1. 3

    The article is a little short on recommended solutions. One seems to be a curated app store like iOS has. But perhaps there is something in between?

    1. 4

      Of course there is: open source extensions.

      1. 2

        Why “of course”? They’re essentially open source now:

        $ head -n4 ~/Library/Application\ Support/Google/Chrome/Default/Extensions/mlomiejdfkolichcflejclcbmpeaniij/5.4.7_0/require_config.js 
        /*jshint unused:false */
        var require = {
          baseUrl: '.',
          paths: {
        

        One can make it easier by requiring source maps for compiled JS, but the problem will still be that there are a lot more extensions than volunteers are willing to review.

        Apple has invested incredible amounts of money in building out review infrastructure, automating the testing / review process, and eating the costs of manually reviewing each app on their store. This makes economic sense because the iPhone / iPad / AppStore were a >$1e11 business for them in 2014.

        Who is going to build that process / infrastructure for a crowdsourced version?

        1. 2

          That’s not what open source means.

      2. 4

        Or perhaps, use Firefox.

        1. 5

          He also mentions one such extension for Firefox having approximately 400k users.

          1. 2

            How if Firefox any different?

          2. 2

            Require that extensions publish and be installed from their source code in human-readable format. Forbid them access to any API that allows them to execute downloaded code. This gets you much, much cheaper auditing.

            Require that network requests be individually approved by the user in a UI that exposes the payload and includes the warning that anything obfuscated should be denied. Aggregate these denials and feed that back into the app store.

            Finer-grainer permissions, permitting access to page text but not url or network requests, etc. Implement taint tracking, so that a value like the current URL cannot be used to build outgoing network data.

            Better UI in the app store, including serious warnings against applications that require permisisons that could be used to implement tracking.

            1. 6

              Are FreeBSD or NetBSD communities any better? I’m not asking to absolve the Linux community, I’m just maybe seeking alternatives.

              1. 8

                The FreeBSD mailing lists have none of the legendary Linus/Theo flames. We’re still unhappy with Pottering’s software and the underhanded way it’s been foisted on people though.

                1. 5

                  There may be some interesting self selection bias with people who choose to work on BSD license software (give it away to raise the bar for everyone) vs GPL (tit-for-tat share alike). I would consider Linux the mainstream/default free (as in price) software platform these days, so someone who chooses to run a BSD is likely doing so for some particular choice/reason.

                  Then again, in any community large enough you will end up with undesirable personalities…especially in anonymous venues.

                  1. 1

                    so someone who chooses to run a BSD is likely doing so for some particular choice/reason.

                    In my case, it’s actually because of systemd … or, perhaps, what systemd represents. You have your Windows in my Linux sums it up nicely:

                    Go ahead, kids, spackle over all of that unsightly runlevel stuff. … Tune your distribution for desktop workloads. Go reinvent Windows. … Ultimately, that is what systemd looks like to the rest of us. It’s not pretty.

                    I’m at the point where I can switch my work laptop over from Linux Mint to FreeBSD, and will be doing so one evening this week. I’ve created a GitHub repo for my setup scripts - bear in mind it’s still in flux, not fully tested, may eat your kittens, etc.

                    I’ve found the FreeBSD documentation excellent, and a local FreeBSD user (hi Kirill!) very, very helpful in getting set up. Seriously, the documentation is really good … better than almost all commercial products I’ve used, and has been of great help in switching over from Linux.

                  2. 1

                    I think it’s much better in terms of community. When I first got into open source, Linux had me scared to participate due to all the vitriol foisted on some poor newbie who had the audacity to ask a simple question. RTFM was the lightest touch most would offer, but the BSD communities were far gentler and would actively help the most simple questions. I love FreeBSD but Docker is a game changer and they need something like that so I can use it at work and increase the BSD market share in my corporate setting.

                  1. 4

                    Previously here and talk here.

                    1. 1

                      Sweet, I didn’t know the talk was up.

                    1. 3

                      I made it about 16 minutes in before I figured out there is zero content in this talk. I want another downvote label due to this talk, such as “no content” or “fluff” or even “funny but totally useless”. Here’s a better talk about concurrency and maintaining systems in the cloud or on distributed systems.

                      http://www.infoq.com/presentations/erlang-software-for-a-concurrent-world

                      1. 2

                        As funny as it was (and I enjoyed watching it in full), I have to agree with you. It’s almost just a standup act.

                      1. 2

                        Did anyone see the follow up video from Engel on Maddow where he answered that he opened a shady email?

                        http://www.huffingtonpost.com/2014/02/07/nbc-richard-engel-reporter-fabricated-story-sochi-moscow_n_4745562.html

                        No wonder his computer was compromised.

                        1. 2

                          There’s always the what do I want to work on vs. what I actually work on.

                          Wants:

                          Work on a scraper for the cupes ala this math genius

                          Build some kind of simple REST server to build my really ghetto rigged home automation for renters

                          Use said REST server to save all my quantified self data I need to collect in one spot

                          Actual:

                          mindlessly surf the web

                          study a bit for school

                          go out far too much

                          1. 9

                            I just started full-time at Amazon on the Route53 (DNS as a Service) team. I’m probably going to be busy this week getting ramped up at work and making sure I have everything taken care of for my apartment. If I have time, I’ll keep working on my FPGA FIR filter.

                            1. 2

                              Are you using much python internally on that team?

                              1. 1

                                No, Amazon generally doesn’t use Python for internal backend systems.

                            1. 1

                              I’m trying to build a data warehouse to sharpen my skills with Django and Javascript. It should be a simple star schema of products I’m comparing, I’m slowly bumbling along. I think I can tie my models to the database, but I’m stuck trying to build a specific input form. I need a tree view of categories that can collapse the features I’m comparing between models. That part is tripping me up.