That's exactly how my site works - it turns a folder structure of markdown(ish) files into a folder structure of indexed and cross-linked html, then rsync's the result to my server. No database, no dependencies, just files and a python script or two.
I even exported and converted 400 posts from WordPress using a small script.
I looked at pelican at the time. I can't remember why I didn't use it, but rolling my own was a fun project.
I ran a low traffic WordPress blog for many years. WordPress has many great features but between insecure plugins and a constantly updating core system, it just takes too much time to administer for someone who just wants to host a simple no-fuss blog.
My advice is for anyone starting a personal blog is to either use a WordPress hosting company or just go with something like Tumblr. You don't get the flexibility, but your life will be easier.
I got so fed up that I wrote my own static site generator to run my site. It doesn't have the nice features of WordPress but it certainly won't collapse under load and I get to laugh at the script-kiddies trying to hack the non-existent php scripts.
The problem is GamerGate started with the attacks on Zoe Quinn, which turned out to be complete fabrications.
The real problem is that even if GamerGates's allegations about Quinn were 100% true, nobody cares if person A slept with person B for an obscure review of a game on some website. It is literally the least possible social sin; people who go through the express lane at the supermarkets with more than 6 items deserve more scorn.
The big publishers spend literally hundreds of thousands of dollars in advertising with the same websites and the self proclaimed guardians of journalistic ethics seem OK with it. This, along with the fact that the whole thing with Quinn was totally made up, seem to point to GG being a bunch of arseholes. I really want to believe that most of them are just morons who don't understand the game industry, journalism, or humanity in general, and are just misguided because I don't like to think there are that many arseholes around. But they just won't shut up.
This is NOT a small, obscure problem for users of DLINK routers. Although it does not open up Wifi access or anything like that, having access to the configuration panel of your router is bad news even from inside the network. I can't think of anyway to automatically exploit it via a browser (XSS-style) but a small executable (or trusted Java applet, for instance) could do it.
Additionally, I wonder how many small establishments are offering free wifi using DLINK equipment. Those networks are now vulnerable.
If I was a bad(er) guy, the first thing I would change would be the DNS settings. Forcing all computers behind the router to use a DNS I control opens up all sorts of interesting ways to mess with people.
True, but nobody tries breaking into a system by logging in ten thousand times a second to a single account. The recent well-publicised break-ins resulted from the hashed password file being publicly available, either stolen through a vulnerability or maliciously leaked. If the attackers have the hashed passwords they can try them at a rate of millions or billions of attempts per second for as long as they want.
I wrote this a while ago but I will continue to post it as long as stupid people exist: You Do Not Have A Facebook Page!. Facebook has a page on you.
I signed up to Facebook and occasionally update Facebook's page on me, I find the service quite useful for keeping in touch with people, but I am under no illusions as to why Facebook provides this service. Anyone who uses Facebook with anything they expect to keep private has seriously misunderstood their relationship with the company.
Enough of this namby-pamby nuclear rocket talk. What we need is Project Orion to be restarted. Imagine lifting oil-tanker sized craft from the ground into space using only a few hundred nuclear bombs, what could possibly go wrong?
Nobody uses everything in C++, I estimate that most programmers only ever use 75% of the language. The problem is that everybody uses a different 75%. For instance, diamond inheritance can be a pain, but is occasionally unavoidable and I am glad it works. STL algorithms are the best part of C++, complex problems reduce down a few lines of code.
Your one example that is actually bloated is iostreams, which is slow and overkill for almost any program. I wish more C++ text books would ignore iostreams and spend more time on STL.
Facebook has reached the pinnacle of social networking - the only place to go now is downhill unless they change. They already have every user who wants a page, the only new users are young kids just getting online - not Facebook's target demographic. Also, they have just gone public which puts pressure on the company to make more money.
I predict Facebook will start to branch out into video and music more and more in an attempt to get more pages views - it must be galling for Facebook to see people sharing videos with YouTube advertising instead of Facebook's. They are going to have to be careful, users don't like change.
(One thing users don't want is a whole slew of different social networks. I am on Facebook and G+, but I would only use one if either gave me full control over who sees what. I think projects like Diaspora are always going to be niche ideas)
Bingo. Facebook is a reasonably good service, but all it doesn't take much to launch a competitor. Sooner or later another site will become the next Facebook and Facebook will become the next MySpace. Personally I think the biggest threat comes from mobile, all it would take is for a few of the mobile providers to get together and launch a service aimed at teenagers (who are not as invested in FaceBook) and in a few years FB is the old-persons network.
FaceBooks only saving grace is that the mobile providers all hate each other and couldn't provide an appealing service if their lives depended on it (which, somehow it doesn't - I've never worked that out).
This goes for all social networks (including Slashdot) but I will use Facebook as an example:
You do not have a FaceBook page.
No you don't.
Facebook has a page on you, which you update for them for free. You are a product that Facebook produces for its customers. The customers of Facebook are the advertisers, not you. This is not necessarily a bad deal for you. You get to show people Facebook's page about you, and derive pleasure from interacting with Facebook's pages about your friends. All for free.
But don't get upset when Facebook decides to improve things for its customers, because they can (and should) put them first. Facebook owes you nothing.
Regulating social networks seems like an exercise in frustration. What counts as a social network? Does my blog count? Do I need to let users download all their comments in an "industry standard format"? Do MMO's count? Can I download my +5 firesword?
Sometimes I wish Slashdot would let me download my mod points in an open format and use them on another web site. I have some Facebook posts in mind that need down-modding.
Exactly right. I have noticed a huge upswing of probing behavior in my Wordpress site logs, all targeting timthumb in various common themes. Wordpress is easy to install (and easy to upgrade) but requires ongoing upkeep as vulnerabilities are found and patched. Too many people just install it and let it rot.
With Roulette you don't need to predict very well to get an edge on the house. Even you if can fairly consistently guess which quarter of the wheel the ball will land in, you can shift the odds well into your favor over the long run. That's what the "cheaters" with electronic aids were doing.
On the flip side, I remember installing a PNG datatype and then suddenly every single browser could display PNGs, whether the browser author cared (or even knew about) PNG or not.
That's great, but what are websites supposed to do? Start serving up PNGs (or whatever modern equivalent) and hope that users have the correct plugin? Or do they stick with something not quite as good that they know will work? That is why having a small list of supported codecs is important (leaving aside the fact that many users simply cannot install additional software).
Nobody cares about Matroska files except for pirates (which is a shame, because it has nice features). Neither Windows or MacOSX are interested in supporting every single codec under the sun. You can install additional codecs for both Windows and Quicktime if you want to, but if you are distributing files it is better to just use an industry standard like h264. This is exactly my point.
I don't really have anything to add except to say the Netflix and similar products will never use the standard video tag to stream video, since it doesn't offer the flexibility and DRM that they need. Netflix isn't really a web-based product anyway, all the heavy lifting is done outside of the browser.
Video codecs and fonts are similar in that they are both complex binary formats whose readers have until recently not been exposed to the cesspit of exploits known as the internet. Both font rendering code (on all OS's) and base video codecs have had patches to fix security holes (mainly buffer overflows) in recent years. Mozilla does not want to be in a position where they know there is an exploitable hole in a video codec that the vendor won't quickly fix (which has happened in the past).
What are they supposed to do in that situation, disable the feature? Ship a product they know is insecure? At least with their own codecs, they know they can always ship an update immediately if a problem is found.
On your second point, I am not sure it is Firefox's job to be all things to all people. It is a web browser, not a security console. If you want a web enabled security console then you would use a web-ready video codec. Besides, Firefox still supports plugins for additional behavior if you really need something non-standard. You could even make a plugin that forwarded everything onto gstreamer (or DirectX, or Quicktime) if you really want to - just don't expect me to install it.
They shouldn't "support H.264" but rather, they should support any unknown (to the browser) codec by trying the OS.
No, no, no. That will lead to the bad old days of having to install a different codec for each web site. Remember when we had Real, various MS codecs, Quicktime, and Flash, and various others I have forgotten all competing for memory? It sucked.
In a perfect world the video tag would define a small list of codecs that are broadly supported by OSes and mobile devices. The list of codecs can be revisited every 5 years or so as technology improves but should be fairly static. The browser can chose to implement the codecs themselves or let the OS do it, but should not attempt to pass every unknown codec onto the OS. H264 is the industry standard (like it or not) and if Firefox can't implement it itself (for good reasons) then I think using the OS is a fair enough compromise.
I wrote about this 2 years ago when this issue first came up. At the time one of the Mozilla devs explained that they didn't really trust the OS codecs from a security point of view, but time has moved on and I would expect that most H264 codecs are pretty secure now.
Slashdot Mirror
That's exactly how my site works - it turns a folder structure of markdown(ish) files into a folder structure of indexed and cross-linked html, then rsync's the result to my server. No database, no dependencies, just files and a python script or two.
I even exported and converted 400 posts from WordPress using a small script.
I looked at pelican at the time. I can't remember why I didn't use it, but rolling my own was a fun project.
I ran a low traffic WordPress blog for many years. WordPress has many great features but between insecure plugins and a constantly updating core system, it just takes too much time to administer for someone who just wants to host a simple no-fuss blog.
My advice is for anyone starting a personal blog is to either use a WordPress hosting company or just go with something like Tumblr. You don't get the flexibility, but your life will be easier.
I got so fed up that I wrote my own static site generator to run my site. It doesn't have the nice features of WordPress but it certainly won't collapse under load and I get to laugh at the script-kiddies trying to hack the non-existent php scripts.
The real problem is that even if GamerGates's allegations about Quinn were 100% true, nobody cares if person A slept with person B for an obscure review of a game on some website. It is literally the least possible social sin; people who go through the express lane at the supermarkets with more than 6 items deserve more scorn.
The big publishers spend literally hundreds of thousands of dollars in advertising with the same websites and the self proclaimed guardians of journalistic ethics seem OK with it. This, along with the fact that the whole thing with Quinn was totally made up, seem to point to GG being a bunch of arseholes. I really want to believe that most of them are just morons who don't understand the game industry, journalism, or humanity in general, and are just misguided because I don't like to think there are that many arseholes around. But they just won't shut up.
I never thought of this, that's pretty sneaky.
This is NOT a small, obscure problem for users of DLINK routers. Although it does not open up Wifi access or anything like that, having access to the configuration panel of your router is bad news even from inside the network. I can't think of anyway to automatically exploit it via a browser (XSS-style) but a small executable (or trusted Java applet, for instance) could do it.
Additionally, I wonder how many small establishments are offering free wifi using DLINK equipment. Those networks are now vulnerable.
If I was a bad(er) guy, the first thing I would change would be the DNS settings. Forcing all computers behind the router to use a DNS I control opens up all sorts of interesting ways to mess with people.
True, but nobody tries breaking into a system by logging in ten thousand times a second to a single account. The recent well-publicised break-ins resulted from the hashed password file being publicly available, either stolen through a vulnerability or maliciously leaked. If the attackers have the hashed passwords they can try them at a rate of millions or billions of attempts per second for as long as they want.
I wrote this a while ago but I will continue to post it as long as stupid people exist: You Do Not Have A Facebook Page!. Facebook has a page on you.
I signed up to Facebook and occasionally update Facebook's page on me, I find the service quite useful for keeping in touch with people, but I am under no illusions as to why Facebook provides this service. Anyone who uses Facebook with anything they expect to keep private has seriously misunderstood their relationship with the company.
Enough of this namby-pamby nuclear rocket talk. What we need is Project Orion to be restarted. Imagine lifting oil-tanker sized craft from the ground into space using only a few hundred nuclear bombs, what could possibly go wrong?
Speaking of HTML5test, I just ran a before and after test with firefox 15 and firefox 16:
Firefox 15: 346 out of 500
Firefox 16: 363 out of 500
Chrome 22: 437 out of 500
Nobody uses everything in C++, I estimate that most programmers only ever use 75% of the language. The problem is that everybody uses a different 75%. For instance, diamond inheritance can be a pain, but is occasionally unavoidable and I am glad it works. STL algorithms are the best part of C++, complex problems reduce down a few lines of code.
Your one example that is actually bloated is iostreams, which is slow and overkill for almost any program. I wish more C++ text books would ignore iostreams and spend more time on STL.
Facebook has reached the pinnacle of social networking - the only place to go now is downhill unless they change. They already have every user who wants a page, the only new users are young kids just getting online - not Facebook's target demographic. Also, they have just gone public which puts pressure on the company to make more money.
I predict Facebook will start to branch out into video and music more and more in an attempt to get more pages views - it must be galling for Facebook to see people sharing videos with YouTube advertising instead of Facebook's. They are going to have to be careful, users don't like change.
(One thing users don't want is a whole slew of different social networks. I am on Facebook and G+, but I would only use one if either gave me full control over who sees what. I think projects like Diaspora are always going to be niche ideas)
Bingo. Facebook is a reasonably good service, but all it doesn't take much to launch a competitor. Sooner or later another site will become the next Facebook and Facebook will become the next MySpace. Personally I think the biggest threat comes from mobile, all it would take is for a few of the mobile providers to get together and launch a service aimed at teenagers (who are not as invested in FaceBook) and in a few years FB is the old-persons network.
FaceBooks only saving grace is that the mobile providers all hate each other and couldn't provide an appealing service if their lives depended on it (which, somehow it doesn't - I've never worked that out).
Yes, but not for this reason.
Filmgoing Public
This goes for all social networks (including Slashdot) but I will use Facebook as an example:
You do not have a FaceBook page.
No you don't.
Facebook has a page on you, which you update for them for free. You are a product that Facebook produces for its customers. The customers of Facebook are the advertisers, not you. This is not necessarily a bad deal for you. You get to show people Facebook's page about you, and derive pleasure from interacting with Facebook's pages about your friends. All for free.
But don't get upset when Facebook decides to improve things for its customers, because they can (and should) put them first. Facebook owes you nothing.
Regulating social networks seems like an exercise in frustration. What counts as a social network? Does my blog count? Do I need to let users download all their comments in an "industry standard format"? Do MMO's count? Can I download my +5 firesword?
Sometimes I wish Slashdot would let me download my mod points in an open format and use them on another web site. I have some Facebook posts in mind that need down-modding.
That NASA link is 50 times as interesting as this lame story. Thanks.
Exactly right. I have noticed a huge upswing of probing behavior in my Wordpress site logs, all targeting timthumb in various common themes. Wordpress is easy to install (and easy to upgrade) but requires ongoing upkeep as vulnerabilities are found and patched. Too many people just install it and let it rot.
With Roulette you don't need to predict very well to get an edge on the house. Even you if can fairly consistently guess which quarter of the wheel the ball will land in, you can shift the odds well into your favor over the long run. That's what the "cheaters" with electronic aids were doing.
On the flip side, I remember installing a PNG datatype and then suddenly every single browser could display PNGs, whether the browser author cared (or even knew about) PNG or not.
That's great, but what are websites supposed to do? Start serving up PNGs (or whatever modern equivalent) and hope that users have the correct plugin? Or do they stick with something not quite as good that they know will work? That is why having a small list of supported codecs is important (leaving aside the fact that many users simply cannot install additional software).
Nobody cares about Matroska files except for pirates (which is a shame, because it has nice features). Neither Windows or MacOSX are interested in supporting every single codec under the sun. You can install additional codecs for both Windows and Quicktime if you want to, but if you are distributing files it is better to just use an industry standard like h264. This is exactly my point.
I don't really have anything to add except to say the Netflix and similar products will never use the standard video tag to stream video, since it doesn't offer the flexibility and DRM that they need. Netflix isn't really a web-based product anyway, all the heavy lifting is done outside of the browser.
Video codecs and fonts are similar in that they are both complex binary formats whose readers have until recently not been exposed to the cesspit of exploits known as the internet. Both font rendering code (on all OS's) and base video codecs have had patches to fix security holes (mainly buffer overflows) in recent years. Mozilla does not want to be in a position where they know there is an exploitable hole in a video codec that the vendor won't quickly fix (which has happened in the past).
What are they supposed to do in that situation, disable the feature? Ship a product they know is insecure? At least with their own codecs, they know they can always ship an update immediately if a problem is found.
On your second point, I am not sure it is Firefox's job to be all things to all people. It is a web browser, not a security console. If you want a web enabled security console then you would use a web-ready video codec. Besides, Firefox still supports plugins for additional behavior if you really need something non-standard. You could even make a plugin that forwarded everything onto gstreamer (or DirectX, or Quicktime) if you really want to - just don't expect me to install it.
No, no, no. That will lead to the bad old days of having to install a different codec for each web site. Remember when we had Real, various MS codecs, Quicktime, and Flash, and various others I have forgotten all competing for memory? It sucked.
In a perfect world the video tag would define a small list of codecs that are broadly supported by OSes and mobile devices. The list of codecs can be revisited every 5 years or so as technology improves but should be fairly static. The browser can chose to implement the codecs themselves or let the OS do it, but should not attempt to pass every unknown codec onto the OS. H264 is the industry standard (like it or not) and if Firefox can't implement it itself (for good reasons) then I think using the OS is a fair enough compromise.
I wrote about this 2 years ago when this issue first came up. At the time one of the Mozilla devs explained that they didn't really trust the OS codecs from a security point of view, but time has moved on and I would expect that most H264 codecs are pretty secure now.
So the moon contains rare earth elements, and now we have rare moon minerals on Earth. MAKE UP YOUR DAMN MINDS, EARTH/MOON SYSTEM!
Still use it nearly every day. I was hoping they would open it up and my friends and I could host it on our own server
I have some good news - although they don't seem to actually have a really ready yet.
TFA describes how they eavesdropped on the communication between the user and Apple's server. Doesn't sound very secure to me.