* Posts by bombastic bob

10507 publicly visible posts • joined 1 May 2015

Roses are red, Windows error screens are blue. It's 2018, and an email can still pwn you

bombastic bob Silver badge
Devil

Re: Preview pane?

"why would you want to automatically open an email before checking it"

an intelligently designed mail reader will allow you to 'preview' a mail rather than open it, and you'll see all of the TEXT content without activating any HTML-related things, embedded content, external content, nor any kind of SCRIPT.

An unintelligently designed (in need of some real world natural selection) mail reader will display (in the preview) all attached and "rich" content, via the program assigned to EDIT it if it's external to the mail program. You know, like Outlook. This would include things known to have had major problems and vulnerabilities in the past, like MS Office documents, PDF files, Flash, and even certain kinds of images and media (other than flash).

In Thunderbird, use 'View' 'Message body as' 'plain text' to BLOCK that crap. It's not the default setting. But it SHOULD be.

other mail readers, YMMV but preview as plain text ONLY to avoid problems. And no inline images in the preview. And no downloaded content in the preview.

/me points out that a faked-up URL in a phishing e-mail will show up as the ACTUAL link (not what they WANT you to think it is) in a plain-text e-mail. So instead of seeing "yourbank.com" and being fooled into clicking on it, it's "malware.phishing.site/alphabetsoup/whatever/clone-of-your-bank" and rather obviously malicious.

bombastic bob Silver badge
Devil

Re: FOutlook is still a thing

"many people are stuck with Outlook. It's the required MUA at many corporations that bought into Exchange and aren't inclined to move on"

a good opportunity for a consulting gig: prove to them why it's costing MORE than hiring you to fix it.

I can think up a few things that might work, things that include Linux, T-bird e-mail clients, T-bird's calendar, and everything else done with an in-house web server using a simple interface. "Wow, you can share docs using links to files?" etc. (as in right-click the link to the file and get something you can paste into an e-mail)

bombastic bob Silver badge
Devil

Re: "...a total of 50 CVE-listed vulnerabilities..."

"Many of the needles have been in the haystack for years and are still like new, so they are probably made from Austenitic steel (non magnetic)."

unless you're near the ocean... Austenitic stainless steel has a high susceptibility to certain kinds of chloride pitting corrosion...

But Outlook and Edge having vulnerabilities... (in the voice of Iago the parrot, as done by Gilbert Godfried)

"THAT's a big SURPRIIIIIISE!!!"

Who wants dynamic dancing animations and code in their emails? Everyone! says Google

bombastic bob Silver badge
Coat

Re: The only AMP I have have allowed into my house recently

"not big in size, but a huge sound"

especially when turned up to 11. it's 1 more than 10!

(I've only got Peavey amps and ones I've built...)

bombastic bob Silver badge
Devil

Re: I hate AMP

"Having pages actually laid out nicely for mobile consumption is nice, but it didn't need AMP to happen."

true, some careful effort on the part of the one(s) doing the web design can make this happen. been there, did that for customer web page.

bombastic bob Silver badge
Devil

Re: Nice to be part of a community

simple/no-HTML newsreader should be a requirement.

I regularly ridicule people who insist on posting HTML content to USENET. One time I carefully constructed a USENET post [took some actual time] that had radically different content for the plain-text and HTML versions, basically ridiculing the asshat that thought HTML posts to USENET were so awesome. [this person also loves Win-10-nic, so there you go].

bombastic bob Silver badge
WTF?

Re: html was already bad enough

"I usually do not top-quote"

you meant top-POST, right? top-quoting is what I just did. top-POSTing (putting your reply BEFORE the quote) deserves scorn and ridicule.

bombastic bob Silver badge
Devil

Re: So THAT explains it!

as long as I can "sign in" with a 10minutemail.com e-mail address, it mitigates some of the problem (but not all) of a typical "sign up to view content" identity-slurping site.

[it's not like they don't already know my IP address, USER-AGENT string, and what time of day I'm hitting their web site at]

bombastic bob Silver badge
Facepalm

Re: feature request

"Outlook used to have that feature" [followed by the description of a horrible/lame exploit]

Yeah, MS Outlook aka "Virus Outbreak".

Is it any better decades later from their first release in Office '95? Probably not...

bombastic bob Silver badge
Thumb Up

Re: feature request

you deserve more upvotes, but the counter currently reads '42'

bombastic bob Silver badge
Devil

Re: how to turn that shit off @JetSetJim

"I find AMP to be such a usability nightmare that I switched to Bing"

have you tried duckduckgo.com ?

bombastic bob Silver badge
Unhappy

Re: Ends-Means

"the timer resolution making those exploits possible has been not so much reduced but rather obliterated in Palemoon specifically, and that the other browsers also did more or less the same thing already"

or so they say...

but the thing is, it doesn't eliminate the potential threat. It helps to mitigate what we currently know about the proof of concept algorithm. It is still possible, if you know enough about an OS or an application, to obtain information about it using a side-channel attack, if you repeat the operation sufficiently enough. I have personally used low resolution timers to check performance. if you test 10,000 operations with a timer that has 10msec or even 100msec accuracy, you can still determine how much time was spent doing those operations with reasonable accuracy. you won't be able to time a single operation, but you can time 10,000 of them. And THAT means an exploit will simply have to run LONGER to get a meaningful result, and target what it looks at a bit more carefully.

bombastic bob Silver badge
Black Helicopters

Re: Yet ANOTHER reason!

" I'm pretty sure the OP meant one that doesn't make any kind of outbound HTTP call when viewing the message."

that's one, but there are many things that style sheets can do that pose a potential problem. there's also HTML5 content (yes I really wanted to see that streaming video when I opened an e-mail) and things like that. But style sheets can have script-like behavior, too. They can get really large, and really complicated. And, of course, loading the style sheet across 'teh intarwebs' identifies YOU as the mail recipient, even if all it does is check to see that you have the latest version with a 'HEAD' request.

a style sheet can, for example, passively determine what your screen resolution is. Content that uses a particular style can then (theoretically) use this information to "phone home" that info on you. I forget the exact details on how it works, it has something to do with being able to manage auto-sizing column widths as one possible usage. I've actually worked on customer web pages that do this. Don't ask me HOW it works, it was confusing enough fixing the existing page so it would look right on a phone in portrait mode, or on a desktop or a 'slab' in landscape mode, with their varying aspect ratios and screen sizes [yes it works perfectly now!]. And I didn't have to change the style sheet - I embedded 'style' info into the HTML.

So using this information, indirectly determined from the style sheet setup, EVEN WITH SCRIPT TURNED OFF, it should be possible to 'nuke out' what some of the hardware is that you have on your computer. That doesn't even include font embedding or other potential danger items. There have been vulnerabilities with web fonts in the past, after all.

it's like a potential side-channel attack. You know, like Meltdown and Spectre.

seriously isn't the USER-AGENT bad enough in external HTML requests? Only now, it's e-mail spam doing this (in particular, spammed malware). And THOSE are the people who will leverage it.

icon, because, paranoia (again)

bombastic bob Silver badge
Devil

Re: Yet ANOTHER reason!

"I jusat upvoted an @BB post"

Just think of me as a broken clock, being right twice a day.

bombastic bob Silver badge
Alert

Re: Ends-Means

"AMP is such a blight"

And they announce the desire to release this crap, BEFORE any proper patches for Meltdown and Spectre, knowing FULL WELL that javascript proof of concept for these exploits already exists...

bombastic bob Silver badge
Black Helicopters

Yet ANOTHER reason!

Yet ANOTHER reason to *NEVER* *VIEW* *MAIL* *AS* *HTML*.

because, scripting and style sheets are next. you KNOW it's coming! And embedded ADS in your e-mail, courtesy "whatever free e-mail service" you send/receive with.

Don't doubt me. Consider the following:

a) we can just block the web ads and still view the content

b) an operating system with ADS in it?

c) subscription-based OFFICE programs?

d) An annual fee just to use an OS?

I can see the possibility of click-through ads to view your e-mail (particularly with HTML mail viewers). Or, WORSE, click-through ads to SEND mail!

icon because paranoia

NASA budget shock: Climate studies? GTFO. We're making the Moon great again, says Trump

bombastic bob Silver badge
FAIL

Re: We don't need no education

"The US is actually the 56th highest in the world behind, well basically everywhere."

that site lists spending per %GDP, and not actual dollar figures. Apples and oranges comparison, sorry. Lies, Damn Lies, and statistics.

bombastic bob Silver badge
Boffin

Re: We don't need no education

"With access to statistics and the ability to both read and do math, you would understand why what you say here is utter tripe"

you mean, like this?

https://rossieronline.usc.edu/blog/u-s-education-versus-the-world-infographic/

Although literacy rate [being carefully trained to read socialist propaganda and poetry by Maya Angeloo, heh] is good, math and science [the things that REALLY matter] are pretty poor. Per dollar, especially.

Note I compared the money being spent to actual performance. The USA spends more money per student than any other country. Yet math+science performance are pretty BAD by comparison. I also have my doubts about the "literacy rate" comparison, not knowing how that's being scored. If you score one way, reading comprehension and composition, it would give different results than "being able to read at all" which is still a problem in a lot of places in the world.

bombastic bob Silver badge
Facepalm

Re: We don't need no education

"To let those parts of the country choose what to teach their kids"

This is precisely the kind of arrogant thinking I despise, when the elite decide "what is best for us".

I have much more 'faith' in the individual people deciding for themselves what is best for their own lives.

bombastic bob Silver badge
Facepalm

" The current research reactors are massive"

when you pay people for RESEARCH, that is what you get. When you pay for RESULTS, on the other hand...

Have you ever worked on a shoestring budget and did miraculous things with what little you have access to? I have. Every day. Think different [to borrow Apple's old slogan].

The entire point here is NOT to drag up a bunch of equipment like you'd see on earth. A lot of potential designs [including ones that COULD work for 'impulse' style engines] have not been tried.

Example: resonance confinement, using particle beams and resonant cavities and wire coils. Study how a travelling wave tube works. then you'll understand how this would work, too.

You could build that in space, or launch pre-built modules that are small, for a lot less than a ginormous "research only" power plant, and not worry too much about whether it explodes or not [when you crank up the flow rate on fuel] since it"s "out in space".

anyway, THAT is the point. you can't let earth-bound thinking limit the possibilities here.

bombastic bob Silver badge
Devil

Re: Not what they say, what they do

"Like most Republican leaders Trump is utterly convinced of the dangers of climate change"

No, you're wrong in your assumptions about Trump, and only a handful of Republo-Crats have actually swallowed the koolaid on man-made-<whiny-voice>ClimateChange</whiny-voice>

Trump said he had an "open mind". I know that global-warming-fascist types assume that means "swallows their propaganda and asks for another" but his governance obviously says the opposite. Top 10 results in an online search confirm this.

And why do you assume that "fusion experiments in space" mean shipping ITER there? I think your vision on what is possible may be a bit too narrow. In space, you can cross multiple proton beams without containment, as one possible research example. The biggest problem with fusion (in my opinion) is the containment. The second is the confinement. Eliminating containment problems gives you more options for researching how to do the confinement better, and a LOT of things have probably NOT been tried, and don't require "what you said" to be launched into orbit.

Anyway, that's just ONE thing that space helps with.

I'm also looking forward to a 2001-like space station, with multiple gravity levels for various purposes.

But yeah you have to think out of the box for some of this stuff. being stuck in the mindset of what everyone else is doing at the moment doesn't give you a whole lot of freedom for how to do things.

bombastic bob Silver badge
Facepalm

Re: We don't need no education

well, just to explain things better: too many federal gummint things are replicated and/or disorganized. Also, there's a general move to eliminate the Department of Education entirely, leaving education up to the states and local gummints, which is how things used to be. With education spending being the HIGHEST IN THE WORLD, and per-dollar performance some of the LOWEST, I'd say that gummint inefficiency has simply inflated the bureaucracy, and inflated the overall cost, while SIMULTANEOUSLY making things WORSE.

Although I'd like to see more science and technology in education, a "top down from the fed" approach isn't working. THAT is why it's being dropped [and not to make kids 'do without' because they won't].

bombastic bob Silver badge
Devil

The ISS, although very useful for a lot of things, isn't really "state of the art". It's tested a number of very good ideas, one of which is the inflatable module.

OK - now we get to look and see what Boeing, SpaceX, and others are considering to replace the ISS. We just got a new 'heavy lift' rocket from SpaceX [still more work to do no doubt but a great start], and NASA will be shifting their fix to a LUNAR SPACE STATION, which is a hell of a lot more interesting.

As for climate change - it's not "climate change" that's the hoax (climate changes ALL of the time, like ice ages and warming periods), it's the idea that HUMANS are causing it via CO2 "pollution", which is not only bat-guano LUDICROUS, it's CLUELESS with respect to chemistry, physics, other areas of science, common sense, and the well-known observations of solar cycles and normal climate behavior.

Not even bothering with the [obvious] point of its IR absorption spectrum, CO2 is such a small amount of the atmosphere (0.04%) , it could be as high as 2% without a (significant) negative impacting on animal life, and an increase in its concentration stimulates plant and algae growth in order to increase its depletion rate (so it's at an equilibrium). Maybe we just do NOT need "rocket science" devoting itself to chasing the tail of climate change politics.

/me points out that in a space station, CO2 levels will probably exceed 1% all of the time, because you need enough concentration for the scrubbers to work efficiently. You just need to keep it in the low 1% range or everybody will get headaches and become really grumpy... (my submarine experience tells me that).

And while they're looking into a Lunar Orbit station, maybe they can work on solving the ENERGY REQUIREMENTS for a Lunar station, maybe refueling rockets for the return trip to earth with Lunar-minded materials, and so on. Wouldn't that be worthwhile? And consider fusion reactor research in space, where they can afford to take bigger risks... and have a natural vacuum to assist them.

Developing Fusion power would eliminate the need for all of this CO2 nonsense, anyway, so it SHOULD be the focus, but it's not, because, politics. Good riddance to THAT at NASA for the next few years, at any rate.

Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1

bombastic bob Silver badge
Unhappy

Re: Supported until January of 2020.

and after Windows 8.1 is no longer supported, what then? [see earlier post regarding FUD/rumor]

bombastic bob Silver badge
Unhappy

Re: Letter To Redmond...

"Dev work is difficult enough without having the OS operate like a moving Target!"

exactly. when a project cycle is YEARS long, you can't jump on "new, shiny" you have to code for what's available NOW.

related, rumors suggest the possible abandonment of the 'Windows API' (formerly known as Win32 API), thereby forcing devs to use UWP and code for Win-10-nic only. They're probably just FUD, but I dunno, Micro-shaft has done similarly bold [read: boneheaded] moves...

bombastic bob Silver badge
Devil

Re: MS Give Windows 7 & 8 users a Virtual Machine with their previous Windows 7 & 8 O/S in it.

how about convert your existing Win10 into a VM [for those things that may require it in the future] and THEN UPgrade to 7?

bombastic bob Silver badge
Devil

a CLUE has been GOT!

You know, I just see this as a positive sign. It makes me smile! Well, just a little...

It's official: .corp, .home, .mail will never be top-level domains on the 'net

bombastic bob Silver badge
Devil

Re: I use .internal

'.internal' sounds like a winner - I'd like to see that listed in an RFC alongside a few others.

There are dedicated fake domains for OTHER things, why not a SPECIFIC one for private LAN use? Yeah, THAT is the point!

/me wonders if all of the ".profanity" and/or scatalogical TLDs could become 'private LAN' naming candidates

bombastic bob Silver badge
Thumb Down

"It's not difficult - don't try to use domain names you don't own"

And pay the "internet domain TLD tax" while we're at it. for every private LAN in the world.

NO!

there NEEDS to be "something we can use" for non-public naming. THAT is the point!

bombastic bob Silver badge
Devil

as an alternative to '.local'

prior to the related RFC6762 publishing, ".local" was being recommended (by Microsoft, among others) to be used for 'local LAN DNS' kinds of things. I've been using it for ~2 decades. [and I don't care much about mDNS].

Post RFC6762 it's officially reserved for mDNS. Wheee.

NOW we have others, in particular '.home' '.corp' and '.mail'.

Will there be an RFC or similar document to CODIFY and STANDARDIZE these so that we don't get a "whoops, SURPRISE!" later on???

UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned

bombastic bob Silver badge
Devil

"I think the point is you shouldn't need JavaScript in a web browser in the first place."

I really wish I could do this 100% of the time. But then, if the customer needs 'google maps' embedded on the page, for whatever reason, you can just have a *teensy* bit of script to support it.

So I guess I'd re-state that: "You shouldn't need any more than a tiny bit of JavaScript, if any at all, in a web browser in the first place"

bombastic bob Silver badge
Devil

Re: Don't load third-party scripts

" those who actually write websites"

or worse, those tasked with fixing someone else's crap-web-code that uses a bizarre dependency tree of embedded script...

Sometimes the simplest solution is to include the script elements yourself, within the page where it's used, via copy/pasta, and then use 'STYLE' assignments in the HTML tags where appropriate. But, then again, I _HAND_ _CODE_ all of my HTML, and *despise* those dependency trees... and it was SO amazing to see that my changes were correctly reflected on the phones and slabs (when I did it _MY_ way) where they'd cached the included script files unnecessarily and there was no obvious way to flush the cache and get them to re-load... stupid browsers not re-loading the included script. The PC browsers re-loaded it, why can't the Android devices?

yeah - script dependencies NOT working consistently.

bombastic bob Silver badge
Devil

Re: Don't load third-party scripts

6. Come, look at this marvelous view from the ginormous 3rd floor office window...

bombastic bob Silver badge
Devil

Re: Don't load third-party scripts

"3. Avoid scripts entirely."

you need to sell this better.

bombastic bob Silver badge
Megaphone

"Just about every non-trivial website on the planet loads in resources provided by other companies and organizations"

"Another good demonstration of why ad blockers and script blockers are essential."

And a reason to apply a CLUEBAT to those web site authors that propagate this nonsense, who seem to have NO clue at all...

Are you an open-sorcerer or free software warrior? Let us do battle

bombastic bob Silver badge
Devil

what open-source became after the ideologues showed up

deserves its own topic, I think.

Agreed on BSD license, and MIT license. Both were conceived on college campi (pseudo-plural of campususes, and crymanthesums, and put 'em in a vase - gumby florist)

Icon, because, BSD

bombastic bob Silver badge
Facepalm

Re: GPL is not freedom at all.

@AC "whoever believes open source is the future, is just turning the clock back"

you almost had my upvote until I read that line...

FSF is a good idea, but carries too much baggage.

The point of the article is that OSI grew out of FSF's "restrictive" view on how to make software open. 'The Suits' made it more compatible with business. Hence, it has money and marketing behind it. And, it's all good.

I've mentioned this before - I like to 'dual license' anything I consider to be a worth-while project. That way if you want a BSD-like license, you can do that. Or if you need GPL for some reason, you can do that. Or, in some cases, to make customers happy [when I copy/pasta code from an open source project I wrote into a customer project to save time] I add a 3rd option of "use without a license by author's permission". Everybody wins.

bombastic bob Silver badge
Devil

Re: What's in it for the user?

"why should the user care about the freedom to modify"

most users don't. however, a company that ties its success to others' efforts is going to want to be able to protect itself, should the author die or (worse) get sued out of existence. Open Source does a VERY good job in mitigating that kind of risk.

bombastic bob Silver badge
Unhappy

Re: blacklash against GPL viral clause

"More important for everyone concerned is, I think, the potential aspect of liability despite what all the licences say."

Exactly. Too many are more than willing to throw sueballs, in a "biting the hand" moment, because they are the same ones who would complain about a gift. "That gift horse has bad teeth, get me another".

I think we've all seen enough well-written license disclaimers to pretty much know how to word them for our own personally contributed stuff. If it weren't for those "sewers" (sue-ers) the world would be a much better place, perhaps with a bit more "please" and "thank you" thrown in.

bombastic bob Silver badge
Devil

Re: Sorry...

"For me, Free means it costs nothing."

As in free beer.

The problem I have with 'Free', as defined by the FSF, isn't "free" at all. If something is truly "free" as in freedom, you'll be able to do whatever you want with it. GPL licenses, in the name of 'freedom', put a whole lot of restrictions on what you can do with something. I wouldn't call that "free".

A proper "free as in freedom" license protects the author from getting sueballs thrown at him because his 'free' product didn't perform properly or allegedly broke something. Anything beyond that is too much.

I'll avoid making the left vs right comparison on the concept of 'freedom'. I supposed you could call FSF vs OSI as "left vs right" though. And the obligatory civil war begins!

Boffins upload worm's brain into a computer, teach it tricks

bombastic bob Silver badge
Devil

The worm is the spice - the spice is the worm!

I figured I'd have to give a Dune reference, before someone else beats me to it.

Home taping revisited: A mic in each hand, pointing at speakers

bombastic bob Silver badge
Devil

Re: my parents were in the film business

"The insulting anti-piracy messages on bought video disks"

The U.S. release of 'Excel Saga' had some fun with this. They integrated the anti-piracy warning with the evil organization 'Across' and its dictatorial leader, 'Ilpalazzo' with punishment involving being tarred and feathered, and something to do with a depraved walrus. Or something like that.

There's a reference to it here: http://allthetropes.wikia.com/wiki/Digital_Piracy_Is_Evil

bombastic bob Silver badge
Devil

Re: Oh my...

in the 80's I deliberately purchased vinyl, and then [when brand new] went straight to tape with it using high quality C90 cassettes, typically one album per side. Then play 'wherever' like in the car, or with a walkman.

Records hardly ever got damaged that way. I sometimes wish I still had some of my old vinyl. For various reasons, it went away... [I don't even have a working record player any more]

bombastic bob Silver badge
Unhappy

Re: CDs ... bloody expensive

"Record Executives: Killing Music, underpaying Artists."

Except for brief periods with artists like Muse, most "modern" music just plain sucks.

The music executives MARKET what they WANT you to hear until you tolerate listening to it, then OVERPLAY it until you "like" it. They've been doing this since 70's DISCO. Thankfully the 80's was a time when the 'one hit wonder' bands PROVED that real innovation still existed. Also were one-hit wonders in the 50's and 60's. But that kind of thing is VERY hard for "the suits" to wrap their claws around, as it's unpredictable.

Instead, they DRIVE "the trend" with their somewhat evil marketing strategy. it deliberately picks the winners and losers, more or less, and finances the losers on the backs of those who are unlucky enough to have a sucky contract. Well known artists and bands who were so exploited: The Beatles, Smashing Pumpkins, and Prince (who had to become 'The artist formerly known as Prince' for a while). There are many others.

I have no love at all for RIAA or any of the OTHER DMCA-wielding media-fascists. When I hear some of the CRAP that seems to get airplay, I have to wonder "how come you're not playing MY stuff, which I see as being a WHOLE lot better than much of _THAT_". OK I know the reason why these contracts go to others, much of which has more to do with the way Harvey Weinstein used to do business in Hollyweird than it does with REAL talent or good quality stuff: When THEY are "in control", THEY 'make or break you'. It's that simple. And so, to 'make it big', your forced to play THEIR game THEIR way, and it STINKS.

Due to Oracle being Oracle, Eclipse holds poll to rename Java EE (No, it won't be Java McJava Face)

bombastic bob Silver badge
Devil

"C-- is already taken, it's what I call Microsoft's C#"

I've always called it "C-pound". It's what I want Micro-shaft to do with it. Like sand.

Java, on the other hand, has some uses (and no ".Not"). But it _still_ suffers from that bass-ackwards way of thinking that's "all too common" in the world of alleged "object-oriented" lingos...

Oracle's desire to stranglehold Java was actually _CAUSED_ by Micro-shaft's attempt to embrace/extend/extinguish it, which THEN gave [illegitimate] birth to C-pound and then J-pound... (does anyone even USE J-pound? The Wikipedia article says it's no longer supported)

one online page suggests that C-pound was originally C++++ but was hard to type in, and so the 4 '+' became the '#' because it kinda looks like 4 plus signs...

bombastic bob Silver badge
Devil

Re: Lame name options IMHO

"I would have chose a coffee theme like cappuccino."

Call it 'Joe', and you can keep the 'J' in every potentially affected acronym.

Now I'm gonna go and get me a nice cuppa Joe...

No sh*t, Sherlock! Bloke suspected of swallowing drug stash keeps colon schtum for 22 DAYS

bombastic bob Silver badge
Coat

Re: The Assagne option

"Have they offered him Ferrero Rocher?"

Or perhaps disguise some of THESE as Ferrero Rocher

I once heard a rumor of someone getting hot chocolate made from that stuff, as a bad prank/retaliation. It's why you don't anger the people who prepare your food.

(grabbing coat)

You can resurrect any deleted GitHub account name. And this is why we have trust issues

bombastic bob Silver badge
Devil

Re: It's Not GitHub's fault

"The fault is dynamically loading code from random folks accounts on GitHub rather than from a proper repository and then hosting either in a CDN you control, or within the application itself"

people who do that probably [ab]use ginormous libraries that they don't understand, doing a zillion things they do not need, and polluting the dependencies with unnecessary download requirements, both on the client end AND on the server end. My $.10 anyway.

I prefer copy/pasta the relevant parts and then maintain it as part of my OWN repo. Proper acknowledgements and licensing as needed.

(why do I need to load BLOATWARE when all I want is what 'left-thingy' does...)

bombastic bob Silver badge
Devil

Re: 'a bare minimum would be forking'

"Something severely lacking in these Agile DevOps days, it would seem."

ya think?

bombastic bob Silver badge
Devil

Re: 'a bare minimum would be forking'

"Merging is difficuuuuuuult"

no, it's not. do a snapshot and merge to the master branch (on the original) with a pull request from time to time. Easy.

Or you can fork the repo, fix things on your end, and THEN do a pull request into the original repo [which I did a while back with the Arduino project, as an example]. It's the best way to contribute. It's all well documented on github.