glfomfn's comments

What surprises me the most is not the number of exploits flash had over the past years or even there severity of those but the fact that people (including me) still NEED to keep Flash installed on there machines.

I am pretty paranoid when it comes to security but i still prefer to keep flash installed with all the security burden it brings than having to deal with a good portions of websites which wont render properly. Unfortunately we are far off from the day where flash is not needed.

I like this as a 'tech demo' but i think they are some serious pitfalls if something like this was used.

1) Issues with privacy, leaking information to other peers about who's on the website etc doesn't sound good at all, neither for me as the site owner neither for my users since it could be potentially used as a method for them to be tracked.

2) In 2013, its easy and inexpensive to serve any kind of static files, videos are quite big and that might be the only valid case, however...

3) If you used this to stream video, it would require a great number of seeders for videos to buffer fast and start playing with no iterations.

4) How much of your user hard disk are you going to take over to store your things? Are you storing content that is outside the context of there current page?

I could go on and on, i see so many issues with such practices but here is the most important:

Your users will hate it, they will hate being used in such a manner, they will hate there upstream being used, they will hate there hard drives being used. They will hate you.

And that's why i love Debian, the interface might look old and it doesn't have that eye candy look Ubuntu does, however i had zero issues with stability & bugs for the past 3-4 years. Its being said again and again but people still do the same fault, being on Ubuntu is being on the bleeding edge, and although its appealing and 'looks good, feels good, you got the latest version in programs and what not' it gonna bite you in the ass sooner or later.

They are some valid points on the article, for example i also used to face some trouble on my old computer when it came to wireless connectivity, or my old Lexmark printer wouldn't work with Debian or any Linux brand no matter what. HOWEVER those issues can't really be blamed on Linux (as the author tries to) but on the hardware vendors. That's why the next time i got a printer i choose a vendor who did support Linux, same goes for the wifi card of my new laptop which worked just fine also.

I cannot understand how its in public domain and you are not allowed to make a digital copy. Obviously if someone has gone through the process of digitizing, even if its in public domain, they can have a copyright over the specific digital copy. However that doesn't stop you from creating a copy yourself, right ? For sure that's not easily done but still that doesn't mean you are not allowed to do so. Am i missing something ?

It shows the update now, it didn't when i posted my reply, however its still fast enough compared to when it was announced by django's official communication channels.

A bit off topic but i have some thoughts on the website since i might be interested to using it in the future: It would be great if you could lower the 'within 24 hours' to something like 'within 2 hours'. I understand the difficulty of that since you are tracking over 100.000 packages according to the homepage but a 24 hours dilation is a bit too much, i don't deploy code yet in any high traffic sites which could be subject to a 0day security attack but still i find the dilation too much to consider it as a viable option for the future.

Your tool doesn't currently show the last security update, according to your website last update was 2 months ago. Django wise, there is the Google group which you can be follow for all updates , you can also subscribe to the RSS feed of django's weblog.

Your tool seems interesting, i like the idea of being able to keep a list of all the software i use in a single place and get notified when a new update comes out(had a similar idea myself), however i would need some kind of reassurance that such an application is reliable and wont let me in the dark for some important update.

They are obviously not a charity company and its totally understandable the need to make revenue. However, when i sign up for a service and i am asked to link to an external JavaScript file, i expect that file to do as advertised, i can understand the functionality changing a bit without me being notified but not when they do such drastic changes, in that case they should either go with an 'opt-in' option or disable there commenting system until i approve that i am okay with this new functionality. For all those that say 'you can stop using them if you don't like what they do', of course you can but there 'malicious' code still rendered on my webpages right? As an example, what if tomorrow they added 'functionality' to there widget and they started forcing pop ups, would that be okay? There is a certain level of trust needed towards a company that wants me to link some external code on my website that they can change at any given time, actions like that destroy said trust.

Here is the thing, if they done it the proper way i am sure most people wouldn't opt-in, if you are running a website that makes a revenue from ads, you probably already have all the ads your webpage can 'support', if you are running a website as a hobby you probably aren't interested to make any sort of revenue so you would rather not have the ads. Its way more profitable for them to just force there way in, specially if they see that there users don't care.

You are shooting your own feet with these links you know. According to your data Django had -ZERO- sql injections & code execution repots, now compare that to RoR which had 6 sql injections & 3 code execution reports since 2009. Even if you went by just the numbers RoR had way more vulnerabilities, now if you also take in consideration the kind of vulnerabilities i can tell you i feel way safer on django than RoR.

How many times did you have to stay up late at night to patch your framework ?

Have a look at: http://www.sencha.com/blog/the-making-of-fastbook-an-html5-l...

The folks over at sencha created a html5 facebook app that works & feels as good as an iOS native app. There is a video that showcases side by side the native vs the html5.

Again, html5 probably covers all the requirements of your app, if you still wanna get in all the trouble to create native apps for android/ios and that feels easier to you, not much i can say, good luck ^^

Have you considered creating a secondary html interface for the website to target phones/tablets? I don't see any functionality of your service that would require a native app. Just a thought.

The query matches a term that can be found in the stocks description. Give it a try yourself, copy something unique enough from the description and use it as a query, you will be redirected to that stocks page.

Romance, Mystery: https://www.google.com/finance?q=Romance%2C+Mystery

X.commerce: https://www.google.com/finance?q=X.commerce

Its unbelievable how many people in this thread accuse Google, conspiracy theories and all that. The thread was up-voted enough to be on front page. Don't believe everything you hear, do some research on it first ?

Really nice tutorials, the background music is nice too, the pace is pretty fast as well which is something you don't usually see on tutorials, however this is way better than a slow presentation which makes it unbearable to watch after a point. Never used d3.js before, however i really enjoyed the tutorials. I ended up watching 3-4 of them and got interested on the library.

The only negative comment i guess i can make (as a suggestion) is that on some videos the music is a bit high which ends up overlapping with your voice.

Looks really interesting as a hardware hack, you should consider adding a longer demo video.

I don't think that even with extended use i could type faster with this glove than using the standard on screen keyboard, do you guys have any data on how fast you managed to type using your glove ?

"When the fox cannot reach the grapes he says they are not ripe" A Greek proverb which matches perfect this guys post.

I like how the title mentions 'the future' when what he describes is a thing that happened in the past.

The webpage wouldn't load on Firefox or Chrome, it needs Internet Explorer.

The screenshots of the product look quite nice, it's obvious that they have put a lot of effort in to making it. However as harsh it might sound, i can't consider a service seriously when they fail at the very basic concept of having a landing page that works with the two major browsers. Yea i understand they are in 'beta' but still, we are talking about basic stuff here, they didn't bother to see if there landing page can be viewed by the 75% of the potential users?

Oh and regarding the actual product, sorry but me and localhost are BFFs

And Hacker News ate your website :-/

You are right, my bad on that. Still this looks like a Public relations post by them than giving out facts. They should be explaining what the attacker could do by gaining access on that interface, the ability of the attacker to change the password has the same consequences.

The point is that exploited interface had a backdoor access to the virtual machines (to be able to change passwords or w/e)

I am failing to understand what exactly happened.

The user who was affected by the incident quoted an email from linode that stated "Our investigation has revealed a customer support interface was used to access your account.", based on that and all the information of that post you get the impression that through the 'interface' the attacker was able to change the vps root password.

Now a reply from linode comes and says "The portal does not have access to credit card information or Linode Manager user passwords". So if the portal doesn't have access to Linode Manager how the attacker gained ability to change the root passwords ?

Thy should give more details on the incident, i do have a certain trust in the ability of linode to have a secure environment & i can understand that things like that will happen at some point to everyone. However its one thing for someone to get access in your system because you had your roots password to 'password' and another if there was a bug that got exploited.(yea this is an extreme example)

What is so hard for people to understand ? Photoshop needs time to load, because that time is quite significant they give you some kind of feedback to let you know that 'hey the damn thing is loading, please wait', what's so bad with that? what would the alternative be?

The title starting with "Adobe employee" tries to make it sound like its a significant opinion regarding the matter, the author of the article doesn't seem to be a programmer or holding a position that deals with the process of making a program, what's even worst is the fact that he is completely clueless regarding the matter, he suggest "e.g., show a UI right away and let an instance of the program in the cloud operate against my gestures, until the local copy boots fully and can re-sync with me", seriously ??? I started wondering if i am being trolled at that point.

It takes 4 seconds to do a cold start of Photoshop on my laptop (which isn't a top notch laptop), on an older computer and with previous versions of Photoshop it would take 10-15seconds which would still be fine, the process doesn't block me from doing something else in the mean time.