If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/2018 14.55, Mayayana wrote:
Last night I visited a site I found in a Michael Pollan book: csp.org. Council on Spiritual Practices. They're some kind of clearing house for ideas about psychedelic drugs and religious experience. Sounded interesting. It's people who want to experience life more fully, deeply and joyfully. And they think there might be a correlation between what chemicals like psilocybin do and what advanced meditation techniques do. A bit of a 60s, consumer-goes- shopping-for-spirituality-on-sale rehash. But I was curious what they're up to. Ironically, their webpage was entirely broken. Entirely unnecessarily. And they don't care about your privacy. They pull in a 4.4 MB js file just to do basic things like load pages from an anchor tag. The internal links don't work without script! The script is coming from Cloudfront. They also have Google-Analytics code. So both Google and Amazon would be tracking me if I allowed script. Is it not possible that those scripts are placed there by some web designer tool kit out there? You just place the visual things and you get all the crap besides? -- Cheers, Carlos. |
Ads |
#17
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
"Carlos E.R." wrote
| And who doesn't know to avoid Symantec? | | I don't. | | They've got a shady history going all the way back | to the 90s. | | News to me. O:-) | Their system tools were increasingly bloated and the "doctor" was of no real value. They also have a trdition of buying up top-ed software gutting it. Quarterdeck Clean Sweep -- Started out as a program that could back up virtually any installed program into a portable, installable package. Symantec bought it and put it into their system works as a useless tool. AtGuard -- The first really good Windows firewall. Arguably still the best. Symantec licensed it, repackaged it as their own firewall, set 700+ programs to be allowed through by default, doubled the price, and marketed the hell out of it. Powerquest disk utilities -- Symantec bought them and gutted them, turning Drive Image (a floppy- based disk imaging tool) into a useless, .Net-based, bloated backup tool. (Not only my opinion. It was widely panned in the tech media.) It's a pattern. Buy the best. Gut it so that people won't need tech support. Raise the price. Market like crazy. They succeed on name recognition. I wouldn't ever buy anything from Symantec and haven't for many years. But I did buy each of the original products above and loved them. | I used PCtools back then and it was a wonderful tool. I think I also | used an antivirus from them at some point. | I think they weren't so bad in the early days. I don't know any details about the company. I just know their products went downhill. Maybe the company was sold or restructured? I don't know. |
#18
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
"Carlos E.R." wrote
| They pull in a 4.4 MB js file just to do basic things | like load pages from an anchor tag. The internal | links don't work without script! The script is coming | from Cloudfront. They also have Google-Analytics code. | So both Google and Amazon would be tracking me if | I allowed script. | | Is it not possible that those scripts are placed there by some web | designer tool kit out there? You just place the visual things and you | get all the crap besides? | Might be. But it's deeply integrated. Either way: A webmaster with a WYSIWYG toolkit or a webmaster collecting js libraries and code snippets because it's trendy. So many sites now are broken with script and load several MBs worth of that stuff. I think a lot of it is "widgets" that only require simple coding but must have the "library" loaded to use that code. In other words, webmasters who don't actually know how to code what they want. But stuff like Google Analytics and Google tag manager are separate snippets, deliberately added to the page. The site I detailed had Google Analytics, probably because they don't know how to process their own server logs to track visitors. So they let Google spy in exchange for a traffic report. |
#19
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/2018 06:55 AM, Mayayana wrote:
Anyone who knows enough to paste in Google tracking code has a basic idea of what's going on. I disagree. I've seen WAY TOO MANY ""recreational webmasters (some that get paid for pretending to be professionals) that have zero clue what the code that they are copying and pasting actually does. They just think they know that if they but this blob of text somewhere on their page that it will do something they think they want. It's the difference between wrote memory and actual knowledge. -- Grant. . . . unix || die |
#20
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/18 7:05 AM, Carlos E.R. wrote:
On 10/10/2018 15.28, Mayayana wrote: "Carlos E.R." wrote | If you manage to miss this for a such long time, you don't really care | about anything, you just have a certificate as everyone else has it or | there is a regulation that mandates you to have one without really | knowing why. IMHO it's the same as not caring. | | No, I do not agree. | If you bought the certificate directly then why wouldn't you have looked into that? Personally I care about privacy but only regard https as a nice extra. My webhost handles that and I don't know where they're getting the certificate. But if you buy it yourself you should know what you're buying. And who doesn't know to avoid Symantec? I don't. They've got a shady history going all the way back to the 90s. News to me. O:-) I used PCtools back then and it was a wonderful tool. I think I also used an antivirus from them at some point. Later on I switched to Linux, so most Windows software companies are irrelevant to me. A similar example would be Wordpress denizens. They use Wordpress for hosting because they don't know what they're doing. Then they use script gadgets that WP provides. Then they don't update them because they don't know it matters, so WP ends up being a slum of risky websites. Should they know what they're doing? Of course. Though WP is partially to blame. If they're going to enable people with no knowledge to create websites then they should also be handling things like updating gadget code when fixes are written. Why should they know? If I'm a garage owner and they talk me into paying for a web site to announce my garage, it is very possible that I know nothing about computers beyond reading my email. I know people that own Windows computers with updates disabled for two or more years. Possibly the person that installed Windows disabled the updates because otherwise they would get phone calls everyday, LOL. So yes, what google or firefox do blocking those web sites with those certificates is the correct thing to do. But I think in a lot of cases websites are being created mainly by graphic artists who are not tech-educated. They've just come up with tools to "get around that problem". With all the WYSIWYG tools available, people just don't need to know what they're doing. They're like microwave chefs. Exactly. I dunno what you mean by a microwave chef? Maybe people who buy prepared food and warm it up in a microwave? You can do a lot more than that with a microwave to produce delicious and edible food. Just as some artists with a little knowledge can produce perfectly functional web sites but don't blame them for not being administrators of the ISP which should keep the certification up-to-date. There are different areas of knowledge and a person who knows art may not know much about computers and person who know computers may not know much about art or design. That is clearly evident from many otherwise interesting and informative sites which are painful to view. bliss -- bliss dash SF 4 ever at dslextreme dot com |
#21
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/18 2:46 PM, Carlos E.R. wrote:
On 10/10/2018 06.45, J.O. Aho wrote: On 10/10/18 12:18 AM, Grant Taylor wrote: On 10/09/2018 03:17 PM, J.O. Aho wrote: then you know the one running the site don't care about your privacy. I disagree. I've run into *WAY* too many … barely competent (I'm being nice) webmasters that don't know that they need to change the TLS certificate. Their competency level does not directly correlate / translate to them not caring about your privacy. I'd bet that a lot of them will say something along the lines of "Oh REDACTED! I need to get this changed.Â* I wish I had known!!!" after browsers drop support for the Symantec CA. I would say it's a poor excuse, the information has been shared by the browser maintainers for a long time. And you assume that they read those? Why? Me, I found out this week. I do, as it's important for my employer that our customer can access our websites. I do spend at least 30 mins a day at work just browsing through article subjects to see if there is something happening that affects us. If you can't spend that time to keep yourself up to date with information, then do you really care about your customers? -- //Aho |
#22
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/2018 17.32, Bobbie Sellers wrote:
On 10/10/18 7:05 AM, Carlos E.R. wrote: On 10/10/2018 15.28, Mayayana wrote: "Carlos E.R." wrote | If you manage to miss this for a such long time, you don't really care | about anything, you just have a certificate as everyone else has it or | there is a regulation that mandates you to have one without really | knowing why. IMHO it's the same as not caring. | | No, I do not agree. | Â*Â* If you bought the certificate directly then why wouldn't you have looked into that? Personally I care about privacy but only regard https as a nice extra. My webhost handles that and I don't know where they're getting the certificate. But if you buy it yourself you should know what you're buying. And who doesn't know to avoid Symantec? I don't. They've got a shady history going all the way back to the 90s. News to me. O:-) I used PCtools back then and it was a wonderful tool. I think I also used an antivirus from them at some point. Later on I switched to Linux, so most Windows software companies are irrelevant to me. Â*Â* A similar example would be Wordpress denizens. They use Wordpress for hosting because they don't know what they're doing. Then they use script gadgets that WP provides. Then they don't update them because they don't know it matters, so WP ends up being a slum of risky websites. Â*Â*Â* Should they know what they're doing? Of course. Though WP is partially to blame. If they're going to enable people with no knowledge to create websites then they should also be handling things like updating gadget code when fixes are written. Why should they know? If I'm a garage owner and they talk me into paying for a web site to announce my garage, it is very possible that I know nothing about computers beyond reading my email. I know people that own Windows computers with updates disabled for two or more years. Possibly the person that installed Windows disabled the updates because otherwise they would get phone calls everyday, LOL. So yes, what google or firefox do blocking those web sites with those certificates is the correct thing to do. Â*Â*Â*Â* But I think in a lot of cases websites are being created mainly by graphic artists who are not tech-educated. They've just come up with tools to "get around that problem". With all the WYSIWYG tools available, people just don't need to know what they're doing. They're like microwave chefs. Exactly. Â*Â*Â*Â*I dunno what you mean by a microwave chef? Â*Â*Â*Â*Maybe people who buy prepared food and warm it up in a microwave? Â*Â*Â*Â*You can do a lot more than that with a microwave to produce delicious and edible food.Â* Just as some artists with a little knowledge can produce perfectly functional web sites but don't blame them for not being administrators of the ISP which should keep the certification up-to-date. Â*Â*Â*Â*There are different areas of knowledge and a person who knows art may not know much about computers and person who know computers may not know much about art or design. Â*Â*Â*Â*That is clearly evident from many otherwise interesting and informative sites which are painful to view. Yes, entirely possible. -- Cheers, Carlos. |
#23
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/2018 16.26, Mayayana wrote:
"Carlos E.R." wrote | And who doesn't know to avoid Symantec? | | I don't. | | They've got a shady history going all the way back | to the 90s. | | News to me. O:-) | Their system tools were increasingly bloated and the "doctor" was of no real value. They also have a trdition of buying up top-ed software gutting it. Quarterdeck Clean Sweep -- Started out as a program that could back up virtually any installed program into a portable, installable package. Symantec bought it and put it into their system works as a useless tool. AtGuard -- The first really good Windows firewall. Arguably still the best. Symantec licensed it, repackaged it as their own firewall, set 700+ programs to be allowed through by default, doubled the price, and marketed the hell out of it. Powerquest disk utilities -- Symantec bought them and gutted them, turning Drive Image (a floppy- based disk imaging tool) into a useless, .Net-based, bloated backup tool. (Not only my opinion. It was widely panned in the tech media.) It's a pattern. Buy the best. Gut it so that people won't need tech support. Raise the price. Market like crazy. They succeed on name recognition. I wouldn't ever buy anything from Symantec and haven't for many years. But I did buy each of the original products above and loved them. I used them on MsDOS, on Windows they were not that useful and I went soon to Linux, so I lost contact. For instance, the PCtools Backup software at that time was wonderful. On a machine with two floppies it went so fast that I barely had time to have the next floppy ready and label the used ones. No need to press a key to say ready, it detected the floppies itself faster, using A: or B: alternatively. IIRC, Microsoft bought that tool in a reduced version for MsDOS 6, I think. Or was it Norton Backup? As I said, I lost contact, and I had no idea that they declined. Not the first certificate issuer that goes bad, either. | I used PCtools back then and it was a wonderful tool. I think I also | used an antivirus from them at some point. | I think they weren't so bad in the early days. I don't know any details about the company. I just know their products went downhill. Maybe the company was sold or restructured? I don't know. -- Cheers, Carlos. |
#24
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/2018 18.02, J.O. Aho wrote:
On 10/10/18 2:46 PM, Carlos E.R. wrote: On 10/10/2018 06.45, J.O. Aho wrote: On 10/10/18 12:18 AM, Grant Taylor wrote: On 10/09/2018 03:17 PM, J.O. Aho wrote: then you know the one running the site don't care about your privacy. I disagree. I've run into *WAY* too many … barely competent (I'm being nice) webmasters that don't know that they need to change the TLS certificate. Their competency level does not directly correlate / translate to them not caring about your privacy. I'd bet that a lot of them will say something along the lines of "Oh REDACTED! I need to get this changed.Â* I wish I had known!!!" after browsers drop support for the Symantec CA. I would say it's a poor excuse, the information has been shared by the browser maintainers for a long time. And you assume that they read those? Why? Me, I found out this week. I do, as it's important for my employer that our customer can access our websites. I do spend at least 30 mins a day at work just browsing through article subjects to see if there is something happening that affects us. If you can't spend that time to keep yourself up to date with information, then do you really care about your customers? No, again, that does not follow. I'd pay someone with the knowledge to put up the web. Or use a service out there to create my own web. Hey, computers are just appliances, just like washing machines, they tell us. I do not need to read how they work inside. You are different, they pay you to do it. -- Cheers, Carlos. |
#25
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
"Bobbie Sellers" wrote
| I dunno what you mean by a microwave chef? | Maybe people who buy prepared food and warm it up | in a microwave? | Yes. | You can do a lot more than that with a microwave | to produce delicious and edible food. A little more. If you want to cook something from scratch you won't be using a microwave. For instance, a soup that needs to simmer and will be adjusted as you go along. A microwave just heats. My very elderly father used to like to cook a whole meal in a microwave. But there was something about that dehydrated, cruchy cauliflower that made me think steaming in a saucepan might have been a better idea. | There are different areas of knowledge and a person | who knows art may not know much about computers and person | who know computers may not know much about art or design. | That is clearly evident from many otherwise interesting | and informative sites which are painful to view. | Yes. And the fact that it's so easy to do makes for a lot of people making sites who don't know what they're doing security-wise. But to me the people who are semi-skilled and want to load up on javascript gadgets are much worse. The idea that a site should degrade gracefully has been thrown out by people who want to run javascript software in your browser with 3-20 MB of code. Worse, they don't actually understand any of that code. They just found snippets to make menus pop up or animations play. It's WYSIWYG scripting. Those are exactly the kind of sites where script shouldn't be enabled. I'm finding more and more that I visit a page and it's blank. Or it's a jumble. They're trying to force script. So then I disable CSS and I can read the page. But the page I linked earlier was even worse. Basic HTML that doesn't work without script. That problem is increasing fast. When they used script for rollover effects it could be ignored, but now we're getting very close to an Internet composed of software rather than webpages, that must use script because that's actually all that's in the page. When every page you visit is a software program, running locally, and infested by the likes of Google, as well as a dozen other trackers, https seems like a quaint idea. Who's left to be private from, other than a possible man-in-the-middle attack? Some malware even loads through ad iframes, with people buying ad space to get into your browser. None of that is protected by https. |
#26
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 2018-10-10, Carlos E.R. wrote:
On 10/10/2018 18.02, J.O. Aho wrote: On 10/10/18 2:46 PM, Carlos E.R. wrote: On 10/10/2018 06.45, J.O. Aho wrote: On 10/10/18 12:18 AM, Grant Taylor wrote: On 10/09/2018 03:17 PM, J.O. Aho wrote: then you know the one running the site don't care about your privacy. I disagree. I've run into *WAY* too many … barely competent (I'm being nice) webmasters that don't know that they need to change the TLS certificate. Their competency level does not directly correlate / translate to them not caring about your privacy. I'd bet that a lot of them will say something along the lines of "Oh REDACTED! I need to get this changed.Â* I wish I had known!!!" after browsers drop support for the Symantec CA. I would say it's a poor excuse, the information has been shared by the browser maintainers for a long time. And you assume that they read those? Why? Me, I found out this week. I do, as it's important for my employer that our customer can access our websites. I do spend at least 30 mins a day at work just browsing through article subjects to see if there is something happening that affects us. If you can't spend that time to keep yourself up to date with information, then do you really care about your customers? No, again, that does not follow. I'd pay someone with the knowledge to put up the web. Or use a service out there to create my own web. Hey, computers are just appliances, just like washing machines, they tell us. I do not need to read how they work inside. And as with all services there are competent people out there, and incompetent ones. If you pay one of the incompetent ones, I can feel sorry for you if your car/washing machine/roof/web page breaks due to shoddy work, but am neither surpized nor am I terribly sympathetic with your blaming the road/laundry soap/weather/browser for your problems. You are different, they pay you to do it. You pay others so it would seem you should be even more concerned with the competence of those you pay. |
#27
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 10/10/18 7:26 PM, Carlos E.R. wrote:
On 10/10/2018 18.02, J.O. Aho wrote: On 10/10/18 2:46 PM, Carlos E.R. wrote: On 10/10/2018 06.45, J.O. Aho wrote: On 10/10/18 12:18 AM, Grant Taylor wrote: On 10/09/2018 03:17 PM, J.O. Aho wrote: then you know the one running the site don't care about your privacy. I disagree. I've run into *WAY* too many … barely competent (I'm being nice) webmasters that don't know that they need to change the TLS certificate. Their competency level does not directly correlate / translate to them not caring about your privacy. I'd bet that a lot of them will say something along the lines of "Oh REDACTED! I need to get this changed.Â* I wish I had known!!!" after browsers drop support for the Symantec CA. I would say it's a poor excuse, the information has been shared by the browser maintainers for a long time. And you assume that they read those? Why? Me, I found out this week. I do, as it's important for my employer that our customer can access our websites. I do spend at least 30 mins a day at work just browsing through article subjects to see if there is something happening that affects us. If you can't spend that time to keep yourself up to date with information, then do you really care about your customers? No, again, that does not follow. I'd pay someone with the knowledge to put up the web. Or use a service out there to create my own web. Hey, computers are just appliances, just like washing machines, they tell us. I do not need to read how they work inside. So you hire who ever, don't care if they are "experts" or some stranger from the streets of Calcutta? You know you get what you pay for, spending a buck or two and you get ****. You are different, they pay you to do it. Sure I get paid, in the same way as the one you hire to setup your web site. -- //Aho |
#28
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 2018-10-10, Mayayana wrote:
"Bobbie Sellers" wrote | I dunno what you mean by a microwave chef? | Maybe people who buy prepared food and warm it up | in a microwave? | Yes. | You can do a lot more than that with a microwave | to produce delicious and edible food. A little more. If you want to cook something from scratch you won't be using a microwave. For instance, a soup that needs to simmer and will be adjusted as you go along. A microwave just heats. So does a stove just heat. The key thing a microwave cannot do is to dry out the surface and initiate the browning reaction just in the surface. My very elderly father used to like to cook a whole meal in a microwave. But there was something about that dehydrated, cruchy cauliflower that made me think steaming in a saucepan might have been a better idea. You can steam in a microwave as well. |
#29
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
"William Unruh" wrote
| For instance, a soup that needs to simmer and | will be adjusted as you go along. A microwave just | heats. | | So does a stove just heat. A microwave makes food hot by shaking molecules. A stove is used to apply heat in measured ways. It's not the same thing. That's obvious in the different smells and textures of food cooked each way. I seem to have accidentally maligned the "Healthy Choice" crowd here. The Front Page fans of the kitchen? If you think a microwave only lacks browning then I'm afraid you don't know how to cook... or eat... or both. But you can eat as you like. Don't bother to invite me over for your 120 second lamb stew, or your spaghetti sauce that somehow magically steeps fresh herbs in only 27 seconds. I'm not in that much of a hurry. Interesting tangent that you may know about: Microsoft's Nathan Myhrvold got very wrapped up in cooking as a discipline of chemistry, coming up with very detailed techniques for preparing various foods with effects on the molecular level just so. He gets deeply into how and why specific chemcial changes make food delicious. I read that he came up with some very good recipes, apparently taking the approach that cooking can be as much a science as an art. But I haven't actually seen the book. |
#30
|
|||
|
|||
With Chrome 70, hundreds of popular websites are about to break
On 2018-10-10, Mayayana wrote:
"William Unruh" wrote | For instance, a soup that needs to simmer and | will be adjusted as you go along. A microwave just | heats. | | So does a stove just heat. A microwave makes food hot by shaking molecules. A stove is used to apply heat in measured ways. It's not the same thing. That's obvious in the different smells and textures of food cooked each way. So does a stove make things hot by shaking molecules. As i said, a microwave does not dry out and begin to burn the surface of the food (which gives smells and textures you mention). I seem to have accidentally maligned the "Healthy Choice" crowd here. The Front Page fans of the kitchen? If you think a microwave only lacks browning then I'm afraid you don't know how to cook... or eat... or both. But you can eat as you like. Don't bother to invite me over for your 120 second lamb stew, or your spaghetti sauce that somehow magically steeps fresh herbs in only 27 seconds. I'm not in that much of a hurry. No worries. I was not planning to invite you. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|