On Mon, 20 May 2013 19:48:00 -0700 "Adam Wilson" <flybo...@gmail.com> wrote:
> On Mon, 20 May 2013 17:04:40 -0700, Nick Sabalausky > <seewebsitetocontac...@semitwist.com> wrote: > > > On Mon, 20 May 2013 15:50:06 -0700 > > "Adam Wilson" <flybo...@gmail.com> wrote: > >> > >> What if as a UI designer I know that I want to specifically > >> disallow skinning? It's not even that hard of a decision to reach. > >> If the skinning changes the layout metrics at all (margin, > >> padding, size, even shape), my app can end up looking terrible and > >> I have to take a support call for a case that I couldn't have > >> possibly dreamed up. > >> > > > > Basing software decisions upon worries of "What if some user shoots > > himself and calls our support?" is *always* a bad idea. > > > > Is it though? Because regardless of whether or not they should call > me, they will, and I will have to spend money to deal with it. Again, > I have real problems that are clashing with ideology. When that > happens the engineer in me demands that I address the real problems. > No, you most certainly do *not* have real problems clashing with ideology: What you have is a contrived "what if" scenario that you think is a "real" threat to your business despite the fact that you yourself are convinced that hardly anyone is going to be messing with their settings anyway. Then you're running around crying "It's ideology versus successful business! I'd better disregard my user's settings or else the sky will fall!" Yea, I'm exaggerating, but your whole argument here is clearly exaggerated bullshit. And if you're really *are* that worried about enough "coffee mug in the CD tray"-mentality users changing their system settings and then calling you about that, enough that it would pull you under, then you can just *not* invent a new UI styling to force on them in the first place. Big freaking deal. Like you said, most of them don't care anyway, right? > > Why? The user mostly doesn't care as long as it works and solves > their problem, I personally spend less and less time customizing my > environments for two-fold reasons, I have an every growing number of > them, and I care less and less, just get out of my way and let me > work. Don't make me decide on a hundred details before I can get > started. > Ok. So then why in the world are you wasting *your* time inventing new UI styles for your software if so few of your users care? > > > > Secondly, we're not babysitters or self-appointed police here. To > > engage in such a level of control is *already* a very serious breach > > of our moral obligations. > > > > > > In the real world, yes, we are. You see, it's a small inconvenience > known as the lawsuit. Specifically that I am legally liable for any > and all security vulnerabilities within my product. There is > case-history going back to support this since the dawn of legal > systems. It is ironclad, ideology will not change it. I consider > cross-process of a UI a MAJOR security problem because it allows > malicious software to modified my software in subtle ways that > compromise the security of the system. And apparently I am not the > only one who thinks this way because every mobile OS available today > does not allow ANY kind of cross-process UI manipulation of any kind, > going so far as to sandbox each app. I think we're getting offtopic here. If we're associating "legally-accountable security negligence" together with "using native UI toolkits", then clearly we've already taken a nose-dive off the deep end. > Where is your outrage over > Android or iOS or WinRT or Blackberry or Symbian? > Heh. If you think I *don't* have a deep seething hatred for Android, iOS and WinRT, on both practical and ethical grounds, then you're very much mistaken ;) I don't always agree with Stallman, but one thing I did always agree completely with him on is how Steve Job's last decade of work was "the computer as a jail made cool, designed to sever fools from their freedom". Stallman didn't change my mind with that, but he did word it far better than I ever could have. > > > > Just for example, Spy++ or any similar such developer tool. Or GUI > > macros. Those are just off the top of my head. I'm sure people can, > > and have, thought of any number of other different uses. > > > > GUI macros work on WPF apps. Does the same macro utility system also work across WPF, GTK, Qt, Delphi apps, whatever the fuck Nero, Winamp or Windows iTunes use, *and* Joe Schmo's Yet Another NIH-Fueled OpenGL-based Toolkit? > Snoop does what Spy++ does. > Same question as above. > > Have you ever built any software where you are legally liable for > any security holes your software opens up? My guess is no. Because if > you had, you'd get where I am coming from. > Let's not dive into ad-hominem time-wasting here. I'm not going to get into what really amounts to an "I'm more l33t than you" contest under the false pretense that the answer has any bearing whatsoever on the topic at hand. > Ideology is fine, right up until you have to meet the real world. Do > you honestly expect your users to each become security experts? Such > a thought is laughable on the face of it. They have neither the time > nor the interest, and nor should they, it is not a productive use of > their time. This is why the law makes it MY fault for security flaws, > because there is not, and can be no, reasonable expectation that they > are security experts, that's MY job. Again, you're taking one thing here and then contorting it into a mutant, paranoid strawman with only a vague connection to the real discussion: 1. The ideology of *allowing* the users who *want* control over their own computer to *have* control over their own computer is *not* in conflict with "the real world". That's downright crazed paranoia. It's not going to drown your company in support costs. It's not going to get you thrown in jail for negligent security. It's not going to eat your children and destroy family values and make the sky fall. Take a step back and look at this with some perspective. 2. If this stuff we're talking about constitutes such major security negligence, then so does damn near every other thing computers ever do. Almost anything useful that programmers use is every bit as much exploitable. "Hackers can use functions to help create their exploits?! Holy hell! We must stop this evil 'function' thing since, after all, legitimate software can just use GOTO!" Or: "Your address book software lets me put in all that sensitive info?! How dare you! That means anyone who grabs my phone while I have it unlocked has easy access to it! I'll sue you!" For fuck's sake, everything useful is exploitable. Let's go back to our caves. (Oh shit! Rocks!) 3. Where in the would did you pull this "expect your users to each become security experts" crap from in the first place? That came completely out of nowhere. > > Ergo, allowing cross-process UI manipulation is inherently wrong, > it's also legally and ethically wrong. Putting my users at risk in > the name of ideology is so wrong that I am dry heaving at the > thought. Better make sure the cops never find out if you've used Snoop or GUI macros. Or Tcl Expect. Or a debugger. Or stdin/stdout. Or... > Incidentally, this is why no mobile OS ever allows it, it's > WAY to legally risky. Not even Google can make that lawsuit go away. > I'm seeing an unsubstantiated claim here. > > Nick, I hate to break it to you, but you are so far out on the > extreme end of the scale on this one that it will be impossible to > advance technology and keep you happy, As opposed to being so far out in paranoia that it'll be impossible for you to use or create technology at all and still feel safe and secure from lawsuits, support call stampedes, black hats...You really are a nut here. > so I'll have to leave you > behind, because the 99% want there software to just work, and could > care less how it does it. I don't like leaving people behind and > pissing them off, but I have to go where the majority goes, Ok, I understood. Ideals result in lawsuit, and so does failing to chase trends. Ok, gotcha. Back to your padded room...Don't forget your tinfoil hat over there... > otherwise > I'm just a penniless artist with a rigid ideology and no friends. > You just can't help using all these slipperly slope arguments, can you? Besides, I'm guessing that paranoia doesn't help win friends and money either.
