Jeff Atwood on security (blog post)
-
Why would you wait to get paid if the company is offering a bounty?
He was imagining that people might hold on to a bug and enter it in a yearly contest. He mentions pwn2own earlier.
-
Recently I've noticed that posting from WP8.1 is even more broken than before - whenever I want to write something, the reply box jumps randomly up and down, beyond the screen. For the reasons you've mentioned, I'm not gonna report it anywhere despite it made the forum completely unusable on my only mobile device.
-
Selective quotes don't work on android at minimum, you have to full post quote
Actually, that's not true, but it's wildly disconsistent. I did manage to do a selective quote on my Android phone yesterday, but it was probably the phase of the moon. I know normally I can't.
-
Pretty good article overall, like most codinghorror stuff.
But also, a few parts that could be particularly interesting for the folk here:
He basically discovered the fundamental flaws and comparison between socialism and capitalism.
In socialism, everyone touches everything. However there's no quality guarantee, because no one skilled enough has the incentive to solve the problem, and everyone else unskilled can easily contribute and make it look like progress, because they aren't really offering all that much.
In other words, many people spend minimal effort offering effort of very little value.
Now you may think that a qualified person, out of the goodness of their heart, is going to help eventually. However, they are still "paid" in some manner: kudos, fame, etc. If no one is allowed to be independent from the crowd, to stand out, then there's no "payment" for quality, and the value for the effort you get falls to the common denominator.
In capitalism, you attract true talent, but the value becomes privatized and driven primarily by getting "paid", which means there's an expectation for: kudos, fame, and if that fails.... money itself. Most often kudos would fail because you simply don't have the recognition as a private company developing internal applications for accountants. So capitalism defaults to money. However, inevitably you have fewer eyes looking at the problem, but the value of the eyes is higher.
In other words, you get what you pay for. And you privatize results, creating competition.
Now we all have opinions on which is more valuable, but the fact remains that they both have benefits and drawbacks, and the two models are like oil and water. Because it's hard to justify offering your eyes for free.
Imagine you were just about to submit a bug you found for free, out of the goodness of your kudos grabbing heart, and some organization that was doing it for money finds the bug first. They get paid.
The biggest question is, "Which system do you prefer, and what opportunity costs are you willing to accept?"
-
Samsung Galaxy S5, running latest Android. No repro.
It is a pain in the dick to do it, but selective quoting can be done on Android Samsung phones.
Barely works on my Galaxy S5, Lollipop.
The selection can usually be made, but the handles are twitchy and the "Quote reply" thingy almost never appears.
Selecting then touching the normal "reply" icon works most of the time.Basically, the whole thing is dodgy as heck.
-
Basically, the whole thing is dodgy as heck.
Agreed, but I just did this quote reply on mobile. A PITA, but it can be done.
-
mobile
As did I.
Although something then crashed and I had to close the Chrome tab. Odd.
-
Now you may think that a qualified person, out of the goodness of their heart, is going to help eventually. However, they are still "paid" in some manner: kudos, fame, etc. If no one is allowed to be independent from the crowd, to stand out, then there's no "payment" for quality, and the value for the effort you get falls to the common denominator.
You forget about people who do this for fun. Half of Rust compiler developers are doing this for fun (the other half is hired by Mozilla). And you know what? These 4fun-workers are doing a damn good job. Probably because it's hard to make bad job in Rust to start with... (if you do a bad job, it won't compile).
-
There are many, many exceptions to what I presented.
I don't deny that.
However, by admission of the OP, you can't always attract the highest level of expertise with an open system.
And this idea is not going to fit exactly, because the volunteer participants have their needs primarily by their job, which is most likely funded using a capitalism model. So they are free to do such things in their free time.
-
IIRC, your phone is Linux hardware, not Windows hardware, which blakey's is.
So it's his phone's fault?
-
but what phone?
As stated yesterday in the celebrations thread, a G3 running Android Lollipop.
My point was, it may not entirely be discourse's fault that he can't quote from his phone.
-
Selective quotes don't work on android at minimum,
Bull. Shit.
Posted from Android without manual editing of @Matches' quote.
-
-
-
Don't pass the buck. He picked the phone.
Sorry.
So we're back on it being Blakey's fault, not discourse's.
-
@Jeff Atwood said:
Am I now obligated, on top of providing a completely free open source project to the world, to pay people for contributing information about security bugs that make this open source project better? Believe me, I was very appreciative of the security bug reporting, and I sent them whatever I could, stickers, t-shirts, effusive thank you emails, callouts in the code and checkins. But open source isn't supposed to be about the money… is it?
I see this as kind of a problem of understanding. Was he obligated to pay? No, and the people shouldn't have expected payment. It shows a lack of understanding of the nature of open source to expect a developer from one of those projects to come up with money.
But--and this is the hard part--were they obligated to report the bug for no payment?
I've seen this same error several times lately. One of the most glaring of these was a statement by someone (during the doxxing scandal) along the lines of, "Candy loves her body, loves to show it off, posts nude pictures on the web all the time; there are nudes of her everywhere. So why should Betty have a problem with her nudes being leaked on the web?"
People make different choices and have different likes and dislikes. Candy's free-wheeling nature in no way obligates Betty to be the same way, do the same, or enjoy having having her pictures flung to the wind. On a smaller scale, Jeff's commitment to open source does not obligate the bug contributor to have the same commitment.
The bug contributor's error was functional: It was stupid of him to assume that anyone in the open source community could pay for his discovery of a bug. That's like expecting a reward for returning a homeless man's jacket.
But Jeff's error is more fundamental, assuming that the bug contributor has a duty where, in fact, no duty exists.
-
-
Which is, technically, round :P
-
Well next time I buy the phone I'll be looking for the "Compatible with Discourse" sticker, thank you very much.
For the record, it doesn't work for me in Android either - I use Dolphin with performance tweaks, and it's the only thing that's broken due to them not only on Discourse, but at all.
So the quote-reply code is probably a shitty hack that Works On My Machine.
-
Try switching it off and on again.
Almost related: my wife had a problem with her phone a few days ago - when it received an incoming call, it didn't switch to the call screen, nor did pressing the home button answer the call as it usually did.We spent about 10 minutes looking through and fiddling with various settings to no effect... problem was resolved by powering the phone off and then on again.
-
Which is, technically, round
Elliptical, possibly. Round, no.
The latter implies circular (or in true 3d terminology, spherical), which the earth is not.
Ellipses aren't circles, so non-spheres cannot be round.
-
I am so tempted to flag for pendant
-
So we're back on it being Blakey's fault, not discourse's.
You have to look at this from the perspective of my lawn.
-
You have to look at this from the perspective of my lawn.
I thought we were supposed to get off it.
-
So we're back on it being Blakey's fault, not discourse's.
He's not the only WinPhone user; there's a small but (sometimes) vocal number of us, all having the same host of issues
-
I thought we were supposed to get off it.
It's just as with the scout sign he posted the other day. It's a honey trap to lure us all on to his lawn so he can yell at us to get off the lawn. It's a cunning and devious meta-flame bait if ever I saw one.
-
WinPhone user; there's a small but (sometimes) vocal number of us, all having the same host of issues
Running Windows on a telephone is Doing It Wrong.
-
So's your face?
-
Running Windows on a telephone is Doing It Wrong.
gloriously, fantabulously, amazingly wrong.
fits right in here!
-
He's not the only WinPhone user; there's a small but (sometimes) vocal number of us, all having the same host of issues
Pretty much anybody who's tried a WinPhone is a WinPhone user, because the OS is so much better than Android and also doesn't require iTunes be installed for any reason.
-
@Jeff Atwood said:
But open source isn't supposed to be about the money… is it?
And yet Open Source™ is such a critical part of Geff's day job.
Especially in giving his project an aura credibility and respectability because he's not selling it for money, of all things.
Imagine* that.
*Hmm. this word works both:
sarcastically in the John Lennon sense, and
meme-ic-ly in the sense of "Aunt Bee"¹ "Aunt Harriet"² or your own old spinster-aunt1: The Andy Griffith Show, Mayberry RFD
2: Batman - Adam West version
-
Basically, the whole thing is dodgy as heck.
Do we have a thread/wiki/other to collect one-liners that describe Discourse yet?
-
Do we have a thread/wiki/other to collect one-liners that describe Discourse yet?
-
Almost related: my wife had a problem with her phone a few days ago - when it received an incoming call, it didn't switch to the call screen, nor did pressing the home button answer the call as it usually did.
We spent about 10 minutes looking through and fiddling with various settings to no effect... problem was resolved by powering the phone off and then on again.
I had the same thing happen a few months ago. Incoming call, no call screen, no apparent cause, fixed by restarting.
Android is kind of dodgy sometimes.
-
It's a computer that you've probably installed a bunch of shit on that auto updates and recieves information from a phone carrier and likely your wifi network.
When was the last time you restart?
-
Last time I restarted in general? Maybe a few weeks ago. Last time when that happened? Couldn't tell you.
-
Pretty much anybody who's tried a WinPhone is a WinPhone user, because the OS is so much better than Android and also doesn't require iTunes be installed for any reason.
Windows Phone is the worst piece of shit I ever had to deal with in my life. The only way Android could be worse would be if it gave people cancer.
-
-
Pretty much anybody who's tried a WinPhone is a WinPhone user
Customer of mine has a Windows phone. I had to turn it temporarily into a personal wifi hotspot, so I touched it. My instant reaction on seeing the screen light up was omfg this looks like Windows 8 get it off me get it off me get it off me
I still have the nightmares.
-
Customer of mine has a Windows phone. I had to turn it temporarily into a personal wifi hotspot, so I touched it. My instant reaction on seeing the screen light up was omfg this looks like Windows 8 get it off me get it off me get it off me
Ah, I had the benefit of using WinPhone before Windows 8, so I'd already gotten used to the interface; it works pretty well on a touchscreen
-
-
Still ugly as fuck all the same. I honestly cannot recall being repelled so viscerally and so quickly by any previous computer UI. Not even The Ribbon.
I think it's the live tiles that really do my head in. I loathe blinky flashy distractions. But even with those all turned off, what's left is just a confusing spew of undifferentiated fugly.
If I'm after a don't-have-to-think-about it visual search, my eyes demand pictures of things with shapes, dammit. Uniform brightly colored squares crushed full of too-large artsy-fartsy typography can go and get fucked.
Filed under: design language? arse biscuits
-
I think it's the live tiles that really do my head in. I loathe blinky flashy distractions.
You know you can turn that off, right?
-
You have severe psychological issues.
-
And you hav a face like a squashed tomato.
-
True.
-
You know you can turn that off, right?
But even with those all turned off
I think he does...
+1 to @flabdablet's post too. I hate the start screen interface. I can only barely stand it on a touchscreen. On a non-touchscreen, it can go die in a hole.
Source: Used Win 8.1 on this and previous laptop for about a year now. Cannot stand the start screen.
-
Wasn't there when I was replying.
And what exactly is everyone's problem with Start Screen? I mean it's silly on non-touch devices, okay, but on a touchscreen it's just like any other grid menu, except more customizable.
If you use Metro as a primary UI and only drop down to desktop occasionally, it's rather fine for me.
-
It's probably a subconscious ick reaction from attempting to use it on a non-touchscreen laptop and desktop. It still feels like a waste of space though, and it's too visually non-diverse IMO.
-
Then set a background or something
