Jeff Atwood on security (blog post)
-
Eh, makes it better but I still go ick.
Like I said, it's probably a subconscious reaction. It's not really that horrible, but I just can't help but shudder when I have to use it.
I like what they did with 10 though. I'm pretty impressed with it so far.
-
That's the point - it's good for touchscreens. It kinda sucks on desktop. If you used one of those non-touch Android laptops, you'd probably hate Android with a passion too.
The non-diversity... Meh. It is a bit simplistic with its icons now that I think about it, but as long as I remember where IE and Netflix are, I don't care.
-
sucks on desktop
I see this all the time. Always from the clickety sort, who launch things on a desktop by mousing around through menus with identical folder icons.
I mean, granted, it could use less space. But it's essentially on the level of the desktop, except that you don't have to think about minimizing everything to use it, and an icon can be a clock.
-
-
He's not the only WinPhone user; there's a small but (sometimes) vocal number of us, all having the same host of issues
So you're all to blame for choosing inferior phones.
-
Pretty much anybody who's tried a WinPhone is a WinPhone user
My name is abarker. I've tried a WinPhone and I prefer Android.
-
I use my Windows Phone to load the site for 10 seconds so I can keep my attendance up. Actually using Discourse on it is not worth the effort. The best way I can describe it is random UI element teleportation.
-
But Jeff's error is more fundamental, assuming that the bug contributor has a duty where, in fact, no duty exists.
Jeff is wanting the world to accept his notion that everything can be free.
The fact is that the software is free, with the current bugs intact.
If Jeff wants the version without bugs, he has to determine if he is willing to pay for it.
Supply and Demand.
He is concerned that paying for bug fixes will cascade down into privatization of open source.
But that can't entirely occur straight, because the license prevents someone from copying the source, creating a proprietary version without bugs, and selling it.
So, there's this weird system where some weird capitalism/socialism hybrid made its way back into open source, through paying for bug fixes and distributing that cost throughout the users.
Private businesses pay for common ownership of the resulting product, which in a way is the means. So the public owns the means of production.
You can say, as the parts get built into more complex combinations, and those patterns become common, then they enter into the public means of production and become free. So in essence, everything shared between companies is free and the companies cooperate to improve this shared resource.
OMG he's perfected socialism.
-
But you can also operate this in reverse.
What's the most common denominator in means of production? We can see that this is ultimately shared, because people can change jobs.
Hint: Soylent is People.
So, people being the most common means of production become public property. Which is where socialism becomes unnatural.
And that's the problem that Jeff is having, he wants people to become public through their goodwill.
-
Jeff is wanting the world to accept his notion that everything can be free.
Huh? This also makes no sense here:
But Jeff's error is more fundamental, assuming that the bug contributor has a duty where, in fact, no duty exists.
You guys must have read different stuff than I did.
-
You guys must have read different stuff than I did.
I am concerned that we may be slowly moving toward a world where given enough money, all bugs are shallow. Money does introduce some perverse incentives for software security, and those incentives should be watched closely.
But I still believe that the people who will freely report security bugs in open source software because
It is the right thing to do™
and
They want to contribute back to open source projects that have helped them, and the world
… will hopefully not be going away any time soon.Essentially he's saying that he hopes there is always the existence of people who want to operate for free.
By extension everything can be free.
Not everything at once mind you, because we all still need to get paid.
But that there's no conceptual idea that can not be free.
As far as the other idea, is that he values the duty of freely offering service above the value of paid service. He accepts that to get expertise, sometimes you have to pay for it, but only because open source failed so hard because it didn't have the expertise it needed.
He laments someone expecting payment for a bug fix, when in most cases people are encouraged that asking doesn't hurt (see negotiating starting salary).
He fails to see that his expectation that a person should have offered help freely, is in fact no different from the expectation of the person that they should be paid.
That's the underlying problem here. He does not value supply and demand, but merely accepts that it does produce results when the alternative fails. Evidence in quote:
So we should view bug bounty programs as an additional angle of attack,
So he only sees paid service as an alternative, in the world of open source.
Which is ironic because open source software like Discourse is being capitalized by paid services (such as installation, hosting, and support).
Once again fitting the model that all software can be free. (which is what I meant by "everything can be free").
IMO...
Open source failed for 2 years because of the fanboyism. The idea that everything can be free is the failure.
So, one more social experiment proving that socialism cannot attract skilled labor.
-
Essentially he's saying that he hopes there is always the existence of people who want to operate for free.
Bullshit. They're exchanging stuff, just not money. Not every transaction need involve money.
-
He laments having to do that as well.
Believe me, I was very appreciative of the security bug reporting, and I
sent them whatever I could, stickers, t-shirts, effusive thank you
emails, callouts in the code and checkins. But open source isn't
supposed to be about the money… is it?Why does he mention money right after mentioning give aways? Because he sees a parallel.
Perhaps the landscape is different for closed-source, commercial products, where there's no expectation of quid pro quo
Because money is the quid-pro-quo you dolt.
-
-
Which he includes in the list.
Which makes it even more absurd.
He's saying he laments having to thank people, because they should just do it without thanks?
thank you emails, callouts in the code and checkins. But open source isn't supposed to be about
Look, I'm willing to accept that this could be a miscommunication on his part here, but if I take it at value, what he's written here, heavily implies that even thank yous should be too much for him to impart to a class of people that should be so duty obligated.
He is willing to do it, but with the same discomfort that he sees in offering money.
Unless he wrote this part wrong.
Which, given what I read from him, doesn't seem unbelievably outside of character. He seems to feel that he has the obligation to instruct us on how to correctly apply the efforts of our good-will. And when people act, in their goodwill, outside of his strict expectations... they are doing it wrong.
Is that not the case?
Because there's a very strong track record here.
-
>Perhaps the landscape is different for closed-source, commercial products, where there's no expectation of quid pro quo
Because money is the quid-pro-quo you dolt.
One more thing.
Does this guy lament the money he earns?
Does he sit up at night bothered by his income?
Does he cry tears at the missed opportunities to do it for free?
-
-
I was afraid editing it would offend you.
-
You're apparently the first person ever to be afraid of offending me.
-
Open source failed for 2 years because of the fanboyism. The idea that everything can be free is the failure.
Only 2 years?
-
Bullshit. They're exchanging stuff, just not money. Not every transaction need involve money.
True enough.
Except that Jeff imagines that every person should be willing to support open source in exchange for nothing but bragging rights. But not everyone buys into the giving-stuff-away-for-intangibles mindset: some people want more than bragging rights from the exchange...and why is that wrong? What right does Jeff have to suggest that it is wrong?
-
-
I value our friendship? :P
-
From like 1983 to 2015, which two are the "two years" open source was failing? Are they consecutive, like, maybe it failed from 2001-2002 but it's ok now?
You've piqued my curiosity.
-
I don't know.
Is he talking about the heartbleed problem?
-
You guys must have read different stuff than I did.
There are quite a few people round here who seem to be in the Shoulder Alien Club. Arguing with them isn't very satisfying; many of the critical stages in the logic appear to be in bits said by the Shoulder Aliens and which aren't told to the rest of us.
-
That's cute! Can I have one? Where do you get them?
On topic, I feel like people's distaste for open source managed to blend with distaste of Discourse and Jeff and somehow produced this weird idea that Jeff and Discourse represent open source as a whole.
-
That's cute! Can I have one? Where do you get them?
If you GIS for “shoulder alien” you'll find some. After discovering that you've got to exclude the whole subculture devoted to putting pictures of the critter from the Alien films into tattoo form on peoples' shoulders, and a separate subculture that thinks that an off-the-shoulder t-shirt with a Grey on it is a cool thing.
No, they weren't using Irish Girl as a model. Disappointed.
-
What right does Jeff have to suggest that it is wrong?
Eh, anyone can suggest anything. I might as well ask what right you have to suggest he's wrong.
I'm going to admit that I didn't read the blog, so I've been going off of what others have quoted. The vibe I got was people asking for rewards after coming forth. On a project that hasn't offered any before.
Arguing with them isn't very satisfying;
Sez you. Or your shoulder aliens.
-
On topic, I feel like people's distaste for open source managed to blend with distaste of Discourse and Jeff and somehow produced this weird idea that Jeff and Discourse represent open source as a whole.
Not here at least.
Jeff has always been a very narrow minded person, playing in an "open-minded" sandbox.
I don't get his attachment to open source, since he is very much a company man.
-
-
True enough.
Except that Jeff imagines that every person should be willing to support open source in exchange for nothing but bragging rights. But not everyone buys into the giving-stuff-away-for-intangibles mindset: some people want more than bragging rights from the exchange...and why is that wrong? What right does Jeff have to suggest that it is wrong?
The point is, it doesn't matter that the source code is available - Discourse is not, and has never been, a community-driven project. Jeff can speak of the open source ideals all he wants, but I doubt he'd ever accept anything that the community wants if it didn't adhere to his point of view. And he has a business based on Discourse, which pays his and other devs' bills.
Asking people to do free work at that point is somewhat pathetic.
-
And he has a business based on Discourse, which pays his and other devs' bills.
Does it? Don't know if they're profitable yet...
-
open source ideals all he wants
Open source was supposed to be:
Anyone can fork or branch, and even start their own version and accept changes that are offered up by other people, who can also fork and branch and start their own version.
As long as they keep the same license in place.
That didn't live long.
As much as he thinks this is open source (everyone owns) and free, it's not, because kudos and recognition is a form of payment (even if it doesn't put food on the plate).
And because of that, and our nature to be motherly protective of our creations, it becomes an ownership system where pull requests and suggestions are mostly rejected.
And it's not JUST Discourse and Jeff.
See RavenDB.
As much as he thinks open source is a communal effort, it's really a hierarchical one, where kudos is handed out by blessings from the owners, instead of the interweb of open source derivatives.
-
-
Jeff can speak of the open source ideals all he wants, but I doubt he'd ever accept anything that the community wants if it didn't adhere to his point of view.
Case in point: the latest poster highlight. Over on meta.d there is a topic where Jeff first proposes completely removing the highlight from the topic list. He was persuaded not to do so because then people wouldn't know when the OP was the latest poster in a topic. So he removed the highlight except for when the OP is the latest poster. The topic has now moved on to everyone - basically staff from multiple forums and Sam - telling Jeff that this new UI is unintuitive. Jeff's response is to dig in his heels:
@codingwhorror said:
I only support removing it altogether. The only thing that is lost is knowing when the OP is the last poster which happens less than ten percent of the time.
Otherwise it stays as it is...[1]
-
The topic has now moved on to everyone - basically staff from multiple forums and Sam - telling Jeff that this new UI is unintuitive. Jeff's response is to dig in his heels:
I hope CDCK doesn't have a bike shed.
-
They did, but it fell down after all the support beams got changed to round and the border paint was stripped off.
-
the other half [of Rust developers] is hired by Mozilla
Well, fuck, there goes my interest in Rust.
-
Pretty much anybody who's tried a WinPhone is a WinPhone user, because the OS is so much better than Android and also doesn't require iTunes be installed for any reason.
All I want is a couple of good fucking games. If someone ported Final Fantasy Tactics Advance to WinPhone, or else another Tactics game that didn't suck, and didn't make it F2P, I would probably switch in an instant.
And I LIKE my Android phone--I'm on my third one.
-
The only way Android could be worse would be if it gave people cancer.
There's probably at least one Android phone with a high enough SAR to do that.
-
-
And what exactly is everyone's problem with Start Screen?
ITS DIFFERENT WHAAAARGARBL is what it boils down to in most cases, not that anyone will admit that.
-
Why does he mention money right after mentioning give aways? Because he sees a parallel.
Not only that, but he's not even right!
Even RMS doesn't think it's unethical to make money off software, full stop.
-
-
From like 1983 to 2015, which two are the "two years" open source was failing? Are they consecutive, like, maybe it failed from 2001-2002 but it's ok now?
From context I think he means the two years that the Heartbleed bug existed before anyone noticed it.
-
Well, fuck, there goes my interest in Rust.
Not knowing Rust is made by Mozilla is like not knowing Android runs on Linux.
-
I hope CDCK doesn't have a bike shed.
AFAICT, not regularly hanging around on meta.d, it's ALL bikesheds. Nested inside other bikesheds.
-
Not knowing Rust is made by Mozilla is like not knowing Android runs on Linux.
I bet you lots of people don't know that.
Bear in mind I know nothing about Rust but what people here have talked about, and since I haven't had the time to follow the discussions closely, I don't even know much of what people have said.
-
Making money off software is not unethical. Making money off software and putting out the hand for free "community work" is in my book, to be honest.
Especially when the "community work" contains pretty much solely of debugging the broken mess they put out because nobody does QA. Dunno who said that open source projects are doomed because people focus on "fun" stuff and don't want to do "boring" stuff (Blakey? Hell, it might've even been on Jeff's blog), but that's the perfect example - "we'll spec out new features, lead the design and occasionally pop in some fun featurette, and bugs... well someone's gonna find them, we're open source, right?"
