|
posted by dennisn on September 5th, 2011 at 11:27PM
Compromising an SSL certificate authority, and a no-name kiosk, are vastly different things. No, I wouldn't do banking on a stranger's computer.
"Why not?" websockets, or whatever other new-fangled browser protocols come up? Well, that's an excellent question. If you derive fun from reinventing wheels, that's none of my business. But if you then break old wheels, or pretend they don't exist, and expect everyone to hop on your new wheel every year, then it becomes absurd. (Ie. JavaScript-only sites are more often then not absurd.)
I don't think HTTP reinvented any wheels? Unless maybe the FTP wheel? Anyways, I can give you a valid thing or two that HTTP/HTML offered that FTP (or whatever else) didn't. Can you give me a single new thing that these fads offer?
Also, I think you're a bit too caught up in this web-based fad. I actually don't think "the market has spoken" in it's favor. I certainly would agree that it has captured the retarded masses -- simplicity does that. Of course, there are serious costs to that simplicity -- non-trusted source code, more centralized points of failure, bloat, less control/customization. For example, Ubuntu certainly is popular among newbies, it is pretty easy to use -- but the people who really matter don't use it personally.
You seem to be suggesting that using other people's computers (to access your programs via their browser/hardware) is a good thing. It really isn't. It is an absolute last resort -- and if it require any kind of real security, it's incredibly stupid. So, -1 for that reasoning.
I also do have a hangup understanding why you would prefer google to read and store your (sensitive?) information, and not your own personal program that you have complete control over. But, whatever, you're free to do whatever you feel like. As I mentioned earlier, my only concern is when old/working things get broken/ignored, by over-zealous (and confused :p) fads.
In conclusion, keep your js-gmail and your js-google-maps and your js-facebook, don't talk to me about them :p (unless you have an actual point), but simply leave a non-js version of them for the rest of us to use. Or, at the very least, don't expect all the rest of us to jump on your band-wagon, just because everyone else is doing it. That never works.
|
posted by dsk on September 9th, 2011 at 8:49AM
>Compromising an SSL certificate authority, and a no-name kiosk, are vastly different things
There's a whole plethora of computers between your personal machine and a "no-name" kiosk that should illicit different trust levels. You wouldn't do banking on a no-name kiosk, but what about a locked-down university computer? Besides, as there's a whole bunch of certificate authorities that are based in despotic countries (e.g. China), or are run by people (all of them), you can be sure that your cert was / is probably compromised.
>Can you give me a single new thing that these fads offer?
Yes, it runs in a fuckin browser.
>For example, Ubuntu certainly is popular among newbies, it is pretty easy to use -- but the people who really matter don't use it personally.
LIKE WHO? Hell, Torvalds used Fedora 9, a few years back. Nobody uses something like Gentoo or minimalist distro, except hobbyists who? like to tinker. Who are these people that "really matter"
>You seem to be suggesting that using other people's computers (to access your programs via their browser/hardware) is a good thing.
It's deeper then that. You can distribute your "programs" (web-apps) and know that no matter what OS / architecture they use, as long as they have a modern browser, it'll work with ZERO hassle. You cannot get this kind of distribution with installed software.
>but simply leave a non-js version of them for the rest of us to use
You're going to find that difficult. At some point, it'll just be assumed that js is running.
> Or, at the very least, don't expect all the rest of us to jump on your band-wagon
Who are the rest of you, because the market already moved, you're still looking back at at mid 90s as some sort of a golden age (relevant: see Woody Allen's 'Midnight in Paris').
Also somewhat relevant: http://blog.mozilla.com/n...ess-observation/
"A web browser is not a document viewer, it is a full-blown programming environment with some very sophisticated text and graphical capabilities. A web page is not a document but a program."
|
posted by dennisn on September 9th, 2011 at 9:47AM
No doubt there are trust issues all along the way. Trusting only reliable certificate authorities, perhaps only those who provide an extra layer of authentication -- not blindly accepting any CA your browser wants -- is definitely one step in the right direction. Using your own trusted hardware, however, should come way before that, and is way more important. (There is little difference between a public university computer, and a public kiosk -- it's probably even more risky, cuz of all the hackers who would do shit just for fun.)
When you say it "runs in a browser" -- you're absolutely right -- it only runs in *a* browser. I've tried a bunch of them, and only had luck with the bloated firefox. All my other webkit ones are a HUGE pain in the ass -- JavaShit sites consume 100% of cpu generally, they crash constantly -- it's a nightmare. Clearly web-designers only care about that one browser -- it shouldn't even be called JavaShit ... it should be called MozillaShit, or IEShit, practically speaking. Anyways, I don't see how that's a good thing. My C email program is far more responsive and workable. And secure! (I wonder what will happen to all those Iranians who used gmail with the fake/bad google-certificate. Lolz :|. Scary. Central point of failure: check. Non-trusted certificate authority added to make newbie's lives "easier", as per market demand: check. Outcome: I-told-you-so.)
Fedora isn't Ubuntu. The masses specifically want Ubuntu. Most of the famous people probably use debian or freebsd -- definitely not Ubuntu. For obvious reasons ... simplicity and power are two diametrically opposite things.
Regarding multi-platform development, this goal has been around forever. There already exist countless cross-platform frameworks (Qt/GTK/....) that can do it all for you. Just like you can package a massive bloated Firefox Platform, you can package GTK/etc into your distro -- which is far smaller and more powerful.)
RE: Midnight in Paris, will do.
RE: the browser as a programming environment paradigm -- that's exactly at the heart of our disagreement. It can all be solved if you simply separate your programming environment from the webpage-viewer (what a browser was originally meant to do!). I don't want my webpages loading programs and hacking my computer -- I already have a good and trusted distribution that does that.
|
|
|