posted by dsk on September 9th, 2011 at 8:49AM
>Compromising an SSL certificate authority, and a no-name kiosk, are vastly different things
There's a whole plethora of computers between your personal machine and a "no-name" kiosk that should illicit different trust levels. You wouldn't do banking on a no-name kiosk, but what about a locked-down university computer? Besides, as there's a whole bunch of certificate authorities that are based in despotic countries (e.g. China), or are run by people (all of them), you can be sure that your cert was / is probably compromised.
>Can you give me a single new thing that these fads offer?
Yes, it runs in a fuckin browser.
>For example, Ubuntu certainly is popular among newbies, it is pretty easy to use -- but the people who really matter don't use it personally.
LIKE WHO? Hell, Torvalds used Fedora 9, a few years back. Nobody uses something like Gentoo or minimalist distro, except hobbyists who? like to tinker. Who are these people that "really matter"
>You seem to be suggesting that using other people's computers (to access your programs via their browser/hardware) is a good thing.
It's deeper then that. You can distribute your "programs" (web-apps) and know that no matter what OS / architecture they use, as long as they have a modern browser, it'll work with ZERO hassle. You cannot get this kind of distribution with installed software.
>but simply leave a non-js version of them for the rest of us to use
You're going to find that difficult. At some point, it'll just be assumed that js is running.
> Or, at the very least, don't expect all the rest of us to jump on your band-wagon
Who are the rest of you, because the market already moved, you're still looking back at at mid 90s as some sort of a golden age (relevant: see Woody Allen's 'Midnight in Paris').
Also somewhat relevant: http://blog.mozilla.com/n...ess-observation/
"A web browser is not a document viewer, it is a full-blown programming environment with some very sophisticated text and graphical capabilities. A web page is not a document but a program."
There's a whole plethora of computers between your personal machine and a "no-name" kiosk that should illicit different trust levels. You wouldn't do banking on a no-name kiosk, but what about a locked-down university computer? Besides, as there's a whole bunch of certificate authorities that are based in despotic countries (e.g. China), or are run by people (all of them), you can be sure that your cert was / is probably compromised.
>Can you give me a single new thing that these fads offer?
Yes, it runs in a fuckin browser.
>For example, Ubuntu certainly is popular among newbies, it is pretty easy to use -- but the people who really matter don't use it personally.
LIKE WHO? Hell, Torvalds used Fedora 9, a few years back. Nobody uses something like Gentoo or minimalist distro, except hobbyists who? like to tinker. Who are these people that "really matter"
>You seem to be suggesting that using other people's computers (to access your programs via their browser/hardware) is a good thing.
It's deeper then that. You can distribute your "programs" (web-apps) and know that no matter what OS / architecture they use, as long as they have a modern browser, it'll work with ZERO hassle. You cannot get this kind of distribution with installed software.
>but simply leave a non-js version of them for the rest of us to use
You're going to find that difficult. At some point, it'll just be assumed that js is running.
> Or, at the very least, don't expect all the rest of us to jump on your band-wagon
Who are the rest of you, because the market already moved, you're still looking back at at mid 90s as some sort of a golden age (relevant: see Woody Allen's 'Midnight in Paris').
Also somewhat relevant: http://blog.mozilla.com/n...ess-observation/
"A web browser is not a document viewer, it is a full-blown programming environment with some very sophisticated text and graphical capabilities. A web page is not a document but a program."
|
posted by dennisn on September 9th, 2011 at 9:47AM
No doubt there are trust issues all along the way. Trusting only reliable certificate authorities, perhaps only those who provide an extra layer of authentication -- not blindly accepting any CA your browser wants -- is definitely one step in the right direction. Using your own trusted hardware, however, should come way before that, and is way more important. (There is little difference between a public university computer, and a public kiosk -- it's probably even more risky, cuz of all the hackers who would do shit just for fun.)
When you say it "runs in a browser" -- you're absolutely right -- it only runs in *a* browser. I've tried a bunch of them, and only had luck with the bloated firefox. All my other webkit ones are a HUGE pain in the ass -- JavaShit sites consume 100% of cpu generally, they crash constantly -- it's a nightmare. Clearly web-designers only care about that one browser -- it shouldn't even be called JavaShit ... it should be called MozillaShit, or IEShit, practically speaking. Anyways, I don't see how that's a good thing. My C email program is far more responsive and workable. And secure! (I wonder what will happen to all those Iranians who used gmail with the fake/bad google-certificate. Lolz :|. Scary. Central point of failure: check. Non-trusted certificate authority added to make newbie's lives "easier", as per market demand: check. Outcome: I-told-you-so.) Fedora isn't Ubuntu. The masses specifically want Ubuntu. Most of the famous people probably use debian or freebsd -- definitely not Ubuntu. For obvious reasons ... simplicity and power are two diametrically opposite things. Regarding multi-platform development, this goal has been around forever. There already exist countless cross-platform frameworks (Qt/GTK/....) that can do it all for you. Just like you can package a massive bloated Firefox Platform, you can package GTK/etc into your distro -- which is far smaller and more powerful.) RE: Midnight in Paris, will do. RE: the browser as a programming environment paradigm -- that's exactly at the heart of our disagreement. It can all be solved if you simply separate your programming environment from the webpage-viewer (what a browser was originally meant to do!). I don't want my webpages loading programs and hacking my computer -- I already have a good and trusted distribution that does that. |
