From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1QSOTQ-0007yE-Ds for garchives@archives.gentoo.org; Fri, 03 Jun 2011 07:07:12 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4C91E1C132; Fri, 3 Jun 2011 07:05:45 +0000 (UTC) Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 00F9E1C132 for ; Fri, 3 Jun 2011 07:05:44 +0000 (UTC) Received: by wwj40 with SMTP id 40so1214603wwj.10 for ; Fri, 03 Jun 2011 00:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:from:to:subject:date:user-agent:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=d9e23cRu49Lm9dDWa3JKuP/Z3dxLBnUDO9qsV+h49d8=; b=i//xl+KZhsgWBQsA8S87vMu6wMOU4v+21mlwhFCeoBMHEKrkwp2/CYfZecsWDI2BWF ARh46oO3pcxVH/E3UqF7WK9Giz8W5Mwn6Dn5MdGVlJt0IQOCaCL7ZGg7wIksIEUWkSqO ATE09bIj/pKTht3vVOAI86gwnbxDiEIfgXsLs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=u0yIiYIghKy3LRZmhdxjVC1txIcjBlLC7PlfPAk9uqaa4mtrRkXu8+pXUAlO6iKx6o f07oWSz4VfRmpzTfwn5p+qaW9Jbr2lJIG9w0zjELCZeLoZUUxLa2S6nuKeBJgpJYY7Ed es2AN+vy9uN9rkpfHDBC9VqvLkFHibyVzyCiI= Received: by 10.227.10.210 with SMTP id q18mr1556984wbq.44.1307084743004; Fri, 03 Jun 2011 00:05:43 -0700 (PDT) Received: from nazgul.localnet (dustpuppy.is.co.za [196.14.169.11]) by mx.google.com with ESMTPS id c17sm827470wbh.63.2011.06.03.00.05.40 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 03 Jun 2011 00:05:41 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: chrome and everything Date: Fri, 3 Jun 2011 09:05:00 +0200 User-Agent: KMail/1.13.7 (Linux/2.6.39-ck; KDE/4.6.3; x86_64; ; ) References: <201106021121.52021.alan.mckinnon@gmail.com> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201106030905.00461.alan.mckinnon@gmail.com> X-Archives-Salt: X-Archives-Hash: 356eec8966eddf3cdfe35416c7b229bb Apparently, though unproven, at 02:07 on Friday 03 June 2011, walt did opine thusly: > On 06/02/2011 02:21 AM, Alan McKinnon wrote: > > Flash is a piece of shit that has never worked right and Adobe are a > > bunch of fools that cannot code properly or securely. > > I agree 100%. My question is why they continue to be so successful in > spite of such a history. That's easy to answer, but it has nothing to do with code and everything to do with human nature. Flash is New!Improved!Shiny! shit full of bling and looks cool to the consumer. Web devs develop flashy shiny sites and users think it's awesome. We look at flash and think "OMFG, how can anyone release crap code like that?" Well, the web dev is hooked into the user's mindset, providing something the user likes and that is real to him. So the user will use it regardless of any issues it may have. The user does not understand our mindset (coders and code quality) so we get no traction with users, we might as well speak Martian > And they don't seem to be improving -- Flash > shows up regularly on the monthly security bulletin from sans.org with yet > another buffer overflow exploit. It never gets better :( > > OTOH, chromium gets security fixes from google every *week*, so they don't > inspire much confidence either. > > Which is safer: an insecure program that gets fixed every month, or one > that gets fixed every week? The answer is not obvious to me... Compare how Google goes about doing things with how Adobe does it. The Google Chromium team appears to take security seriously and are open and up-front about what they do. Adobe likes to stonewall on issues and create an aura of how sekrit stuff is. Which one inspires confidence in fellow geeks? -- alan dot mckinnon at gmail dot com