On 15-10-2014 17:56, Kevin Chadwick wrote:
> The address bar is one of the only things you can trust when browsing a
> web page
Provided your dns isn't spoofed. And you're are not being targeted with
a mitm attack. And perhaps a few other things. But yeah, the address bar
can normally be trusted.
>
On Tue, 7 Oct 2014 05:11:30 +0300
Matti Karnaattu wrote:
> Like removing that stupid "web browser"
> idiom that where is addressbar and back/forward buttons.
The address bar is one of the only things you can trust when browsing a
web page to the point that some mal-sites or mal-ads actually try t
On Mon, 06 Oct 2014 19:09:08 -0600
Theo de Raadt wrote:
> > I think Matti is a goverment plant, or quite high in industry.
> > Please people, ignore him.
>
> Let me explain Matti to you:
>
> 1. first I break your chmod.
> 2. Oh you won't fall for that. bummer
> 3. next I convince you that JS i
>You are on the wrong list.
Ok. I will unscribe myself for.. eternity. Because
I obviously have hurt feelings. Especially yours, Theo.
I did not intentionally do that. And I have _never_ bashed
you. And I actually never got what makes you so upset.
I'm enthusiast to tech without religion. Agnosti
Matti Karnaattu wrote
>How I can have you to be more relaxed? With beer?
Just what I need. Life support on drunk programs writ by drunk programmers.
Please. You are a threat to my continued existence.
>next I convince you that JS is good.
I said that it crappy, but it happens that crap gets adopted standard.
It just happens, it has happened before and when the shit works and
solve compatibility issues by having adopted standard, it is useful.
What can I do for that?!
It is problem in IT-indu
> >but at the same time using the conversation to hurt people trying to
> >build something simpler.
>
> It is not meant to hurt anyone.
"I didn't mean to kill that guy when I was doing 250km"
> It is just that sometimes happens event called "disruptive innovation".
You tried to break chmod. Pl
>but at the same time using the conversation to hurt people trying to
>build something simpler.
It is not meant to hurt anyone.
Optimal complexity is when there is nothing you like to add and nothing
you like to remove.
It is just that sometimes happens event called "disruptive innovation".
Whe
On 06-10-2014 22:37, Theo de Raadt wrote:
> I love this conversation.
>
> Hey don't trust OpenBSD, because the new (outsourced) store uses
Javascript.
Never, in any moment in the thread I said that the store shouldn't be
trusted.
> But trust Matti and Giancarlo's email headers.
While we are at it,
On 06-10-2014 22:31, Theo de Raadt wrote:
> You are the troll; he is the plant.
>
All right. Will end the discussion now. Just rest assured I'm not
working it any goverment agency, IT big enterprise and do not have any
hidden agenda.
Bye
[demime 1.01d removed an attachment of type application/pkc
> On 06-10-2014 22:23, Theo de Raadt wrote:
> > And you are UK or US as well. Nice Italian name, but you are likely
> > part of the same parcel. Thanks for replying so fast!
> Hahahahha. Brazilian Theo. Italian descendent. You can check my headers=20
> and you'll see. Don't be so paranoid. And I'
> On 06-10-2014 22:23, Theo de Raadt wrote:
> > And you are UK or US as well. Nice Italian name, but you are likely
> > part of the same parcel. Thanks for replying so fast!
> Hahahahha. Brazilian Theo. Italian descendent. You can check my headers
> and you'll see. Don't be so paranoid. And I'm n
On 06-10-2014 22:23, Theo de Raadt wrote:
> And you are UK or US as well. Nice Italian name, but you are likely
> part of the same parcel. Thanks for replying so fast!
Hahahahha. Brazilian Theo. Italian descendent. You can check my headers
and you'll see. Don't be so paranoid. And I'm not feeding
>If any of these end up being better than JS,
>I don't see any reason not to use them.
I think everyone of these are better if you don't care about portability.
>I prefer to use a desktop application for those instead
>of running them from my browser. Just saying.
There isn't much new desktop ap
> On 06-10-2014 22:09, Theo de Raadt wrote:
> > He got a fake finnish name, but I bet he lives in the US or UK!
> From the e-mail headers, US. Don't worry Theo, I won't be feeding the
> troll any further. Just don't like stupid people spreading
> misinformation. Others might believe it.
And you a
On 06/10/14 9:01 PM, Matti Karnaattu wrote:
Browsers are getting slower all the time.
Bullshit. Try this: http://peacekeeper.futuremark.com
Actually it isn't bullshit. It is the truth. You just fail to understand
what he means.
Newer browsers run software faster. Ancient browsers may even f
On 06-10-2014 22:09, Theo de Raadt wrote:
> He got a fake finnish name, but I bet he lives in the US or UK!
From the e-mail headers, US. Don't worry Theo, I won't be feeding the
troll any further. Just don't like stupid people spreading
misinformation. Others might believe it.
[demime 1.01d remov
> I think Matti is a goverment plant, or quite high in industry.
> Please people, ignore him.
Let me explain Matti to you:
1. first I break your chmod.
2. Oh you won't fall for that. bummer
3. next I convince you that JS is good.
4. While there, convince everyone Theo is the reason JS is everywh
I think Matti is a goverment plant, or quite high in industry.
Please people, ignore him.
>You mean, there is _legislation_ on how to write software?
Some industries, yes. But this is not related to JS.
Practically whole IT-industry supports JS. If you like to do portable
application programming, you have to write JS or compile your
code to JS if you want to get that working everywher
Great conversation...
Somehow you guys spend all your time whining about complicated deep
technologies like Java / Javascript -- condemning them for their nasty
complexity -- but at the same time using the conversation to hurt people
trying to build something simpler.
Who do you work for? Govern
On 06-10-2014 17:48, Matti Karnaattu wrote:
> Node.js
I've used it, and there is too much hype about it. It has it's uses, but
can be replaced with other non javascript technologies, at least from
the server side.
> And this is current status. Apple, Canonical, Google and Microsoft
> pushing their
> But none of them require javascript to function.
Node.js
>What is not a good thing is to have just one standard. That's never
>good.
And this is current status. Apple, Canonical, Google and Microsoft
pushing their own competing front end ecosystems. And there is still
HTML/JS which is portable
>however it *is* realistic and reasonable to *limit*
>the cross-site JS code that is only there for the use of other third
>parties.
I agree. I filter too crap away. Javascript itself is not problem.
On 06-10-2014 14:20, Matti Karnaattu wrote:
> I strongly disagree.
>
> In server side there is vast amount of different software stacks build
> top of C library and they are incompatible. Running PHP code top of
> Java stack just doesn't work.
But none of them *require* javascript to function.
>
>
On Mon, 6 Oct 2014, Matti Karnaattu wrote:
> Disabling Javascript is like disabling ability to run modern application
> software. It is same if I just turn off computer. It is then secured.
>
Sorry, that is totally bogus! The **FIRST** thing one should do when
sitting down at a new browser is inst
>Except it doesn't, server side code is more universal.
I strongly disagree.
In server side there is vast amount of different software stacks build
top of C library and they are incompatible. Running PHP code top of
Java stack just doesn't work.
In client side, there has ongoing for several year
People wrote:
> There are two things which irritates me in computing:
>
> 1. Need of security updates
> 2. Two pieces of technology which are not compatible with each other.
>
> I'm GLAD that finally we have Javascript. At last, we have language and
> platform that WORKS universally.
Except it
>1. OpenBSD is a great example of the difference that having security as
>a primary design and development objective makes, unlike most other
>OSes (including all flavors of linux) which do "added" security.
Yes, primary objective. Definitely.
It is also form of "added" security, because it is ba
On Sun, Oct 05, 2014 at 11:36:33AM +0200, Ingo Schwarze wrote:
> Hi,
>
> talking about setting the record straight...
>
> System Administrator wrote on Sat, Oct 04, 2014 at 11:57:56PM -0400:
>
> > 2. Open*BSD* as the name implies, had no "decades old" Unix code and
> > by now has had much of th
Hi,
talking about setting the record straight...
System Administrator wrote on Sat, Oct 04, 2014 at 11:57:56PM -0400:
> 2. Open*BSD* as the name implies, had no "decades old" Unix code and
> by now has had much of the _original_ BSD code replaced as well.
The ancestors of OpenBSD are, in direct
Responding here at the risk of continuing to feed the troll, but in the
interest of setting the record straight (i.e. for the archives).
On 4 Oct 2014 at 13:53, Matti Karnaattu wrote:
> >Many a naïve person believe you can "add" security as an afterthought
> >but I'm not aware of this approach e
>Many a naïve person believe you can "add" security as an afterthought
>but I'm not aware of this approach ever truly succeeding.
I think that OpenBSD has done decent job. Decades ago that old unix
code, originally did not quite exactly been EAL7.
Hello,
This is for the OP: dude, you are free to do anything, order or cancel
or whatever you want.
But please contact the SITE MANTAINER about your problems, do not
annoy the list with your obsession(s). You can taste the toillet paper
if you don't TRUST it, but please direct your inquires to the
> | The OpenBSD Store
>
> | If you have JavaScript disabled you will not be able to order from
> | this site...
ludovic coues asked
| I'm curious, how did you get this message ?
(running 5.5-stable amd64)
lynx https://www.openbsdstore.com
or
lynx http://www.openbsd.org
--> Buy CDs/Shirts/Poste
On Sat, Oct 04, 2014 at 01:11:06AM +0300, Matti Karnaattu wrote:
> > So you are saying that soon everything will be force fed to you and
> > you will be ok with it?
>
> There are two things which irritates me in computing:
>
> 1. Need of security updates
> 2. Two pieces of technology which are no
On 4 Oct 2014 at 1:41, Matti Karnaattu wrote:
...
> I don't think that is pragmatic to expect people to use computers
> without applications. Or expect users of some software doesn't want to
> use applications.
>
why not be the ultimate pragmatist you preach and go run Windows?
(Isn't that wha
>and navigation of a site should not require javascript as
>per w3c guidelines.
The thing is that web is more than "web sites". It is also full of
applications and these are totally mixed.
>However considering OpenBSD users are security savvy and should
>understand the potential risks of random s
On Fri, 3 Oct 2014 13:26:11 -0400 (EDT)
david...@ling.ohio-state.edu wrote:
> >
> > Keeping Javascript disabled is like disabling programmability from
> > shell. What is the idea?
>
> You're making a joke, maybe?
>
> *I* choose what programs my shell executes. But when I visit a
> webpage on
> So you are saying that soon everything will be force fed to you and
> you will be ok with it?
There are two things which irritates me in computing:
1. Need of security updates
2. Two pieces of technology which are not compatible with each other.
I'm GLAD that finally we have Javascript. At las
On Fri, Oct 3, 2014 at 12:20 PM, J Sisson wrote:
> If the javascript contains an XMLHTTPRequest object, it can call out
> to a different server (than the one you are visiting) without your
> explicit knowledge, download content, and do basically whatever the
> user the browser is running as can do
On 03-10-2014 17:48, Matti Karnaattu wrote:
> Unfortunately, we are living world where almost all applications are
> nowadays writen with Javascript or compiled to Javascript. And it is
> matter of time when rest of the issues are solved which prevents it
> using ~everywhere to reduce server load.
On 3 Oct 2014 at 23:48, Matti Karnaattu wrote:
...
> >etc...and that's not the only way javascript can be used maliciously
>
> These are called security holes.
>
> >There is good reason not to explicitly trust javascript or any other
> >browser plugin that allow the remote site to execute code
>If the javascript contains an XMLHTTPRequest object, it can call out
>to a different server (than the one you are visiting) without your
>explicit knowledge, download content, and do basically whatever the
>user the browser is running as can do,
I'm aware. This object is in practice transformed b
> Here it is for your convenience:
>
> If you wish to contact us by phone, please call +44 (0) 115 986
> 8786, Monday to Friday 10am-2:30pm - Linda Bramley
>
> Email: ord...@openbsdstore.com
> Address:
> OpenBSD Store
> Zednax Limited
> 241 Wellington Road South
> Stockport
> SK2
No, the one lacking understanding is you -- the fact that 99.9% of the
Internet users are clueless (and even worse, *lax*) about security,
probably never heard of OpenBSD and most likely will never use it
because it interferes with their daily fill of spam and malware is
totally irrelevant for
On Fri, Oct 3, 2014 at 12:01 PM, Matti Karnaattu wrote:
> No, you choosed that web page to visit.
http://www.w3schools.com/xml/xml_http.asp
If the javascript contains an XMLHTTPRequest object, it can call out
to a different server (than the one you are visiting) without your
explicit knowledge,
On 03-10-2014 16:01, Matti Karnaattu wrote:
> Soon it is probably nearly impossible to do anything useful with web
> without Javascript. It is defacto and dejure standard language for
> portable applications.
I believe the OP could have done his research a little better, there are
other ways of fin
>I can't know what interest openbsdeurope has in requiring users to
>enable JS to obtain any information from their website.
Probably 999 users in thousand doesn't want to make web crippled and
doesn't even think that standard JS is any special requirement.
> *I* choose what programs my shell exe
On Fri, 3 Oct 2014, Matti Karnaattu wrote:
Why should I enable javascript to obtain basic information about a
website?
Why do not keep Javascript all time enabled?
Keeping Javascript disabled is like disabling programmability from
shell. What is the idea?
You're making a joke, maybe?
*I* c
On Fri, 3 Oct 2014, david...@ling.ohio-state.edu wrote:
On Fri, 3 Oct 2014, Theo de Raadt wrote:
But instead you brought your complaint to misc.
Indeed.
You have an agenda.
Sure do. I had reason to distrust the website, as I've explained.
But I have no reason to distrust this listserv
On Fri, Oct 3, 2014 at 9:53 AM, ludovic coues wrote:
> 2014-10-03 16:09 GMT+02:00 :
>> In my browser of choice, configured sensibly, this is all that can be
>> seen at openbsdstore.com and openbsdeurope.com:
>>
>> | The OpenBSD Store
>>
>> | If you have JavaScript disabled you will not be able to
>Why should I enable javascript to obtain basic information about a
>website?
Why do not keep Javascript all time enabled?
Keeping Javascript disabled is like disabling programmability from
shell. What is the idea?
2014-10-03 16:09 GMT+02:00 :
> In my browser of choice, configured sensibly, this is all that can be
> seen at openbsdstore.com and openbsdeurope.com:
>
> | The OpenBSD Store
>
> | If you have JavaScript disabled you will not be able to order from
> | this site...
>
I'm curious, how did you get t
On Fri, Oct 3, 2014 at 10:48 AM, wrote:
> On Fri, 3 Oct 2014, Theo de Raadt wrote:
>
>>> Who said anything about an order page?
>>>
>>> Who said anything about final decisions? The text provided gave me no
>>> information upon which to base any decision of that kind.
>>>
>>> As I made perfectly
On Fri, 3 Oct 2014, Theo de Raadt wrote:
Who said anything about an order page?
Who said anything about final decisions? The text provided gave me no
information upon which to base any decision of that kind.
As I made perfectly clear in my post, the accessible content on the
website is a sing
On Fri, 3 Oct 2014, Theo de Raadt wrote:
So easy to be critical.
Sure. And some criticism happens to be useful.
Some say it's even more useful than wagon-circling.
> > 2014-10-03 16:09 GMT+02:00 :
> >> Strangely enough, this doesn't incline me to enable javascript.
> >
> > Why?
> >
> > Don't you trust the store?
>
> Heh, literally blind trust, eh?
>
> What store? You call it a store. And I did expect it to be a store
> of some kind, since openbsd.org/ord
> Who said anything about an order page?
>
> Who said anything about final decisions? The text provided gave me no
> information upon which to base any decision of that kind.
>
> As I made perfectly clear in my post, the accessible content on the
> website is a single, elided sentence.
>
> Why
On Fri, 3 Oct 2014, Bryan Steele wrote:
On Fri, Oct 03, 2014 at 10:09:36AM -0400, david...@ling.ohio-state.edu wrote:
In my browser of choice, configured sensibly, this is all that can be
seen at openbsdstore.com and openbsdeurope.com:
| The OpenBSD Store
| If you have JavaScript disabled you
On Fri, 3 Oct 2014, Martin Schröder wrote:
> 2014-10-03 16:09 GMT+02:00 :
>> Strangely enough, this doesn't incline me to enable javascript.
>
> Why?
>
> Don't you trust the store?
Heh, literally blind trust, eh?
What store? You call it a store. And I did expect it to be a store
of some kind,
He didn't say it changed his decision to order. It is a rather terse and
unhelpful message, though. It could at least mention the option of
ordering via email.
Tim.
On Fri, Oct 3, 2014 at 10:25 AM, Bryan Steele wrote:
> So, you visit an order page likely content on providing your billing
> information and shipping address, but it's the use of Javascript that
> sways your final decision to order?
I thought it was the ellipsis that did it :-)
--
"Don't eat
2014-10-03 16:09 GMT+02:00 :
> Strangely enough, this doesn't incline me to enable javascript.
Why?
Don't you trust the store?
On Fri, Oct 03, 2014 at 10:09:36AM -0400, david...@ling.ohio-state.edu wrote:
> In my browser of choice, configured sensibly, this is all that can be
> seen at openbsdstore.com and openbsdeurope.com:
>
> | The OpenBSD Store
>
> | If you have JavaScript disabled you will not be able to order from
65 matches
Mail list logo
