Hacker News new | past | comments | ask | show | jobs | submit | zhng's comments login

Is the best way to currently prevent this is via full ssl?

Additionally, how can a site like Amazon.com run non-ssl protected pages and prevent mitm-ing? (e.g. http://www.amazon.com/dp/B00TYBBNAW/ doesn't redirect to https, but only when ordering, etc.)


> It requires passengers to run a nonfree program (an app).

https://m.uber.com/ doesn't require the app to be installed.


install != run.

Using that mobile site still requires one to run non-free Javascript, which RMS also has a problem with.


Javascript is an interpreted language. You can view the javascript that your machine is going to execute and step through it line by line.

Therefore it is free (as in speech) for you to inspect.


I think the problem is javascript that's not 'free' as in explicitly licensed as free software.

The web, as a concept, seems to conflict with his ideals in a number of ways, at least superficially. For instance, you can't modify and redistribute the source code of any site you visit, since by definition you only get the response of that site. Technically, every URL leads to a black box. Although many sites use free libraries and might offer their source code as a repo, you never really know what they're actually running.

Hacker News is a perfect example. It's only barely "open source" in that you can download an old version of the Arc forum, and it's known that the HN staff have made their own edits to the software, which no one can contribute to, or fork, or even see, since they don't want people to be able to game the system. What people are interacting with is pretty much a closed source and proprietary service.

But on the other hand, you interact with the html, and you can mess with it in the browser all you want. Still not technically free, though.


Does Uber's javascript code come with a license that gives you these freedoms:

* Freedom 0: The freedom to run the program for any purpose;

* Freedom 1: The freedom to study how the program works, and change it to make it do what you wish;

* Freedom 2: The freedom to redistribute copies so you can help your neighbour, and

* Freedom 3: The freedom to improve the program, and release your improvements (and modified versions in general) to the public, so that the whole community benefits?

No? Then it's not "free software".


I'm seeing 265 KB for Facebook's CSS.

http://cssstats.com/stats?url=http%3A%2F%2Ffacebook.com&name...


Now I'm seeing 49kB. Strange. It's not cookies either because it's 49 in an Incognito window as well.


A/B testing I would assume.


LADWP - Los Angeles Department of Water and Power


Direct link to documentary http://espn.go.com/video/clip?id=espn:11694550


C.Y.A. - Cover your ass


The legal department, not the programmer, probably dictates that the copyright headers must be in each and every file.


I know this ruins any potential value of the intellectual property but…

…why not just put a mention in the top-level license that all empty (0 byte long) __init__.py files are in the public domain?

(Yes, yes, it's less confusing to license the entire thing under one license. But attempting to assert copyright on an empty file is humorous.)


I've seen this first hand. It does happen.


The problem i have with their "neutral, lacking security" icon is that it does not indicate that anything is wrong when in fact there is. https:// should never have a neutral icon. it should be VALID or INVALID.


Heh, maybe they could extend it to self-signed being neutral...


I hope so, now that this has set the precedent.


There's nothing wrong with a valid SHA-1 certificate.


At some point in the not-too-distant future, anything other than full 100% verified HTTPS should have a red "danger" icon.


http://www.temporarilyembarrassedmillionaires.org/


Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: