Ideal D GUI Toolkit
Adam Wilson
flyboynw at gmail.com
Mon May 20 22:44:18 PDT 2013
On Mon, 20 May 2013 22:00:39 -0700, Nick Sabalausky
<SeeWebsiteToContactMe at semitwist.com> wrote:
> On Mon, 20 May 2013 19:48:00 -0700
> "Adam Wilson" <flyboynw at gmail.com> wrote:
>
>> On Mon, 20 May 2013 17:04:40 -0700, Nick Sabalausky
>> <SeeWebsiteToContactMe at semitwist.com> wrote:
>>
>> > On Mon, 20 May 2013 15:50:06 -0700
>> > "Adam Wilson" <flyboynw at gmail.com> wrote:
>> >>
>> >> What if as a UI designer I know that I want to specifically
>> >> disallow skinning? It's not even that hard of a decision to reach.
>> >> If the skinning changes the layout metrics at all (margin,
>> >> padding, size, even shape), my app can end up looking terrible and
>> >> I have to take a support call for a case that I couldn't have
>> >> possibly dreamed up.
>> >>
>> >
>> > Basing software decisions upon worries of "What if some user shoots
>> > himself and calls our support?" is *always* a bad idea.
>> >
>>
>> Is it though? Because regardless of whether or not they should call
>> me, they will, and I will have to spend money to deal with it. Again,
>> I have real problems that are clashing with ideology. When that
>> happens the engineer in me demands that I address the real problems.
>>
>
> No, you most certainly do *not* have real problems clashing with
> ideology:
>
> What you have is a contrived "what if" scenario that you think is a
> "real" threat to your business despite the fact that you yourself are
> convinced that hardly anyone is going to be messing with their settings
> anyway.
>
> Then you're running around crying "It's ideology versus successful
> business! I'd better disregard my user's settings or else the sky will
> fall!" Yea, I'm exaggerating, but your whole argument here is clearly
> exaggerated bullshit.
>
> And if you're really *are* that worried about enough "coffee mug in the
> CD tray"-mentality users changing their system settings and then calling
> you about that, enough that it would pull you under, then you can just
> *not* invent a new UI styling to force on them in the first place. Big
> freaking deal. Like you said, most of them don't care anyway, right?
>
I didn't think we were talking about styling but about cross-process UI
manipulation, styling isn't a security threat as you've correctly pointed
out, but allowing other processes to manipulate a UI, is, otherwise all
new native UI toolkit's allow it. Last I checked none of the mobile OS's
do. WinRT on Win8 does not either. I'd say the trend is away from
cross-process UI manipulation, not towards
>>
>> Why? The user mostly doesn't care as long as it works and solves
>> their problem, I personally spend less and less time customizing my
>> environments for two-fold reasons, I have an every growing number of
>> them, and I care less and less, just get out of my way and let me
>> work. Don't make me decide on a hundred details before I can get
>> started.
>>
>
> Ok. So then why in the world are you wasting *your* time inventing new
> UI styles for your software if so few of your users care?
>
>
>> >
>> > Secondly, we're not babysitters or self-appointed police here. To
>> > engage in such a level of control is *already* a very serious breach
>> > of our moral obligations.
>> >
>> >
>>
>> In the real world, yes, we are. You see, it's a small inconvenience
>> known as the lawsuit. Specifically that I am legally liable for any
>> and all security vulnerabilities within my product. There is
>> case-history going back to support this since the dawn of legal
>> systems. It is ironclad, ideology will not change it. I consider
>> cross-process of a UI a MAJOR security problem because it allows
>> malicious software to modified my software in subtle ways that
>> compromise the security of the system. And apparently I am not the
>> only one who thinks this way because every mobile OS available today
>> does not allow ANY kind of cross-process UI manipulation of any kind,
>> going so far as to sandbox each app.
>
> I think we're getting offtopic here. If we're associating
> "legally-accountable security negligence" together with "using native UI
> toolkits", then clearly we've already taken a nose-dive off the deep
> end.
>
>> Where is your outrage over
>> Android or iOS or WinRT or Blackberry or Symbian?
>>
>
> Heh. If you think I *don't* have a deep seething hatred for Android, iOS
> and WinRT, on both practical and ethical grounds, then you're very much
> mistaken ;)
>
> I don't always agree with Stallman, but one thing I did always agree
> completely with him on is how Steve Job's last decade of work was
> "the computer as a jail made cool, designed to sever fools from their
> freedom". Stallman didn't change my mind with that, but he did word it
> far better than I ever could have.
>
>
>> >
>> > Just for example, Spy++ or any similar such developer tool. Or GUI
>> > macros. Those are just off the top of my head. I'm sure people can,
>> > and have, thought of any number of other different uses.
>> >
>>
>> GUI macros work on WPF apps.
>
> Does the same macro utility system also work across WPF, GTK, Qt,
> Delphi apps, whatever the fuck Nero, Winamp or Windows iTunes use,
> *and* Joe Schmo's Yet Another NIH-Fueled OpenGL-based Toolkit?
>
>
>> Snoop does what Spy++ does.
>>
>
> Same question as above.
>
>>
>> Have you ever built any software where you are legally liable for
>> any security holes your software opens up? My guess is no. Because if
>> you had, you'd get where I am coming from.
>>
>
> Let's not dive into ad-hominem time-wasting here. I'm not going to get
> into what really amounts to an "I'm more l33t than you" contest under
> the false pretense that the answer has any bearing whatsoever on the
> topic at hand.
>
I wasn't intended on starting a pissing contest, I was merely pointing out
a legitimate concern. It may be ad hominem and for that I do apologize.
>
>> Ideology is fine, right up until you have to meet the real world. Do
>> you honestly expect your users to each become security experts? Such
>> a thought is laughable on the face of it. They have neither the time
>> nor the interest, and nor should they, it is not a productive use of
>> their time. This is why the law makes it MY fault for security flaws,
>> because there is not, and can be no, reasonable expectation that they
>> are security experts, that's MY job.
>
> Again, you're taking one thing here and then contorting it into a
> mutant, paranoid strawman with only a vague connection to the real
> discussion:
>
> 1. The ideology of *allowing* the users who *want* control over their
> own computer to *have* control over their own computer is *not* in
> conflict with "the real world". That's downright crazed paranoia. It's
> not going to drown your company in support costs. It's not going to get
> you thrown in jail for negligent security. It's not going to eat your
> children and destroy family values and make the sky fall. Take a step
> back and look at this with some perspective.
>
> 2. If this stuff we're talking about constitutes such major security
> negligence, then so does damn near every other thing computers ever do.
> Almost anything useful that programmers use is every bit as
> much exploitable. "Hackers can use functions to help create their
> exploits?! Holy hell! We must stop this evil 'function' thing since,
> after all, legitimate software can just use GOTO!" Or: "Your address
> book software lets me put in all that sensitive info?! How dare you!
> That means anyone who grabs my phone while I have it unlocked has easy
> access to it! I'll sue you!" For fuck's sake, everything useful is
> exploitable. Let's go back to our caves. (Oh shit! Rocks!)
>
> 3. Where in the would did you pull this "expect your users to each
> become security experts" crap from in the first place? That came
> completely out of nowhere.
>
>>
>> Ergo, allowing cross-process UI manipulation is inherently wrong,
>> it's also legally and ethically wrong. Putting my users at risk in
>> the name of ideology is so wrong that I am dry heaving at the
>> thought.
>
> Better make sure the cops never find out if you've used Snoop or GUI
> macros. Or Tcl Expect. Or a debugger. Or stdin/stdout. Or...
>
>
>> Incidentally, this is why no mobile OS ever allows it, it's
>> WAY to legally risky. Not even Google can make that lawsuit go away.
>>
>
> I'm seeing an unsubstantiated claim here.
>
>>
>> Nick, I hate to break it to you, but you are so far out on the
>> extreme end of the scale on this one that it will be impossible to
>> advance technology and keep you happy,
>
> As opposed to being so far out in paranoia that it'll be impossible
> for you to use or create technology at all and still feel safe and
> secure from lawsuits, support call stampedes, black hats...You really
> are a nut here.
>
>> so I'll have to leave you
>> behind, because the 99% want there software to just work, and could
>> care less how it does it. I don't like leaving people behind and
>> pissing them off, but I have to go where the majority goes,
>
> Ok, I understood. Ideals result in lawsuit, and so does failing to
> chase trends. Ok, gotcha. Back to your padded room...Don't forget your
> tinfoil hat over there...
>
>> otherwise
>> I'm just a penniless artist with a rigid ideology and no friends.
>>
>
> You just can't help using all these slipperly slope arguments, can
> you? Besides, I'm guessing that paranoia doesn't help win friends and
> money either.
>
--
Adam Wilson
IRC: LightBender
Project Coordinator
The Horizon Project
http://www.thehorizonproject.org/
More information about the Digitalmars-d
mailing list