On Tue, 7 Oct 2014 05:11:30 +0300
Matti Karnaattu wrote:
Like removing that stupid web browser
idiom that where is addressbar and back/forward buttons.
The address bar is one of the only things you can trust when browsing a
web page to the point that some mal-sites or mal-ads actually try to
On 15-10-2014 17:56, Kevin Chadwick wrote:
The address bar is one of the only things you can trust when browsing a
web page
Provided your dns isn't spoofed. And you're are not being targeted with
a mitm attack. And perhaps a few other things. But yeah, the address bar
can normally be trusted.
On Mon, 06 Oct 2014 19:09:08 -0600
Theo de Raadt dera...@cvs.openbsd.org wrote:
I think Matti is a goverment plant, or quite high in industry.
Please people, ignore him.
Let me explain Matti to you:
1. first I break your chmod.
2. Oh you won't fall for that. bummer
3. next I convince
Except it doesn't, server side code is more universal.
I strongly disagree.
In server side there is vast amount of different software stacks build
top of C library and they are incompatible. Running PHP code top of
Java stack just doesn't work.
In client side, there has ongoing for several
On Mon, 6 Oct 2014, Matti Karnaattu wrote:
Disabling Javascript is like disabling ability to run modern application
software. It is same if I just turn off computer. It is then secured.
Sorry, that is totally bogus! The **FIRST** thing one should do when
sitting down at a new browser is
On 06-10-2014 14:20, Matti Karnaattu wrote:
I strongly disagree.
In server side there is vast amount of different software stacks build
top of C library and they are incompatible. Running PHP code top of
Java stack just doesn't work.
But none of them *require* javascript to function.
In
however it *is* realistic and reasonable to *limit*
the cross-site JS code that is only there for the use of other third
parties.
I agree. I filter too crap away. Javascript itself is not problem.
But none of them require javascript to function.
Node.js
What is not a good thing is to have just one standard. That's never
good.
And this is current status. Apple, Canonical, Google and Microsoft
pushing their own competing front end ecosystems. And there is still
HTML/JS which is portable.
On 06-10-2014 17:48, Matti Karnaattu wrote:
Node.js
I've used it, and there is too much hype about it. It has it's uses, but
can be replaced with other non javascript technologies, at least from
the server side.
And this is current status. Apple, Canonical, Google and Microsoft
pushing their
Great conversation...
Somehow you guys spend all your time whining about complicated deep
technologies like Java / Javascript -- condemning them for their nasty
complexity -- but at the same time using the conversation to hurt people
trying to build something simpler.
Who do you work for?
You mean, there is _legislation_ on how to write software?
Some industries, yes. But this is not related to JS.
Practically whole IT-industry supports JS. If you like to do portable
application programming, you have to write JS or compile your
code to JS if you want to get that working
I think Matti is a goverment plant, or quite high in industry.
Please people, ignore him.
I think Matti is a goverment plant, or quite high in industry.
Please people, ignore him.
Let me explain Matti to you:
1. first I break your chmod.
2. Oh you won't fall for that. bummer
3. next I convince you that JS is good.
4. While there, convince everyone Theo is the reason JS is
On 06-10-2014 22:09, Theo de Raadt wrote:
He got a fake finnish name, but I bet he lives in the US or UK!
From the e-mail headers, US. Don't worry Theo, I won't be feeding the
troll any further. Just don't like stupid people spreading
misinformation. Others might believe it.
[demime 1.01d
On 06/10/14 9:01 PM, Matti Karnaattu wrote:
Browsers are getting slower all the time.
Bullshit. Try this: http://peacekeeper.futuremark.com
Actually it isn't bullshit. It is the truth. You just fail to understand
what he means.
Newer browsers run software faster. Ancient browsers may even
On 06-10-2014 22:09, Theo de Raadt wrote:
He got a fake finnish name, but I bet he lives in the US or UK!
From the e-mail headers, US. Don't worry Theo, I won't be feeding the
troll any further. Just don't like stupid people spreading
misinformation. Others might believe it.
And you are UK
If any of these end up being better than JS,
I don't see any reason not to use them.
I think everyone of these are better if you don't care about portability.
I prefer to use a desktop application for those instead
of running them from my browser. Just saying.
There isn't much new desktop
On 06-10-2014 22:23, Theo de Raadt wrote:
And you are UK or US as well. Nice Italian name, but you are likely
part of the same parcel. Thanks for replying so fast!
Hahahahha. Brazilian Theo. Italian descendent. You can check my headers
and you'll see. Don't be so paranoid. And I'm not feeding
On 06-10-2014 22:23, Theo de Raadt wrote:
And you are UK or US as well. Nice Italian name, but you are likely
part of the same parcel. Thanks for replying so fast!
Hahahahha. Brazilian Theo. Italian descendent. You can check my headers
and you'll see. Don't be so paranoid. And I'm not
On 06-10-2014 22:23, Theo de Raadt wrote:
And you are UK or US as well. Nice Italian name, but you are likely
part of the same parcel. Thanks for replying so fast!
Hahahahha. Brazilian Theo. Italian descendent. You can check my headers=20
and you'll see. Don't be so paranoid. And I'm not
On 06-10-2014 22:31, Theo de Raadt wrote:
You are the troll; he is the plant.
All right. Will end the discussion now. Just rest assured I'm not
working it any goverment agency, IT big enterprise and do not have any
hidden agenda.
Bye
[demime 1.01d removed an attachment of type
On 06-10-2014 22:37, Theo de Raadt wrote:
I love this conversation.
Hey don't trust OpenBSD, because the new (outsourced) store uses
Javascript.
Never, in any moment in the thread I said that the store shouldn't be
trusted.
But trust Matti and Giancarlo's email headers.
While we are at it, why
but at the same time using the conversation to hurt people trying to
build something simpler.
It is not meant to hurt anyone.
Optimal complexity is when there is nothing you like to add and nothing
you like to remove.
It is just that sometimes happens event called disruptive innovation.
When
but at the same time using the conversation to hurt people trying to
build something simpler.
It is not meant to hurt anyone.
I didn't mean to kill that guy when I was doing 250km
It is just that sometimes happens event called disruptive innovation.
You tried to break chmod. Please
next I convince you that JS is good.
I said that it crappy, but it happens that crap gets adopted standard.
It just happens, it has happened before and when the shit works and
solve compatibility issues by having adopted standard, it is useful.
What can I do for that?!
It is problem in
Matti Karnaattu wrote
snip
How I can have you to be more relaxed? With beer?
Just what I need. Life support on drunk programs writ by drunk programmers.
Please. You are a threat to my continued existence.
You are on the wrong list.
Ok. I will unscribe myself for.. eternity. Because
I obviously have hurt feelings. Especially yours, Theo.
I did not intentionally do that. And I have _never_ bashed
you. And I actually never got what makes you so upset.
I'm enthusiast to tech without religion.
Hi,
talking about setting the record straight...
System Administrator wrote on Sat, Oct 04, 2014 at 11:57:56PM -0400:
2. Open*BSD* as the name implies, had no decades old Unix code and
by now has had much of the _original_ BSD code replaced as well.
The ancestors of OpenBSD are, in direct
On Sun, Oct 05, 2014 at 11:36:33AM +0200, Ingo Schwarze wrote:
Hi,
talking about setting the record straight...
System Administrator wrote on Sat, Oct 04, 2014 at 11:57:56PM -0400:
2. Open*BSD* as the name implies, had no decades old Unix code and
by now has had much of the
1. OpenBSD is a great example of the difference that having security as
a primary design and development objective makes, unlike most other
OSes (including all flavors of linux) which do added security.
Yes, primary objective. Definitely.
It is also form of added security, because it is based on
People wrote:
There are two things which irritates me in computing:
1. Need of security updates
2. Two pieces of technology which are not compatible with each other.
I'm GLAD that finally we have Javascript. At last, we have language and
platform that WORKS universally.
Except it
Hello,
This is for the OP: dude, you are free to do anything, order or cancel
or whatever you want.
But please contact the SITE MANTAINER about your problems, do not
annoy the list with your obsession(s). You can taste the toillet paper
if you don't TRUST it, but please direct your inquires to
Many a naïve person believe you can add security as an afterthought
but I'm not aware of this approach ever truly succeeding.
I think that OpenBSD has done decent job. Decades ago that old unix
code, originally did not quite exactly been EAL7.
Responding here at the risk of continuing to feed the troll, but in the
interest of setting the record straight (i.e. for the archives).
On 4 Oct 2014 at 13:53, Matti Karnaattu wrote:
Many a naïve person believe you can add security as an afterthought
but I'm not aware of this approach ever
In my browser of choice, configured sensibly, this is all that can be
seen at openbsdstore.com and openbsdeurope.com:
| The OpenBSD Store
| If you have JavaScript disabled you will not be able to order from
| this site...
And yes, it literally ends with an ellipsis.
Strangely enough, this
On Fri, Oct 03, 2014 at 10:09:36AM -0400, david...@ling.ohio-state.edu wrote:
In my browser of choice, configured sensibly, this is all that can be
seen at openbsdstore.com and openbsdeurope.com:
| The OpenBSD Store
| If you have JavaScript disabled you will not be able to order from
|
2014-10-03 16:09 GMT+02:00 david...@ling.ohio-state.edu:
Strangely enough, this doesn't incline me to enable javascript.
Why?
Don't you trust the store?
On Fri, Oct 3, 2014 at 10:25 AM, Bryan Steele bry...@gmail.com wrote:
So, you visit an order page likely content on providing your billing
information and shipping address, but it's the use of Javascript that
sways your final decision to order?
I thought it was the ellipsis that did it :-)
On Fri, 3 Oct 2014, Martin Schröder wrote:
2014-10-03 16:09 GMT+02:00 david...@ling.ohio-state.edu:
Strangely enough, this doesn't incline me to enable javascript.
Why?
Don't you trust the store?
Heh, literally blind trust, eh?
What store? You call it a store. And I did expect it to be
On Fri, 3 Oct 2014, Bryan Steele wrote:
On Fri, Oct 03, 2014 at 10:09:36AM -0400, david...@ling.ohio-state.edu wrote:
In my browser of choice, configured sensibly, this is all that can be
seen at openbsdstore.com and openbsdeurope.com:
| The OpenBSD Store
| If you have JavaScript disabled
Who said anything about an order page?
Who said anything about final decisions? The text provided gave me no
information upon which to base any decision of that kind.
As I made perfectly clear in my post, the accessible content on the
website is a single, elided sentence.
Why should I
2014-10-03 16:09 GMT+02:00 david...@ling.ohio-state.edu:
Strangely enough, this doesn't incline me to enable javascript.
Why?
Don't you trust the store?
Heh, literally blind trust, eh?
What store? You call it a store. And I did expect it to be a store
of some kind, since
On Fri, 3 Oct 2014, Theo de Raadt wrote:
So easy to be critical.
Sure. And some criticism happens to be useful.
Some say it's even more useful than wagon-circling.
On Fri, 3 Oct 2014, Theo de Raadt wrote:
Who said anything about an order page?
Who said anything about final decisions? The text provided gave me no
information upon which to base any decision of that kind.
As I made perfectly clear in my post, the accessible content on the
website is a
On Fri, Oct 3, 2014 at 10:48 AM, david...@ling.ohio-state.edu wrote:
On Fri, 3 Oct 2014, Theo de Raadt wrote:
Who said anything about an order page?
Who said anything about final decisions? The text provided gave me no
information upon which to base any decision of that kind.
As I made
2014-10-03 16:09 GMT+02:00 david...@ling.ohio-state.edu:
In my browser of choice, configured sensibly, this is all that can be
seen at openbsdstore.com and openbsdeurope.com:
| The OpenBSD Store
| If you have JavaScript disabled you will not be able to order from
| this site...
I'm
Why should I enable javascript to obtain basic information about a
website?
Why do not keep Javascript all time enabled?
Keeping Javascript disabled is like disabling programmability from
shell. What is the idea?
On Fri, Oct 3, 2014 at 9:53 AM, ludovic coues cou...@gmail.com wrote:
2014-10-03 16:09 GMT+02:00 david...@ling.ohio-state.edu:
In my browser of choice, configured sensibly, this is all that can be
seen at openbsdstore.com and openbsdeurope.com:
| The OpenBSD Store
| If you have JavaScript
On Fri, 3 Oct 2014, david...@ling.ohio-state.edu wrote:
On Fri, 3 Oct 2014, Theo de Raadt wrote:
But instead you brought your complaint to misc.
Indeed.
You have an agenda.
Sure do. I had reason to distrust the website, as I've explained.
But I have no reason to distrust this
On Fri, 3 Oct 2014, Matti Karnaattu wrote:
Why should I enable javascript to obtain basic information about a
website?
Why do not keep Javascript all time enabled?
Keeping Javascript disabled is like disabling programmability from
shell. What is the idea?
You're making a joke, maybe?
*I*
I can't know what interest openbsdeurope has in requiring users to
enable JS to obtain any information from their website.
Probably 999 users in thousand doesn't want to make web crippled and
doesn't even think that standard JS is any special requirement.
*I* choose what programs my shell
On 03-10-2014 16:01, Matti Karnaattu wrote:
Soon it is probably nearly impossible to do anything useful with web
without Javascript. It is defacto and dejure standard language for
portable applications.
I believe the OP could have done his research a little better, there are
other ways of
On Fri, Oct 3, 2014 at 12:01 PM, Matti Karnaattu mkarnaa...@gmail.com wrote:
No, you choosed that web page to visit.
http://www.w3schools.com/xml/xml_http.asp
If the javascript contains an XMLHTTPRequest object, it can call out
to a different server (than the one you are visiting) without your
No, the one lacking understanding is you -- the fact that 99.9% of the
Internet users are clueless (and even worse, *lax*) about security,
probably never heard of OpenBSD and most likely will never use it
because it interferes with their daily fill of spam and malware is
totally irrelevant for
Here it is for your convenience:
If you wish to contact us by phone, please call +44 (0) 115 986
8786, Monday to Friday 10am-2:30pm - Linda Bramley
Email: ord...@openbsdstore.com
Address:
OpenBSD Store
Zednax Limited
241 Wellington Road South
Stockport
SK2 6NG
If the javascript contains an XMLHTTPRequest object, it can call out
to a different server (than the one you are visiting) without your
explicit knowledge, download content, and do basically whatever the
user the browser is running as can do,
I'm aware. This object is in practice transformed
On 3 Oct 2014 at 23:48, Matti Karnaattu wrote:
...
etc...and that's not the only way javascript can be used maliciously
These are called security holes.
There is good reason not to explicitly trust javascript or any other
browser plugin that allow the remote site to execute code on your
On 03-10-2014 17:48, Matti Karnaattu wrote:
Unfortunately, we are living world where almost all applications are
nowadays writen with Javascript or compiled to Javascript. And it is
matter of time when rest of the issues are solved which prevents it
using ~everywhere to reduce server load.
So
On Fri, Oct 3, 2014 at 12:20 PM, J Sisson sisso...@gmail.com wrote:
If the javascript contains an XMLHTTPRequest object, it can call out
to a different server (than the one you are visiting) without your
explicit knowledge, download content, and do basically whatever the
user the browser is
So you are saying that soon everything will be force fed to you and
you will be ok with it?
There are two things which irritates me in computing:
1. Need of security updates
2. Two pieces of technology which are not compatible with each other.
I'm GLAD that finally we have Javascript. At
On Fri, 3 Oct 2014 13:26:11 -0400 (EDT)
david...@ling.ohio-state.edu wrote:
Keeping Javascript disabled is like disabling programmability from
shell. What is the idea?
You're making a joke, maybe?
*I* choose what programs my shell executes. But when I visit a
webpage on the
and navigation of a site should not require javascript as
per w3c guidelines.
The thing is that web is more than web sites. It is also full of
applications and these are totally mixed.
However considering OpenBSD users are security savvy and should
understand the potential risks of random sites
On 4 Oct 2014 at 1:41, Matti Karnaattu wrote:
...
I don't think that is pragmatic to expect people to use computers
without applications. Or expect users of some software doesn't want to
use applications.
why not be the ultimate pragmatist you preach and go run Windows?
(Isn't that what
On Sat, Oct 04, 2014 at 01:11:06AM +0300, Matti Karnaattu wrote:
So you are saying that soon everything will be force fed to you and
you will be ok with it?
There are two things which irritates me in computing:
1. Need of security updates
2. Two pieces of technology which are not
| The OpenBSD Store
| If you have JavaScript disabled you will not be able to order from
| this site...
ludovic coues asked
| I'm curious, how did you get this message ?
(running 5.5-stable amd64)
lynx https://www.openbsdstore.com
or
lynx http://www.openbsd.org
-- Buy CDs/Shirts/Posters
65 matches
Mail list logo