What surprises me the most is not the number of exploits flash had over the past years or even there severity of those but the fact that people (including me) still NEED to keep Flash installed on there machines.
I am pretty paranoid when it comes to security but i still prefer to keep flash installed with all the security burden it brings than having to deal with a good portions of websites which wont render properly. Unfortunately we are far off from the day where flash is not needed.
Firefox and Chrome (not sure about other browsers) have click-to-flash built in. It means you need one extra click to load flash, and about 1% of legit sites won't work (which you can manually whitelist). It's much better than the alternative of your computer only being as secure as the flash sandbox.
> having to deal with a good portions of websites which wont render properly
I am seriously interested in which sites these are. I suspect you're exaggerating (I'd be amazed if it were anything like at least 1%, let alone a "good portion") but am willing to be educated.
I like this as a 'tech demo' but i think they are some serious pitfalls if something like this was used.
1) Issues with privacy, leaking information to other peers about who's on the website etc doesn't sound good at all, neither for me as the site owner neither for my users since it could be potentially used as a method for them to be tracked.
2) In 2013, its easy and inexpensive to serve any kind of static files, videos are quite big and that might be the only valid case, however...
3) If you used this to stream video, it would require a great number of seeders for videos to buffer fast and start playing with no iterations.
4) How much of your user hard disk are you going to take over to store your things? Are you storing content that is outside the context of there current page?
I could go on and on, i see so many issues with such practices but here is the most important:
Your users will hate it, they will hate being used in such a manner, they will hate there upstream being used, they will hate there hard drives being used. They will hate you.
And that's why i love Debian, the interface might look old and it doesn't have that eye candy look Ubuntu does, however i had zero issues with stability & bugs for the past 3-4 years. Its being said again and again but people still do the same fault, being on Ubuntu is being on the bleeding edge, and although its appealing and 'looks good, feels good, you got the latest version in programs and what not' it gonna bite you in the ass sooner or later.
They are some valid points on the article, for example i also used to face some trouble on my old computer when it came to wireless connectivity, or my old Lexmark printer wouldn't work with Debian or any Linux brand no matter what. HOWEVER those issues can't really be blamed on Linux (as the author tries to) but on the hardware vendors. That's why the next time i got a printer i choose a vendor who did support Linux, same goes for the wifi card of my new laptop which worked just fine also.
Debian is a good choice (I use it as my main OS), but I think the key is to choose one Linux distribution - preferably one run by an open-source community and not by a company - and spend some time using it as your only OS and learn how to fix the most common issues.
It helps if you know other people that use that distribution: that way you can ask each-other for advice when something doesn't work as you'd like it. Alternatively one can join a user's mailing list / IRC chat room, most distributions have one.
But even if your choice turns out to be wrong (i.e. Ubuntu) the solution is not to abandon Linux completely.
In fact I couldn't imagine being able to work on anything else than Linux these days, I just depend too much on it: from a working valgrind tool, to having the source code for the entire OS.
I cannot understand how its in public domain and you are not allowed to make a digital copy. Obviously if someone has gone through the process of digitizing, even if its in public domain, they can have a copyright over the specific digital copy. However that doesn't stop you from creating a copy yourself, right ? For sure that's not easily done but still that doesn't mean you are not allowed to do so. Am i missing something ?
Your tool doesn't currently show the last security update, according to your website last update was 2 months ago. Django wise, there is the Google group which you can be follow for all updates , you can also subscribe to the RSS feed of django's weblog.
Your tool seems interesting, i like the idea of being able to keep a list of all the software i use in a single place and get notified when a new update comes out(had a similar idea myself), however i would need some kind of reassurance that such an application is reliable and wont let me in the dark for some important update.
Typically, the updater runs about once a day. If you take another look, it will show the latest security update :) We're working very, very hard to guarantee that no updates go missed and ensure that you receive a notification within 24 hours of any update going out.
And while, yes, you can watch the RSS feed or Google group, do you really want to do that for Django and the other 29 libraries you use?
It shows the update now, it didn't when i posted my reply, however its still fast enough compared to when it was announced by django's official communication channels.
A bit off topic but i have some thoughts on the website since i might be interested to using it in the future: It would be great if you could lower the 'within 24 hours' to something like 'within 2 hours'. I understand the difficulty of that since you are tracking over 100.000 packages according to the homepage but a 24 hours dilation is a bit too much, i don't deploy code yet in any high traffic sites which could be subject to a 0day security attack but still i find the dilation too much to consider it as a viable option for the future.
They are obviously not a charity company and its totally understandable the need to make revenue. However, when i sign up for a service and i am asked to link to an external JavaScript file, i expect that file to do as advertised, i can understand the functionality changing a bit without me being notified but not when they do such drastic changes, in that case they should either go with an 'opt-in' option or disable there commenting system until i approve that i am okay with this new functionality. For all those that say 'you can stop using them if you don't like what they do', of course you can but there 'malicious' code still rendered on my webpages right? As an example, what if tomorrow they added 'functionality' to there widget and they started forcing pop ups, would that be okay? There is a certain level of trust needed towards a company that wants me to link some external code on my website that they can change at any given time, actions like that destroy said trust.
Here is the thing, if they done it the proper way i am sure most people wouldn't opt-in, if you are running a website that makes a revenue from ads, you probably already have all the ads your webpage can 'support', if you are running a website as a hobby you probably aren't interested to make any sort of revenue so you would rather not have the ads. Its way more profitable for them to just force there way in, specially if they see that there users don't care.
You are shooting your own feet with these links you know. According to your data Django had -ZERO- sql injections & code execution repots, now compare that to RoR which had 6 sql injections & 3 code execution reports since 2009. Even if you went by just the numbers RoR had way more vulnerabilities, now if you also take in consideration the kind of vulnerabilities i can tell you i feel way safer on django than RoR.
How many times did you have to stay up late at night to patch your framework ?
Have you considered creating a secondary html interface for the website to target phones/tablets? I don't see any functionality of your service that would require a native app. Just a thought.
I actually used to have a ui that worked on mobile devices. Recently I did some ux/ui work and it was just a pain in the ass to make the adjustments. I think the users are wanting something more native feeling than what I used to have as well.
The folks over at sencha created a html5 facebook app that works & feels as good as an iOS native app. There is a video that showcases side by side the native vs the html5.
Again, html5 probably covers all the requirements of your app, if you still wanna get in all the trouble to create native apps for android/ios and that feels easier to you, not much i can say, good luck ^^
The query matches a term that can be found in the stocks description. Give it a try yourself, copy something unique enough from the description and use it as a query, you will be redirected to that stocks page.
Its unbelievable how many people in this thread accuse Google, conspiracy theories and all that. The thread was up-voted enough to be on front page.
Don't believe everything you hear, do some research on it first ?
Really nice tutorials, the background music is nice too, the pace is pretty fast as well which is something you don't usually see on tutorials, however this is way better than a slow presentation which makes it unbearable to watch after a point. Never used d3.js before, however i really enjoyed the tutorials. I ended up watching 3-4 of them and got interested on the library.
The only negative comment i guess i can make (as a suggestion) is that on some videos the music is a bit high which ends up overlapping with your voice.
thanks, this means a lot because that's exactly what i was going for!
i also figured out how to use screenflow better like 5 videos into the process, so hopefully the sound will be better balanced from now on.
I am pretty paranoid when it comes to security but i still prefer to keep flash installed with all the security burden it brings than having to deal with a good portions of websites which wont render properly. Unfortunately we are far off from the day where flash is not needed.