The Meaning of Life, the Universe, and Everything.
Join Date:
11/3/2011
Posts:
61
Minecraft:
falloffcliffman
Member Details
I don't really like the look of it. The old look for the tabs on top; news, forum, servers, etc. used to have really nice grass textures and headings like the ones that said 47 comments used to have dirt textures. Now everything looks bland. The tabs are just green, the headings are just brown, you removed the creativeness and uniqueness of this forum.
Any attempt to load a script hosted by another machine is a security leak.
Last time I checked the http specs, when you asked for a URL, you said who referred you there, and you were passed cookies. On return, you had a chance to set cookies.
So at a minimum, if a site such as Google is hosting a script for other sites to use, then Google will be able to see where you are coming from, what your google anonymous ID is, where that anonymous ID has been surfing (because Google hosts so many scripts that so many websites use), etc -- giving Google the best database of what people are actually doing online. Not "best second only to the NSA". Best.
Google knows more about your surfing habits and activities -- even if they cannot identify you by name -- than anyone else. The NSA's data will be less, but will ID you by name.
Now, this is all "well and good" if scripts are written correctly. If you have heard of something called a cross-site scripting attack -- XSS -- then you know that people have learned how to exploit bugs in scripts hosted by other people to do things that those scripts were never supposed to be able to do.
And all of this is out of your control. If you say "I'll let untrusted code, hosted by people I don't know, run on my machine, and their bugs will mess me up with no risk or responsibility to them", then I say "Fine, go ahead".
Yes, go ahead, be stupid.
===
Can almost all new, modern machines handle javascript? Sure, I'll agree that most new, modern machines have the CPU power to run javascript. Why do you care about the new, modern machines?
What is the "minimum CPU requirements" to use the internet? To to the world-wide-web?
How old of a computer do you consider "Obsolete"?
How recent do your TV's have to be to watch television? Oh, that's right -- the complete stupidity of our lawmakers in the USA let the TV industry make about 80-90% of all old TV's go to waste and have to be replaced, because the perfectly functional tuners were replaced by "digital" crap. With a law that just required digital transmission, with no standards placed, and an FCC that deliberately decided to not do its job and just let the industry do anything it wanted to as long as it was digital.
Don't get me started on the lock-in crap that comes out of this. Or can you tell me why there are not 10,000 different organizations offering rating services for programs; why we only have the one set of v-chip standards issued by one private organization.
Except ... despite the complete charlie-foxtrot of the whole thing, all those old TV sets still work. Just fine. If they are connected to a cable box, or a satellite box, or an external tuner.
So all the old TV's still work just fine.
Old computers still work, just fine.
I have old machines that can display text without any problem, and can display an HTML page without any problem.
But you seem to feel "We must have computers powerful enough to run server code locally to display things because actually requiring the users responses to be sent to servers for actions to be taken is horrible" is a good view.
I don't.
===
My right of liberty and privacy includes the right to be private, and to be able to use stuff that I want.
A business operating for commercial purposes is subject to regulations, and does not automatically gain/have rights. If it's a person running the business, then they have the rights of a person. If it's a corporation running a business, then it has the right to defend its interests in court or to have people create contracts for it.
But to say "As a corporate business, we have the right to insist that we can run our code on your machine at your risk no matter how lousy our code is"?
(In regard to a mod that gives realistic animal genetics):
Would you really rather have bees that make diamonds and oil with magical genetic blocks?
... did I really ask that?
It was bound to happen since that's the latest design craze, although I don't think it goes real well with Minecraft honestly.
See, that's the problem with internet and software companies. Instead of choosing a design that actually looks good, you leap on the bandwagon with a design that fits in with whatever is "the latest design craze" amongst absolutely nobody except for other aesthetics-blind internet and software corporations, but which has been demonstrated time and time again to be almost universally hated by the users... and then act surprised when the same public that hated it when they did it also hates it when you do it!
JavaScript exists for a reason, and you clearly have no clue what those reasons are. 80% of the websites we use today are heavily based off of JavaScript and there is ABSOLUTELY NO REASON you should be disabling it. In fact, disabling it will not only make the websites appear incorrectly, but they will function incorrectly as well. The computers we have today have far more than enough power to run something as simple as JavaScript. If yours cannot, then you disable it, but don't be telling other people to do something that will only make their life more miserable. Also, Twitter, Facebook, and Google can not run scripts on a website without the scripts being defined directly in the markup code. You should not be giving out advice on a subject you know nothing about. Leave it to the people who make websites, that people, like you, use every day and take for granted. End of the conversation on this subject. Do not reply to me.
Oh, man, the last line in this rant... priceless.
I really question if you understand how javascript works. Particularly, I like how you say that other sites can't run scripts on the one you're visiting without it being hard-coded. You do understand that javascript is designed to get around the limitation of hard-coding a website, right? The entire point is to make it malleable, 'dynamic', and (incidentally) vulnerable.
For example, many sites use Google ads. That's a line of JS that Google wrote, which you insert (contractually-unmodified) in your site. That script sends queries to Google, using what information it can to match you to its database on you and send back ads submitted by third parties to Google. Those ads, which are inserted by Google, can have embedded script of their own, and as much advertising as Google hosts, they can't catch every bit of malicious code. Even if I didn't object to Google constantly trying to spy on me so that they can decide what ads to bombard me with, I've got an issue with people who have no connection to the site I'm on using Google's dating-sim setup to slap their own code that I have no assurance is not malignant on my screen. And that is assuming everybody in that chain of events has great security, never gets hacked, never has a disgruntled employee insert code, and... well, we're already into "pfft, you're a fool optimist" territory.
My computer is quite capable of handling JS. I have a degree in computer programming. I've been involved in websites' design. You don't need JS, it's a big security hole, and you're better off turning the few bits of it that you find needed on rather than throwing open the flood-gates and hoping nothing nasty comes through. Do you know why I used Google, Facebook, and Twitter as examples? Because they're trying to run scripts on this site every time I log in.
I don't find it stupid, but useful. It makes something more visible instead of clicking on a user's profile to see if they are online or not. In the platforms sections, being able to tell if a user who is hosting their world is online or not easily is a major plus when looking through servers or games to join. I personally don't see how making your status visible on forum posts is going to encourage "chat boards". People were already able to, and will be able to still, get notifications when someone replies to you, or a topic you follow. I see no difference in posting habits. There is an option to turn off the indicator, You're entitled to your opinion though. If you don't like something, or have your own suggestion be sure to let the developers know on the beta forum.
Let's pretend you and I are online right now, both aware of the other. We're going to argue over whether or not seeing each other online encourages people to post like they're on a chat-board. In response to the above post, I respond with a dry one-liner about how you're online and I disagree with you. Since you knew I was online and were curious about my response, you try to be reasonable and point out that I didn't have to make a short post - but in doing so you validate my point by responding with something relatively short in quick succession to my own post. Then we start arguing over the finer details of it, but the posts remain fairly short as they're focused on the specifics of the moment. Other people post, but they kinda get drowned out by our back-and-forth and their slower post-rate.
I've seen this sort of crap happen. It's not good to build up this expectation that you and I will have a conversation of short thoughts punctuated by responses rather than working under the assumption that it could be a while between when we hear from each other. As I'm working now, I'm presenting you with a clear message of what I mean so that you can absorb it as a whole and consider it before making a similar response. That's lost in chat-board behavior. It's too 'now' for it to be thought-out conversation.
And it's funny that you say I should let the designers know I don't like things and offer other ideas. Been there, done that. I suggested that profiles should have options to turn off these various extraneous bits of information that some might find useful and others find annoying. I even pointed out that it would likely decrease bandwidth, thereby improving the site's performance. They think that checking a single field in your profile, to determine if you want to see everything that belongs in everybody else's profile but is not needed on every page that I'm viewing, is too much. And then they add a check to see if everybody involved in the given thread is online and 'visible', every time you load a page.
The new site seems like something I would have considered a grand accomplishment when I took my first classes on HTML and Java (yeah, I'm familiar with the language from which JS derives - enough so that I've coded using JS myself). The staff there seem like children trying to defend their poor code when their instructor wants to teach them how it could be better. They fight against improvement for the sake of pride and, in doing so, earn a failing grade. That is the feedback they've gotten, repeatedly, and they still choose to fail.
Any attempt to load a script hosted by another machine is a security leak.
Last time I checked the http specs, when you asked for a URL, you said who referred you there, and you were passed cookies. On return, you had a chance to set cookies.
So at a minimum, if a site such as Google is hosting a script for other sites to use, then Google will be able to see where you are coming from, what your google anonymous ID is, where that anonymous ID has been surfing (because Google hosts so many scripts that so many websites use), etc -- giving Google the best database of what people are actually doing online. Not "best second only to the NSA". Best.
Google knows more about your surfing habits and activities -- even if they cannot identify you by name -- than anyone else. The NSA's data will be less, but will ID you by name.
Now, this is all "well and good" if scripts are written correctly. If you have heard of something called a cross-site scripting attack -- XSS -- then you know that people have learned how to exploit bugs in scripts hosted by other people to do things that those scripts were never supposed to be able to do.
And all of this is out of your control. If you say "I'll let untrusted code, hosted by people I don't know, run on my machine, and their bugs will mess me up with no risk or responsibility to them", then I say "Fine, go ahead".
Yes, go ahead, be stupid.
===
Can almost all new, modern machines handle javascript? Sure, I'll agree that most new, modern machines have the CPU power to run javascript. Why do you care about the new, modern machines?
What is the "minimum CPU requirements" to use the internet? To to the world-wide-web?
How old of a computer do you consider "Obsolete"?
How recent do your TV's have to be to watch television? Oh, that's right -- the complete stupidity of our lawmakers in the USA let the TV industry make about 80-90% of all old TV's go to waste and have to be replaced, because the perfectly functional tuners were replaced by "digital" crap. With a law that just required digital transmission, with no standards placed, and an FCC that deliberately decided to not do its job and just let the industry do anything it wanted to as long as it was digital.
Don't get me started on the lock-in crap that comes out of this. Or can you tell me why there are not 10,000 different organizations offering rating services for programs; why we only have the one set of v-chip standards issued by one private organization.
Except ... despite the complete charlie-foxtrot of the whole thing, all those old TV sets still work. Just fine. If they are connected to a cable box, or a satellite box, or an external tuner.
So all the old TV's still work just fine.
Old computers still work, just fine.
I have old machines that can display text without any problem, and can display an HTML page without any problem.
But you seem to feel "We must have computers powerful enough to run server code locally to display things because actually requiring the users responses to be sent to servers for actions to be taken is horrible" is a good view.
I don't.
===
My right of liberty and privacy includes the right to be private, and to be able to use stuff that I want.
A business operating for commercial purposes is subject to regulations, and does not automatically gain/have rights. If it's a person running the business, then they have the rights of a person. If it's a corporation running a business, then it has the right to defend its interests in court or to have people create contracts for it.
But to say "As a corporate business, we have the right to insist that we can run our code on your machine at your risk no matter how lousy our code is"?
No bleeping way.
* Promoting this week: Captive Minecraft 4, Winter Realm. Aka: Vertical Vanilla Viewing. Clicky!
* My channel with Mystcraft, and general Minecraft Let's Plays: http://www.youtube.com/user/Keybounce.
* See all my video series: http://www.minecraftforum.net/forums/minecraft-editions/minecraft-editions-show-your/2865421-keybounces-list-of-creation-threads
(In regard to a mod that gives realistic animal genetics):
Would you really rather have bees that make diamonds and oil with magical genetic blocks?
... did I really ask that?
See, that's the problem with internet and software companies. Instead of choosing a design that actually looks good, you leap on the bandwagon with a design that fits in with whatever is "the latest design craze" amongst absolutely nobody except for other aesthetics-blind internet and software corporations, but which has been demonstrated time and time again to be almost universally hated by the users... and then act surprised when the same public that hated it when they did it also hates it when you do it!
Also check me out on:
WordPress, Etsy, and Spore.
Download the AliensVsPredator Minecraft Mod today at http://aliensvspredator.org
Oh, man, the last line in this rant... priceless.
I really question if you understand how javascript works. Particularly, I like how you say that other sites can't run scripts on the one you're visiting without it being hard-coded. You do understand that javascript is designed to get around the limitation of hard-coding a website, right? The entire point is to make it malleable, 'dynamic', and (incidentally) vulnerable.
For example, many sites use Google ads. That's a line of JS that Google wrote, which you insert (contractually-unmodified) in your site. That script sends queries to Google, using what information it can to match you to its database on you and send back ads submitted by third parties to Google. Those ads, which are inserted by Google, can have embedded script of their own, and as much advertising as Google hosts, they can't catch every bit of malicious code. Even if I didn't object to Google constantly trying to spy on me so that they can decide what ads to bombard me with, I've got an issue with people who have no connection to the site I'm on using Google's dating-sim setup to slap their own code that I have no assurance is not malignant on my screen. And that is assuming everybody in that chain of events has great security, never gets hacked, never has a disgruntled employee insert code, and... well, we're already into "pfft, you're a fool optimist" territory.
My computer is quite capable of handling JS. I have a degree in computer programming. I've been involved in websites' design. You don't need JS, it's a big security hole, and you're better off turning the few bits of it that you find needed on rather than throwing open the flood-gates and hoping nothing nasty comes through. Do you know why I used Google, Facebook, and Twitter as examples? Because they're trying to run scripts on this site every time I log in.
Let's pretend you and I are online right now, both aware of the other. We're going to argue over whether or not seeing each other online encourages people to post like they're on a chat-board. In response to the above post, I respond with a dry one-liner about how you're online and I disagree with you. Since you knew I was online and were curious about my response, you try to be reasonable and point out that I didn't have to make a short post - but in doing so you validate my point by responding with something relatively short in quick succession to my own post. Then we start arguing over the finer details of it, but the posts remain fairly short as they're focused on the specifics of the moment. Other people post, but they kinda get drowned out by our back-and-forth and their slower post-rate.
I've seen this sort of crap happen. It's not good to build up this expectation that you and I will have a conversation of short thoughts punctuated by responses rather than working under the assumption that it could be a while between when we hear from each other. As I'm working now, I'm presenting you with a clear message of what I mean so that you can absorb it as a whole and consider it before making a similar response. That's lost in chat-board behavior. It's too 'now' for it to be thought-out conversation.
And it's funny that you say I should let the designers know I don't like things and offer other ideas. Been there, done that. I suggested that profiles should have options to turn off these various extraneous bits of information that some might find useful and others find annoying. I even pointed out that it would likely decrease bandwidth, thereby improving the site's performance. They think that checking a single field in your profile, to determine if you want to see everything that belongs in everybody else's profile but is not needed on every page that I'm viewing, is too much. And then they add a check to see if everybody involved in the given thread is online and 'visible', every time you load a page.
The new site seems like something I would have considered a grand accomplishment when I took my first classes on HTML and Java (yeah, I'm familiar with the language from which JS derives - enough so that I've coded using JS myself). The staff there seem like children trying to defend their poor code when their instructor wants to teach them how it could be better. They fight against improvement for the sake of pride and, in doing so, earn a failing grade. That is the feedback they've gotten, repeatedly, and they still choose to fail.
here you go my creation some months ago xD not 100% the same though.