Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrcoolbp on Saturday April 18 2015, @01:57AM   Printer-friendly [Skip to comment(s)]
from the executive-material? dept.

Paul Schreiber blogs about the tech behind the websites of presidential candidates. "So, you want to run a country. Can you hire someone who can run a website? ...Here's how the (declared) candidates' sites fare." There's a table comparing 4 candidates' sites based on HTTPS, URL permutations, IPv6, SSL rating, and other related qualities. Schreiber mentions that he will "update this as more candidates declare or sites change."

From the blog comments

HillaryClinton.com was using IIS (and no https) until Sunday morning, when they switched over.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Troll) by M. Baranczak on Saturday April 18 2015, @02:37AM

    by M. Baranczak (1673) on Saturday April 18 2015, @02:37AM (#172266)

    Wordpress? Seriously?

    • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @02:49AM

      by Anonymous Coward on Saturday April 18 2015, @02:49AM (#172271)

      What's wrong with WordPress?

      • (Score: 4, Insightful) by VortexCortex on Saturday April 18 2015, @04:41AM

        by VortexCortex (4067) on Saturday April 18 2015, @04:41AM (#172302)

        What isn't wrong with wordpress? I can crack any wordpress 6 ways to Sunday, it's written in PHP (and so are all of its themes and plugins) and the coding is atrocious. The developers are asshats and don't like it when you tell them they're wrong. They have a huge case of "not invented here" syndrome and so they remain bug ridden and insecure as fuck -- Typical of nearly any PHP project. The same goes for phpBB, et. al.

        • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @11:58AM

          by Anonymous Coward on Saturday April 18 2015, @11:58AM (#172366)

          > don't like it when you tell them they're wrong.

          Because everybody else just loves that!

        • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @01:40PM

          by Anonymous Coward on Saturday April 18 2015, @01:40PM (#172395)

          hey, I think you just broke the fourth wall there. That was very much out of your character compared to your regular posting personality.

  • (Score: 1, Informative) by Anonymous Coward on Saturday April 18 2015, @02:45AM

    by Anonymous Coward on Saturday April 18 2015, @02:45AM (#172269)

    What's wrong with using IIS? Modern versions are very capable and robust.

    • (Score: 4, Funny) by Tork on Saturday April 18 2015, @03:05AM

      by Tork (3914) on Saturday April 18 2015, @03:05AM (#172274)
      When I got my first tech job I had Windows 95 on my machine. I had to reboot at least once a day and often ai'd try to put off a badly needed reboot even though it was slowing me down. That's why I hate modern versions of IIS.
      --
      Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
      • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @03:13AM

        by Anonymous Coward on Saturday April 18 2015, @03:13AM (#172275)

        Are you trying to be funny?

        • (Score: 2) by kaszz on Saturday April 18 2015, @10:30AM

          by kaszz (4211) on Saturday April 18 2015, @10:30AM (#172346) Journal

          No, he tries to show that operating systems from Microsoft puts the user in impossible situations and generally causes problems than need not to be. So one should not use it.

          • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @12:02PM

            by Anonymous Coward on Saturday April 18 2015, @12:02PM (#172368)

            You've been Poe'd. Read the last sentence again.

            • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @12:26PM

              by Anonymous Coward on Saturday April 18 2015, @12:26PM (#172374)

              Once upon a midnight dreary,
              while I pondered, weak and weary,
              Over many a quaint and curious volume of forgotten lore,
              While I nodded, nearly napping,
              suddenly there came a tapping,
              As of some one gently rapping,
              rapping at my chamber door.
              Quoth Ethanol-fueled,
              "Suck my rock hard cock you dirty skanky whore!"

  • (Score: 5, Insightful) by bzipitidoo on Saturday April 18 2015, @03:34AM

    by bzipitidoo (4388) Subscriber Badge on Saturday April 18 2015, @03:34AM (#172279) Journal

    The article declares that all sites should be built over https. Why? We can still use ftp to download Linux kernels and other such things for the very good reason that it is broadcasting to the public, and there is no private communication involved. Saying all websites should use https is like saying all sources of radio signals, from cell phones to radio stations, should encrypt their signals. Yes to cellphones encrypting their signals, no to radio and TV stations needing to do that.

    Https is appropriate for parts of the websites, like the campaign donation buttons. But for just stating positions and policies, https is unnecessary, and even a little detrimental.

    • (Score: 5, Insightful) by Jeremiah Cornelius on Saturday April 18 2015, @03:49AM

      by Jeremiah Cornelius (2785) on Saturday April 18 2015, @03:49AM (#172284) Journal

      We need HTTPS everywhere, normative, all the time.

      People should recoil at exposed HTTP the same way they refrain from Telnet vs SSH.

      Ask the security researches that look at how HTTP streams are hijacked and injected on ad networks - one of the most prolific vectors for ordinary pwnage of personal computers. These were all thwarted by HTTPS.

      --
      You're betting on the pantomime horse...
      • (Score: 2, Interesting) by Anonymous Coward on Saturday April 18 2015, @04:02AM

        by Anonymous Coward on Saturday April 18 2015, @04:02AM (#172288)

        HTTPS totally falls apart because the CA system is fucking broken.

        You keep going on and on about security, but you totally ignore one of the biggest goddamn security flaws out there.

        • (Score: 2) by kaszz on Saturday April 18 2015, @10:37AM

          by kaszz (4211) on Saturday April 18 2015, @10:37AM (#172347) Journal

          It's better than nothing security. A quick fix using an existing standard.

          • (Score: 2, Informative) by Anonymous Coward on Saturday April 18 2015, @12:50PM

            by Anonymous Coward on Saturday April 18 2015, @12:50PM (#172381)

            No, it's worse. It offers no real security, but tricks people like you into thinking it offers security. A false sense of security is worse than no security. A false sense of security combined with no security is even worse than that.

            • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @03:49PM

              by Anonymous Coward on Saturday April 18 2015, @03:49PM (#172451)

              It absolutely offers some security. The NSA and other agencies with compromised CAs are not the only threat out there. Other threats include ISPs fucking with the data stream like adding supercookies to make every request trackable [forbes.com] and injecting ads or malware [arstechnica.com] and snooping on all your browsing to build a profile they can sell to the highest bidder. [arstechnica.com]

              The perfect is the enemy of the good. Quit being an enemy of the good.

              • (Score: 1) by Fauxlosopher on Saturday April 18 2015, @06:10PM

                by Fauxlosopher (4804) on Saturday April 18 2015, @06:10PM (#172509) Journal

                The good can also be tools of evil if people are satisfied with the so-called good and forget to deal with the evil.

                Sure, use HTTPS/encryption in cases where it makes sense to do so - but do NOT forget that the evil must still be dealt with. Keep looking for an opportunity to destroy the evil at the root of the problem.

                If all encryption were 100% unbreakable by anybody, you'd still be exposed to powerful metadata analysis by the criminals in the NSA, et al.: "We kill people based on metadata [rt.com]." -Michael Hayden, former CIA and NSA director

                • (Score: 0) by Anonymous Coward on Sunday April 19 2015, @02:16AM

                  by Anonymous Coward on Sunday April 19 2015, @02:16AM (#172681)

                  > The good can also be tools of evil if people are satisfied with the so-called good and forget to deal with the evil.

                  Yeah, yeah, yeah. We've already been down that path in this same thread. Thanks for regurgitating:

                  >> The NSA and other agencies with compromised CAs are not the only threat out there.
                  > If all encryption were 100% unbreakable by anybody, you'd still be exposed to powerful metadata analysis by the criminals in the NSA, et al.:

                  • (Score: 0) by Anonymous Coward on Sunday April 19 2015, @08:17AM

                    by Anonymous Coward on Sunday April 19 2015, @08:17AM (#172767)

                    > The good can also be tools of evil if people are satisfied with the so-called good and forget to deal with the evil.

                    Yeah, yeah, yeah. We've already been down that path in this same thread. Thanks for regurgitating:

                    I'll consider it just as soon as people stop implying that the use of known-broken cryptosystems is some sort of panacea, then getting indignant when the brokenness is brought up by others.

    • (Score: -1, Troll) by Anonymous Coward on Saturday April 18 2015, @04:00AM

      by Anonymous Coward on Saturday April 18 2015, @04:00AM (#172287)

      It's a hipster thing. They're all rah-rah-rah for HTTPS these days.

      • (Score: 1, Interesting) by Anonymous Coward on Saturday April 18 2015, @06:53AM

        by Anonymous Coward on Saturday April 18 2015, @06:53AM (#172321)

        No, it's because the more encryption there is, the harder it will be for the government to tell 'important' communication from 'unimportant' communication, thereby providing some cover for those that need encryption the most.

    • (Score: 5, Informative) by FatPhil on Saturday April 18 2015, @08:01AM

      by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Saturday April 18 2015, @08:01AM (#172329) Homepage
      That's a RMS-like view (no password), and it's a nice ideal. Unfortunately, we don't work in a nice ideal world. How do you know you are downloading a linux install CD? How do you know you're not downloading one which the NSA has hacked back doors into? Check the signature? Where did you download the signature from - an http or https site? If the former, how do you know you didn't download a signature that the NSA created for their bogus ISO? But it's signed with Debian's key? How do you know you're checking against Debian's key, that pub key you're looking at, where did it come from - an http or https site? ...
      --
      I know I'm God, because every time I pray to him, I find I'm talking to myself.
      • (Score: 2, Interesting) by btendrich on Saturday April 18 2015, @12:40PM

        by btendrich (3700) on Saturday April 18 2015, @12:40PM (#172377)

        The same way you don't know that they broke into your house and replaced your laptop with one that will eat your children... The NSA is one of the few technically impressive pieces of the government left (just look at what NASA just let happen!). If they want your stuff bad enough, they will probably get at it. Although I do agree that HTTPS is a nice way to avoid being the low hanging fruit.

      • (Score: 3, Insightful) by bzipitidoo on Saturday April 18 2015, @04:32PM

        by bzipitidoo (4388) Subscriber Badge on Saturday April 18 2015, @04:32PM (#172479) Journal

        No, excessive security is insecurity. People do not take security as seriously when it is unnecessary and people see that. Further, there is the false positive problem. Unnecessary security is very bad when it denies access for an invalid reason. For https, I've had the browser pop up the scary warning messages about invalid certificates that actually were perfectly valid. It happened because I was on an old computer that could not save the current date because the CMOS battery was dead, and the browser believed the system about the date being Jan 1, 2000. If the site had not insisted on https, I would not have been troubled with that false positive. Instead, I was presented with the demand to add a totally unnecessary security exception before being allowed to view the site. I've commented on Firefox bug reports about this problem.

        As to your questions, how do you know the NSA hasn't hacked the Linux distro's website and substituted a CD install image with back doors, complete with md5 and sha256 sums, and valid digital signatures? Or, that the NSA didn't strike further upstream, and break into the source code repository of openssl, or Apache, Firefox, bind, dnsmasq, bash, xterm, getty, or the Linux kernel itself, to add a back door? No need to crack https to do that. When you focus on unnecessary https, you divert resources from real security threats. https has its place, but let's not overuse it. And definitely don't try to implement the evil bit.

        For example, very few people use SELinux, because it's a pain to administer, and doesn't do much to add to the security. I was always having to add permissions so that this vital utility and that vital utility could function. An insider can still compromise an SELinux box. (Admittedly, guarding anything against insiders is pretty well impossible, but the point here is that SELinux sort of tries to do that.) SELinux's coverage is very narrow, too narrow. It will not stop an exploit that does not touch or care about the underlying OS. Most attacks use some other vector, such as a browser. NoScript is more important and better security than SELinux, but it is still a hassle to use, have to constantly add to its whitelist.

  • (Score: -1, Offtopic) by Anonymous Coward on Saturday April 18 2015, @03:43AM

    by Anonymous Coward on Saturday April 18 2015, @03:43AM (#172282)

    I was just reading a journal entry [soylentnews.org] by my dear friend Ethanol-fueled.

    He talks of "one of those big lock thingies hanging from his doorknob" that he saw on a vacant house.

    I've seen those on doors before, but I have never understood how they work. Can anyone explain this?

    What is the proper name for those things, too?

    • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @04:20AM

      by Anonymous Coward on Saturday April 18 2015, @04:20AM (#172295)

      You've missed the point of the gadget.
      Though it looks like a giant padlock, the point is that the thing is HOLLOW.
      It is called a Realtor Lockbox [google.com]
      Inside the thing, there is a key to the property
      Each realtor has a master key or a combination that opens the box.
      That way, each realtor doesn't have to carry 100 keys to show 100 properties.

      -- gewg_

      • (Score: 1, Troll) by aristarchus on Saturday April 18 2015, @05:25AM

        by aristarchus (2645) on Saturday April 18 2015, @05:25AM (#172306) Journal

        My god, my estimation of Ethanol, and others of his ilk, has just fallen beyond recovery. It is almost like when the Insane Clown Posse admitted they had no idea how magnets worked. Is it actually possible for human to be this stupid? Or more to the point, is it possible that humans cannot know they are revealing just how stupid they are, with a computer, over a computer network? I smell a patent violation here, along with the teen spirit. Curt Cobain:"Here we are now, entertain us; we feel stupid, and contagious!"\

        --
        You are currently banned from moderating. The last day of your ban is 2022-03-25.
        • (Score: 2, Insightful) by Anonymous Coward on Saturday April 18 2015, @12:53PM

          by Anonymous Coward on Saturday April 18 2015, @12:53PM (#172382)

          Nobody knows how magnets work. Not even physicists and electrical engineers. We can describe what we've observed about them and how they interact with each other and with other matter, but we still don't truly understand how they work.

          • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @03:35PM

            by Anonymous Coward on Saturday April 18 2015, @03:35PM (#172442)

            We know how they work.
            We just don't know why they work.

            It's probably god. Just not the ICP's ultra-christian version of God.

            • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @07:09PM

              by Anonymous Coward on Saturday April 18 2015, @07:09PM (#172529)

              There's absolutely zero reason to even think a god exists, let alone think that it makes magnets work.

      • (Score: 3, Insightful) by Leebert on Saturday April 18 2015, @01:37PM

        by Leebert (3511) Subscriber Badge on Saturday April 18 2015, @01:37PM (#172394)

        Drifting off-topic, but as a quick PSA: The better term is "real estate agent". You don't have to be a Realtor® to be a real estate agent any more than you have to be a CISSP to be a computer security expert. It's just a trade group that does a lot of marketing and lobbying. And the lobbying is (surprise!) not always in the best interest of the general public.

  • (Score: 4, Interesting) by Fauxlosopher on Saturday April 18 2015, @03:53AM

    by Fauxlosopher (4804) on Saturday April 18 2015, @03:53AM (#172286) Journal

    It seems silly to me to complain about websites that host non-sensitive content and lack HTTPS capability. Last I'd checked, most/all major browsers threw a warning if a website used a self-signed certificate (or worse: e.g. the Mozilla dunderheads changed Firefox to pitch a hysterical temper tantrum by default), and the trustworthiness of the Certificate Authority system is completely compromised in that, in just one example, every CA based in the USA is subject to the NSA's gag-ordered National Security Letters. Most businesses comply with NSLs rather than fight or shut down business like Lavabit did [theguardian.com].

    As-is, the owner of a simple website that doesn't handle sensitive information, who understands the broken nature of the CA system and doesn't want to rely on it, is basically stuck between a rock and a hard place. If he chooses to use self-signed certificates, users are shown pointless "suspicious" warnings which will drive some away. If he uses a compromised CA (which potentially includes all of them), he's just participating in security theater. If he takes the simple approach and just sticks to unencrypted HTTP, some self-important idiot is likely to point ignorant fingers and start keening about "unsecure sites".

    Certificate pinning can help, but neither that nor private/democratic webs-of-trust will work properly in front of an average user faced with the stupid default browser behavior currently in vogue.

    • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @04:06AM

      by Anonymous Coward on Saturday April 18 2015, @04:06AM (#172291)

      To quote a great computer scientist,

      Strike a pose
      Strike a pose
      Vogue, vogue, vogue
      Vogue, vogue, vogue

      Look around
      Everywhere you turn is heartache
      It's everywhere that you go [Look around]
      You try
      Everything you can to escape
      The pain of life that you know [Life that you know]

      Come on, vogue
      Let your body move to the music [Move to the music]
      Hey, hey, hey
      Come on, vogue
      Let your body go with the flow [Go with the flow]
      You know you can do it

    • (Score: 2) by Tork on Saturday April 18 2015, @04:21AM

      by Tork (3914) on Saturday April 18 2015, @04:21AM (#172296)
      Question: Does HTTPS protect agains an ISP replacing HTML content in-transit? In other words, would that deter Comcast from replacing ads in sites with their own ads?
      --
      Slashdolt Logic: "24 year old jokes about sharks and lasers are +5, Funny." 💩
      • (Score: 3, Informative) by Fauxlosopher on Saturday April 18 2015, @04:32AM

        by Fauxlosopher (4804) on Saturday April 18 2015, @04:32AM (#172299) Journal

        Does HTTPS protect agains an ISP replacing HTML content in-transit?

        There are many things HTTPS protects against (and yes, it does protect against the situation in your example). If any of those are important to you or your website, then use HTTPS on your site.

        The point of my previous post was that HTTPS is by no means a panacea, particularly in its current form of foolishly-paranoid broswer defaults and CAs compromised by criminal governments.

        • (Score: 2) by isostatic on Saturday April 18 2015, @09:30AM

          by isostatic (365) on Saturday April 18 2015, @09:30AM (#172339) Journal

          With self signed certificates it only partially protects. If you've been to the site before, you'll know if there's a MItM attack. Unless te certificate has changed on the server. If you haven't you'll think your secure but won't necceraarily be.

          Unlike with SSH, where I know of the very should have chaned, and I log in for the first time when connected on a secure network, with https there's arguably too many false positives from self signed Certs.

          • (Score: 1) by Fauxlosopher on Saturday April 18 2015, @06:01PM

            by Fauxlosopher (4804) on Saturday April 18 2015, @06:01PM (#172508) Journal

            Using HTTPS with self-signed certificates is equivalent to using SSH with default key generation and settings.

            In both cases, a new visitor/user does not generally have foreknowledge of the site's cryptographic fingerprints, and a man-in-the-middle attack is possible when the user lacks that knowledge.

            The single reason for more "false positives" with HTTPS versus SSH fingerprints is that the typical default expiration dates set for HTTPS certificates are set a year or so out, versus no expiration dates for SSH credentials. I can think of no practical value to creating an HTTPS certificate with an expiration date (or, since I recall openssl demanding an expiration date, an expiration time closer than decades into the future) other than to generate revenue for "official" CA businesses that want to sell you a new certificate every year.

            Unix-like servers store both types of credentials in the same manner (files on disk), so if you have no problem with servers using SSH, you should have no objection to servers using self-signed HTTPS certificates that effectively don't expire.

            • (Score: 0) by Anonymous Coward on Monday April 20 2015, @03:25AM

              by Anonymous Coward on Monday April 20 2015, @03:25AM (#173006)

              And if you want that level of security, browsers are finally offering a way to do it with HTTP opportunistic encryption. The browser vendors have decided that putting "HTTPS" in the URL means that some external authority (either a CA or the NSA ;) has verified that the server really is the right one for the domain.

              I really have to ask... do people actually use SSH without verifying host keys? I guess I do for servers like GitHub, but for the vast majority of the servers I have access to, I verify the host key locally (or over a wired LAN at least) before using it over the internet.

              • (Score: 1) by Fauxlosopher on Tuesday April 21 2015, @12:45AM

                by Fauxlosopher (4804) on Tuesday April 21 2015, @12:45AM (#173342) Journal

                I really have to ask... do people actually use SSH without verifying host keys? I guess I do for servers like GitHub, but for the vast majority of the servers I have access to, I verify the host key locally (or over a wired LAN at least) before using it over the internet.

                And therein lies the rub. SSH and HTTPS credential verification are handled in the same fashion, and there's some level of required trust for the vast majority of users who do not have physical or local-network access to the servers they want to use encryption with.

                The NSA and CA system are known threats/weaknesses as far as credential verification systems go, so the existing HTTPS-with-CA system can't be pointed to as a proper "existing solution".

                Other private alternatives or methods exist, such as "Perspectives" and "Certificate Patrol" as early examples. Some combination of widespread democratic verification and certificate pinning systems are likely going to be required in functional solutions.

      • (Score: 1) by Fauxlosopher on Saturday April 18 2015, @04:39AM

        by Fauxlosopher (4804) on Saturday April 18 2015, @04:39AM (#172301) Journal

        As an addendum to my previous reply [soylentnews.org] to your comment:

        If you have criminals in your ISP and government, the proper fix is not to point fingers and blame at website owners who are not using a mostly-broken security system.

        The proper fix is to seize the criminals and punish them after following due process.

        • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @12:21PM

          by Anonymous Coward on Saturday April 18 2015, @12:21PM (#172372)

          Wishfuil thinking and absolutism go hand in hand.

          Meanwhile in the real world, real engineers are focused on practical solutions that can get results today, not theoretical results in a theoretical perfect world.

          • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @09:56PM

            by Anonymous Coward on Saturday April 18 2015, @09:56PM (#172593)

            HTTPS as-is does not "get results" today, which was the point originally being made.

            While there are limited use cases where HTTPS as-is does offer some benefit, those benefits are overshadowed by the system's brokenness.

            People pointing to as-is HTTPS as a "practical solution" are lazy, ignorant, or working for the NSA.

        • (Score: 2) by maxwell demon on Saturday April 18 2015, @03:36PM

          by maxwell demon (1608) on Saturday April 18 2015, @03:36PM (#172443) Journal

          "Hey, the door you installed me has no lock!"
          "So what? If you have criminals in your neighbourhood, don't blame the people not installing locks on doors. Catch and punish the burglars!"

          --
          The Tao of math: The numbers you can count are not the real numbers.
          • (Score: 1) by Fauxlosopher on Saturday April 18 2015, @06:37PM

            by Fauxlosopher (4804) on Saturday April 18 2015, @06:37PM (#172514) Journal

            "Hey, the door you installed me has no lock!"
            "So what? If you have criminals in your neighbourhood, don't blame the people not installing locks on doors. Catch and punish the burglars!"

            If you believe that your likely-typical door locks and deadbolts are the things that keep criminals out of your house, you are sadly [youtube.com] mistaken [youtube.com]. Locks are used to deter the drunk/confused from ending up in your living room instead of on your porch, or to act as a different type of doorbell to let you know that you need to grab your shotgun instead of your pants.

            • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @07:11PM

              by Anonymous Coward on Saturday April 18 2015, @07:11PM (#172530)

              Well, I have all-metal doors and all the windows also have metal bars. That should slow down the fuckers.

              • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @07:21PM

                by Anonymous Coward on Saturday April 18 2015, @07:21PM (#172535)

                Well, I have all-metal doors and all the windows also have metal bars. That should slow down the fuckers

                I was going to agree with you, but frame is typically the weakest spot. Here's a solid wooden door set in a metal frame [youtube.com], and it does take a significant amount of work to get through. Proper frame and door reinforcements can make forced entry effectively impervious to humans lacking power tools [youtube.com]...

                ... but then there's nothing stopping someone from using a buzzsaw to simply cut a new doorway in a wall, or driving a tank into your house.

                Nonetheless, taking simple and inexpensive steps to reinforce entryways can help keep the home's owner from being low-hanging fruit for criminals.

  • (Score: 2, Insightful) by Anonymous Coward on Saturday April 18 2015, @05:50AM

    by Anonymous Coward on Saturday April 18 2015, @05:50AM (#172314)

    In the past, there were complaints about not indicating which parts of the original article were lifted intact.
    Since then, I have made additional effort to carefully use the blockquote tag.
    Undoing the effort I put into my submission takes us back to where we started, months ago.

    -- gewg_

    • (Score: 2) by Yog-Yogguth on Saturday April 18 2015, @03:23PM

      by Yog-Yogguth (1862) Subscriber Badge on Saturday April 18 2015, @03:23PM (#172435) Journal

      In the past, there were complaints about not indicating which parts of the original article were lifted intact.
      Since then, I have made additional effort to carefully use the blockquote tag.
      Undoing the effort I put into my submission takes us back to where we started, months ago.

      -- gewg_

      No moderation points right now so I'm commenting to give the AC more visibility in case it is needed (I'm not sure it is). Parent comment is “0 Insightful” at the moment.

      --
      Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
  • (Score: 0) by Anonymous Coward on Saturday April 18 2015, @07:15AM

    by Anonymous Coward on Saturday April 18 2015, @07:15AM (#172323)

    A pretty lacking comparison I say. Funny idea though.

  • (Score: 4, Insightful) by FatPhil on Saturday April 18 2015, @08:51AM

    by FatPhil (863) <reversethis-{if.fdsa} {ta} {tnelyos-cp}> on Saturday April 18 2015, @08:51AM (#172338) Homepage
    Wouldn't content, usability, accessibility, standards compliance, responsiveness, and web-bug-iness also be useful guidelines for comparing websites.

    On standards, complance, validator.w3.org says:

    https://www.hillaryclinton.com/ 6 Errors, 4 warning(s)
    https://www.tedcruz.org/ 13 Errors, 12 warning(s)
    http://randpaul.com/ 19 Errors, 5 warning(s)
    https://marcorubio.com/ 44 Errors, 16 warning(s)

    Hooray for the new more-semantically meaningful HTML5, which lets webpage designers prove that they're *still* clue-resistant retards. Insert Erik Naggum quote to taste.

    And here's a vague usability/accessibility measurement, based on my (w3m+images) and my g/f's (lynx) entirely subjective views:

    https://www.hillaryclinton.com/ decent in w3m, decent in lynx. 2nd link in page is for spanish and that works with no cookies.
    https://www.tedcruz.org/ pretty shitty in w3m, 403 Forbidden in lynx. No link for spanish.
    http://randpaul.com/ pretty decent in w3m, pretty decent in lynx. No link for spanish.
    https://marcorubio.com/ pretty poor in w3m, pretty poor in lynx. No link for spanish.

    Maybe someone would like to measure (cache-cleared) page load times for each of the front pages. With and without JS, preferably.

    Which reminds me - do any of the pages load *any* content (particularly CSS or JS) from third-party sites? If so, all the https vs. http debate is futile, content on that page is not guaranteed to be what the parent page thought it was putting on the page. And therefore https was pretty futile.
    --
    I know I'm God, because every time I pray to him, I find I'm talking to myself.
    • (Score: 1, Interesting) by Anonymous Coward on Saturday April 18 2015, @12:19PM

      by Anonymous Coward on Saturday April 18 2015, @12:19PM (#172371)

      The level of spanish-unfriendliness is probably ideological, not technical. The republican base - the most extreme ones who are the only ones who vote in primaries - simply does not like teh brownies. I fully expect that each republican candidate has done focus groups and found that putting a spanish version up will piss off more of their base than it will draw in spanish-speaking voters.

  • (Score: 3, Informative) by kaszz on Saturday April 18 2015, @10:58AM

    by kaszz (4211) on Saturday April 18 2015, @10:58AM (#172353) Journal

    More candidates:
      * Hillary Rodham Clinton
      * Jeff Boss
      * Vermin Supreme
      * Robby Wells
      * Ted Cruz
      * Rand Paul
      * Marco Rubio
      * Mark Everson
      * Jack Fellure,
      * Terry Jones
      * Zoltan Istvan

    The comparison was probably limited to candidates with most money and connections. But out of the four evaluated, Hillary Clinton and Rand Paul seems to be the candidates with a site done with the most competence. w3m and lynx is quite good tool to weed out the most incompetent ones.