Jeff'd Again
-
@ben_lubar said in Jeff'd Again:
@Zenith said in Jeff'd Again:
@error said in Jeff'd Again:
Christ, I never thought I'd meet a web developer pining for the Bad Old Days.
"Oh me, oh my, it's so hard to write 4KB of shim code for differently named properties/objects. Everybody should just change their workflow and buy new hardware instead." - Hipsters Everywhere In Between Yet Another Round of Break Fix For Lack Of Any Forethought Or Responsibility
I'll totally switch to a spyware browser and an OS that updates with more ads and fewer features whenever it fucking wants to save you a few hours of work over the life of a project!
the part you're not mentioning is that someone else has written those 4KB of shim code already
True. But even jQuery and Angular duhvelopers cry about having to maintain shim code. It's already written and those old platforms are never going to change. If those shims break, it's because the jQuery/Angular developers did something stupid. The solution isn't to pull the shims but hire developers that are capable of fixing something without breaking something else. Or, for God's sake, have code review that isn't 100% preoccupied with bracket placement and camel-casing.
In before somebody complains about adding 4KB to the 25MB of libraries blobbed together in the average SPA.
-
@ben_lubar said in Jeff'd Again:
@Zenith said in Jeff'd Again:
@error said in Jeff'd Again:
Christ, I never thought I'd meet a web developer pining for the Bad Old Days.
"Oh me, oh my, it's so hard to write 4KB of shim code for differently named properties/objects. Everybody should just change their workflow and buy new hardware instead." - Hipsters Everywhere In Between Yet Another Round of Break Fix For Lack Of Any Forethought Or Responsibility
I'll totally switch to a spyware browser and an OS that updates with more ads and fewer features whenever it fucking wants to save you a few hours of work over the life of a project!
the part you're not mentioning is that someone else has written those 4KB of shim code already
And that you're already including a 6MB library for leftpad.
-
@dcon said in Jeff'd Again:
@Tsaukpaetra said in Jeff'd Again:
@levicki said in Jeff'd Again:
managed to build MORE WITH LESS.
One of these days I'll get Windows running smoothly on 128mb again...
"smoothly"
I'll have you know Windows 98 is butter once you fix the general protection fault and hard disk driver and......
-
If my site is broken because I didn't obey the spec, I'll fix it. If a site is broken because the browser didn't obey the spec, they need to fix their broken browser.
-
@levicki said in Jeff'd Again:
NCR's ATM software uses embedded IE control for showing pages and user interaction
sure but
@levicki said in Jeff'd Again:
it is still secure and even functional enough for that purpose.
in a very controlled environment, where the network, client, and server are all controlled by them.
A forum, on the other hand, has no such guarantees.
In related news, Windows 95 is perfectly secure. in specific configurations.
-
@levicki said in Jeff'd Again:
If you can't set your webserver config including which ciphers are used and in which order, then you are using shared hosting and you aren't serious about security anyway.
I don't see how pointing out that the server owner has control of the server is relevant here.
@levicki said in Jeff'd Again:
The only guarantee you don't have is client but that's pretty much standard stuff.
And network. That'd be a big one. As in, you have no control over anything in the network layer between your server and the client using the coffee shop public wifi.
@levicki said in Jeff'd Again:
I already asked what is so important worth securing on a forum so I won't repeat that question
It depends on the forum. I'm sure there's private stuff in this one that people would really rather not get leaked by poorly secured connections.
@levicki said in Jeff'd Again:
are TLS 1.2 ciphers inadequate for forum software? Is AES encryption broken? Because if it is, you might want to tell your bank to stop using it:
How is this relevant to the point I'm making? (which, for clarity, is: what NCR does on a terminal where they control everything, client, server, and network, has very little relevance to any internet security discussion)
@levicki said in Jeff'd Again:
And Internet Explorer 11 is not less secure than any other modern browser for the 99% of the users.
Probably not, no. However, since it's literally only included for backwards compatibility, and tells you not to use it, it's probably not worth actually expending any effort on, especially when there's a replacement that works fine.
@levicki said in Jeff'd Again:
On the contrary, it may even be more secure because nowadays it is only getting security patches while other browsers are doing massive changes to introduce new features.
HAHA uh what?
-
@levicki said in Jeff'd Again:
On the contrary,
itWindows 7 may even be more secure, because nowadays it isonlynot even getting security patches whileother browsersWindows 10 are doing massive changes to introduce new features every couple of weeks.Clearly, it is now the most securest!
-
@Tsaukpaetra said in Jeff'd Again:
@levicki said in Jeff'd Again:
On the contrary,
itWindows 7 may even be more secure, because nowadays it isonlynot even getting security patches whileother browsersWindows 10 are doing massive changes to introduce new features every couple of weeks.Clearly, it is now the most securest!
BRB, installing Windows 3.11 for Workgroups for "security"
-
@error said in Jeff'd Again:
Toby faire, I've been making games lately, so it's not exactly something that can degrade gracefully to plain HTML.
Crosswords and Minesweeper can both be displayed in tables of text, which is plain HTML.
And Hangman can be displayed in pure (HTML) text as well.The graphics wouldn't be as pretty, but that's already to be expected when degrading from more fancy stuff.
-
@djls45 said in Jeff'd Again:
@error said in Jeff'd Again:
Toby faire, I've been making games lately, so it's not exactly something that can degrade gracefully to plain HTML.
Crosswords and Minesweeper can both be displayed in tables of text, which is plain HTML.
And Hangman can be displayed in pure (HTML) text as well.The graphics wouldn't be as pretty, but that's already to be expected when degrading from more fancy stuff.
None of those are using WebGL. Hangman is plain HTML, and the other two are server rendered images. In a way, they're already degraded (don't worry, they're into that). My Reversi game is WebGL.
-
@remi said in Jeff'd Again:
I'm not sure what the solution to the whole thing is, but I feel that as more and more older people are using, and relying on, computers, this needs to be taken into account.
Many US states - and I believe countries in Europe? - don't allow cars onto the road that don't meet current emissions standards, so that they can't make everybody else's life miserable. I don't think doing the same thing for outdated OSes is unreasonable - if your machine can't be secured, it shouldn't be allowed outbound access to the Internet.
Now, in a world with HTTPS everywhere, that's impossible to enforce - it's not like ISPs can inspect user agents anymore. But hopefully popular websites dropping support can lead to a de facto ban of those machines.
-
@Unperverted-Vixen said in Jeff'd Again:
in a world with HTTPS everywhere, that's impossible to enforce
I'm sure the NSA could do it - not that they'd use their powers for good like that.
-
@Tsaukpaetra said in Jeff'd Again:
@levicki said in Jeff'd Again:
@Tsaukpaetra I wonder what language would Javascript be written in if people did not manage to write and use BCPL and later C in less RAM than an average script-laden webpage is taking today while not offering anything substantially more worthy than a regular desktop app?
The fact that you expressed your question in a run-on is indicative.
While it is long and complex, that's not really a run-on sentence:
I wonder what language would Javascript be written in (if people did not manage to write and use BCPL and later C (in less RAM than an average script-laden webpage is taking today) while not offering anything substantially more worthy than a regular desktop app)?
-
@dcon said in Jeff'd Again:
@Tsaukpaetra said in Jeff'd Again:
@levicki said in Jeff'd Again:
managed to build MORE WITH LESS.
One of these days I'll get Windows running smoothly on 128mb again...
"smoothly"
Molasses is smooth.
-
@djls45 said in Jeff'd Again:
@dcon said in Jeff'd Again:
@Tsaukpaetra said in Jeff'd Again:
@levicki said in Jeff'd Again:
managed to build MORE WITH LESS.
One of these days I'll get Windows running smoothly on 128mb again...
"smoothly"
Molasses is smooth.
-
@levicki said in Jeff'd Again:
I remember having Windows 98 install stripped down using 98lite -- you could have actually fully remove IE from the OS, those were the days my friend...
You fool. According to some people here that is the best browser. Why even use windows if you don't use ie?
Filed under: #WeNeedAnotherBrowserToAttack
-
@Unperverted-Vixen said in Jeff'd Again:
@remi said in Jeff'd Again:
I'm not sure what the solution to the whole thing is, but I feel that as more and more older people are using, and relying on, computers, this needs to be taken into account.
Many US states - and I believe countries in Europe? - don't allow cars onto the road that don't meet current emissions standards, so that they can't make everybody else's life miserable. I don't think doing the same thing for outdated OSes is unreasonable - if your machine can't be secured, it shouldn't be allowed outbound access to the Internet.
I think that's taking the opposite route to what I'm hoping for, i.e. making things even more hostile to older people by forcing change on them in an absolutely unavoidable way. Not that I'm opposed to ensuring most (all?) users are secured, but at the moment assuming this could be enforced this would only speed-up the race forward to ever-changing stuff, which is bad for people with limited computer literacy and slowing minds.
I guess what's needed is to decouple the UI from the functionalities, kind of like a car is still driven more or less the same way independently of whether or not it has gazillions of advanced driver features and airbags and what not.
-
-
@ben_lubar said in Jeff'd Again:
@Benjamin-Hall said in Jeff'd Again:
@hungrier What about browsers that don't support modern authentication ciphers? Running a mixed-security (http & https) forum seems like a bad idea, and cipher fall-backs are dangerous from a security perspective.
I basically agree, but there are limits.
Unless Jeff has done something even more terrible than I'm used to, Discourse does not implement its own TLS library.
It would be too slow in Ruby. So you know what that means: TLS CDN!
-
@sloosecannon said in Jeff'd Again:
@levicki said in Jeff'd Again:
On the contrary, it may even be more secure because nowadays it is only getting security patches while other browsers are doing massive changes to introduce new features.
HAHA uh what?
No, this one makes sense in that every new bit of code you add creates new and exciting opportunities for security risks, so at least IE11 isn't that sort of moving target any more.
-
@Luhmann said in Jeff'd Again:
@Tsaukpaetra said in Jeff'd Again:
Windows 98 is butter
But ME was buttermilk
Don't insult buttermilk like that!
-
@dfdub
It's more like Vista then?
-
-
@Luhmann said in Jeff'd Again:
@Tsaukpaetra said in Jeff'd Again:
Windows 98 is butter
But ME was buttermilk
In the past, I've made actual buttermilk(1) (rather than "cultured buttermilk", the sort of slightly thin yoghurt sold in supermarkets and called buttermilk but in fact not buttermilk at all). It's the liquid left over when you've made butter from non-homogenised milk and it therefore a sort of even-more-skimmed skimmed milk.
I would have said that ME wasn't that, although "cultured buttermilk" might be more accurate as an analogy..
(1) It's worth noting that I wasn't actually trying to make buttermilk, but rather, it was a byproduct of making my own butter. The hard part of the process is finding suitable milk.
-
I believe that the core question is really what sort of developer you are. Are you trying to empower others or control them?
-
@Zenith said in Jeff'd Again:
I believe that the core question is really what sort of developer you are. Are you trying to empower others or control them?
I myself only stand where I am because i stand on the shoulders of Giants. It therefore behooves me to assist others to stand on my shoulders so that we together are greater than the sum of our parts and therefore together are both improved by the experience.
-
@Steve_The_Cynic
We did that as children ... after visiting a dairy farm
-
@Luhmann
I also remember walking across some unused land from my grandmother to a nearby old farm with a gigantic fireplace, just an open fire with a kettle or pot hanging over it to get 1l of fresh milk or buttermilk in a tin milk flask.
The farm creeped me out ... First it was the walk through nowhere, then there was this big Mechelse as a guard dog kept in a too small kennel, then you entered the dark farmhouse, lit only by the fireplace and finally you faced thewitchfarmer's wife and her missing teeth ...
-
@Vixen said in Jeff'd Again:
@Zenith said in Jeff'd Again:
I believe that the core question is really what sort of developer you are. Are you trying to empower others or control them?
I myself only stand where I am because i stand on the shoulders of Giants. It therefore behooves me to assist others to stand on my shoulders so that we together are greater than the sum of our parts and therefore together are both improved by the experience.
So, the latter.
-
@jinpa said in Jeff'd Again:
@Vixen said in Jeff'd Again:
@Zenith said in Jeff'd Again:
I believe that the core question is really what sort of developer you are. Are you trying to empower others or control them?
I myself only stand where I am because i stand on the shoulders of Giants. It therefore behooves me to assist others to stand on my shoulders so that we together are greater than the sum of our parts and therefore together are both improved by the experience.
So, the latter.
it wasn't obvious? :sickly_sweet_innocent_smile_that_makes_you_subtly_fear_for_your_life:
-
@Vixen National Cash Register, though they don't call themselves that anymore; they became "NCR Corp" when sucked into AT&T. I much prefer your version though.
-
@Vixen said in Jeff'd Again:
it wasn't obvious? :sickly_sweet_innocent_smile_that_makes_you_subtly_fear_for_your_life:
I'm not worth it.
-
@jinpa /shrug but you might taste good with catsup
or sexual lubricant. either or.
-
@Zenith said in Jeff'd Again:
I believe that the core question is really what sort of developer you are. Are you trying to empower others or control them?
I definitely don't want to empower the retards on my team. I'd like to fire them, but I guess I'd settle for control.
-
@Luhmann My mom told the story of, as a girl in the 1930s(?), riding home from a (her grandparents'?) farm with a container of fresh milk and finding that when they got back to the city they had butter and buttermilk, because the ride was so bumpy.
-
@levicki said in Jeff'd Again:
Didn't you say that NCR uses IE11 in controlled enviroment as opposed to webs devs not having control over server/network/client?
The important part is that they have control over all three
@levicki said in Jeff'd Again:
I am just saying that web devs (should) have control over server if they are serious about security.
Yes, and the color red is generally interpreted to mean red.
@levicki said in Jeff'd Again:
It seems to me that you are trying to make a claim that IE11 is somehow worse than the other browsers when the environment is not fully controlled? How exactly does that argument work if the same communication security is used for all?
With the recent failure to validate X.509 certificates caused by crypt32.dll bug even Chrome was vulnerable to fake certs because it uses system crypto API just like IE does. in other words, your argument is bullshit.It seems to me you've missed the entire point of what I was saying, which is what NCR uses in their controlled environment has no bearing whatsoever on security concerns for a public forum. So the point that you brought up, which is "NCR uses embedded IE on their ATMs" is entirely irrelevant. At no point am I making claims about IE's security status being better or worse than any other browser's. You are making up straw-man arguments and bringing up random shit like TLS1.2 or the crypt32.dll bug to hide the fact that you're wrong, and that what NCR uses on their controlled machines is completely irrelevant to the point at hand.
In other words, stop putting words in my mouth, and shut up and accept that I just invalidated your point. Fucker.
-
@levicki said in Jeff'd Again:
Stable software with occasional security patches or Agile with two week release schedule. Which is more likely to have security issues?
It depends. Frankly there are other factors that are much more important. And something that's essentially abandonware isn't likely to get much security attention...
-
@boomzilla said in Jeff'd Again:
@Zenith said in Jeff'd Again:
I believe that the core question is really what sort of developer you are. Are you trying to empower others or control them?
I definitely don't want to empower the retards on my team. I'd like to fire them, but I guess I'd settle for control.
I was thinking more with respect to users. I view software as a tool to help people do stuff, not a lever to force my preferred hardware/OS/browser/etc on users.
Forced obsolescence in particular is just a shortcut for people that are out of ideas and can't make a real argument for users to move from something that works.
Per your comment about retards on a team, I don't even want to manage developers because you never really have control over them. Even if you could fire them, you'd just get different H1Bs. You can't fix what's wrong with them and babysitting them requires constant supervision that precludes accomplishing much else. I just don't want to be responsible for a situation so entirely out of my control. There are only three places that I want to work - with my peers, by myself, or elsewhere.
-
@Vixen said in Jeff'd Again:
I myself only stand where I am because i stand on the shoulders of Giants.
There are times when I think I am where I am because I steal from the pockets of giants.
-
@levicki said in Jeff'd Again:
@HardwareGeek said in Jeff'd Again:
@Luhmann My mom told the story of, as a girl in the 1930s(?), riding home from a (her grandparents'?) farm with a container of fresh milk and finding that when they got back to the city they had butter and buttermilk, because the ride was so bumpy.
I heard there are all sorts of creams created on bumpy rides
Not if you have good enough suspension...
-
@Zenith said in Jeff'd Again:
Forced obsolescence in particular is just a shortcut for people that are out of ideas and can't make a real argument for users to move from something that works.
Should talk to Apple about that...
-
@Zenith said in Jeff'd Again:
I believe that the core question is really what sort of developer you are. Are you trying to empower others or control them?
I'd settle for controlling the gods-be-damned computers...
-
@Tsaukpaetra said in Jeff'd Again:
@Zenith said in Jeff'd Again:
Forced obsolescence in particular is just a shortcut for people that are out of ideas and can't make a real argument for users to move from something that works.
Should talk to Apple about that...
They're providing OS updates for 4 year old1 phones, unlike some others whose phone is obsolete out of the box. So I don't see your point.
1Sure, that's not even close to 10+ years of Windows support, but I don't see anyone providing that.
-
@topspin said in Jeff'd Again:
@Tsaukpaetra said in Jeff'd Again:
@Zenith said in Jeff'd Again:
Forced obsolescence in particular is just a shortcut for people that are out of ideas and can't make a real argument for users to move from something that works.
Should talk to Apple about that...
They're providing OS updates for 4 year old1 phones, unlike some others whose phone is obsolete out of the box. So I don't see your point.
1Sure, that's not even close to 10+ years of Windows support, but I don't see anyone providing that.
Phone slow? Get a new one! Got crashes? Get new Mac! Battery not charging? You should really get the New iPad!
It's not always about software...
-
@Tsaukpaetra said in Jeff'd Again:
It's not always about software...
I thought this thread/comment was, but fair point, I see what you mean now about the battery.
-
@dkf said in Jeff'd Again:
@Vixen said in Jeff'd Again:
I myself only stand where I am because i stand on the shoulders of Giants.
There are times when I think I am where I am because I steal from the pockets of giants.
We can tell that you work in academia.
-
@JBert said in Jeff'd Again:
@dkf said in Jeff'd Again:
@Vixen said in Jeff'd Again:
I myself only stand where I am because i stand on the shoulders of Giants.
There are times when I think I am where I am because I steal from the pockets of giants.
We can tell that you work in academia.
-
@Tsaukpaetra said in Jeff'd Again:
Phone slow
it wasn't until Apple released their latest version of IOS.
which is really impressive, given i have an Android.....
-
@levicki said in Jeff'd Again:
TL;DR -- considerably more than 4 years but Apple haters are gonna hate.
PEARS RULE! APPLES DROOL!
-
I made the mistake of dropping in on this thread again. I can now feel my IQ evaporating. Thanks, guys.
