SitePoint播客#87:MeltSheep和FireRock

Episode 87 of The SitePoint Podcast is now available! This week your hosts are Patrick O’Keefe (@iFroggy), Stephan Segraves (@ssegraves), Brad Williams (@williamsba), and Kevin Yank (@sentience).

SitePoint Podcast的第87集现已发布! 本周的主持人是Patrick O'Keefe( @iFroggy ),Stephan Segraves( @ssegraves ),Brad Williams( @williamsba )和Kevin Yank( @sentience )。

下载此剧集 (Download this Episode)

You can also download this episode as a standalone MP3 file. Here’s the link:

您也可以将本集下载为独立的MP3文件。 这是链接:

  • SitePoint Podcast #87: MeltSheep and FireRock (MP3, 62.5MB, 1:08:13)

    SitePoint播客#87:MeltSheep和FireRock (MP3,62.5MB,1 :08: 13)

剧集摘要 (Episode Summary)

Here are the topics covered in this episode:

以下是本集中介绍的主题:

  1. Microsoft: Silverlight is Just for Windows Phones

    微软:Silverlight仅适用于Windows Phone
  2. Cooks Source, the Web, and the Public Domain

    Cooks Source,Web和公共领域
  3. RockMelt: Another Attempt at the Social Browser

    RockMelt:社交浏览器的另一种尝试
  4. Firesheep and the Sudden Importance of SSL

    Firesheep和SSL的突然重要性

Browse the full list of links referenced in the show at http://delicious.com/sitepointpodcast/87.

浏览http://delicious.com/sitepointpodcast/87中显示的参考链接的完整列表。

主持人聚光灯 (Host Spotlights)

显示成绩单 (Show Transcript)

Kevin: November 12th, 2010. Copyright meets cooking, SSL becomes a big deal, and has Silverlight seen the light? I’m Kevin Yank and this is the SitePoint Podcast #87: MeltSheep and FireRock.

凯文(Kevin): 2010年11月12日。版权与烹饪相遇,SSL成为大问题,Silverlight见识了吗? 我是Kevin Yank,这是SitePoint播客#87:MeltSheep和FireRock。

And welcome to another episode of the SitePoint Podcast, one of the top three podcasts of the year, or so it is said. I am joined by usual co-hosts; Patrick, Brad, Stephan, how’s it going?

欢迎收看SitePoint Podcast的另一集,它是年度三大Podcast之一。 我由平常的共同主持人加入; 帕特里克,布拉德,斯蒂芬,最近怎么样?

Brad: Hello.

布拉德:你好。

Stephan: It’s going good.

史蒂芬:一切都很好。

Patrick: It’s going well.

帕特里克:一切顺利。

Kevin: It’s going well. Patrick’s a bit under the weather today. Patrick, sorry to hear about that.

凯文:进展顺利。 帕特里克(Patrick)今天天气有点转。 帕特里克,很遗憾得知这一消息。

Patrick: That’s okay, I caught it through travel, how these things are usually caught.

帕特里克:没关系,我是在旅行中发现的,通常是如何捕获这些东西的。

Kevin: Ah, yeah, we’ll be treated to slightly more dulcet than usual tones from Patrick today. And our first story for the show today is to do with Microsoft Silverlight. I’m not sure we’ve ever actually talked about Silverlight on this show. Can any of you guys remember talking about Silverlight?

凯文:嗯,是的,今天我们会比起帕特里克的普通音调来对待杜尔塞特。 今天我们的第一个故事是与Microsoft Silverlight有关的。 我不确定我们在本次演出中是否真正谈论过Silverlight。 你们每个人都能记得谈论Silverlight吗?

Patrick: I definitely remember talking about Flash. (laughs)

帕特里克:我绝对记得谈论Flash。 (笑)

Brad: A lot of Flash; I don’t know that we’ve talked Silverlight though.

布拉德:很多闪光; 我不知道我们曾经谈过Silverlight。

Kevin: Silverlight—Microsoft Flash I suppose you could call it. Have you installed the Microsoft Silverlight plugin in your browser, and if so what was it that made you install it? Because this seems to be like a story that every web developer has that, oh, you know, I didn’t want to install it but then one day I was forced to. What forced you to install Silverlight or are you still holding out?

凯文: Silverlight-Microsoft Flash我想您可以称呼它。 您是否已在浏览器中安装了Microsoft Silverlight插件,如果是的话,是什么促使您安装它的? 因为这似乎是每个Web开发人员都拥有的一个故事,哦,您知道,我不想安装它,但是有一天我被迫安装了它。 是什么促使您安装Silverlight还是仍在坚持?

Brad: Yeah, I have it installed, and for me I think it was what a lot of people with the Olympics, 2008 Summer Olympics, and basically Microsoft had the exclusive agreement with NBC that all of the online media would be streamed via Silverlight, and I think that kind of forced a lot of people. I was reading some stats, they were doing eight to ten million downloads of Silverlight a day throughout the Olympic event, so that really kind of put a spotlight on Silverlight especially for those that had never heard of it.

布拉德:是的,我已经安装了它,对我来说,我认为这是很多参加2008年夏季奥运会和奥林匹克运动的人,基本上,微软与NBC达成了独家协议,所有在线媒体都将通过Silverlight进行流式传输,我认为这种方式迫使很多人。 我正在阅读一些统计数据,在整个奥运会期间,他们每天要下载八至一千万次Silverlight,因此,确实使Silverlight受到关注,尤其是对于从未听说过的人。

Patrick: I have it installed but I don’t have the faintest idea why that is.

帕特里克:我已经安装了它,但是我不知道为什么会这样。

Kevin: Stephan?

凯文:斯蒂芬?

Stephan: Don’t have it, no.

史蒂芬:没有,不。

Kevin: Don’t have it!

凯文:没有!

Stephan: Don’t have it.

史蒂芬:没有。

Kevin: Oh, well, you may just be getting off easy because according to Mary Jo Foley’s All About Microsoft blog on ZDNet—and Ms. Foley has been blogging about Microsoft for a long time. According to a story, a scoop she seems to have, Microsoft’s strategy around Silverlight seems to be shifting. It seems like with the pending release of Internet Explorer 9 Microsoft has really stopped talking about Silverlight as the technology platform for the next generation web and started talking about HTML5; it seems suddenly with IE9 everything is about HTML5; HTML5 is what you need to be excited about as a developer. And this prompted her to ask for a quote, as you do, and she asked her contacts at Microsoft, well, what happened to Silverlight? And according to Bob Muglia, the Microsoft president in charge of the company’s server and tools businesses, he says, “Silverlight is our development platform for Windows Phone,” he said. He also said it had some, “sweet spots,” in media and line of business applications, so especially rich web experiences can sometimes be better with Silverlight than with competing technologies—(Cough) Flash—and line of business I suppose that is corporate dashboards for corporate portals written in dot net technologies from end to end. “But when it comes to touting Silverlight,” Ms. Foley says, “as Microsoft’s vehicle for delivering a cross-platform runtime, ‘Our strategy has shifted,’ says Muglia.” So it sounds like Microsoft is giving up on Silverlight as a competitor to Flash in the mainstream, and we have a poll about this up on sitepoint.com at the moment asking whether people think Silverlight is dead. What do you think guys, is Microsoft waving the white flag?

凯文:哦,好吧,您可能会轻松过关,因为根据Mary Jo Foley 在ZDNet上All About Microsoft博客所言 -Foley女士已经撰写了很长时间的有关Microsoft的博客。 根据一个故事,似乎是她的独家新闻,微软围绕Silverlight的策略似乎正在发生变化。 在即将发布的Internet Explorer 9中,Microsoft似乎已经真正停止谈论Silverlight作为下一代Web的技术平台,而开始谈论HTML5。 似乎在IE9中突然之间所有内容都与HTML5有关; 作为开发人员,HTML5是您需要兴奋的。 就像您一样,这促使她要求报价,并且她问微软的联系人,那么,Silverlight发生了什么? 微软负责公司服务器和工具业务的总裁鲍勃·穆格里亚(Bob Muglia)表示,他说:“ Silverlight是我们针对Windows Phone的开发平台,”他说。 他还说,它在媒体和业务应用程序中有一些“最佳点”,因此,使用Silverlight有时比使用竞争技术(咳嗽Flash)更好,尤其是丰富的Web体验,我认为这是公司的业务端到端以点网技术编写的企业门户仪表板。 Foley女士说:“但是在吹捧Silverlight时,作为Microsoft提供跨平台运行时的工具,'我们的战略已经改变了,'Muglia说。” 因此,听起来微软似乎已经放弃了Silverlight作为Flash的主流竞争对手,目前我们在sitepoint.com上对此进行了一项民意调查,询问人们是否认为Silverlight已经死了。 您怎么看,微软在挥舞白旗吗?

Brad: I think companies, Microsoft and others, are starting to get smart about this and they’re realizing that Silverlight and Flash may not be the way of the future, and HTML5 really is. Like you said, Microsoft’s putting a big push behind Internet Explorer 9 and how well it works with HTML5, so they realize that this is where the industry is going, this is where it’s going to get. So if they don’t jump on early enough they’re going to get passed like they have in a lot of different areas and I especially don’t think they want that to happen on the Web. So I think it’s very smart of Microsoft to jump in early; if they have to change their strategy now would probably be the time to do it before it’s too late.

布拉德:我认为微软和其他公司已经开始对此精明了,他们意识到Silverlight和Flash可能不是未来的方式,而HTML5确实是。 就像您说的那样,Microsoft大力推动Internet Explorer 9以及它与HTML5协同工作的能力,因此他们意识到这是行业的发展方向,也是它的发展方向。 因此,如果他们没有足够早地开始学习,他们将像在许多不同领域一样获得成功,我尤其不希望他们在网络上发生这种情况。 因此,我认为微软尽早加入是非常明智的。 如果他们现在必须改变自己的策略,那可能是时候为时过早了。

Kevin: Well, I suppose if a Summer Olympics doesn’t get you mass adoption nothing will.

凯文:好吧,我想如果夏季奥运会未能使您获得广泛采用,那将是没有用的。

The thing that finally got me to install Silverlight was we have a Microsoft Action Pack Subscription here at SitePoint, and if you’re not familiar with that, that’s this thing you can sign up for, last time I checked it’s roughly $700.00 a year. You sign up to Microsoft’s Partner Program and then you can pay this annual fee to part of the Microsoft Action Pack program, and that gives you a bunch of licenses to Microsoft software so you get roughly 10 Windows 7 licenses, 10 Microsoft Office licenses and access to whole bunch of support materials so that if you are selling or promoting Microsoft solutions to your customers or business partners you have all of these glossy sheets of paper describing all the different Microsoft products and that will help you I suppose be a better Microsoft business partner. For a business like SitePoint’s where we do a lot of client work and we are often asked about our opinions on Microsoft solutions it makes sense for us to have access to that, and to be honest 10 office licenses, 10 Windows licenses, there are much more expensive ways to get those things than pay for an Action Pack license so that’s what we do. But lately Microsoft is requiring anyone who subscribes or renews to an Action Pack to take an online course on the Microsoft Partner Program website and then pass a test proving that you absorbed the knowledge of that course. And the course I decided to take was about WPF, Windows Presentation Foundation, and specifically the APIs that are inside of Silverlight. And so in order to view those materials, in order to take that test, it was all done in Silverlight and so I needed to install it for that. I don’t think I’ve needed it for anything off of a Microsoft domain; I suppose maybe I was not as much of an Olympics fan as you Brad.

最终让我安装Silverlight的是,我们在SitePoint上有一个Microsoft Action Pack订阅,如果您不熟悉该功能,则可以注册该东西,上次我检查的费用约为每年700.00美元。 您注册了Microsoft的合作伙伴计划,然后您可以将该年费支付给Microsoft Action Pack计划的一部分,这将为您提供一堆Microsoft软件许可证,因此您大约可以获得10个Windows 7许可证,10个Microsoft Office许可证和访问权限到一整套支持材料,以便如果您向客户或业务合作伙伴销售或推广Microsoft解决方案,那么您将拥有所有描述所有不同Microsoft产品的光面纸,这将对您有所帮助,我想是一个更好的Microsoft业务合作伙伴。 对于像SitePoint这样的公司,我们需要做大量的客户工作,并且经常有人问我们对Microsoft解决方案的意见,因此我们可以访问它,说实话,有10个Office许可证,10个Windows许可证,这很有意义。比购买Action Pack许可更昂贵的方式来获得这些东西,这就是我们要做的。 但是最近,Microsoft要求订阅或续订Action Pack的任何人都必须在Microsoft合作伙伴计划网站上参加在线课程,然后通过测试证明您吸收了该课程的知识。 我决定参加的课程是有关WPF,Windows Presentation Foundation,特别是Silverlight内部的API。 因此,为了查看这些材料并进行测试,这些工作都是在Silverlight中完成的,因此我需要为此进行安装。 我认为我不需要Microsoft域以外的任何东西; 我想也许我不像你布拉德那样热衷于奥运会。

Brad: Yeah, I mean it’s tough because most people out there have Flash, it’s what, 99% adopted or something like that, and Silverlight isn’t anywhere near that, so it’s definitely tough; if you’re going to build an application you want to build it in a technology that’s going to be used by the most amount of people that you can possibly have. So, to build it on something that only 20%, I don’t know the number, 20, 30% have installed seems kind of silly; you would probably want to do it in Flash and then maybe also offer a Silverlight version which wouldn’t make a lot of sense either, so I mean I can certainly see why it hasn’t really been adopted.

布拉德:是的,我的意思是说这很艰难,因为那里的大多数人都拥有Flash,99%的用户采用了Flash或类似的东西,而Silverlight却远不及Flash,所以这确实很艰难。 如果您要构建应用程序,则希望以一种可能会拥有尽可能多的人使用的技术来构建它。 因此,仅以20%的价格构建它,我不知道20、30%的安装数量似乎很愚蠢; 您可能想要在Flash中进行操作,然后还提供一个Silverlight版本,该版本也没有太大意义,所以我的意思是我可以肯定为什么它并未真正被采用。

Kevin: There’s barely room for Flash on the Web these days let alone Flash and a competitor. But certainly from developers who embraced Flash wholeheartedly I’m sure you’d hear a lot of good things about the technology, I certainly heard that playing video and doing really intense multimedia sort of stuff was more efficient, less CPU intensive on Silverlight than it was on Flash. So, I suppose it was built more recently, it probably has less of a legacy to maintain, but as nice a technology as Silverlight was maybe there just wasn’t the demand for it or the place for it. According to the poll on SitePoint’s home page, which I think it has one day to go, the poll asks, “Is Microsoft Silverlight dead?” and the results are: 10% say it’s dead; 17% say it’s definitely not dead; 22% say it won’t live long; and 51% say it was never alive to begin with. So there you go.

凯文:这些天来,Flash在网络上几乎没有空间了,更不用说Flash和竞争对手了。 但是可以肯定的是,从全心全意地拥抱Flash的开发人员那里,我相信您会听到很多关于该技术的好消息,我当然听说过,播放视频和做一些真正的多媒体工作比使用Silverlight效率更高,CPU占用更少在Flash上​​。 因此,我想它是较新制造的,可能没有多少遗产可以维护,但是像Silverlight一样好的技术也许根本就不需要它或它的位置。 根据SitePoint主页上的民意调查(我认为还有一天),民意调查询问:“ Microsoft Silverlight死了吗?” 结果是:10%说它已经死了; 17%的人说这肯定没有死; 22%的人说它不会长寿; 51%的人说它从一开始就不存在。 所以你去了。

Patrick: This is our audience. (Laughter)

帕特里克:这是我们的听众。 (笑声)

Brad: Ouch.

布拉德:哎呀。

Kevin: Moving on! We’re going to talk about a spectacular case, and if you’ve been online for the past week I suppose you probably couldn’t have escaped hearing about it, right Patrick?

凯文:继续前进! 我们将要讨论一个非常壮观的案例,如果您过去一周一直在线,我想您可能无法逃避此事,对吗,帕特里克?

Patrick: Right. So, Jonathan Bailey at Plagiarism Today has a detailed report on what’s being referred to as the Cooks Source Plagiarism Case. Essentially Cooks Source is a free newspaper type magazine that focuses on food in Western New England of the United States. Author Monica Gaudio found that one of her articles had been included in the latest issue of the magazine, in full, and was attributed to her but her permission had not been asked for. So, she reached out to the publication and she called them on the phone, she sent them a note on their website and she asked them what happened, how they did get the article, maybe this is some sort of mix-up. After a couple of emails the editor from the magazine asked her what did she want, she said that she would like an apology on Facebook, a printed apology in the magazine and a $130.00 donation which is about ten cents per word of her original article to be given to the Columbia School of Journalism.

帕特里克:对。 因此,《今日抄袭》的乔纳森·贝利(Jonathan Bailey)有一份有关所谓库克源抄袭案的详细报告 。 本质上,Cooks Source是一本免费的报纸类杂志,重点关注美国西部新英格兰地区的食品。 作者莫妮卡·高迪奥(Monica Gaudio)发现,她的其中一篇文章已被全部刊登在该杂志的最新一期中,并归因于她,但并未征得她的许可。 因此,她联系了出版物,并给他们打电话,在他们的网站上给他们发送了便条,并询问他们发生了什么事情,他们如何获得这篇文章,也许这是某种混淆。 在几封电子邮件后,该杂志的编辑问她想要什么,她说她想在Facebook上道歉,在杂志上打印道歉,并向她捐赠$ 130.00,即每个单词约10美分。送给哥伦比亚新​​闻学院。

Here’s a piece of the response that she received: “I’ve been doing this for three decades having been an editor at The Voice, Housitonic Home and Connecticut Woman Magazine. I do know about copyright laws, it was my bad indeed, and as the magazine is put together in long sessions tired eyes and minds sometimes forget to do these things. But honestly, Monica, the Web is considered public domain, and you should be happy we just didn’t lift your whole article and put someone else’s name on it. It happens a lot, clearly more than you are aware of, especially on college campuses and the workplace. If you took offense and are unhappy I am sorry, but you as a professional should know that the article we used written by you was in very bad need of editing and is much better now than it was originally. Now it will work well for your portfolio. For that reason I have a bit of a difficult time with your request for monetary gain, albeit for such a fine and very wealthy institution, we put some time into rewrites, you should compensate me. I never charge young writers for advice or rewriting poorly written pieces and have many who write for me always for free,” and I’ll pause there; thoughts so far?

是她收到的部分回应 :“我从事《声音》(The Voice),《休斯顿家庭》(Housitonic Home)和《康涅狄格州女人》杂志(Connecticut Woman Magazine)的编辑已经三十年了。 我确实知道版权法,这确实是我的坏事,而且由于该杂志长时间出版,疲惫的眼睛和心灵有时会忘记做这些事情。 但老实说,莫妮卡(Monica)将Web视为公共领域,您应该感到高兴的是,我们并未提出整篇文章,而是在别人的名字上加上了名字。 它发生的事情很多,显然比您知道的要多,尤其是在大学校园和工作场所。 如果您冒犯了您并且感到不高兴,对不起,但是作为专业人士,您应该知道,我们使用您撰写的文章非常不需要编辑,并且现在比原来更好。 现在,它将很好地适合您的投资组合。 出于这个原因,我对您要求获得金钱收益有一些困难,尽管对于这样一个很好而且非常富有的机构,我们花了一些时间进行改写,您应该赔偿我。 我从不向年轻作家征求意见或重写拙劣的作品,并且有许多人永远免费为我写作。” 思念至今?

Kevin: Wow, that’s a way more complete quote than I’ve seen quoted about this story around the Web a lot. The coverage has been focusing very much on the “the Web is public domain; you’re lucky we just didn’t lift it and publish it under someone else’s name.”

凯文:哇,那是比我在网上看到的很多关于这个故事的报价更完整的报价。 报道一直非常关注“ Web是公共领域; 您很幸运,我们只是没有提出它,而是以别人的名字发布它。”

Stephan: That entire quote sounds so bad it could be a Nigerian scam email (Laughter).

斯蒂芬:整个报价听起来很糟糕,可能是尼日利亚的骗局电子邮件(笑声)。

Kevin: Oh, wow!

凯文:哦,哇!

Stephan: That’s how bad it sounds. It’s ludicrous! This is ridiculous; this whole thing is ridiculous.

史蒂芬:那听起来真糟糕。 太可笑了! 这是荒唐的; 这整个事情都是荒谬的。

Patrick: Maybe that’s her previous writing experience.

帕特里克:也许那是她以前的写作经验。

Stephan: Could be, that’s how bad it was written, badly. Oh, I’m sorry, maybe she’ll edit me.

斯蒂芬:可能是,那是多么糟糕的写。 哦,对不起,也许她会编辑我的。

Kevin: According to this story on Plagiarism Today, and I consider that site a friend of the show because they have a good friend of ours on their podcast as a regular co-host—Patrick, ahem.

凯文:根据《今日Pla窃》的故事,我认为该站点是节目的朋友,因为他们作为定期的共同主持人在播客中有我们的好朋友-帕特里克·阿特里克。

Patrick: Yeah, our good friend Patrick.

帕特里克:是的,我们的好朋友帕特里克。

Kevin: According to the coverage the Cooks Source site went down in the aftermath of this scandal, and I don’t know if it’s back up now; I should check, but at least when the Plagiarism Today story was published their site was still down under the load, and their Facebook site is carnage!

凯文(Kevin):据报道,在这次丑闻之后,库克斯资源(Cooks Source)网站崩溃了,我不知道现在是否还在备份; 我应该检查一下,但是至少当《今日gi窃》的故事发表时,他们的网站仍然处于低负荷状态,而他们的Facebook网站却惨遭惨败!

Patrick: Right, it is, and the incident drew a lot of big, huge media attention, not just the Internets, so to speak, or the major geeky hangouts, like Boing Boing which is where I think it got some good airplay, but also MSNBC, The Guardian, L.A. Times, The Boston Globe, etcetera, even Wil Wheaton and Neil Gaiman re-tweeted it or shared it on their Twitter pages, so definitely a lot of attention was being given to it, and so their Facebook page was inundated with just a lot of comments, especially after she shared the email which is really when it took off; it wasn’t really a major issue until she received this nasty email that insulted her, and I just read a piece of it so you know what I’m talking about. And then they picked it up and their Facebook page went crazy and there’s actually a statement on the cookssource.com website, which is now just a single page, and it’s a long statement so I won’t read much from it, but essentially it says that they’ve “cancelled” their website as their advertisers were listed on it and the harassment that has taken place on Facebook was unsafe for them, in the Cooks Source words, Cook Source says they won’t be on Facebook again in the future because, “Hacking is too prevalent and apparently too easily been performed by disreputable people.” They also say the abuse that their advertisers have faced as a good example, “it’s hurtful to those people who are innocent of this issue and can ill afford the abuse either emotionally or financially,” I’m just paraphrasing there, and they say that if you should see any such abuse to report it to Facebook at a certain link and also to certain corporate numbers. They say that it took four people a number of days to track down these two Facebook phone numbers, so these must be highly valuable phone numbers, right? (Laughter) It took four people a number of days to find two numbers to Facebook. So, anyway, they do apologize to the original author, but once again it’s always in this kind of backhanded way, right, they say, “It was an oversight of a small, overworked staff.” Okay, so it was a mistake, but again, it was just a small overworked staff that did it and they say that they’ve gone ahead and made the donation she requested as well as making a donation to a Western New England food bank and they have also paid her as well, they don’t say how much that request was, and furthermore they go on to say that they’re establishing some actual policies for receiving articles. It seemed weird to me to read this, but they say they will now request that all articles and informational pieces have been made with written consent of the writers, the book publishers and/or their agents or distributors, chefs and business owners. Maybe it’s just me but it seems like that that kind of thing should have been taken care of before.

帕特里克(Patrick):是的,这次事件引起了很多媒体的广泛关注,不仅是可以这么说的互联网,也不仅仅是主要的怪异聚会,例如Boing Boing,我认为它在这里起到了很好的播放作用,但是还有MSNBC,《卫报》,《洛杉矶时报》,《波士顿环球报》等,甚至是Wil Wheaton和Neil Gaiman在其Twitter页面上转发或分享了它,因此肯定受到了很多关注,因此,他们的Facebook页面她被很多评论淹没了,特别是在她分享了这封电子邮件时,她真的很高兴。 直到她收到侮辱她的这封令人讨厌的电子邮件之前,这并不是一个大问题,我只是读了一段,所以您知道我在说什么。 然后他们把它捡起来,他们的Facebook页面发疯了,cookssource.com网站上实际上有一个声明,现在只是一个页面,这是一个很长的声明,所以我不会从中读到很多东西,但是本质上是表示他们已经“取消”了他们的广告商的网站,并且在Facebook上发生的骚扰对他们来说是不安全的,用Cooks Source的话说,Cook Source表示不会再在Facebook上再次出现未来的原因是,“骇客行为太普遍了,而且很容易被有声望的人执行。” 他们还说,广告客户面对的虐待行为就是一个很好的例子,“对那些无辜的人来说,这是很痛苦的,他们可能会在情感上或经济上承受不起这种虐待。”我只是在这里解释一下,他们说如果您应该看到任何此类滥用行为,请通过某个链接以及某些公司号码向Facebook报告。 他们说,要花4天的时间才能找到这两个Facebook电话号码,所以这些电话号码一定是非常有价值的电话号码,对吗? (众笑)花了四天的时间在Facebook上找到两个号码。 因此,无论如何,他们的确向原始作者表示歉意,但是再一次,它总是以这种反手的方式进行,对的,他们说,“这是对工作量较小,工作量过多的人员的疏忽。” 好的,所以这是一个错误,但是同样,只有一个工作过度的小工作人员,他们说他们已经继续前进,按照她的要求进行了捐款,并且还向新英格兰西部的一家食品银行捐款。他们还向她付款,他们没有说这个要求多少,而且他们继续说他们正在制定一些实际的政策来接收文章。 对我而言,阅读这篇文章似乎很奇怪,但是他们说,他们现在将要求所有文章和信息性文章都经过作者,书籍出版商和/或其代理商或发行人,厨师和企业主的书面同意。 也许只有我一个人,但似乎这种事情之前应该已经处理过。

Kevin: Yeah.

凯文:是的。

Patrick: It’s kind of strange, but at least one of the sponsors of the Web magazine has apparently turned this around into some good press. Second Street Baking Co. has received some coverage on Boing Boing, among other places, for number one pulling out of advertising on the paper, and doing it in a quick manner and updating their Facebook page to kind of confront the messages that they were receiving to say, hey, we’re not associated with this, we cancelled our ad dollars, and they’ve also said that they encourage everyone to donate to the Food Bank of Western Massachusetts because they had people offering to send them money or buy products that they don’t actually ship, just this like local baking company in Turner’s Falls Massachusetts. So, they have turned it around and received some positive press as well.

帕特里克(Patrick):有点奇怪,但是至少有一个《网络》杂志的赞助商显然把它变成了一些不错的媒体。 Second Street Baking Co.已获得Boing Boing等公司的一些报道,其中包括第一名撤出纸上广告,并Swift进行并更新其Facebook页面,以应对他们收到的消息可以说,嘿,我们与此无关,我们取消了广告费,他们还说,他们鼓励所有人向西马萨诸塞州的食物银行捐款,因为他们有人愿意向他们汇款或购买产品他们实际上并未发货,就像马萨诸塞州特纳瀑布市的当地烘焙公司一样。 因此,他们扭转了局面,也获得了一些积极的舆论。

Kevin: It’s amazing. I think the actual story of what was done and the initial response from the editor at the magazine pales in comparison to the meta-story, the huge swell of response that we’ve seen on the Web. It shows that I guess the Web as a whole is especially sensitive to copyright issues.

凯文:太神奇了。 与元故事相比,我认为所做的实际故事和杂志编辑的初步回应相形见pale,而元故事则是我们在网络上看到的大量回应。 它表明,我认为整个网络对版权问题特别敏感。

It was widely publicized as an issue of plagiarism and I think we can probably all agree that this wasn’t a case of plagiarism per se but copyright infringement.

它被广泛宣传为an窃问题,我想我们可能都同意这不是was窃本身,而是侵犯版权。

Patrick: Right, yeah.

帕特里克:对,是的。

Kevin: Would you agree with that?

凯文:你同意吗?

Patrick: Yeah, that’s kind of a pet peeve of Jonathan’s also is when people refer to trademark issues as copyright issues or plagiarism issues that are actually copyright, this is definitely a copyright issue. In the piece Jonathan actually explains that plagiarism is when someone else takes credit for it; she was actually attributed. The problem is that, again, they didn’t ask for permission, they just took the article from the Web and pasted it into their magazine. And interestingly enough, a website, edrants.com, Edward Champion has also gone through various issues of the magazine and pointed out where they have taken from other authors as well, and authors have apparently showed up in the comments to acknowledge that their work has been taken, so this does not appear to be a once-off, which I guess isn’t a shock to anyone, but this does not appear to be a once-off issue but the continuation of a trend of them taking content from the Web and elsewhere.

帕特里克:是的,这有点像乔纳森(Jonathan)的烦恼,当人们将商标问题称为实际上是版权的版权问题或窃问题时,这绝对是版权问题。 乔纳森(Jonathan)在文章中实际上解释了explains窃是别人为之抄袭的时候。 她实际上是归因于此。 问题是,他们再次没有征求许可,他们只是从网上获取了这篇文章并将其粘贴到他们的杂志中。 有趣的是,一个网站edrants.com,爱德华·冠军(Edward Champion)也浏览了该杂志的各期杂志,并指出了他们从其他作者那里摘来的东西,并且这些作者显然在评论中露面,以承认他们的工作已经因此,这似乎并不是一次过的尝试,我想这对任何人都不会感到震惊,但这似乎不是一个一次性的问题,而是他们从内容中获取内容的趋势的延续。网络和其他地方。

Kevin: The sentence that stuck out for me from that initial editor’s response is where she suggested that following the editing work they did that this article would now be a valuable addition to the author’s portfolio. Would not reacquiring the edited article for use in her portfolio again be a compounding of the copyright infringement that had occurred? It was like, well, we stole from you, you might as well steal back from us and we’ll call it a day, right?

凯文(Kevin):在最初的编辑的回应中,对我来说最突出的一句话是,她建议在他们进行编辑工作之后,这篇文章现在将成为作者作品集的宝贵补充。 再次将编辑后的文章重新用于她的投资组合,难道不是对已经发生的版权侵害的加重? 就像,好吧,我们从您那里偷走了,您还不如从我们这里偷回来,我们将其称为一天,对吗?

Patrick: Right, right. (Laughter) Personally I think it was probably the editor’s attempt to appear as someone who has a lot of experience and kind of bully someone who’s just on the Web saying this is how it goes in the real world, you’re lucky we mentioned your name at all, and then hope she gets scared and goes away which unfortunately for the magazine at least and the editor didn’t happen in this case.

帕特里克:对,对。 (笑声)就我个人而言,我认为这可能是编辑尝试以具有丰富经验和某种欺负人的身份出现在网络上,这是现实世界中发生的事情,您很幸运,我们提到了您的完全没有名字,然后希望她会害怕并离开,这至少对杂志来说是不幸的,而且在这种情况下没有发生编辑。

Stephan: Or it was someone who has no idea what they’re talking about, that’s kind of how it came across to me. Like the ignorance that was stated in that, that there’s no — you’re lucky we gave it, we’re editing it; come on, give me a break, like who says that? If someone said that to your face would you not start laughing? I mean, really. If someone stole something from you in front of you would you not start laughing about them trying to give it back to you because they modified it, I mean come on, it’s a joke!

史蒂芬:或者是一个不知道他们在说什么的人,这就是它对我的影响。 就像其中所说的无知一样,没有-您很幸运我们给了它,我们正在编辑它; 来吧,让我休息一下,像谁说的? 如果有人对你说那个话,你会不会开始笑? 我的意思是,真的。 如果有人从您面前偷走了您的东西,您将不会开始嘲笑他们试图将其还给您,因为他们修改了它,我的意思是,这是在开玩笑!

Kevin: They seem to be implying, despite the fact that they have had to cancel their Facebook account and their own website, that they are going to continue publishing. I don’t know, if a magazine doesn’t have a website does it still exist? Certainly the Google results, if you Google Cooks Source, and I don’t recommend doing this if you are at work, even the Google results have been … let’s say sullied by the response from the Web. There’s some definitely not safe for work content there under the name Cooks Source, it seems like everyone has pulled out all the tricks to damage the good name of Cooks Source out there. Wow. I’ll be interested to see if they ever have another issue. If they do, maybe if they do, there’s the old argument there’s no such thing as bad press; this will be the ultimate test of that.

凯文:尽管他们必须取消自己的Facebook帐户和自己的网站,但他们似乎暗示着他们将继续发布。 我不知道,如果杂志没有网站,它是否仍然存在? 当然,如果您是Google Cooks Source,那么Google的搜索结果是Google的搜索结果,如果您在工作中,我不建议这样做,即使Google的搜索结果也……令网上的回应感到沮丧。 以Cooks Source为名的工作内容肯定不安全,似乎每个人都花了所有的招数来破坏Cooks Source的好名声。 哇。 我很想看看他们是否还有其他问题。 如果他们这样做了,也许如果他们这样做了,那是一个古老的观点,那就是没有坏新闻这种事。 这将是对它的最终考验。

Patrick: If you believe them their Facebook page has, and I don’t know, the hacking thing to me comes across as, again, part of that backhanded stuff like oh we’re leaving the Internet because it’s this place of nasty people, which I’m sure they received some backlash, but there is a Facebook page up for Cooks Source, and if you believe them it’s run by someone else, what might have happened is they cancelled the page and then someone else signed up and took the name, I don’t know, that I found it looked like it had over 5,000 people liking it, and obviously it was filled with a lot of displeased individuals.

帕特里克(Patrick):如果您相信他们的Facebook页面上有,但我不知道,对我来说,黑客的事又是一些反手事情的一部分,例如,哦,我们要离开互联网,因为它是这个令人讨厌的人的地方,我确定他们会受到强烈反对,但是Cooks Source有一个Facebook页面,如果您认为它们是由其他人运行的,可能发生的事情是他们取消了该页面,然后其他人签了字并接受了这个名字,我不知道,我发现它看起来像有5,000多人喜欢它,而且显然其中充满了许多不悦的人。

Kevin: From a disgraced magazine to a new browser. Brad, tell us about RockMelt.

凯文:从一本丢脸的杂志到新的浏览器。 布拉德,告诉我们有关RockMelt的信息。

Brad: Yep, there’s a new browser on the market, and I know browsers are Patrick’s favorite topic so I wanted to make sure we talked about this because we don’t talk about browsers enough, right?

布拉德:是的,市场上有一种新的浏览器,我知道浏览器是帕特里克最喜欢的主题,所以我想确保我们谈论了这一点,因为我们对浏览器的谈论不够,对吗?

Patrick: Awesome, yay! Not at all.

帕特里克:太棒了,是的! 一点也不。

Brad: At least this one’s new and it’s different.

布拉德:至少这是新事物,与众不同。

Kevin: I just got this email from Facebook, it’s from Patrick, and I hope no one has hacked your account, Patrick. It says, “You’ve been invited to use RockMelt,” “Kevin, I’ve been using RockMelt, a cool new browser, I think you’ll like it.”

凯文:我刚从Facebook收到这封电子邮件,是帕特里克发来的,我希望没人黑过您的帐户,帕特里克。 它说:“您受邀使用RockMelt,”“ Kevin,我一直在使用RockMelt,这是一款很酷的新浏览器,我想您会喜欢的。”

Patrick: I didn’t write that.

帕特里克:我没有写。

Kevin: (Laughs) Well, tell us about it.

凯文:(笑)好吧,告诉我们。

Brad: So, RockMelt is a new browser, it’s out in private beta, which as Kevin hinted to the only way to currently get a copy of it is to join their Facebook page or to connect via Facebook and then you can send an invite through Facebook, so that’s the only way to actually get an invite is if you connect via Facebook and then that puts you on the beta list. But it’s a pretty interesting browser, the main hype over it is it kind of integrates all the social network features that we’re used to and that we all use on a daily basis right into your browser. Obviously that’s not revolutionary because it’s been done a few times, there’s other browsers like Flock out there, but this browser got an obscene amount of press I would say, I’d never heard of RockMelt up until two days ago when it seemed like it was popping up everywhere in my feed reader, so the press around this thing was insane considering it’s a private beta.

布拉德:因此, RockMelt是一个新的浏览器 ,已经在私人Beta版中发布,正如Kevin所暗示的那样,当前获取该副本的唯一方法是加入其Facebook页面或通过Facebook连接,然后您可以通过发送邀请Facebook,因此,真正获得邀请的唯一方法是通过Facebook连接,然后将您置于Beta列表中。 但这是一个非常有趣的浏览器,主要的炒作是它集成了我们习惯于使用的所有社交网络功能,并且每天都在您的浏览器中使用。 显然,这并不是革命性的,因为它已经完成了几次,还有其他浏览器,例如Flock,但是我要说的是,该浏览器的发布次数令人讨厌,直到两天前我才听说过RockMelt在我的供稿阅读器中到处弹出,因此考虑到这是私人测试版,因此围绕此事的报道非常疯狂。

Kevin: They’re doing a good job of marketing it, I will give them that.

凯文:他们在营销方面做得很好,我会给他们的。

Brad: They certainly are. And I think a lot of it has to do with it it’s backed by Mark Anderson, the founder of Netscape; they do have some funding behind it which always helps. But essentially it has a lot of the social network integration, so as you’re browsing the Web whatever site you’re on you can easily send it over to Facebook and share it through Twitter and pull images into Flickr and pass messages back and forth. There’s a really cool kind of demo video you can watch that show a lot of the features, and another big feature which is actually getting a little bit more of the press is the search previews feature. So basically they’ve kind of integrated, they’ve kind of taken that Google Instant Search and kicked it up a notch, so as you’re typing your search it will bring results and it will actually preload the result or the pages for each one of those results, so as you hover over the result it will show you what that page looks like so you can determine if it’s kind of the way you want to go for your search. And the reason that’s kind of gotten a little bit more press is because a day or two after RockMelt was announced Google announced a very similar feature called Google Instant Previews which is essentially the same thing but it’s through Google, so a lot of people are kind of comparing that. But it’s definitely an interesting browser, it’s something to keep an eye on, it is Chromium based so a lot of it functions pretty much just like the latest version of Chrome would, so it’s very familiar if you use Chrome quite a bit. Did you guys get a chance, or get an invite for that matter, I know Kevin you just got yours but…

布拉德:他们当然是。 而且我认为这很大程度上与Netscape的创始人Mark Anderson的支持有关。 他们背后确实有一些资金,这总是有帮助的。 但是从本质上讲,它具有大量的社交网络集成,因此,无论您在何处浏览网站,都可以轻松地将其发送到Facebook并通过Twitter共享,然后将图像拖入Flickr并来回传递消息。 您可以观看一种非常酷的演示视频,其中展示了很多功能,而另一个真正的功能是搜索预览功能,而实际上这则新闻更多了。 因此,基本上,它们已经集成在一起,并考虑了Google Instant Search并将其提升了一个档次,因此,当您键入搜索内容时,它将带来结果,并且实际上将为每个结果预加载结果或页面这些结果之一,因此当您将鼠标悬停在结果上时,它将向您显示该页面的外观,以便您确定这是否是您要进行搜索的方式。 而且之所以会受到更多关注,是因为在宣布RockMelt之后的一两天,Google宣布了一项非常相似的功能,称为Google Instant Previews ,虽然本质上是相同的,但这是通过Google进行的,所以很多人都很好比较一下。 但这绝对是一个有趣的浏览器,需要密切注意,它基于Chromium,因此它的许多功能几乎与最新版本的Chrome一样,因此如果您经常使用Chrome,则非常熟悉。 你们有没有机会或受到邀请,我知道凯文,您只是得到了您,但是…

Patrick: Yeah, I did, I played around with it a little bit. According to Wikipedia it was developed by Tim Howes and Eric Bashera and Wikipedia says Tim Howes is the co-inventor of the Lightweight Directory Access Protocol, LDAP, I’m not sure if that will impress the techies in our audience or not because I have no idea what that is, but yeah.

帕特里克:是的,我做到了,我玩了一点。 根据Wikipedia的说法,它是由Tim Howes和Eric Bashera共同开发的,Wikipedia说Tim Howes是轻型目录访问协议LDAP的共同发明者,我不确定这是否会给我们的听众留下深刻的印象,因为我有不知道那是什么,但是是的。

Kevin: LDAP’s cool, I like LDAP.

凯文: LDAP很酷,我喜欢LDAP。

Brad: That’s impressive, yeah.

布拉德:令人印象深刻,是的。

Patrick: So that may not impress some of you techie guys out there, but anyway, I did play around with it and I think it is pretty slick. I do remember Flock, I remember playing around with Flock, but Flock doesn’t seem to have — didn’t seem to be as slick as this; I don’t know if that’s my memory or whatnot.

帕特里克(Patrick):因此,这可能不会给你们中的某些技术人员留下深刻的印象,但是无论如何,我确实玩过它,而且我认为它非常漂亮。 我确实记得弗洛克(Flock),我记得和弗洛克(Flock)一起玩耍,但是弗洛克(Flock)似乎没有-似乎不像这样光滑。 我不知道那是我的记忆还是什么。

Kevin: Flock was built on the Firefox platform.

凯文: Flock建立在Firefox平台上。

Patrick: Firefox, right, and this is Chromium.

帕特里克: Firefox,对,这就是Chromium。

Kevin: And according to their blog their last update was on August 6th and their last blog post was on September 14th of this year, so they’re still alive but I’m not sure you’d say they’re kicking.

凯文:根据他们的博客,他们的最新更新是在8月6日,而他们的最新博客是在今年9月14日,所以他们还活着,但我不确定你会说他们在踢。

Patrick: Right. And RockMelt’s based on Chromium which is the open-sourced code that Google Chrome pulls from. But like I was saying, it is really slick and it looks nice and it’s really Facebook, a lot of it is Facebook tied. On the left there’s a list of chat icons for people that are online on Facebook; right now there’s nothing I can see that would suggest any integration with any other instant messengers so right now it’s just Facebook Chat, so I don’t know if that’s coming or whatever or if they just plan to stick with Facebook, but that left side is basically Facebook users who are online, and the right side is your Facebook page updates and you can add RSS feeds in there from your websites you visit. One thing that I noticed that I found kind of strange was that its Twitter integration doesn’t use OpenAuth, it asks for email and password, and as such it doesn’t work or I couldn’t get it to work. Brad, did it work for you?

帕特里克:对。 RockMelt基于Chromium,这是Google Chrome从中获取的开源代码。 但是就像我说的那样,它确实很光滑,看起来很漂亮,而且确实是Facebook,其中很多与Facebook紧密相关。 在左侧,有一个聊天图标列表,用于在Facebook上在线的人。 现在,我看不到任何建议与任何其他即时通讯程序进行任何集成的消息,因此,现在只是Facebook聊天,所以我不知道这是否即将到来,或者他们是否打算继续使用Facebook,但是那边基本上是在线的Facebook用户,右侧是您的Facebook页面更新,您可以从您访问的网站在那里添加RSS feed。 我注意到的一件奇怪的事是,它的Twitter集成不使用OpenAuth,它要求输入电子邮件和密码,因此它不起作用,或者我无法使它起作用。 布拉德,对您有用吗?

Brad: No, I actually didn’t get my invite in time, so I got my invite about 10 minutes before the show.

布拉德:不,我实际上没有及时收到邀请,所以我在演出开始前约10分钟收到了邀请。

Kevin: But same as you, Patrick, I think I’ve seen a few reports of the Twitter support not working because of that reason.

凯文:但是和你一样,帕特里克,我想我已经看到了一些关于Twitter支持的报道,因为这个原因。

Patrick: Yeah, and it’s obviously not a finished product so obviously anything I mention is just of this pre-release build or whatever, but that aside it strikes me as a browser that is good for people who are good with dealing with distractions because there’s a lot going on here with your Facebook Fan Page number changing, I could see your Twitter saying new Tweets, new friends, new profile updates, and there is hide edges, and if you hide edges those things go away and go to the side, but otherwise you’ve got this ever changing list of chatters, your ever-updating status updates, and there’s just a lot going on.

帕特里克(Patrick):是的,而且显然不是最终产品,所以显然我提到的只是该预发布版本或其他内容,但是除此之外,它还是一款让我对那些善于处理干扰的人有用的浏览器,因为它您的Facebook粉丝专页号发生变化时,这里发生了很多事情,我可以看到您的Twitter上说新的Tweets,新的朋友,新的个人资料更新,并且有隐藏的边缘,如果您隐藏了边缘,这些东西就会消失并移到一边,但是除此之外,您将拥有不断变化的聊天者列表,不断更新的状态更新,并且还有很多事情要做。

Kevin: Browser not distracting enough? Try RockMelt!

凯文:浏览器不够吸引人吗? 尝试RockMelt!

Patrick: Yeah, I mean it is definitely social, definitely social, but I just wonder like what is the revenue model with browsers, right?

帕特里克:是的,我的意思是绝对是社交的,绝对是社交的,但是我只是想知道浏览器的收入模式是什么,对吗?

Kevin: Hmm, I’ve seen a lot of cynicism around RockMelt, which I suppose comes with any announcement on the Web that makes a big splash, you get a lot of cynicism, but it seems like I’ve only seen cynicism, I haven’t seen anyone say actually this is kind of cool. I’ve seen Merlin Mann point out that the RockMelt’s blog is hosted on Tumblr and the only thing they’re following on Tumblr is the official Tumblr Staff Blog, and so that’s not a big statement for the social nature of this group if they’re choosing a social blogging platform and not actually being social with it. I’ve seen people cynically saying, oh, RockMelt is seeking to solve the problem of Chrome’s distraction-free user interface. And, you know what just occurs to me is I think everyone kind of agreed that Flock was an interesting experiment but it seems to have been a failed experiment; if what people wanted was a browser with social integration, Flock had two runs at it. They had a red-hot try with their first release, and then they took a step back and thought well maybe we didn’t get the user interface quite right, we’re going to redesign and they did a second big release that had a whole different design, and still no great swell of support for it. So what is RockMelt doing differently? It seems like all they’re betting on is that Flock was too early and that they’re going to come at the right time.

凯文:嗯,我在RockMelt上看到了很多玩世不恭的想法,我想这是伴随着网络上任何引起轰动的公告而引起的,你得到了很多玩世不恭的感觉,但似乎我只看过玩世不恭的感觉,我还没有看到有人说这真的很酷。 我已经看到Merlin Mann指出 ,RockMelt的博客托管在Tumblr上,并且他们在Tumblr上唯一关注的是官方的Tumblr Staff博客,因此,对于该群体的社会性质而言,这并不是一个重大声明。重新选择一个社交博客平台,但实际上并不与之保持社交关系。 我见过有人嘲讽地说,哦,RockMelt正在寻求解决Chrome的无干扰用户界面的问题。 而且,您知道我所发生的就是我认为每个人都同意Flock是一个有趣的实验,但它似乎是一个失败的实验。 如果人们想要的是具有社交整合功能的浏览器,那么Flock可以运行两次。 他们在第一个版本上进行了大手笔的尝试,然后又退后一步,以为我们可能没有正确地使用用户界面,我们将重新设计,他们做了第二个大型版本,完全不同的设计,仍然没有很大的支持。 那么RockMelt有什么不同之处? 他们所押注的似乎只是Flock还为时过早,而且他们会在适当的时机到来。

Patrick: Oddly enough it seems to me like right now anyway because of the feature set it’s almost like a Facebook web browser, but the thing is if Facebook came out with a web browser what would it be, top five, top four in a few weeks just because of what Facebook could do to put it out there. So, it kind of feels like that and not to say there’s not an audience out there for this, but obviously they’ll have to find it and will that audience provide the money needed to pay a staff and recoup investors? I guess that’s the real question.

帕特里克(Patrick):奇怪的是,无论如何,由于该功能集,它现在看起来就像是一个Facebook Web浏览器,但事实是,如果Facebook推出了Web浏览器,它将是前五名,前四名仅仅因为Facebook可以做些什么而将其发布。 因此,感觉就是这样,而不是说那里没有听众,但显然他们必须找到听众,听众是否会提供支付员工和收回投资者所需的资金? 我想这是真正的问题。

Kevin: That’s a really good point, Patrick, that if there were a need for a Facebook browser, and even if that need weren’t recognized and RockMelt proved that there were a need for a Facebook browser, what’s gonna happen? Facebook’s gonna go, oh, there’s a need for a Facebook browser, let’s make one, and RockMelt will be out of business.

凯文:这是一个很好的观点,帕特里克,如果需要Facebook浏览器,即使这种需求没有得到认可,而RockMelt证明确实需要Facebook浏览器,那将会发生什么呢? Facebook要走了,哦,需要Facebook浏览器,让我们做一个,RockMelt就会倒闭。

Patrick: Exactly. Just like Twitter did with its website.

帕特里克:是的 。 就像Twitter对其网站所做的一样。

Kevin: Yeah.

凯文:是的。

Patrick: Exactly. And I did want to say, though, that I downloaded RockMelt before I downloaded Google Chrome.

帕特里克:是的 。 我确实想说,在下载Google Chrome之前,我先下载了RockMelt。

Kevin: Oh? (Laughs) I’m surprised it worked, I thought maybe they were betting on no one having actually done that and so Chrome might have been a dependency, but good, you’re a unique test case, Patrick, you should email them to tell them that. So, I’m not hearing a lot of love for RockMelt.

凯文:哦? (笑)我很惊讶它起作用了,我想也许他们押注没有人真正做到这一点,所以Chrome可能是一个依赖项,但是好吧,您是一个独特的测试用例,帕特里克,您应该通过电子邮件将它们发送给告诉他们。 因此,我听不到对RockMelt的热爱。

Brad: I’m kind of of the same mindset, I like the social features of it, but I like to keep that social stuff separate. I have TweetDeck, I like TweetDeck, but I also like to be able to turn it off if I need to. I like to keep it separate, I don’t have Facebook Chat open 24/7 for people to talk to me, especially not when I’m in my browser because as a developer typically during the day if I’m in the browser I’m working on something. So like Patrick said, I mean those distractions, they would be tough to deal with. It is nice you can turn it off quickly and easily, but I think that’s kind of the whole point of the thing so if you’re turning that off then you’re basically right back in Chrome so why are you even using it in the first place. So, for me I don’t think it’s something I would use, but it will be interesting to see how it evolves.

布拉德(Brad):我的心态相同,我喜欢它的社交特征,但是我喜欢将社交内容分开。 我有TweetDeck,我喜欢TweetDeck,但我也希望能够在需要时将其关闭。 我喜欢分开放置,我没有全天候24/7的Facebook Chat开放给人们与我交谈,尤其是当我在浏览器中时,我不喜欢这样做,因为作为开发人员,通常我白天在浏览器中时,正在做某事。 因此,就像帕特里克(Patrick)所说的那样,我的意思是那些分散注意力的东西很难应付。 可以快速轻松地将其关闭很高兴,但是我认为这很重要,因此,如果您将其关闭,则基本上可以重新使用Chrome,为什么还要在Chrome中使用它呢?第一名。 因此,对我来说,我不认为这是我要使用的东西,但是看看它如何发展会很有趣。

Kevin: On our last panel show we were talking about Opera and how they were trying to go for the feature-rich look. I wonder if Opera should implement a hide edges feature like RockMelt has, that might be cool.

凯文(Kevin):上一个面板展示中,我们谈论的是Opera,以及他们如何尝试呈现功能丰富的外观。 我想知道Opera是否应该实现RockMelt那样的隐藏边缘功能,这可能很酷。

We had a comment in response to that last episode saying that the one thing that Opera should do to improve their market share is change their name, that the Opera name is holding them back. Who wants to, you know, Opera, no one gets excited about Opera, that’s the thing you go and pay a lot of money to fall asleep in, right?

对于上一集,我们有一条评论说,Opera应该做的一件事就是提高他们的市场份额,改变他们的名字,Opera的名字阻止了他们。 谁想要(Opera),没有人对Opera(Opera)感到兴奋,那是您要花很多钱入睡的事情,对吗?

Stephan: What’s a RockMelt though? (Laughter)

史蒂芬:什么是RockMelt? (笑声)

Kevin: Come on, RockMelt! The icon’s pretty cool; it looks like the planet earth splitting apart.

凯文:加油,RockMelt! 图标很酷; 好像地球在分裂。

Patrick: When it comes to factual names Internet Explorer is the well-named browser in the land.

帕特里克(Patrick):关于实名,Internet Explorer是该国知名的浏览器。

Kevin: (Laughs) That’s true, yeah.

凯文:(笑)是的,是的。

Patrick: What’s a Firefox? What would we rename Opera to, I think that’s maybe a competition for the comments then: what should Opera be renamed, how about Awesome, download the new browser Awesome.

帕特里克:什么是Firefox? What would we rename Opera to, I think that's maybe a competition for the comments then: what should Opera be renamed, how about Awesome, download the new browser Awesome.

Kevin: Awesome browser! Opera should buy RockMelt’s name.

Kevin: Awesome browser! Opera should buy RockMelt's name.

I’m just looking up who made that comment because it was a good one; it was Matt Magain, our very own Matt Magain here at SitePoint. He said, “Seriously, Opera? What does your common layman think when they hear this word, expensive tickets for people old people to listen to performers in tights and wigs wail for hours; Firefox, now that’s a marketable name.”

I'm just looking up who made that comment because it was a good one; it was Matt Magain, our very own Matt Magain here at SitePoint. He said, “Seriously, Opera? What does your common layman think when they hear this word, expensive tickets for people old people to listen to performers in tights and wigs wail for hours; Firefox, now that's a marketable name.”

Patrick: Maybe they should call it AutoTune.

Patrick: Maybe they should call it AutoTune.

Kevin: Speaking of Firefox, our last big story for the show today is about Firesheep, a plugin, an extension for Firefox that is casting a harsh light on the security of the Web, and some of the assumptions that people, web developers like us make about security on the Web. We had an all hands meeting here at SitePoint for all the developers to discuss Firesheep because it is big news.

Kevin: Speaking of Firefox, our last big story for the show today is about Firesheep, a plugin, an extension for Firefox that is casting a harsh light on the security of the Web, and some of the assumptions that people, web developers like us make about security on the Web. We had an all hands meeting here at SitePoint for all the developers to discuss Firesheep because it is big news.

This extension essentially let’s you have a sidebar in your Firefox browser that monitors the Wi-Fi network that you’re on, assuming you are on an open Wi-Fi network with no password or encryption. It lets you monitor that network and anyone else who is active on that network who signs in to a well known site like Facebook or Twitter or Google or others that it supports, GitHub out of the box it supported for example, anyone who signs in to one of those sites their browser receives a session cookie, and that cookie is meant to be temporary and it allows them to continue accessing that site without having to re-enter their password for every page that they view. So they enter their username and password, the site sends them a cookie and then their browser holds on to that cookie for as long as it’s open or until that cookie expires, and it sends that cookie with every page request. And this Firesheep extension monitors your network for those cookies flying back and forth and says, hey look, Kevin signed in to Twitter, hey look, Patrick signed in to Facebook, and it pops up in a sidebar the people’s names, their photos, their account, and here’s where it gets really scary, if you click on one of those it takes over their session, it hijacks their session by capturing that session cookie that was spotted on the network and using it in your own Firefox browser to impersonate that person and log into that site as if you were them, as if you were taking part in the session that they entered their username and password for. So this is scary stuff. It was covered in one of Melbourne’s daily newspapers, The Age, so this is not only — not only does it make this sort of security exploit easier than ever before but it is also getting massive mainstream news coverage. There’s no hiding from this, it seems like session cookies are in big trouble. What do you think, guys?

This extension essentially let's you have a sidebar in your Firefox browser that monitors the Wi-Fi network that you're on, assuming you are on an open Wi-Fi network with no password or encryption. It lets you monitor that network and anyone else who is active on that network who signs in to a well known site like Facebook or Twitter or Google or others that it supports, GitHub out of the box it supported for example, anyone who signs in to one of those sites their browser receives a session cookie, and that cookie is meant to be temporary and it allows them to continue accessing that site without having to re-enter their password for every page that they view. So they enter their username and password, the site sends them a cookie and then their browser holds on to that cookie for as long as it's open or until that cookie expires, and it sends that cookie with every page request. And this Firesheep extension monitors your network for those cookies flying back and forth and says, hey look, Kevin signed in to Twitter, hey look, Patrick signed in to Facebook, and it pops up in a sidebar the people's names, their photos, their account, and here's where it gets really scary, if you click on one of those it takes over their session, it hijacks their session by capturing that session cookie that was spotted on the network and using it in your own Firefox browser to impersonate that person and log into that site as if you were them, as if you were taking part in the session that they entered their username and password for. So this is scary stuff. It was covered in one of Melbourne's daily newspapers , The Age, so this is not only — not only does it make this sort of security exploit easier than ever before but it is also getting massive mainstream news coverage. There's no hiding from this, it seems like session cookies are in big trouble. What do you think, guys?

Stephan: I mean this is basic packet sniffing, right? This is just a GUI for it.

Stephan: I mean this is basic packet sniffing, right? This is just a GUI for it.

Kevin: Right.

凯文:对。

Stephan: So it’s not like this is new, it’s not like it’s a new problem, it’s just made it available for…

Stephan: So it's not like this is new, it's not like it's a new problem, it's just made it available for…

Brad: The noobs.

Brad: The noobs.

Stephan: …normal Joe Schmo.

Stephan: …normal Joe Schmo.

Patrick: Which is the problem.

Patrick: Which is the problem.

Stephan: Yeah, which is the problem, right, but that’s not true necessarily, Patrick. I think the problem really is the lack of SSL, right, because simply using SSL on a web server would solve this problem.

Stephan: Yeah, which is the problem, right, but that's not true necessarily, Patrick. I think the problem really is the lack of SSL, right, because simply using SSL on a web server would solve this problem.

Kevin: That is the, yeah, the instant cure-all; if every site that required people to login with a username and password used SSL (Secure Socket Layer), whenever you’re on a site with ‘https’ at the start of the URL instead of ‘http’ your browser’s communicating with it over an encrypted channel, and so if you sign in using that not only are your username and password encrypted, but the session cookie that comes back to your browser is also encrypted and if the developers of that website did the right thing and marked that cookie as secure, which means the browser will only send that session cookie with encrypted requests, then that session cookie is safe, it’s encrypted and it cannot be hijacked by a tool like Firesheep.

Kevin: That is the, yeah, the instant cure-all; if every site that required people to login with a username and password used SSL (Secure Socket Layer), whenever you're on a site with 'https' at the start of the URL instead of 'http' your browser's communicating with it over an encrypted channel, and so if you sign in using that not only are your username and password encrypted, but the session cookie that comes back to your browser is also encrypted and if the developers of that website did the right thing and marked that cookie as secure, which means the browser will only send that session cookie with encrypted requests, then that session cookie is safe, it's encrypted and it cannot be hijacked by a tool like Firesheep.

So Eric Butler, the author of Fire Sheep, posted a blog post 24 hours after he released his tool, and he seems to think “mission accomplished”, that the point he was trying to make, as you say Stephan, this isn’t a new thing; these security holes in sites like Facebook and Twitter and Google, these security holes have existed for years. And just because there hasn’t been a tool that anyone can install if they know how to install Firefox extensions doesn’t mean that this sort of security vulnerability didn’t exist. Anyone with the rudimentary knowledge it takes to use a TCP/IP packet sniffer on a Wi-Fi network, and I know that sounds technical, but really if you had a reason to do it and you had a week to read up on it, I think anyone who’s a relatively confident computer user could figure out how to do it.

So Eric Butler, the author of Fire Sheep, posted a blog post 24 hours after he released his tool , and he seems to think “mission accomplished”, that the point he was trying to make, as you say Stephan, this isn't a new thing; these security holes in sites like Facebook and Twitter and Google, these security holes have existed for years. And just because there hasn't been a tool that anyone can install if they know how to install Firefox extensions doesn't mean that this sort of security vulnerability didn't exist. Anyone with the rudimentary knowledge it takes to use a TCP/IP packet sniffer on a Wi-Fi network, and I know that sounds technical, but really if you had a reason to do it and you had a week to read up on it, I think anyone who's a relatively confident computer user could figure out how to do it.

Patrick: I think 99% of the downloads are for script kiddies.

Patrick: I think 99% of the downloads are for script kiddies.

Kevin: Yeah. The point is that now there is no ignoring this problem, whereas before the problem did exist and someone who had a motive to compromise your Twitter account or your Facebook account could do it, but you didn’t necessarily know that they could because this problem was swept under the rug and ignored by web developers.

凯文:是的。 The point is that now there is no ignoring this problem, whereas before the problem did exist and someone who had a motive to compromise your Twitter account or your Facebook account could do it, but you didn't necessarily know that they could because this problem was swept under the rug and ignored by web developers.

Patrick: Now, speaking realistically though, if we look at SSL certificates and we recognize that doing that incurs additional expense, small as it may be…

Patrick: Now, speaking realistically though, if we look at SSL certificates and we recognize that doing that incurs additional expense, small as it may be…

Kevin: Sure does. Sure does.

Kevin: Sure does. Sure does.

Patrick: …if you make money from the Web I mean conventional wisdom is that if you took credit cards you had an SSL cert, otherwise if you were like a forum, for example, you didn’t need that. So, I mean the reality is that the big guys and the big companies will pretty easily adapt to this, but I think the people that are going to need a lot of help are the average website owner, the average forum owner who we all use software that is good software, vBulletin and phpBB, etcetera, that we have for these user accounts and we don’t have an SSL cert because conventional wisdom and knowledge has always told us we didn’t need it. So, now the cost of running a website if this is to be believed as a requirement for all cookies or account management online, goes up a little bit, and I think that’s where we’re going to see a problem here maybe isn’t so much with Facebook who can change it relatively easily, relatively quickly, I know they have a lot of things to take into account but they also have developer resource, and I just don’t know how small webmasters and owners are going to be able to deal with this except that the more savvy ones will probably follow tutorials that will soon be posted by all the software vendors.

Patrick: …if you make money from the Web I mean conventional wisdom is that if you took credit cards you had an SSL cert, otherwise if you were like a forum, for example, you didn't need that. So, I mean the reality is that the big guys and the big companies will pretty easily adapt to this, but I think the people that are going to need a lot of help are the average website owner, the average forum owner who we all use software that is good software, vBulletin and phpBB, etcetera, that we have for these user accounts and we don't have an SSL cert because conventional wisdom and knowledge has always told us we didn't need it. So, now the cost of running a website if this is to be believed as a requirement for all cookies or account management online, goes up a little bit, and I think that's where we're going to see a problem here maybe isn't so much with Facebook who can change it relatively easily, relatively quickly, I know they have a lot of things to take into account but they also have developer resource, and I just don't know how small webmasters and owners are going to be able to deal with this except that the more savvy ones will probably follow tutorials that will soon be posted by all the software vendors.

Kevin: Mmm-hmm. I think if anything you’re understating this, Patrick, I think this increases the price a lot for people who own small websites. I mean what is the base level webhosting here? You might spend for a DreamHost account a couple of hundred dollars a year to host a site, and you’re going to pay a similar amount for a year’s SSL certificate, so this could easily double someone’s hosting bill.

Kevin: Mmm-hmm. I think if anything you're understating this, Patrick, I think this increases the price a lot for people who own small websites. I mean what is the base level webhosting here? You might spend for a DreamHost account a couple of hundred dollars a year to host a site, and you're going to pay a similar amount for a year's SSL certificate, so this could easily double someone's hosting bill.

Stephan: Not to mention the time involved with setting up the cert and monitoring the cert and all that junk.

Stephan: Not to mention the time involved with setting up the cert and monitoring the cert and all that junk.

Kevin: Yeah.

凯文:是的。

Stephan: I mean SSL certs, they’re intimidating, they’re intimidating to me; when you look at the requirements to set them up it’s a lot of work.

Stephan: I mean SSL certs, they're intimidating, they're intimidating to me; when you look at the requirements to set them up it's a lot of work.

Kevin: It’s a lot of work and the sites that sell these certificates are really badly designed. I’ve had to buy these certificates before, and you end up at a form that says do you want this type of certificate, this type of certificate, or this type of certificate, and none of the three options sound like what you want, they all refer to Microsoft server technologies from the mid 1990s, and you’re like, well, what do I want? And you contact the company and you get an auto reply pointing to their frequently asked questions which is equally cryptic. I suppose this is an opportunity for someone to come and maybe this is what makes SSL certificates a mainstream enough product that someone with some real quality customer service can afford to start a business selling these things.

Kevin: It's a lot of work and the sites that sell these certificates are really badly designed. I've had to buy these certificates before, and you end up at a form that says do you want this type of certificate, this type of certificate, or this type of certificate, and none of the three options sound like what you want, they all refer to Microsoft server technologies from the mid 1990s, and you're like, well, what do I want? And you contact the company and you get an auto reply pointing to their frequently asked questions which is equally cryptic. I suppose this is an opportunity for someone to come and maybe this is what makes SSL certificates a mainstream enough product that someone with some real quality customer service can afford to start a business selling these things.

Brad: Yeah, look at VeriSign, I think they have six, eight, ten different levels of SSL certificates, and if you don’t know what you’re doing how do you know which one to buy? I mean they have the standard but they make it sound like it’s the worst thing in the world and you shouldn’t use it because it’s not as encrypted as something that costs three times as much.

Brad: Yeah, look at VeriSign, I think they have six, eight, ten different levels of SSL certificates, and if you don't know what you're doing how do you know which one to buy? I mean they have the standard but they make it sound like it's the worst thing in the world and you shouldn't use it because it's not as encrypted as something that costs three times as much.

Patrick: It’s funny you should say that because I typed in the SSL cert and I went and the first thing that came up for me was godaddy.com’s page, and godaddy.com offers a “standard SSL” and a “premium SSL that is ideal for ecommerce.” And I asked what’s the difference, I didn’t know you could have a million different SSL types but I guess that’s possible; I thought there was just one cert.

Patrick: It's funny you should say that because I typed in the SSL cert and I went and the first thing that came up for me was godaddy.com's page, and godaddy.com offers a “standard SSL” and a “premium SSL that is ideal for ecommerce.” And I asked what's the difference, I didn't know you could have a million different SSL types but I guess that's possible; I thought there was just one cert.

Kevin: Yeah, there’s all sorts of things, how many bits of encryption are in the certificate— well, how large the certificate is in bits, how many certificates are in the chain which affects the performance of the certificate; it’s a whole black art that, yeah, the vast majority of web developers—

Kevin: Yeah, there's all sorts of things, how many bits of encryption are in the certificate— well, how large the certificate is in bits, how many certificates are in the chain which affects the performance of the certificate; it's a whole black art that, yeah, the vast majority of web developers—

Brad: If you want the address bar to be green?

Brad: If you want the address bar to be green?

Kevin: Yeah! Do you want the green one or the not green one?

Kevin: Yeah! Do you want the green one or the not green one?

Brad: If you don’t buy the pro then it doesn’t go green, I mean that’s like what? (Laughter)

Brad: If you don't buy the pro then it doesn't go green, I mean that's like what? (笑声)

Kevin: My browser, Safari, basically treats the standard SSL certificates, it virtually ignores them, like you go to a site with https and it doesn’t actually show any level of security, there’s no lock icon, there’s nothing; you really have to have one of those green ones for the browser to go, oh yeah, you should trust this site.

Kevin: My browser, Safari, basically treats the standard SSL certificates, it virtually ignores them, like you go to a site with https and it doesn't actually show any level of security, there's no lock icon, there's nothing; you really have to have one of those green ones for the browser to go, oh yeah, you should trust this site.

Brad: I like Firesheep, I think it’s a great thing because it has us talking about it and it has, even these smaller sites, they’re eventually going to start hearing about this and what they can do to kind of lock down their site, so it’s definitely put a focus on the entire topic which I mean it sounds like that was kind of the point of it anyway. This could certainly have been released as more of a malicious, hey, let’s attack everybody that we can, and it was moreso like, hey, let’s get the conversation started and talk about it. I mean I could see in a few years from now it being the default that any site with a login has to run https, almost like when we go to a checkout at ecommerce, I mean everyone from us up to our parents and grandparents know to look for https because that’s what we’ve been taught since we first started buying stuff online, I think eventually it will get to that point with logins.

Brad: I like Firesheep, I think it's a great thing because it has us talking about it and it has, even these smaller sites, they're eventually going to start hearing about this and what they can do to kind of lock down their site, so it's definitely put a focus on the entire topic which I mean it sounds like that was kind of the point of it anyway. This could certainly have been released as more of a malicious, hey, let's attack everybody that we can, and it was moreso like, hey, let's get the conversation started and talk about it. I mean I could see in a few years from now it being the default that any site with a login has to run https, almost like when we go to a checkout at ecommerce, I mean everyone from us up to our parents and grandparents know to look for https because that's what we've been taught since we first started buying stuff online, I think eventually it will get to that point with logins.

Kevin: We rag on Internet Explorer a lot on this show, but if you think back you’ll probably remember that Internet Explorer was one of the few browsers that had a warning message when you submitted a form on a non-https site by default. This was one of these messages that you usually encountered in the first ten minutes of using any Windows computer that was set up from scratch, the browser would go “You’re submitting a form over non-secure channels, are you sure you want to allow this?”, and invariably you would tick the box that said “Never tell me about this again, what are you paranoid?”, and you would submit the form. But it seems like we may be seeing a return of that error message without that check box because, yeah, like you said, Brad, we may be entering a brave new world where really users don’t trust a form that you have to submit without https even if all you’re submitting is a mundane blog comment.

Kevin: We rag on Internet Explorer a lot on this show, but if you think back you'll probably remember that Internet Explorer was one of the few browsers that had a warning message when you submitted a form on a non-https site by default. This was one of these messages that you usually encountered in the first ten minutes of using any Windows computer that was set up from scratch, the browser would go “You're submitting a form over non-secure channels, are you sure you want to allow this?”, and invariably you would tick the box that said “Never tell me about this again, what are you paranoid?”, and you would submit the form. But it seems like we may be seeing a return of that error message without that check box because, yeah, like you said, Brad, we may be entering a brave new world where really users don't trust a form that you have to submit without https even if all you're submitting is a mundane blog comment.

Patrick: And as I kind of expressed, I see how this is a good thing, but I don’t know, I see this tool mostly being used maliciously and I guess that’s the point, but also just for the expense point I think you’re going to scare a lot of people away from running a social website at all, and I don’t think that’s a good thing. I know you referenced the comment from Matt about being a layman, as a layman here, the resident layman, just in my mind is there something that can be done on the browser side to cut this off? Is there something that web hosts can do as an industry to make this easier for small webmasters? I don’t know, maybe it’s not possible, maybe that’s not how the Web is built, but I’d be curious to see if there was some solution that could be found other than making every webmaster in the world that has a login buy an SSL cert.

Patrick: And as I kind of expressed, I see how this is a good thing, but I don't know, I see this tool mostly being used maliciously and I guess that's the point, but also just for the expense point I think you're going to scare a lot of people away from running a social website at all, and I don't think that's a good thing. I know you referenced the comment from Matt about being a layman, as a layman here, the resident layman, just in my mind is there something that can be done on the browser side to cut this off? Is there something that web hosts can do as an industry to make this easier for small webmasters? I don't know, maybe it's not possible, maybe that's not how the Web is built, but I'd be curious to see if there was some solution that could be found other than making every webmaster in the world that has a login buy an SSL cert.

Kevin: Yep. There’s a conversation to be had about unencrypted Wi-Fi networks because that is a requirement for this Firesheep tool to work; if you’re on a Wi-Fi network that requires a password to login even if it’s very simple encryption it’s going to trip it up. I’m not saying there’s no way to hack that, but certainly it’s going to make it a lot more difficult to implement this kind of attack. But there are plenty of hotel Wi-Fi’s and airport Wi-Fi’s that they are unencrypted networks that once you connect to them they prompt you for a password or credit card details in order to actually use the thing. So one of the things this tool is highlighting is the insecurity of those kind of networks, that Wi-Fi encryption was invented for a reason, and as inconvenient as it might make it to charge for access to a wireless network using an unencrypted network is risky because you’re effectively sharing all of your network traffic or at least your non-encrypted network traffic with everyone else who’s on that network.

凯文:是的 。 There's a conversation to be had about unencrypted Wi-Fi networks because that is a requirement for this Firesheep tool to work; if you're on a Wi-Fi network that requires a password to login even if it's very simple encryption it's going to trip it up. I'm not saying there's no way to hack that, but certainly it's going to make it a lot more difficult to implement this kind of attack. But there are plenty of hotel Wi-Fi's and airport Wi-Fi's that they are unencrypted networks that once you connect to them they prompt you for a password or credit card details in order to actually use the thing. So one of the things this tool is highlighting is the insecurity of those kind of networks, that Wi-Fi encryption was invented for a reason, and as inconvenient as it might make it to charge for access to a wireless network using an unencrypted network is risky because you're effectively sharing all of your network traffic or at least your non-encrypted network traffic with everyone else who's on that network.

Stephan: That’s the amazing thing, and that’s kind of one of the things I wanted to talk about, Kevin, was you know a lot of people call for open Wi-Fi, they want Wi-Fi in their city or they want Wi-Fi in their airport, whatever; but think about that, think about the airport Wi-Fi, at any major airport, and everyone is using it and people are browsing Facebook, people are browsing whatever, and these people are having their stuff basically snatched out of the air, their sessions snatched out of the air, and they don’t even know it. And it’s because they’re just, oh, I’m just going to flip on my phone and use the Wi-Fi; I’d much rather have either pay or some kind of password protection and know that people — even then, though, how do you trust the people on the paid network, I mean you don’t. I don’t think that’s actually a solvable—

Stephan: That's the amazing thing, and that's kind of one of the things I wanted to talk about, Kevin, was you know a lot of people call for open Wi-Fi, they want Wi-Fi in their city or they want Wi-Fi in their airport, whatever; but think about that, think about the airport Wi-Fi, at any major airport, and everyone is using it and people are browsing Facebook, people are browsing whatever, and these people are having their stuff basically snatched out of the air, their sessions snatched out of the air, and they don't even know it. And it's because they're just, oh, I'm just going to flip on my phone and use the Wi-Fi; I'd much rather have either pay or some kind of password protection and know that people — even then, though, how do you trust the people on the paid network, I mean you don't. I don't think that's actually a solvable—

Brad: Trust no one.

Brad: Trust no one.

Stephan: Exactly. Trust no one.

史蒂芬:是的 。 Trust no one.

Kevin: I suppose the proper way to do that today would be that you have an unencrypted network that people can connect to in order to sign up for access to the paid one or all it does is host a web page that says the password for the protected network is this and then you go and connect to the protected network. It’s a sorry state of affairs; really just Wi-Fi was not architected for public access I suppose.

Kevin: I suppose the proper way to do that today would be that you have an unencrypted network that people can connect to in order to sign up for access to the paid one or all it does is host a web page that says the password for the protected network is this and then you go and connect to the protected network. It's a sorry state of affairs; really just Wi-Fi was not architected for public access I suppose.

But coming back to how this affects web developers, I want to talk a bit about some of the fallout; the response from some of these major sites, like the response from Facebook has not been encouraging. They said, yes, we agree Firesheep has exposed a big vulnerability in the way that we handle sessions and we’re getting right to work on it, we agree we need to switch to SSL, but it’s going to take us about six months to do so. And if Facebook can’t afford to switch to SSL overnight with all of the talented engineers they likely have, I mean obviously that’s offset by the complexity of their website and their platform and the application providers that they need to integrate with, but nevertheless six months is a lot of time in Facebook time. Whereas a smaller player like GitHub, who I mentioned before were included, and it’s funny, if you’re not familiar with GitHub it’s kind of the modern day SourceForge; it’s where all the cool kids host their open source project code, it’s a social environment for hosting Git repositories, Git being a distributed version control system. And the source code to Firesheep is hosted on GitHub, and yet Firesheep compromises GitHub accounts by design. So, you know, you really got to hand it to GitHub, their initial reaction could’ve very easily been canceling Firesheep’s account and throwing away that code because they were hosting the code to hack GitHub on GitHub. But rather they stuck to their ideals and they said, you know what, this guy has a point and within the first 24 hours they had switched GitHub over to SSL, to https, which was previously a feature of their premium paid accounts. Now all of GitHub traffic is done over https because as Eric Butler, the author of Firesheep pointed out, basic security and privacy should not be a premium feature on the Web, so they switched it over. And even then, like these are talented developers who work at GitHub, they had to have a couple of cracks at it to get it right; initially they did switch all of their URLs over to https, but they forgot to as I mention mark their session cookie as secure. And so people who type github.com into their browser, what the browser would do is go to github.com just http://github.com, the non-secure URL, and when it made that request it would send the session cookie unencrypted and Firesheep would catch it, even though the site would respond by saying sorry that URL is no longer valid we’re redirecting you to the secure version of the site, so they were still leaking their session cookies. So if talented, clued-in developers like the people at GitHub who do web development professionally day-in and day-out can make that sort of mistake I think it will be a while before we see “mom and pop” blog sites being able to successfully not only buy an SSL certificate but implement it securely.

But coming back to how this affects web developers, I want to talk a bit about some of the fallout; the response from some of these major sites, like the response from Facebook has not been encouraging. They said, yes, we agree Firesheep has exposed a big vulnerability in the way that we handle sessions and we're getting right to work on it, we agree we need to switch to SSL, but it's going to take us about six months to do so. And if Facebook can't afford to switch to SSL overnight with all of the talented engineers they likely have, I mean obviously that's offset by the complexity of their website and their platform and the application providers that they need to integrate with, but nevertheless six months is a lot of time in Facebook time. Whereas a smaller player like GitHub, who I mentioned before were included, and it's funny, if you're not familiar with GitHub it's kind of the modern day SourceForge; it's where all the cool kids host their open source project code, it's a social environment for hosting Git repositories, Git being a distributed version control system. And the source code to Firesheep is hosted on GitHub, and yet Firesheep compromises GitHub accounts by design. So, you know, you really got to hand it to GitHub, their initial reaction could've very easily been canceling Firesheep's account and throwing away that code because they were hosting the code to hack GitHub on GitHub. But rather they stuck to their ideals and they said, you know what, this guy has a point and within the first 24 hours they had switched GitHub over to SSL, to https, which was previously a feature of their premium paid accounts. Now all of GitHub traffic is done over https because as Eric Butler, the author of Firesheep pointed out, basic security and privacy should not be a premium feature on the Web, so they switched it over. And even then, like these are talented developers who work at GitHub, they had to have a couple of cracks at it to get it right; initially they did switch all of their URLs over to https, but they forgot to as I mention mark their session cookie as secure. And so people who type github.com into their browser, what the browser would do is go to github.com just http://github.com, the non-secure URL, and when it made that request it would send the session cookie unencrypted and Firesheep would catch it, even though the site would respond by saying sorry that URL is no longer valid we're redirecting you to the secure version of the site, so they were still leaking their session cookies. So if talented, clued-in developers like the people at GitHub who do web development professionally day-in and day-out can make that sort of mistake I think it will be a while before we see “mom and pop” blog sites being able to successfully not only buy an SSL certificate but implement it securely.

Brad: I think it’s also good to note that a lot of really large sites do support SSL and they just don’t really announce it; they don’t tell you. Like if you go to Twitter and you go to https://twitter.com it works, it will log you in and you’ll stay on https the entire time you’re there. Same with like wordpress.com, I mean there are a lot of sites that support it they just don’t actively promote that it’s available so it’s always if you’re ever curious just try it; if you’re on a site you use a lot type in https and see if they’re set up and see if it’s functional with SSL encryption.

Brad: I think it's also good to note that a lot of really large sites do support SSL and they just don't really announce it; they don't tell you. Like if you go to Twitter and you go to https://twitter.com it works, it will log you in and you'll stay on https the entire time you're there. Same with like wordpress.com, I mean there are a lot of sites that support it they just don't actively promote that it's available so it's always if you're ever curious just try it; if you're on a site you use a lot type in https and see if they're set up and see if it's functional with SSL encryption.

Stephan: I don’t get the green thing with Twitter, though; I don’t get the green bar. They didn’t buy the premium service.

Stephan: I don't get the green thing with Twitter, though; I don't get the green bar. They didn't buy the premium service.

Kevin: No, no. They got a basic one.

Kevin: No, no. They got a basic one.

Patrick: If Twitter doesn’t supply me with identity information, I’m not sure I should trust them anymore.

Patrick: If Twitter doesn't supply me with identity information, I'm not sure I should trust them anymore.

Kevin: (Laughs) Uh, yeah. Invariably one of the leaders in this sort of stuff, you know, where technology should be going, is Google; and if you look at what Google’s doing with SSL, well, they earlier this year announced Secure Search option, so you can go to encrypted.google.com, which is the https version of Google Search, and you can perform Google searches on an SSL protected website, and their blog post on the subject really talks about this in terms of the protection, the privacy it affords you over what you’re searching for. So, if you don’t want other people on your network or the Internet to be able to spy on what search terms you’re typing into Google this is what you should use, that’s what the blog post says. But in the light of Firesheep we’re really thinking in terms of our Google accounts because for many people your Google account is possibly one of your most valuable username and password combinations that you use on the Web, probably second only to your online banking account. Because it not only protects your Google Search history but also often your Gmail account, possibly your Google Documents which could be full of all sorts of work sensitive stuff or personal documents; it’s a big worry if this account gets out there, and your Google account is definitely one of those things that Firesheep is going to be spying for if you’re on an open Wi-Fi network. So, Google is definitely making moves towards embracing SSL; Gmail went all https earlier this year I think it was, so there is no way to access Gmail over a non-encrypted connection, but in order to get that Google session cookie, that thing that keeps you logged into Google as you go about your business throughout the day, in order to make that thing only transmitted over SSL, Google is going to have to convert all of their websites to SSL only. There’s just no way around it, it is kind of an all or nothing proposition; Google can still serve non-SSL protected pages but those pages will not be able to see your session cookie and therefore cannot give you user specific information. And Google is having trouble getting this SSL stuff deployed, obviously they’ve got tons of services to get it across, but even something as arguably simple as their search service they’ve had some pushback from some clients in schools. They posted a blog post on the official Google Enterprise Blog entitled “An Update on Encrypted Web Search in Schools.”

Kevin: (Laughs) Uh, yeah. Invariably one of the leaders in this sort of stuff, you know, where technology should be going, is Google; and if you look at what Google's doing with SSL, well, they earlier this year announced Secure Search option, so you can go to encrypted.google.com, which is the https version of Google Search, and you can perform Google searches on an SSL protected website, and their blog post on the subject really talks about this in terms of the protection, the privacy it affords you over what you're searching for. So, if you don't want other people on your network or the Internet to be able to spy on what search terms you're typing into Google this is what you should use, that's what the blog post says. But in the light of Firesheep we're really thinking in terms of our Google accounts because for many people your Google account is possibly one of your most valuable username and password combinations that you use on the Web, probably second only to your online banking account. Because it not only protects your Google Search history but also often your Gmail account, possibly your Google Documents which could be full of all sorts of work sensitive stuff or personal documents; it's a big worry if this account gets out there, and your Google account is definitely one of those things that Firesheep is going to be spying for if you're on an open Wi-Fi network. So, Google is definitely making moves towards embracing SSL; Gmail went all https earlier this year I think it was, so there is no way to access Gmail over a non-encrypted connection, but in order to get that Google session cookie, that thing that keeps you logged into Google as you go about your business throughout the day, in order to make that thing only transmitted over SSL, Google is going to have to convert all of their websites to SSL only. There's just no way around it, it is kind of an all or nothing proposition; Google can still serve non-SSL protected pages but those pages will not be able to see your session cookie and therefore cannot give you user specific information. And Google is having trouble getting this SSL stuff deployed, obviously they've got tons of services to get it across, but even something as arguably simple as their search service they've had some pushback from some clients in schools. They posted a blog post on the official Google Enterprise Blog entitled “ An Update on Encrypted Web Search in Schools .”

I don’t know; is this a meme at the moment that any blog post with bad news the title has to start with ‘An Update on blah’? Have you guys noticed this? I think when the bookmarking service was going down it was like ‘An Update on our Business’ and it’s like our business is shutting down, that’s the update.

我不知道; is this a meme at the moment that any blog post with bad news the title has to start with 'An Update on blah'? Have you guys noticed this? I think when the bookmarking service was going down it was like 'An Update on our Business' and it's like our business is shutting down, that's the update.

Patrick: There will be no further updates.

Patrick: There will be no further updates.

Kevin: (Laughs) When Google Wave was cancelled Google said, “An Update on Google Wave,” and it’s like, yeah, the bad news is it’s cancelled. So, their update on encrypted web search is we think it’s a good idea for people to be able to protect their searches with SSL, but schools, a lot of schools have content filters on their networks that need to protect students from being able to make objectionable searches and seeing objectionable search results, and in order for that technology to work, well, those filters need to be able to spy on the traffic on the Google Search site, and since they’re not able to Google said, oh okay, well we’re going to make our encrypted search optional, we’re going to put it on a separate domain, encrypted.google.com instead of just google.com, and if a school has a problem with their students doing encrypted web searches that they can’t filter well they can block encrypted.google.com. I don’t know how much longer they can do this. If non-SSL traffic is very quickly becoming insecure these filters might be out of business and in a real hurry.

Kevin: (Laughs) When Google Wave was cancelled Google said, “An Update on Google Wave,” and it's like, yeah, the bad news is it's cancelled. So, their update on encrypted web search is we think it's a good idea for people to be able to protect their searches with SSL, but schools, a lot of schools have content filters on their networks that need to protect students from being able to make objectionable searches and seeing objectionable search results, and in order for that technology to work, well, those filters need to be able to spy on the traffic on the Google Search site, and since they're not able to Google said, oh okay, well we're going to make our encrypted search optional, we're going to put it on a separate domain, encrypted.google.com instead of just google.com, and if a school has a problem with their students doing encrypted web searches that they can't filter well they can block encrypted.google.com. I don't know how much longer they can do this. If non-SSL traffic is very quickly becoming insecure these filters might be out of business and in a real hurry.

Patrick: I guess why is the Web is built like this, right? I think that’s the question right now is the Web needs to slowly change to be built like this, and if it’s going to happen on a mass basis obviously, or I think anyway, that SSL certificates as we’ve kind of discussed are going to have to get cheaper and easier to install. And so as an SSL provider is that a good thing or is it a bad thing; if everyone owns one then how much, I don’t know, I guess it has to be a good thing overall, but if they’re going to be driven down in price by more competition then I guess what we know as SSLs now, which is mainly a business tool, that’s going to change if every website that exchanges information in this manner which is most websites we visit in this day and age have some sort of account feature, it’s going to change how we think of it. I don’t even own an SSL cert for anything because I don’t sell any products, so I don’t know.

Patrick: I guess why is the Web is built like this, right? I think that's the question right now is the Web needs to slowly change to be built like this, and if it's going to happen on a mass basis obviously, or I think anyway, that SSL certificates as we've kind of discussed are going to have to get cheaper and easier to install. And so as an SSL provider is that a good thing or is it a bad thing; if everyone owns one then how much, I don't know, I guess it has to be a good thing overall, but if they're going to be driven down in price by more competition then I guess what we know as SSLs now, which is mainly a business tool, that's going to change if every website that exchanges information in this manner which is most websites we visit in this day and age have some sort of account feature, it's going to change how we think of it. I don't even own an SSL cert for anything because I don't sell any products, so I don't know.

Kevin: Yeah, ditto.

凯文:是的,同上。

Patrick: I’m not looking forward to the expense of it. I’m not rushing to do it right now, I mean obviously I, myself, kind of a small time webmaster, one-man operation, I’ll be like most of the people in that space probably waiting to see what the fallout on this is and how it becomes easier for us to take advantage of it, because as it is right now I won’t do it and I really am not sure how to integrate it with phpBB at the moment.

Patrick: I'm not looking forward to the expense of it. I'm not rushing to do it right now, I mean obviously I, myself, kind of a small time webmaster, one-man operation, I'll be like most of the people in that space probably waiting to see what the fallout on this is and how it becomes easier for us to take advantage of it, because as it is right now I won't do it and I really am not sure how to integrate it with phpBB at the moment.

Kevin: Yeah, it’s tough. At SitePoint we got flippa.com which is I suppose the site that is doing the most “real money” sort of transactions on it, we got that ported over to SSL in the first 24 hours after Fire Sheep was brought to our attention, so flippa.com is all SSL now as a direct result of this story. Sites like 99designs.com are probably going to have to come very close after, and certainly new sites that we’re building like learnable.com, they’re being designed with SSL encryption from day one just because I don’t think we can afford to keep doing it the old way.

Kevin: Yeah, it's tough. At SitePoint we got flippa.com which is I suppose the site that is doing the most “real money” sort of transactions on it, we got that ported over to SSL in the first 24 hours after Fire Sheep was brought to our attention, so flippa.com is all SSL now as a direct result of this story. Sites like 99designs.com are probably going to have to come very close after, and certainly new sites that we're building like learnable.com , they're being designed with SSL encryption from day one just because I don't think we can afford to keep doing it the old way.

But, yeah, massive sites like the SitePoint Forums, adapting that for SSL and doing it in an airtight, blanket way it’s going to be hard to do, and I wish we had the engineers that Facebook had, but I think we’ll be lucky to do it in six months as well, it’s really tough. Just before we move on this story I just want to point out that there’s a great blog post at ImperialViolet, and this is by Adam Langley, it’s his personal blog, he’s a software engineer at Google who works on their SSL stuff, so this blog post, Overclocking SSL, it dispels some great myths about SSL, there’s this commonly held belief among developers that’s been passed down as conventional wisdom over the years that SSL is a slow and performance expensive technology that any request that’s done over SSL takes a lot of CPU power, not only from your servers but also from your client’s web browser as well. They’ve done the experiments and they say that is no longer the case, modern computers and modern servers have no problem keeping up with SSL. Where SSL is expensive is in the additional handshaking that needs to go back and forth between the browser and the server for each request in order to do the encryption involved, and this blog post has some great advice if you really want to drill into that technology and see how you can improve the performance of an SSL protected site. Honestly it’s over my head in places, but if you get SSL on your site and then you notice a performance impact, or if like Google every millisecond counts, they’re doing some great work, in some cases experimental work adding features to the Chrome browser that speed up SSL that no other browser has.

But, yeah, massive sites like the SitePoint Forums, adapting that for SSL and doing it in an airtight, blanket way it's going to be hard to do, and I wish we had the engineers that Facebook had, but I think we'll be lucky to do it in six months as well, it's really tough. Just before we move on this story I just want to point out that there's a great blog post at ImperialViolet, and this is by Adam Langley, it's his personal blog, he's a software engineer at Google who works on their SSL stuff, so this blog post, Overclocking SSL , it dispels some great myths about SSL, there's this commonly held belief among developers that's been passed down as conventional wisdom over the years that SSL is a slow and performance expensive technology that any request that's done over SSL takes a lot of CPU power, not only from your servers but also from your client's web browser as well. They've done the experiments and they say that is no longer the case, modern computers and modern servers have no problem keeping up with SSL. Where SSL is expensive is in the additional handshaking that needs to go back and forth between the browser and the server for each request in order to do the encryption involved, and this blog post has some great advice if you really want to drill into that technology and see how you can improve the performance of an SSL protected site. Honestly it's over my head in places, but if you get SSL on your site and then you notice a performance impact, or if like Google every millisecond counts, they're doing some great work, in some cases experimental work adding features to the Chrome browser that speed up SSL that no other browser has.

So, we’re getting on, we’re nearly at the one hour mark in this podcast, there was a lot to discuss, but let’s move on to our host spotlights. And since it’s related I’m going to lead off: my host spotlight is BlackSheep. We’ve just been talking about Fire Sheep for the past 20 minutes, and BlackSheep is kind of a fork of Firesheep but it’s the good version. BlackSheep, it’s an extension you install on your Firefox and what it does is warn you if anyone on your network is using Firesheep. I’ll pause just to let you wrap your head around that for a moment. But, yeah, so like I said, Firesheep has this sidebar and shows the user avatars and the names of the accounts that people are using on the network, well, in order to get that information Firesheep is going to connect to those Twitters and Facebooks to get the information about those accounts, and BlackSheep monitors that traffic. So if you are right now in the unfortunate position where you are forced to use an unencrypted Wi-Fi network I recommend using Firefox with this BlackSheep tool because it will warn you if your account is at risk of being hijacked.

So, we're getting on, we're nearly at the one hour mark in this podcast, there was a lot to discuss, but let's move on to our host spotlights. And since it's related I'm going to lead off: my host spotlight is BlackSheep . We've just been talking about Fire Sheep for the past 20 minutes, and BlackSheep is kind of a fork of Firesheep but it's the good version. BlackSheep, it's an extension you install on your Firefox and what it does is warn you if anyone on your network is using Firesheep. I'll pause just to let you wrap your head around that for a moment. But, yeah, so like I said, Firesheep has this sidebar and shows the user avatars and the names of the accounts that people are using on the network, well, in order to get that information Firesheep is going to connect to those Twitters and Facebooks to get the information about those accounts, and BlackSheep monitors that traffic. So if you are right now in the unfortunate position where you are forced to use an unencrypted Wi-Fi network I recommend using Firefox with this BlackSheep tool because it will warn you if your account is at risk of being hijacked.

Brad: Is that so you can stand up in the middle of Starbucks and start screaming who’s stealing my data?

Brad: Is that so you can stand up in the middle of Starbucks and start screaming who's stealing my data?

Kevin: Hey! Stop it! Everyone close your laptops.

Kevin: Hey! Stop it! Everyone close your laptops.

Patrick: Is there a reason that something like this couldn’t be instituted by browsers in general, that’s what I was wondering?

Patrick: Is there a reason that something like this couldn't be instituted by browsers in general, that's what I was wondering?

Kevin: Yeah, I think it’s worth doing. I think part of the problem is that every site has its own little format for session cookies, and because of that these tools need to add support for all the major sites, but certainly I think we can all agree that sites like Google and Twitter and Facebook are important ones to protect your credentials against, and so, yeah, I wouldn’t be surprised to see browsers starting to add these sorts of protections built in.

Kevin: Yeah, I think it's worth doing. I think part of the problem is that every site has its own little format for session cookies, and because of that these tools need to add support for all the major sites, but certainly I think we can all agree that sites like Google and Twitter and Facebook are important ones to protect your credentials against, and so, yeah, I wouldn't be surprised to see browsers starting to add these sorts of protections built in.

Brad: We’re going to have as many extensions and add-ons to block things as we are to actually give us, I mean you got this, you have the Chrome Disconnect, I mean what’s next?

Brad: We're going to have as many extensions and add-ons to block things as we are to actually give us, I mean you got this, you have the Chrome Disconnect, I mean what's next?

Kevin: Yeah. Well, yeah. You can find out about BlackSheep at zscaler.com/blacksheep.html. Brad, what have you got for us?

凯文:是的。 是的,是的。 You can find out about BlackSheep at zscaler.com/blacksheep.html . Brad, what have you got for us?

Brad: Yeah, I have a cool — it was a presentation at the Adobe Max Conference which was a few weeks ago in Los Angeles, and it’s Rick Cabanier of Adobe, he was showing off an early version of a new Flash to HTML5 conversion tool that’s actually going to be included in Flash Professional. And the video’s pretty amazing, I mean he literally — it’s not the greatest quality because it’s a presentation and it’s somebody holding a camera, but you can see what’s going on. So basically he opens up a Flash file, a .fla file and hits convert and it spits out a fully formed HTML5 version of the exact same file. It will spit out any warnings and things that can’t convert like filters and blending and certain things that it can’t currently convert into HTML5 but it will do its best. And the video, the demo is pretty amazing, they use this kind of banner graphic and it takes maybe 10 seconds, 15 seconds to convert, and all of a sudden the window opens up and it’s HTML5 the exact same thing. And that’s just part of it, the second half is you can actually pull out specific elements from the Flash files, so in the example they show there’s a bunch of kind of dancing stop signs and trees and things, and he actually exports one dancing stop sign and includes that as the HTML5 version in his website and all of a sudden he has just this single dancing stop sign in the background. So for a demo just showing what’s coming up I mean it’s pretty amazing, and I think it couldn’t be smarter of Adobe to kind of go this route and make it as easy as possible for people to do this.

Brad: Yeah, I have a cool — it was a presentation at the Adobe Max Conference which was a few weeks ago in Los Angeles, and it's Rick Cabanier of Adobe, he was showing off an early version of a new Flash to HTML5 conversion tool that's actually going to be included in Flash Professional. And the video's pretty amazing, I mean he literally — it's not the greatest quality because it's a presentation and it's somebody holding a camera, but you can see what's going on. So basically he opens up a Flash file, a .fla file and hits convert and it spits out a fully formed HTML5 version of the exact same file. It will spit out any warnings and things that can't convert like filters and blending and certain things that it can't currently convert into HTML5 but it will do its best. And the video, the demo is pretty amazing, they use this kind of banner graphic and it takes maybe 10 seconds, 15 seconds to convert, and all of a sudden the window opens up and it's HTML5 the exact same thing. And that's just part of it, the second half is you can actually pull out specific elements from the Flash files, so in the example they show there's a bunch of kind of dancing stop signs and trees and things, and he actually exports one dancing stop sign and includes that as the HTML5 version in his website and all of a sudden he has just this single dancing stop sign in the background. So for a demo just showing what's coming up I mean it's pretty amazing, and I think it couldn't be smarter of Adobe to kind of go this route and make it as easy as possible for people to do this.

Kevin: Yeah, you might count out Flash but don’t count out Adobe; they’re a smart company and they’ve been around for a long time. Stephan, what have you got?

Kevin: Yeah, you might count out Flash but don't count out Adobe; they're a smart company and they've been around for a long time. Stephan, what have you got?

Stephan: So for our Mac users I have a little application, it’s $9.99, called Contents, it’s from fuelcollective.com, and it basically looks at all your apps, everything that you have on your computer, and if you have it in your Library it can tell you where it is, if you need to delete something and install something it’ll uninstall it; it’s kind of like a catchall program for if you need to install something, if you need to uninstall something, if you want to clean up something, backup things, it’s a cool little well-designed application. I started using it because my computer’s getting kind of old and I needed to clean up things that I haven’t used in a long time and I was having a hard time finding stuff, just ran this and it told me all the stuff that I haven’t been using and started deleting things, so it’s been useful.

Stephan: So for our Mac users I have a little application, it's $9.99, called Contents , it's from fuelcollective.com, and it basically looks at all your apps, everything that you have on your computer, and if you have it in your Library it can tell you where it is, if you need to delete something and install something it'll uninstall it; it's kind of like a catchall program for if you need to install something, if you need to uninstall something, if you want to clean up something, backup things, it's a cool little well-designed application. I started using it because my computer's getting kind of old and I needed to clean up things that I haven't used in a long time and I was having a hard time finding stuff, just ran this and it told me all the stuff that I haven't been using and started deleting things, so it's been useful.

Kevin: Yeah, there’s a few utilities in this area on the Mac, like it’s easy to sell the simplicity of installing apps on the Mac just by dragging their icon onto your desktop or into your Applications folder, that’s all there is to installing an app, it’s so simple anyone can do it, and when you want to uninstall it you just drag that app to the trash, that’s all there is to it, right? There’s no step two. But, yeah, what is left unsaid is that all of the support files these apps create stay around and so there are all sorts of tools, uninstallers, that automatically clean things up when you remove apps. I use one called Hazel that lets you set all sorts of rules on your folders to clean up or move files around or run scripts on files based on different conditions. And one of the things it does is detect when you delete an app and offer to clean up the files from your Library folder, but it costs a lot more than this Contents, and this Contents tool does a lot more as well, it’s really cool. One of the things that impressed me was this backup feature, Stephan.

Kevin: Yeah, there's a few utilities in this area on the Mac, like it's easy to sell the simplicity of installing apps on the Mac just by dragging their icon onto your desktop or into your Applications folder, that's all there is to installing an app, it's so simple anyone can do it, and when you want to uninstall it you just drag that app to the trash, that's all there is to it, right? There's no step two. But, yeah, what is left unsaid is that all of the support files these apps create stay around and so there are all sorts of tools, uninstallers, that automatically clean things up when you remove apps. I use one called Hazel that lets you set all sorts of rules on your folders to clean up or move files around or run scripts on files based on different conditions. And one of the things it does is detect when you delete an app and offer to clean up the files from your Library folder, but it costs a lot more than this Contents, and this Contents tool does a lot more as well, it's really cool. One of the things that impressed me was this backup feature, Stephan.

Stephan: Backup your dashboard widgets or your desktop or your address book.

Stephan: Backup your dashboard widgets or your desktop or your address book.

Kevin: Yeah, or your settings. If you want to uninstall an app and throw away its settings or get it off your computer you can still keep a backup of those if you change your mind later on, it’s pretty neat.

Kevin: Yeah, or your settings. If you want to uninstall an app and throw away its settings or get it off your computer you can still keep a backup of those if you change your mind later on, it's pretty neat.

Stephan: Yeah, it’s a cool little tool, and I’ve really liked it so far so I’m happy with it.

Stephan: Yeah, it's a cool little tool, and I've really liked it so far so I'm happy with it.

Kevin: Thanks. Patrick?

Kevin: Thanks. Patrick?

Patrick: Well, as usual you guys have all well-on topic spotlights, and as usual I don’t.

Patrick: Well, as usual you guys have all well-on topic spotlights, and as usual I don't.

Kevin: This is why I save you for last, Patrick, because you break the monotony.

Kevin: This is why I save you for last, Patrick, because you break the monotony.

Patrick: Well, thank you, Kevin. I can’t top Back to the Future, but my spotlight this week is called Freezer Burns, freezerburns.com, it is the Internet’s only frozen food review show. It is on episode 381 now…

Patrick: Well, thank you, Kevin. I can't top Back to the Future, but my spotlight this week is called Freezer Burns , freezerburns.com, it is the Internet's only frozen food review show. It is on episode 381 now…

Kevin: Wow!

凯文:哇!

Patrick: …and the host is Gregory Ng, I met Greg a few times and we’ve shared a panel together and chatted online and he’s a great guy and does a great job on this video show, and if you like frozen food or just like to be entertained it’s a great, well-produced show. He’s doing great things with web video in general, and if you’re interested in kind of the web video space, not just entertainment in general, which is enough to watch the show, it’s worthwhile to check it out just for that alone to see how he’s building his audience in this space and how he goes about cultivating what is a very popular video show. So I enjoy it and he just recently held a 24 hour live episode of the show to benefit Movember…

Patrick: …and the host is Gregory Ng, I met Greg a few times and we've shared a panel together and chatted online and he's a great guy and does a great job on this video show, and if you like frozen food or just like to be entertained it's a great, well-produced show. He's doing great things with web video in general, and if you're interested in kind of the web video space, not just entertainment in general, which is enough to watch the show, it's worthwhile to check it out just for that alone to see how he's building his audience in this space and how he goes about cultivating what is a very popular video show. So I enjoy it and he just recently held a 24 hour live episode of the show to benefit Movember…

Kevin: Hhhwow!

Kevin: Hhhwow!

Patrick: …which is a charity or an effort to donate money for prostate cancer, and so, yeah, definitely check it out, freezerburns.com, even if you don’t like frozen food.

Patrick: …which is a charity or an effort to donate money for prostate cancer, and so, yeah, definitely check it out, freezerburns.com, even if you don't like frozen food.

Kevin: He’s a great example of picking a niche, and if you can really own a niche, the Internet will provide an audience.

Kevin: He's a great example of picking a niche, and if you can really own a niche, the Internet will provide an audience.

Patrick: Yeah, definitely. And something he’s said that’s interesting to me and I’ve learned from if I ever do start a video show of some kind is that when he came out he said he wanted to do it five days a week for like a year and a half at least, and so he recorded all these shows in the can. The reason he wanted to do that was if anyone else saw him doing the show and thought, oh, that’s a great idea, I want to do that, they’d see he does it every day five days a week and be scared off of competing with him or jumping into that niche themselves. And like I said, 381 episodes, almost 10,000 feed subscribers later he’s been really successful.

帕特里克:是的,当然。 And something he's said that's interesting to me and I've learned from if I ever do start a video show of some kind is that when he came out he said he wanted to do it five days a week for like a year and a half at least, and so he recorded all these shows in the can. The reason he wanted to do that was if anyone else saw him doing the show and thought, oh, that's a great idea, I want to do that, they'd see he does it every day five days a week and be scared off of competing with him or jumping into that niche themselves. And like I said, 381 episodes, almost 10,000 feed subscribers later he's been really successful.

Kevin: Smart strategy. And that brings the show to an end, a marathon show once again. Guys, I think we’re just finding too much to talk about, the Web is just too exciting a place for once every two weeks it seems.

Kevin: Smart strategy. And that brings the show to an end, a marathon show once again. Guys, I think we're just finding too much to talk about, the Web is just too exciting a place for once every two weeks it seems.

You can follow me on Twitter @sentience and SitePoint @sitepointdotcom, Visit us at sitepoint.com/podcast to leave comments on this show and to subscribe to get every show automatically. The SitePoint podcast is produced by Carl Longnecker and I’m Kevin Yank. Thanks for listening. Bye.

You can follow me on Twitter @sentience and SitePoint @sitepointdotcom , Visit us at sitepoint.com/podcast to leave comments on this show and to subscribe to get every show automatically. The SitePoint podcast is produced by Carl Longnecker and I'm Kevin Yank. 谢谢收听。 再见

Theme music by Mike Mella.

Theme music by Mike Mella .

Thanks for listening! Feel free to let us know how we’re doing, or to continue the discussion, using the comments field below.

Thanks for listening! Feel free to let us know how we're doing, or to continue the discussion, using the comments field below.

翻译自: https://www.sitepoint.com/podcast-87-meltsheep-and-firerock/

  • 0
    点赞
  • 0
    评论
  • 0
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

表情包
插入表情
评论将由博主筛选后显示,对所有人可见 | 还能输入1000个字符
©️2021 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值