) default doesn't reflect deliberate user choice.
Not sure why you are so insistent on me making "Google out to be the good guy", I consider this one fairly neutral on the web development scale, workarounds and hacks are extremely common in the field. Correctly describing what happens on a technical level is just that, not some sort of white washing. People can still be outraged once they understand what happened, but it's important that they don't picture Google exploiting a security vulnerability (of the code execution kind) and installing spy-ware to track them or ignoring some sort of flag that Google promises not to ignore.
Yes, I understand that Safari "allowed" it by having an exploitable flaw, but that's like saying I "allowed" my car to get stolen because the lock was easy to open with a screwdriver.
Oh my, a car analogy... Let's try to get somewhat closer. It's like saying that you "allowed" the maintenance tech to leave a flier in the trunk by having a trunk that won't (by default) open with the door key fully inserted but (due to an oversight from the manufacturer) will work if it's one tooth short of being fully in. The techs discovered this by accident and have been using this ever since to check that mark on their checklist. They still have many other ways to advertise (in Google's case track) to you but this is how they do things and not only was it not necessarily a deliberate choice on your part to have mismatched keys (a default) but it certainly isn't a statement of not wanting a flier in the trunk, since on the technical level it's just a trunk that doesn't open with the door key.
As with most car analogies it gets complex when it is close to being a good analogue due to the complexity of the issue.
On the upside we now have actual settings that specifically express the wish to not be tracked, I know Google will half-heartedly half-honor them. I wish they did more (and don't expect to see it, sadly), but as it shows that they at least acknowledge the issue when it's divorced from merely inferring intentions.
The setting works perfectly well - if you try to set a third party cookie the browser prevents it.
If that was the case then no cookies would be set and we wouldn't be having this discussion. Be it an exploit or not, the browser is what ignored the setting.
their choice to deliberately ignore user's settings
The browser is what ignored the setting, there can be no question about this as Google didn't modify its behaviour. The real question is where workarounds of software problems (this is very, very common in web programming, a point you are trying to ignore) becomes unacceptable. Remember that aside from tracking this does affect Google's infrastructure. Yes, they deliberately tied their tracking with their products, but that was a choice made independently of tricking Safari into accepting their cookies.
I thought slashdot was all about user privacy and being able to stop companies from knowing your every move online.
You forgot the part where slashdot is also all about innovation, rapid development and not placing undue burdens onto third parties. With that in mind respecting the users settings has always been up to the software presenting the settings just as fixing exploits has been up to the software's developers. If you want to make it illegal for Google (or anyone else) to track you online the way to do it is to mandate that you are not logged at all if a certain flag (that is not used for anything else is present, anything else is reading tea leaves. Is it to be illegal to store data through Flash or localstorage if it is inferred that cookies are blocked? What about fingerprinting? Pixel sized images? What if my webkit browser that pretends to be Safari randomly drops half of all third party cookies? What is Google obligated to infer from such a technical artifact. More importantly were does my obligation to read the users mind end if I set up a web service? Fuck Google, this kind of thinking affects everyone with a webserver and it would be good to know that the difference between workarounds and cracking is not one that changes while your back is turned.
I guess only when it's not Google doing it, eh?
No, avoiding kneejerk reactions and thinking things through applies in every case. That or me siding with Microsoft when Google accused them of "copying" search results was just Google fanboyism.
Id doesn't matter what the setting says. In this case the setting lied (no third party cookies... but we'll set them anyway) and the cookie owner is being blamed for not carefully follwing what the browser setting claims to do, not what it actually does. This is a design flaw, not an exploit. Google didn't inject code into Safari, didn't break into the user's machine and chaged the settings. I'm more worried about setting precedents that constrain third parties into doing what the first party understood a setting in the second parties product to mean. Currently we are free to deal with what software actually does and malicious activity is well understood. No reason to upset that balance by tryin to codiy who should behave like when to be morally clean.
He explained how this precise problem would be avoided in a good user-removable battery design (and there is no reason to postulate that Apple would botch it), you just repeated yourself. I'll call this in GPs favor.
I like how you, just like the Pauls, use "government" when talking about the entity which shouldn't have power X, but specifically disclaim that its the "federal government" that should be restricted from doing so...
Trying to pass legistlation to exempt certain cases from being heard by the supreme court and claiming to follow the constitution that delegates such authority to said court is just a tad dishonest. He also generally likes to talk about principles and not mention how the cases where he actually highlights the principles corespond to his personal beliefs.
They're spending our tax money, they ought to be telling us how their using it.
Yes, let's make them follow every time money is spent by a public broadcast and a nationwide pamphlet drop, including after ever public broadcast and nationwide pamphlet drop!
Oh, don't worry, they will be proven "right" when the devices actually evolve into something more capable. Who cares about predictions applying to the hardware they were made for? "They were right in the end", even though they weren't when they called it early.
If it was a bomb, it would have been blown up midair most likely.
Or during the next flight when whoever left it is no longer on board, or during takeoff to shut down the airport, or during refueling for massive fireball. Or whenever, because people who leave bombs on airplanes aren't necessarily predictable. Don't make assumptions in security.
Morons are people who make assumptions when it comes to security. They didn't know what it was, where it came from nor when it came on-board. Even if they did know that it was on board fro the last flight, there are no grounds to assume it was meant to explode on that flight and not, say, the next one. Cell phones are a common remote detonator, don't leave shit wired up to cell phones (or wrist watches, etc.) on an airplane and don't expect anyone to make assumptions in your favor if you do.
People who don't Realize the Dangers of Being Locked in a Factory and Other Libertarian Myths by DigiShaman, no workers died in a fire during the second printing of this book.
Right, someone to blame is what AC wants. Too bad AC doesn't disclose what POS (well, it might not be, but shifting blame to other vendors instead of making sure shit works is a good indicator) they sell so that I can avoid ever touching it.
If you want no added features or only certain added features it is the best advice there is, unless you think that the only advice allowed is: "here's what you need already prepackaged".
I don't necceserily think you believe they should, you are however expressing a very strong wish that they would do so, no matter what their reasons are for trying to avoid another IE6 situation (why ever would Mozilla want that?) among other things. If you have any suggestions on how This is about the usefulness of the tool, and FF is becoming less useful (for me) over time. Whether this is the fault of FF or not is irrelevant. You would like to shift the maintanence burden of supporting any number of versions (including your prefered sauce) on Mozilla and web developers, whether you believe they should do it is rather irrelevant.
Can you certify that 3.753.12.5 will not break something that worked in 3.753.12.4? No? Well then. But you can blame Mozilla, that must make your customers feel better when stuff breaks...
There you go, now convince add-on developers to covert instead of continuing to develop against the internals. The original add-on system was a hack, you can't just freeze the internals to work around that, it needs to be fixed with a proper API and the Add-on SDK is just that.
Slashdot Mirror
The one that everyone (or so it seems) parrots and no one actually believes? If you did the only logical choice would be to vote for those with the worst intentions. If you do not, you don't believe that best intentions cause the most damage, if you don't believe it you should stop saying it.
The case against Google would be much stronger if it was not a default. It's much easier to believe that they went the technical workaround route to make multi service login work so as not to bother the user with changing a "broken" default. Had it been off by default the argument that Google deliberately ignored the users wishes would be more convincing as then the users actual wishes would be known, an obscure (in function, not location) default doesn't reflect deliberate user choice.
Not sure why you are so insistent on me making "Google out to be the good guy", I consider this one fairly neutral on the web development scale, workarounds and hacks are extremely common in the field. Correctly describing what happens on a technical level is just that, not some sort of white washing. People can still be outraged once they understand what happened, but it's important that they don't picture Google exploiting a security vulnerability (of the code execution kind) and installing spy-ware to track them or ignoring some sort of flag that Google promises not to ignore.
Oh my, a car analogy... Let's try to get somewhat closer. It's like saying that you "allowed" the maintenance tech to leave a flier in the trunk by having a trunk that won't (by default) open with the door key fully inserted but (due to an oversight from the manufacturer) will work if it's one tooth short of being fully in. The techs discovered this by accident and have been using this ever since to check that mark on their checklist. They still have many other ways to advertise (in Google's case track) to you but this is how they do things and not only was it not necessarily a deliberate choice on your part to have mismatched keys (a default) but it certainly isn't a statement of not wanting a flier in the trunk, since on the technical level it's just a trunk that doesn't open with the door key.
As with most car analogies it gets complex when it is close to being a good analogue due to the complexity of the issue.
On the upside we now have actual settings that specifically express the wish to not be tracked, I know Google will half-heartedly half-honor them. I wish they did more (and don't expect to see it, sadly), but as it shows that they at least acknowledge the issue when it's divorced from merely inferring intentions.
If that was the case then no cookies would be set and we wouldn't be having this discussion. Be it an exploit or not, the browser is what ignored the setting.
The browser is what ignored the setting, there can be no question about this as Google didn't modify its behaviour. The real question is where workarounds of software problems (this is very, very common in web programming, a point you are trying to ignore) becomes unacceptable. Remember that aside from tracking this does affect Google's infrastructure. Yes, they deliberately tied their tracking with their products, but that was a choice made independently of tricking Safari into accepting their cookies.
You forgot the part where slashdot is also all about innovation, rapid development and not placing undue burdens onto third parties. With that in mind respecting the users settings has always been up to the software presenting the settings just as fixing exploits has been up to the software's developers. If you want to make it illegal for Google (or anyone else) to track you online the way to do it is to mandate that you are not logged at all if a certain flag (that is not used for anything else is present, anything else is reading tea leaves. Is it to be illegal to store data through Flash or localstorage if it is inferred that cookies are blocked? What about fingerprinting? Pixel sized images? What if my webkit browser that pretends to be Safari randomly drops half of all third party cookies? What is Google obligated to infer from such a technical artifact. More importantly were does my obligation to read the users mind end if I set up a web service? Fuck Google, this kind of thinking affects everyone with a webserver and it would be good to know that the difference between workarounds and cracking is not one that changes while your back is turned.
No, avoiding kneejerk reactions and thinking things through applies in every case. That or me siding with Microsoft when Google accused them of "copying" search results was just Google fanboyism.
Because confirmation bias.
Id doesn't matter what the setting says. In this case the setting lied (no third party cookies... but we'll set them anyway) and the cookie owner is being blamed for not carefully follwing what the browser setting claims to do, not what it actually does. This is a design flaw, not an exploit. Google didn't inject code into Safari, didn't break into the user's machine and chaged the settings. I'm more worried about setting precedents that constrain third parties into doing what the first party understood a setting in the second parties product to mean. Currently we are free to deal with what software actually does and malicious activity is well understood. No reason to upset that balance by tryin to codiy who should behave like when to be morally clean.
He explained how this precise problem would be avoided in a good user-removable battery design (and there is no reason to postulate that Apple would botch it), you just repeated yourself. I'll call this in GPs favor.
Is Google supposed to read Safari settings? You tell your software it should do X, it doesn't. Fine third party?
Handwave away, I guess.
I like how you, just like the Pauls, use "government" when talking about the entity which shouldn't have power X, but specifically disclaim that its the "federal government" that should be restricted from doing so...
Trying to pass legistlation to exempt certain cases from being heard by the supreme court and claiming to follow the constitution that delegates such authority to said court is just a tad dishonest. He also generally likes to talk about principles and not mention how the cases where he actually highlights the principles corespond to his personal beliefs.
Yes, let's make them follow every time money is spent by a public broadcast and a nationwide pamphlet drop, including after ever public broadcast and nationwide pamphlet drop!
Oh, don't worry, they will be proven "right" when the devices actually evolve into something more capable. Who cares about predictions applying to the hardware they were made for? "They were right in the end", even though they weren't when they called it early.
Knowing the reliability of witnesses it's pretty safe to say that not even Zimmerman really knows what happened.
Or during the next flight when whoever left it is no longer on board, or during takeoff to shut down the airport, or during refueling for massive fireball. Or whenever, because people who leave bombs on airplanes aren't necessarily predictable. Don't make assumptions in security.
Morons are people who make assumptions when it comes to security. They didn't know what it was, where it came from nor when it came on-board. Even if they did know that it was on board fro the last flight, there are no grounds to assume it was meant to explode on that flight and not, say, the next one. Cell phones are a common remote detonator, don't leave shit wired up to cell phones (or wrist watches, etc.) on an airplane and don't expect anyone to make assumptions in your favor if you do.
It's not wires and shit, it's shit wired to a cell phone. Guess what is comonly used as a remote detonator?
What is that supposed to prove anyway?
"Let the Americans figure out what's best for themselves" would be the equivalent, that sentiment probably existed too.
People who don't Realize the Dangers of Being Locked in a Factory and Other Libertarian Myths by DigiShaman, no workers died in a fire during the second printing of this book.
Right, someone to blame is what AC wants. Too bad AC doesn't disclose what POS (well, it might not be, but shifting blame to other vendors instead of making sure shit works is a good indicator) they sell so that I can avoid ever touching it.
If you want no added features or only certain added features it is the best advice there is, unless you think that the only advice allowed is: "here's what you need already prepackaged".
I don't necceserily think you believe they should, you are however expressing a very strong wish that they would do so, no matter what their reasons are for trying to avoid another IE6 situation (why ever would Mozilla want that?) among other things. If you have any suggestions on how This is about the usefulness of the tool, and FF is becoming less useful (for me) over time. Whether this is the fault of FF or not is irrelevant. You would like to shift the maintanence burden of supporting any number of versions (including your prefered sauce) on Mozilla and web developers, whether you believe they should do it is rather irrelevant.
Will make you rich!*
*Will actually bankrupt you.
Merely adding a star to a misleading statement doesn't make it not misleading.
Bugs and API stability are orthogonal, you should know that.
Can you certify that 3.753.12.5 will not break something that worked in 3.753.12.4? No? Well then. But you can blame Mozilla, that must make your customers feel better when stuff breaks...
There you go, now convince add-on developers to covert instead of continuing to develop against the internals. The original add-on system was a hack, you can't just freeze the internals to work around that, it needs to be fixed with a proper API and the Add-on SDK is just that.