The reason many people don't think there is a better way is because this case involves two opposing forces of the same principle, free speech.
On one hand, media outlets should ideally feel un-intimidated in publishing stories. On the other hand, people should be allowed to support causes with money. Both are widely considered in America to fall under freedom of speech. So it's balancing act. There is no optimal solution, there are only tradeoffs.
This is also ignoring the facts that are highly favorable to Thiel's case: what Gawker did really was illegal and reprehensible, and also let us ignore the fact that Peter Thiel really did not bury Gawker under a mountain of legal fees - the verdict is what did Gawker in, not the legal fees which I'm sure are less than $10 million (Gawker can afford that)
As a js library maintainer and contributor, I do find these arguments flawed:
> There is a culture in the JavaScript community that “types don’t matter”
I don't think that's the case, particularly among seasoned developers: we do care about types and interfaces, but we just don't think writing them down in code is as big a deal as Typescript claims it to be.
> We are already linting because we believe it makes better code.
Linting doesn't require you to write non-javascript, it just works (after configurations). It doesn't force you to write code in any particular ways (see ESLint for example). That's why we find it more acceptable.
> Types are stronger. Types matter.
TS isn't automatically stronger, since TS is a superset of JS, developers can still omit the types. So you either write in proper TS-style and get its benefits, or don't.
And referring to earlier points:
> The types are there. Instead of leaving them implicit, you can just make them explicit.
IMO: there are many ways to setup this contract. And I question the % of type-related issues within a library when you have 100% test coverage and proper linting already.
> Often in JS libraries, the types are vaguely defined as an afterthought when writing docs.
TS can't force you to write strong types, just as JS can't force you to write good doc. You need a stronger will, not a better nag.
My case for writing your next popular library in vanilla JS: your users will already know how to contribute. And you get to choose how to enforce good variable types.
Disclaimer: my libraries are nowhere as popular as angularjs or immutablejs, but I do intend to maintain them to a degree that may serve thousands of developers.
(Plus the author uses one of my library so I guess they are not that bad)
First of all, it's not the platform. There wasn't some vulnerability found in iOS that made this possible.
It's caused by pirated infected third party XCode downloads. If you use third party Visual Studio or Eclipse/Idea for Android development, you can get the same exact issues.
Second, apps run in a sandbox in iOS anyway, so those infected apps can't do much besides giving you ads and data about their usage.
Thirds, that's like 100 apps in the list, mostly all made in China, and all by people with infected, non-official XCode.
>I am wondering if IOS could add a new feature to detect bad apps.
I think Apple can add such as a step into their build process (IIRC, with the new XCode 7 there's the option to submit a kind of bytecode to be built on Apple's servers depending on the target architecture etc).
Another thing they could do is enable some kind of "Little Snitch"-like network connection that a user can enable for apps. This way the user can be informed for any "mysterious" external connections going on.
Yet days after this Trojan was disclosed together with a code signature, Apple is still relying on third parties to tell them which apps are affected. Meanwhile, we know that Amazon has been scanning their store for (at least) AWS keys for years, and Google has been running Bouncer on their store for longer.
It is well-known that due to Apple's restrictions on third-parties scanning software in their store, malware incidences in the App Store are significantly underreported.
Which popular/mainstream Android apps were taken down from Google Play due to malware?
I'll grant you third party Android app stores and side loading is more dangerous than iOS - but in the case of Google Play vs iTunes it seems like Google Play is safer.
Right, I agreed that there are some cases of malware on Google Play. The apps you linked don't look to have the number of users affected by this latest App Store scare. That's why I said overall Play seems safer than iTunes.
To some extent, most likely, yes. But my perspective on the PRC is that the powers that be know that they will only remain in power for as long as they can provide, or rather, the illusion of them providing, a continuous increase in wealth. This in part would be why information is key in China. Assange had a very positive view of it when he said "I often say that censorship is always cause for celebration. It is always an opportunity, because it reveals fear of reform. It means that the power position is so weak that you have got to care about what people think." [1].
My speculation: as Sep. 3rd, the massive military parade in Beijing draw closer, Chinese government appears to be knocking at open source developers' doors, asking for repo removal.
Actually this is classic daily life of a chinese netizen: you are never quite sure what the cause of your network woes is (not without spending time digging into it). Is it due to ISP QoS, or is it reset by GFW, or is it just mere network failure?
And what most ppl do when facing this? They choose a local service instead of Twitter, Facebook, Youtube, Google. See, censorship is only a part (though a vital part) of the grand scheme.
Not all VPN services are censored, and not all VPN protocol triggers the reset. But you can bet whatever you get for free (thus likely popular), will get banned soon enough.
OpenVPN is like a prime suspect of a police procedural novel, it gets hunt down no matter what.
Personally experience: I did work for Microsoft Shanghai and VPN works just fine. You need to have the right set of tools, and better, have a good channel of negotiation with the government.
And to add more context: Shadowsocks isn't just a tool nowadays, it's a group of applications that target both developers and common folks.
People have built successful VPN services using Shadowsocks, and they are available on many platforms, like routers and embedded systems.
And the iOS version is more or less the author's recent efforts to build a VPN client that can run on non-jailbroken iPhone, much like Cisco AnyConnect.
I think shadowsocks' popularity as a whole concerns the chinese government, so they do their usual rooting out the leader thing: now that shadowsocks org is headless in the literal sense (no owner, no main repo), they hope its development will die out.
What is to stop any non-chinese person from rehosting the old code? I mean, they obviously wouldn't like it and if I was said person I'd never visit China's sphere of influence again...
There are plenty of people on HN who are i) wealthy ii) interested in beating censorship.
It'd be nice to see some effort going into creating software to beat censorship; having excellent translations of the documentation into a variety of languages; etc.
SSH still work, but it's not designed to give a high throughput, so ideally one would not want to watch a youtube clip over SSH. And DPI can identify and kill SSH session when there are too much traffic happening over it (ie. no obfuscation is taking place to hide SSH traffic)
And to clarify, I am not equating this case to censorship, but rather to setup some context that we have seen much worse :)
But what troubles me is really how SV response to this case:
- There are no better ways and so be it.
This is what Chinese call: the limit of democracy and freedom.
And Thiel get VCs to agree with him in this case. Even though I believe many VCs hold different view on democracy and liberty.
So I am personally troubled by their reactions.