Ideal D GUI Toolkit

[Nick Sabalausky]

On Mon, 20 May 2013 19:48:00 -0700
"Adam Wilson" <flyboynw at gmail.com> wrote:

> On Mon, 20 May 2013 17:04:40 -0700, Nick Sabalausky  
> <SeeWebsiteToContactMe at semitwist.com> wrote:
> 
> > On Mon, 20 May 2013 15:50:06 -0700
> > "Adam Wilson" <flyboynw at gmail.com> wrote:
> >>
> >> What if as a UI designer I know that I want to specifically
> >> disallow skinning? It's not even that hard of a decision to reach.
> >> If the skinning changes the layout metrics at all (margin,
> >> padding, size, even shape), my app can end up looking terrible and
> >> I have to take a support call for a case that I couldn't have
> >> possibly dreamed up.
> >>
> >
> > Basing software decisions upon worries of "What if some user shoots
> > himself and calls our support?" is *always* a bad idea.
> >
> 
> Is it though? Because regardless of whether or not they should call
> me, they will, and I will have to spend money to deal with it. Again,
> I have real problems that are clashing with ideology. When that
> happens the engineer in me demands that I address the real problems.
> 

No, you most certainly do *not* have real problems clashing with
ideology:

What you have is a contrived "what if" scenario that you think is a
"real" threat to your business despite the fact that you yourself are
convinced that hardly anyone is going to be messing with their settings
anyway.

Then you're running around crying "It's ideology versus successful
business! I'd better disregard my user's settings or else the sky will
fall!" Yea, I'm exaggerating, but your whole argument here is clearly
exaggerated bullshit.

And if you're really *are* that worried about enough "coffee mug in the
CD tray"-mentality users changing their system settings and then calling
you about that, enough that it would pull you under, then you can just
*not* invent a new UI styling to force on them in the first place. Big
freaking deal. Like you said, most of them don't care anyway, right?

> 
> Why? The user mostly doesn't care as long as it works and solves
> their problem, I personally spend less and less time customizing my
> environments for two-fold reasons, I have an every growing number of
> them, and I care less and less, just get out of my way and let me
> work. Don't make me decide on a hundred details before I can get
> started.
> 

Ok. So then why in the world are you wasting *your* time inventing new
UI styles for your software if so few of your users care?


> >
> > Secondly, we're not babysitters or self-appointed police here. To
> > engage in such a level of control is *already* a very serious breach
> > of our moral obligations.
> >
> >
> 
> In the real world, yes, we are. You see, it's a small inconvenience
> known as the lawsuit. Specifically that I am legally liable for any
> and all security vulnerabilities within my product. There is
> case-history going back to support this since the dawn of legal
> systems. It is ironclad, ideology will not change it. I consider
> cross-process of a UI a MAJOR security problem because it allows
> malicious software to modified my software in subtle ways that
> compromise the security of the system. And apparently I am not the
> only one who thinks this way because every mobile OS available today
> does not allow ANY kind of cross-process UI manipulation of any kind,
> going so far as to sandbox each app.

I think we're getting offtopic here. If we're associating
"legally-accountable security negligence" together with "using native UI
toolkits", then clearly we've already taken a nose-dive off the deep
end.

> Where is your outrage over
> Android or iOS or WinRT or Blackberry or Symbian?
> 

Heh. If you think I *don't* have a deep seething hatred for Android, iOS
and WinRT, on both practical and ethical grounds, then you're very much
mistaken ;)

I don't always agree with Stallman, but one thing I did always agree
completely with him on is how Steve Job's last decade of work was
"the computer as a jail made cool, designed to sever fools from their
freedom". Stallman didn't change my mind with that, but he did word it
far better than I ever could have.


> >
> > Just for example, Spy++ or any similar such developer tool. Or GUI
> > macros. Those are just off the top of my head. I'm sure people can,
> > and have, thought of any number of other different uses.
> >
> 
> GUI macros work on WPF apps.

Does the same macro utility system also work across WPF, GTK, Qt,
Delphi apps, whatever the fuck Nero, Winamp or Windows iTunes use,
*and* Joe Schmo's Yet Another NIH-Fueled OpenGL-based Toolkit?


> Snoop does what Spy++ does.
> 

Same question as above.

> 
> Have you ever built any software where you are legally liable for
> any security holes your software opens up? My guess is no. Because if
> you had, you'd get where I am coming from.
> 

Let's not dive into ad-hominem time-wasting here. I'm not going to get
into what really amounts to an "I'm more l33t than you" contest under
the false pretense that the answer has any bearing whatsoever on the
topic at hand.


> Ideology is fine, right up until you have to meet the real world. Do
> you honestly expect your users to each become security experts? Such
> a thought is laughable on the face of it. They have neither the time
> nor the interest, and nor should they, it is not a productive use of
> their time. This is why the law makes it MY fault for security flaws,
> because there is not, and can be no, reasonable expectation that they
> are security experts, that's MY job.

Again, you're taking one thing here and then contorting it into a
mutant, paranoid strawman with only a vague connection to the real
discussion:

1. The ideology of *allowing* the users who *want* control over their
own computer to *have* control over their own computer is *not* in
conflict with "the real world". That's downright crazed paranoia. It's
not going to drown your company in support costs. It's not going to get
you thrown in jail for negligent security. It's not going to eat your
children and destroy family values and make the sky fall. Take a step
back and look at this with some perspective.

2. If this stuff we're talking about constitutes such major security
negligence, then so does damn near every other thing computers ever do.
Almost anything useful that programmers use is every bit as
much exploitable. "Hackers can use functions to help create their
exploits?! Holy hell! We must stop this evil 'function' thing since,
after all, legitimate software can just use GOTO!" Or: "Your address
book software lets me put in all that sensitive info?! How dare you!
That means anyone who grabs my phone while I have it unlocked has easy
access to it! I'll sue you!" For fuck's sake, everything useful is
exploitable. Let's go back to our caves. (Oh shit! Rocks!)

3. Where in the would did you pull this "expect your users to each
become security experts" crap from in the first place? That came
completely out of nowhere.

> 
> Ergo, allowing cross-process UI manipulation is inherently wrong,
> it's also legally and ethically wrong.  Putting my users at risk in
> the name of ideology is so wrong that I am dry heaving at the
> thought.

Better make sure the cops never find out if you've used Snoop or GUI
macros. Or Tcl Expect. Or a debugger. Or stdin/stdout. Or...


> Incidentally, this is why no mobile OS ever allows it, it's
> WAY to legally risky. Not even Google can make that lawsuit go away.
> 

I'm seeing an unsubstantiated claim here.

> 
> Nick, I hate to break it to you, but you are so far out on the
> extreme end of the scale on this one that it will be impossible to
> advance technology and keep you happy,

As opposed to being so far out in paranoia that it'll be impossible
for you to use or create technology at all and still feel safe and
secure from lawsuits, support call stampedes, black hats...You really
are a nut here.

> so I'll have to leave you
> behind, because the 99% want there software to just work, and could
> care less how it does it. I don't like leaving people behind and
> pissing them off, but I have to go where the majority goes,

Ok, I understood. Ideals result in lawsuit, and so does failing to
chase trends. Ok, gotcha. Back to your padded room...Don't forget your
tinfoil hat over there...

> otherwise
> I'm just a penniless artist with a rigid ideology and no friends.
> 

You just can't help using all these slipperly slope arguments, can
you? Besides, I'm guessing that paranoia doesn't help win friends and
money either.