By "irreversibly destroyed Java's fundamental value", Oracle means "we should be getting payments from Google because they're using a version of Java that they didn't license from us to make money." Everything else is fluff.
The flaw was initially reported over 120 days ago to Google, which exceeds even their own 90-day disclosure deadline.
Do you remember them throwing Microsoft under the bus by releasing information about a flaw before it was patched? Yeah. Oops.
In summary, the Stagefright disclosure process was an interesting one to observe. The (un)surprising outcome being that given all the exposure this vulnerability received combined with essentially infinite resources on the vendor side, effective security mitigations were still not deployed. Google employs a tremendously large security staff, so much so that many members dedicate time to audit other vendor’s software and hold them accountable to provide a code fix within a deadline period. If Google cannot demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers then what hope do the rest of us have?
I don't particularly dislike Google. I use Android and several of their services. Sometimes, however, their sense of self-satisfaction can get on my nerves, especially when they demonstrate themselves capable of the same flaws as their competitors but don't seem to own up to it.
Same with the US, but all those require you to bury a wire around the perimeter of your yard, which sounds like a pain in the butt. This one uses a (presumably) simpler system involving stakes that transmit wireless signals.
It's not unusual at all. I've worked in the videogame industry for many years. You simply don't talk to the public or media about projects you're working on - ever. We all sign NDA agreements which prohibit us from talking about *anything*. I can't even *name* the current project I'm working on, let alone discuss details. I've written official company blogs about the games I've worked on, but they were reviewed by editors, legal, community managers, PR, and so on before being published. When you're sinking ten to a hundred million dollars into a AAA title, a company wants to be incredibly careful about the message being sent out. This developer was part of that world, and unfortunately didn't understand that.
There's a great temptation to talk to media, because people are interested in what happens behind the scenes of some of their favorite videogames. It's a bit of an ego boost to think that people want to listen to what you have to say. It's unfortunate that Nintendo felt the need to fire him instead of giving him a reprimand, but I suppose that's their policy.
Just recently we saw how an ill-conceive blog from an Oracle manager made the entire company look really bad. You can understand why people who aren't trained to talk to the public or the media shouldn't be attempting it on their own. Things are bound to slip our that you didn't really want to say.
Yeah, this seems to beg for a more elegant solution, as it sounds like you'll never be able to build enough depth planes to really fix the problem. Cameras looking back at your eyes should theoretically be able to pinpoint where you're currently looking, and if precise enough, maybe even the depth to which you're focusing. This is already being researched with software used for people to manipulate a computer with only their eyes. The software can then feed this information back to the application to adjust the current focus point.
If it worked as envisioned, it could very well add a additional level of realism/immersion to VR goggles. Still, I'd imagine we've got some time before we get beyond the basics into this sort of territory.
I was thinking the same thing. Words like "proof" are almost always out of place when talking about new hypotheses. It's a good theory, but call the data what it is: evidence that supports the theory.
Still, saying games are fundamentally about challenge is a value judgment that I do not think holds water.
I definitely agree. Many people don't understand or accept that different people enjoy different aspects of different types of games. For instance, I've heard from people who hate cutscenes say "I don't want to watch a movie, I want to play a game!" For me, watching an involved story through lengthy cutscenes is not painful (unless horribly done), but one of those *rewards* for getting through parts of the gameplay. Moreover, some people dislike the Elder Scrolls games because of the weak combat, but I love them because I take great pleasure in exploring new worlds.
An old trick is to write the email and not send it, or send it to yourself. That way you get some catharsis, and can send a more civil email later (or no email at all, handle it politely in person).
I've actually done that a number of times with posts here on slashdot. I've had, like almost anyone else, extremely rude or ignorant (IMO) responses before, and my first impulse is to write a long post detailing exactly why they're wrong (i.e. "Someone is WRONG on the internet!") or some snarky response. After writing all that out, I then belatedly realize that the best way to deal with a troll or idiot (again, IMO) is to ignore them, and I end up closing the browser without posting.
If I do respond, I often tend to moderate my tone from the first drafts, taking our unnecessary swearing (it often just makes you sound angry or ignorant) and removing excessive snark (makes you sound like a stuck-up prick), and so on. The trick is that this requires the discipline to NOT hit the submit button right away, but to let the post sit for a few minutes first while you re-read it a few times. Nearly every time I've posted something that sounded snarky or angry I've regretted it later, so I've gotten better at doing this.
No, many of these tools are decompiling the code and then running static analysis on them. When hundreds or thousands of alleged "vulnerabilities" are found, they send the full report to Oracle. Naturally, most of these are false flags, as you'd expect from such a system. So, the frustration is somewhat understandable.
What's not understandable is how she could possibly imagine such a childish rant should be made in public.
I remember reading a while back about drunk cycling being a commonplace issue in Russia
Well, sure, but alcoholism in Russia is so rampant that it's negatively affect lifespan stats. There's a real problem, for instance, with people passing out in the dead of winter and freezing to death on the streets. So, it's likely that drunk whatever is a problem in Russia, so long as it's possible to do whatever while intoxicated.
If you think about it, ALL games are designed to be addictive. The sort of pleasure/reward sensations are really no different between paid, free, free-to-play, buy-to-play, or any other variation. Instead, what's different is that the microtransaction based free-to-play games purposefully slow down the effort/reward ratio over time, and force the player to either slog through longer hours of gameplay with fewer rewards per hour spent, with the temptation of being able to increase that ratio with real money.
Every game has to carefully balance that effort/reward ratio. Too much effort required, and the game feels like a grind. Too much reward too quickly, and there's no sense of accomplishment, or the game simply runs out of content for the player. The problem is that the microtransaction model encourages developers to negatively impact these core game mechanics. Many players also dislike the immersion-breaking aspect of a game asking for more money during gameplay. Unfortunately, it's also proven to be a rather popular model, because it's a great way to get players hooked without the initial barrier of a financial commitment.
Personally, I feel the nastiest side of microtransaction games is that these types of games also benefit greatly from addictive/obsessive personalities, with some players spending obscene amounts of money on in-game perks (this was according to the CEO of a company I used to work for). This is great for a company's bottom line, but I don't care much for that aspect of microtransaction based games at all.
I suspect you got downmodded because you're making a very extraordinary claim. You're telling me that Outlook or IE actually runs an executable with no additional warnings? I'm sorry, but unless you show me some proof of that, I find it incredibly hard to believe.
Take a look at this simulation video showing the infection process. How many steps did the user have to take to extract and then execute the Cryptolocker installer? They had to click on the attachment and save it to disk, unzip the contents, and then execute the installer, bypassing a warning screen in the process. That isn't just clicking on a single link in an e-mail.
Note that this is Thunderbird, not Outlook, but the process should be the same for any modern e-mail client. And no modern browser will purposefully execute native code just by clicking on a link, or we'd all be swimming in malware by now. Unless there's a security exploit involved or a *very* old version of the software, I'd be astounded if that were this possible, given what we've learned about security in the past fifteen years or so.
Every customer of yours gets Cryptolocker installed? You must not have a lot of repeat customers!
I'm guessing you meant to type something other than "Cryptolocker" there?
I'm sort of curious how this ransomware is being executed by clicking on a single link in an e-mail, as is implied in the stories. Surely this can't be done without an exploit in a modern browser and OS, right?
exploiting a Linux kernel made for free by volunteers
Corporations like Red Hat, Suse, IBM, Texas Instruments, Linaro, Samsung, Oracle, and yep, even Microsoft, all contributed to Linux. In fact, corporate contributions now stand at about 80% of all submissions, according to the Linux Development Report. The notion that Linux is made exclusively by a bunch of unpaid volunteers is simply not true. It started out that way, but it has a lot of corporate support these days.
In case you're wondering, Google was the 8th most prolific Linux kernel corporate contributor in 2014.
I'd only call it hypocrisy if the same people who complained about H1Bs depressing skilled labor wages didn't care about the flood of "undocumented workers" crossing our southern border and depressing unskilled labor wages. Both illegal immigration AND H1B visa abuse are wrong because it makes an end-run around our national sovereignty and immigration laws. Companies or individuals that abuse these policies are benefiting from the comfort, stability, and infrastructure of being located in the US (and paid for by US citizens), but are taking advantage of cheaper foreign labor at the cost of qualified US workers.
"Calls for diversity" are typically nothing more than politicized pandering. Unless there is evidence of intentional discrimination, there should be no government interference with who a US company hires among qualified US citizens. Moreover, if one particular person is hired over another because of race or sex (which is what quotas would entail), it's discrimination just the same. You can't trample individual rights to improve a society. I just don't think a greater good will come of it.
The correct solution here is to ensure there are enough qualified applicants of all types. And that means a lot of tough questions about how we can improve our inner-city societies and education. There are no quick or easy answers here. Frankly, it's a hell of a lot easier to just point at a company and imply there's racism/sexism going on simply because there aren't nearly as many qualified black or female candidates.
I don't understand something about this particular theory. Life had to start somewhere, right? Why does it make more sense for it to have been formed somewhere else and transported here rather than being home grown? What makes some other planet a more amenable nursery for life?
Essentially, it seems like if it can start in one place, it can start in many places, including Earth. Moreover, if it starts here, it seems a heck of a lot more likely to *thrive* here. And a not-yet-fully-formed Earth doesn't seem like all that difficult an obstacle, given the many extremophiles we've seen.
Exactly. If you build an app, and nobody buys it, you have pretty much just wasted time, but probably aren't out much in terms of cash.
They're essentially the same thing unless you consider your time valueless. Every hour you spend working on your own software is an hour you're NOT getting paid to work on someone else's software, and the bills don't stop piling up just because you're not earning anything.
The real problem here isn't the vendors, it's the carriers.
How fucked would we be if PC users could buy PCs with Windows or OS X installed, but could only get security updates by downloading ISP-signed binaries from Comcast or AT&T's "official" repositories?
Yep, a good point. Apple was the only one with the clout to avoid that nonsense. It's too bad it didn't set a precedent that the rest of the industry followed. Honestly, I think I might be willing to overlook a little bit of collusion if the rest of the manufacturers got together and demanded the same autonomy.
Still, my feeling is that Samsung has probably coordinated with the carriers about more frequent security updates. I don't see any reason they would be resistant to the idea, since it's not all that more troublesome for them.
True, but I haven't seen updates pushed without my consent so far on my phone. Also, I suspect the chance of your phone being completely bricked by a security update is pretty low. You probably have a much better chance of accidentally dropping and breaking it.
Still, I do share your fears about mandatory updates. I think Microsoft's Windows 10 update policy for the consumer version is absolute lunacy. It makes sense from a security standpoint, but it's horrible in terms of stability/control for people who rely on their computers. I really, really hope they re-think this aspect of update policy.
For me, the situation is opposite of yours, in that my computer is absolutely critical for my work, but I could probably live without my phone for a while. Having to reinstall everything would be incredibly disruptive.
I think they're being forced into this by mounting public/press pressure. They're going through the same discovery process that creators of PC software, browsers, and operating systems went through a decade ago (or more recently with Adobe and Oracle). If a company like Microsoft can get their shit together security-wise, then so can Google and other Android manufacturers. It just requires a fairly serious commitment. Whether this is real or marketing bullshit will become clear soon enough.
I'd hesitate to call that person a "researcher". Those rolling distortions he filmed are pretty easily explained as some sort of atmospheric distortion - the very simplest possible explanation. Call me when we see a video of the moon with rippling distortions while filmed from orbit.
I think the reason this particular NASA image looks "fake" is because we have no frame of reference for it. We almost never see the back side of the moon, nor are used to seeing it crossing in front of the Earth. Moreover, the way it's badly compressed into an animated gif makes it look even sketchier. Seriously, it's 2015. Do we not have anything better than gifs for animating small clips like this?
What's funny is that I tend to believe it's real almost *because* it looks sort of hokey. It would be pretty easy to make a much more convincing CG animation that would look much more "realistic".
Not to mention that heavy bombing was the ONLY real way we had to prosecute the war in a way that directly affected Germany in the early part of the war (while the eastern front was an ideal tank battleground). As a matter of fact, both the UK and US suffered appalling losses attempting to do this - especially the US with their insistence on daylight precision raids. Being in a bomber crew was far riskier than being an infantryman in WWII.
Certainly Russia suffered the most among the "big four" victors, and it was Russia who really defeated the Germans. But you have to look at everything in context. America not only had a second front of enormous proportions (the entire Pacific ocean, essentially), we had to gear up for a massive cross-channel invasion to start the real European war, and there was simply no way to get around the fact that it took a massive amount of time to prepare for that. Additionally, all the re-inforcements Hitler kept all along the entire coastline (even including places like Norway) kept those troops from fighting in the eastern front.
Russia came damn close to losing the war, and one could argue that help from the west may have been a significant factor. Yes, we kept bombers for ourselves, but we sent a staggering amount of food, weapons, vehicles, and other war supplies to Russia.
I grew up with the Soviet Union as the "evil empire", and was actually quite pleased when it looked like they could become real allies - maybe it was the "former enemies make the coolest allies" sort of thing, but I always had a lot of respect for the Russians. It sort of saddens me to see relations deteriorating.
How is that web assembly project coming along? It seems like a perfect fit for alternative languages like this instead of having to compile to JS. I think it will be a nice day when developers can choose a web language based on its merits rather than its ubiquitous nature.
Slashdot Mirror
By "irreversibly destroyed Java's fundamental value", Oracle means "we should be getting payments from Google because they're using a version of Java that they didn't license from us to make money." Everything else is fluff.
From the article:
The flaw was initially reported over 120 days ago to Google, which exceeds even their own 90-day disclosure deadline.
Do you remember them throwing Microsoft under the bus by releasing information about a flaw before it was patched? Yeah. Oops.
In summary, the Stagefright disclosure process was an interesting one to observe. The (un)surprising outcome being that given all the exposure this vulnerability received combined with essentially infinite resources on the vendor side, effective security mitigations were still not deployed. Google employs a tremendously large security staff, so much so that many members dedicate time to audit other vendor’s software and hold them accountable to provide a code fix within a deadline period. If Google cannot demonstrate the ability to successfully remedy a disclosed vulnerability affecting their own customers then what hope do the rest of us have?
I don't particularly dislike Google. I use Android and several of their services. Sometimes, however, their sense of self-satisfaction can get on my nerves, especially when they demonstrate themselves capable of the same flaws as their competitors but don't seem to own up to it.
Same with the US, but all those require you to bury a wire around the perimeter of your yard, which sounds like a pain in the butt. This one uses a (presumably) simpler system involving stakes that transmit wireless signals.
It's not unusual at all. I've worked in the videogame industry for many years. You simply don't talk to the public or media about projects you're working on - ever. We all sign NDA agreements which prohibit us from talking about *anything*. I can't even *name* the current project I'm working on, let alone discuss details. I've written official company blogs about the games I've worked on, but they were reviewed by editors, legal, community managers, PR, and so on before being published. When you're sinking ten to a hundred million dollars into a AAA title, a company wants to be incredibly careful about the message being sent out. This developer was part of that world, and unfortunately didn't understand that.
There's a great temptation to talk to media, because people are interested in what happens behind the scenes of some of their favorite videogames. It's a bit of an ego boost to think that people want to listen to what you have to say. It's unfortunate that Nintendo felt the need to fire him instead of giving him a reprimand, but I suppose that's their policy.
Just recently we saw how an ill-conceive blog from an Oracle manager made the entire company look really bad. You can understand why people who aren't trained to talk to the public or the media shouldn't be attempting it on their own. Things are bound to slip our that you didn't really want to say.
Yeah, this seems to beg for a more elegant solution, as it sounds like you'll never be able to build enough depth planes to really fix the problem. Cameras looking back at your eyes should theoretically be able to pinpoint where you're currently looking, and if precise enough, maybe even the depth to which you're focusing. This is already being researched with software used for people to manipulate a computer with only their eyes. The software can then feed this information back to the application to adjust the current focus point.
If it worked as envisioned, it could very well add a additional level of realism/immersion to VR goggles. Still, I'd imagine we've got some time before we get beyond the basics into this sort of territory.
I was thinking the same thing. Words like "proof" are almost always out of place when talking about new hypotheses. It's a good theory, but call the data what it is: evidence that supports the theory.
Still, saying games are fundamentally about challenge is a value judgment that I do not think holds water.
I definitely agree. Many people don't understand or accept that different people enjoy different aspects of different types of games. For instance, I've heard from people who hate cutscenes say "I don't want to watch a movie, I want to play a game!" For me, watching an involved story through lengthy cutscenes is not painful (unless horribly done), but one of those *rewards* for getting through parts of the gameplay. Moreover, some people dislike the Elder Scrolls games because of the weak combat, but I love them because I take great pleasure in exploring new worlds.
An old trick is to write the email and not send it, or send it to yourself. That way you get some catharsis, and can send a more civil email later (or no email at all, handle it politely in person).
I've actually done that a number of times with posts here on slashdot. I've had, like almost anyone else, extremely rude or ignorant (IMO) responses before, and my first impulse is to write a long post detailing exactly why they're wrong (i.e. "Someone is WRONG on the internet!") or some snarky response. After writing all that out, I then belatedly realize that the best way to deal with a troll or idiot (again, IMO) is to ignore them, and I end up closing the browser without posting.
If I do respond, I often tend to moderate my tone from the first drafts, taking our unnecessary swearing (it often just makes you sound angry or ignorant) and removing excessive snark (makes you sound like a stuck-up prick), and so on. The trick is that this requires the discipline to NOT hit the submit button right away, but to let the post sit for a few minutes first while you re-read it a few times. Nearly every time I've posted something that sounded snarky or angry I've regretted it later, so I've gotten better at doing this.
And how topical as well! Here's a great example of someone who should not have vented in public.
No, many of these tools are decompiling the code and then running static analysis on them. When hundreds or thousands of alleged "vulnerabilities" are found, they send the full report to Oracle. Naturally, most of these are false flags, as you'd expect from such a system. So, the frustration is somewhat understandable.
What's not understandable is how she could possibly imagine such a childish rant should be made in public.
I remember reading a while back about drunk cycling being a commonplace issue in Russia
Well, sure, but alcoholism in Russia is so rampant that it's negatively affect lifespan stats. There's a real problem, for instance, with people passing out in the dead of winter and freezing to death on the streets. So, it's likely that drunk whatever is a problem in Russia, so long as it's possible to do whatever while intoxicated.
If you think about it, ALL games are designed to be addictive. The sort of pleasure/reward sensations are really no different between paid, free, free-to-play, buy-to-play, or any other variation. Instead, what's different is that the microtransaction based free-to-play games purposefully slow down the effort/reward ratio over time, and force the player to either slog through longer hours of gameplay with fewer rewards per hour spent, with the temptation of being able to increase that ratio with real money.
Every game has to carefully balance that effort/reward ratio. Too much effort required, and the game feels like a grind. Too much reward too quickly, and there's no sense of accomplishment, or the game simply runs out of content for the player. The problem is that the microtransaction model encourages developers to negatively impact these core game mechanics. Many players also dislike the immersion-breaking aspect of a game asking for more money during gameplay. Unfortunately, it's also proven to be a rather popular model, because it's a great way to get players hooked without the initial barrier of a financial commitment.
Personally, I feel the nastiest side of microtransaction games is that these types of games also benefit greatly from addictive/obsessive personalities, with some players spending obscene amounts of money on in-game perks (this was according to the CEO of a company I used to work for). This is great for a company's bottom line, but I don't care much for that aspect of microtransaction based games at all.
I suspect you got downmodded because you're making a very extraordinary claim. You're telling me that Outlook or IE actually runs an executable with no additional warnings? I'm sorry, but unless you show me some proof of that, I find it incredibly hard to believe.
Take a look at this simulation video showing the infection process. How many steps did the user have to take to extract and then execute the Cryptolocker installer? They had to click on the attachment and save it to disk, unzip the contents, and then execute the installer, bypassing a warning screen in the process. That isn't just clicking on a single link in an e-mail.
Note that this is Thunderbird, not Outlook, but the process should be the same for any modern e-mail client. And no modern browser will purposefully execute native code just by clicking on a link, or we'd all be swimming in malware by now. Unless there's a security exploit involved or a *very* old version of the software, I'd be astounded if that were this possible, given what we've learned about security in the past fifteen years or so.
That's a very interesting article. Thanks for the link.
Every customer of yours gets Cryptolocker installed? You must not have a lot of repeat customers!
I'm guessing you meant to type something other than "Cryptolocker" there?
I'm sort of curious how this ransomware is being executed by clicking on a single link in an e-mail, as is implied in the stories. Surely this can't be done without an exploit in a modern browser and OS, right?
exploiting a Linux kernel made for free by volunteers
Corporations like Red Hat, Suse, IBM, Texas Instruments, Linaro, Samsung, Oracle, and yep, even Microsoft, all contributed to Linux. In fact, corporate contributions now stand at about 80% of all submissions, according to the Linux Development Report. The notion that Linux is made exclusively by a bunch of unpaid volunteers is simply not true. It started out that way, but it has a lot of corporate support these days.
In case you're wondering, Google was the 8th most prolific Linux kernel corporate contributor in 2014.
I'd only call it hypocrisy if the same people who complained about H1Bs depressing skilled labor wages didn't care about the flood of "undocumented workers" crossing our southern border and depressing unskilled labor wages. Both illegal immigration AND H1B visa abuse are wrong because it makes an end-run around our national sovereignty and immigration laws. Companies or individuals that abuse these policies are benefiting from the comfort, stability, and infrastructure of being located in the US (and paid for by US citizens), but are taking advantage of cheaper foreign labor at the cost of qualified US workers.
"Calls for diversity" are typically nothing more than politicized pandering. Unless there is evidence of intentional discrimination, there should be no government interference with who a US company hires among qualified US citizens. Moreover, if one particular person is hired over another because of race or sex (which is what quotas would entail), it's discrimination just the same. You can't trample individual rights to improve a society. I just don't think a greater good will come of it.
The correct solution here is to ensure there are enough qualified applicants of all types. And that means a lot of tough questions about how we can improve our inner-city societies and education. There are no quick or easy answers here. Frankly, it's a hell of a lot easier to just point at a company and imply there's racism/sexism going on simply because there aren't nearly as many qualified black or female candidates.
I don't understand something about this particular theory. Life had to start somewhere, right? Why does it make more sense for it to have been formed somewhere else and transported here rather than being home grown? What makes some other planet a more amenable nursery for life?
Essentially, it seems like if it can start in one place, it can start in many places, including Earth. Moreover, if it starts here, it seems a heck of a lot more likely to *thrive* here. And a not-yet-fully-formed Earth doesn't seem like all that difficult an obstacle, given the many extremophiles we've seen.
Exactly. If you build an app, and nobody buys it, you have pretty much just wasted time, but probably aren't out much in terms of cash.
They're essentially the same thing unless you consider your time valueless. Every hour you spend working on your own software is an hour you're NOT getting paid to work on someone else's software, and the bills don't stop piling up just because you're not earning anything.
The real problem here isn't the vendors, it's the carriers.
How fucked would we be if PC users could buy PCs with Windows or OS X installed, but could only get security updates by downloading ISP-signed binaries from Comcast or AT&T's "official" repositories?
Yep, a good point. Apple was the only one with the clout to avoid that nonsense. It's too bad it didn't set a precedent that the rest of the industry followed. Honestly, I think I might be willing to overlook a little bit of collusion if the rest of the manufacturers got together and demanded the same autonomy.
Still, my feeling is that Samsung has probably coordinated with the carriers about more frequent security updates. I don't see any reason they would be resistant to the idea, since it's not all that more troublesome for them.
show us your assumptions and calculations, please.
The moon is not a giant hologram projected by alien technology.[1]
[1] common fucking sense.
True, but I haven't seen updates pushed without my consent so far on my phone. Also, I suspect the chance of your phone being completely bricked by a security update is pretty low. You probably have a much better chance of accidentally dropping and breaking it.
Still, I do share your fears about mandatory updates. I think Microsoft's Windows 10 update policy for the consumer version is absolute lunacy. It makes sense from a security standpoint, but it's horrible in terms of stability/control for people who rely on their computers. I really, really hope they re-think this aspect of update policy.
For me, the situation is opposite of yours, in that my computer is absolutely critical for my work, but I could probably live without my phone for a while. Having to reinstall everything would be incredibly disruptive.
I think they're being forced into this by mounting public/press pressure. They're going through the same discovery process that creators of PC software, browsers, and operating systems went through a decade ago (or more recently with Adobe and Oracle). If a company like Microsoft can get their shit together security-wise, then so can Google and other Android manufacturers. It just requires a fairly serious commitment. Whether this is real or marketing bullshit will become clear soon enough.
I'd hesitate to call that person a "researcher". Those rolling distortions he filmed are pretty easily explained as some sort of atmospheric distortion - the very simplest possible explanation. Call me when we see a video of the moon with rippling distortions while filmed from orbit.
I think the reason this particular NASA image looks "fake" is because we have no frame of reference for it. We almost never see the back side of the moon, nor are used to seeing it crossing in front of the Earth. Moreover, the way it's badly compressed into an animated gif makes it look even sketchier. Seriously, it's 2015. Do we not have anything better than gifs for animating small clips like this?
What's funny is that I tend to believe it's real almost *because* it looks sort of hokey. It would be pretty easy to make a much more convincing CG animation that would look much more "realistic".
Not to mention that heavy bombing was the ONLY real way we had to prosecute the war in a way that directly affected Germany in the early part of the war (while the eastern front was an ideal tank battleground). As a matter of fact, both the UK and US suffered appalling losses attempting to do this - especially the US with their insistence on daylight precision raids. Being in a bomber crew was far riskier than being an infantryman in WWII.
Certainly Russia suffered the most among the "big four" victors, and it was Russia who really defeated the Germans. But you have to look at everything in context. America not only had a second front of enormous proportions (the entire Pacific ocean, essentially), we had to gear up for a massive cross-channel invasion to start the real European war, and there was simply no way to get around the fact that it took a massive amount of time to prepare for that. Additionally, all the re-inforcements Hitler kept all along the entire coastline (even including places like Norway) kept those troops from fighting in the eastern front.
Russia came damn close to losing the war, and one could argue that help from the west may have been a significant factor. Yes, we kept bombers for ourselves, but we sent a staggering amount of food, weapons, vehicles, and other war supplies to Russia.
I grew up with the Soviet Union as the "evil empire", and was actually quite pleased when it looked like they could become real allies - maybe it was the "former enemies make the coolest allies" sort of thing, but I always had a lot of respect for the Russians. It sort of saddens me to see relations deteriorating.
How is that web assembly project coming along? It seems like a perfect fit for alternative languages like this instead of having to compile to JS. I think it will be a nice day when developers can choose a web language based on its merits rather than its ubiquitous nature.