Um, I'm sure the NSA would be happy to implement a strong password generator if you asked nicely. Seriously, if we aren't willing to trust the NSA to generate strong passwords for us, is it really a good idea to trust DDG (or any remote web service) to generate a strong password?
We open sourced our instant answers platform a couple years ago, in the hope to get more eyeballs on them (for quality and quantity): http://duckduckhack.com/
It might not address your point but any underlying flaws (randomness, etc) can be caught/fixed by the community.
Giving the benefit of the doubt to the gazillion lines of code running on your computer, that you and several million other people downloaded from the same place, with verified SHA sums, is actually pretty reasonable. If you're truly paranoid, all you have to do to ensure that you're benefiting from crowd-sourced verification is verify the SHA sum code.
Stuff running on some website that only the web site admins can see is not in the same ballpark.
Where you download it from and SHA only gives guarantees about integrity of the data transfer. I am talking about trusting that the code does what it is supposed to do. Bugs can hide in code for years, whether inserted accidentally or intentionally, as the Heartbleed episode demonstrates. SHA does absolutely nothing against this.
I was addressing malice as well. Having the same code is no guarantee that it does not contain an intentional bug that can be exploited. Neither is knowing that it came from some specific entitity (code signing), because again this presupposes establishing trust. There is no technical solution to trust.
But if the code you have is the same as the code millions of other people have, it's safer to give it the benefit of the doubt than a single server than only a handful of people have access to.
I just gave you an example where it turned out not to be safer: Heartbleed. Malicious bugs can be well hidden, also in open source code. The openness shouldn't give you a false sense of security, because it doesn't imply the code has been audited any better than some closed source code.
I disagree that heartbleed is an example of not being safer. If everyone's SSL was a closed-source library, then we would be considerably less safe.
But to carry the analogy to a closed-source web site that you just connect to, as is the topic of this comment thread, we'd certainly be less safe if we routed all SSL traffic through an unknown system on the web that had the opportunity to decrypt and encrypt.
DuckDuckHack is a major component of DuckDuckGo's future. It's great when developers, well versed in an answer space, come in and make a goodie because the value spreads across the user base. As DDH grows, it will be neat to think of as a standard library for future contributors to work with. For example a mortgage specific calculator leveraging the generic calculator.
As long as it doesn't supposedly conflict with their core values[0]… because you know your search engine should censor such things that don't conform to your world view ;)
That website allows people to create profiles for other people _without their consent_, then allows the person's attractiveness, friendliness, goodness to be publicly rated/smeared.
And you wanted all that data to be displayed when a person's name is searched for?
And when the people at DDG decided not to pull in your plugin you're calling it censorship?
For someone with no words, you sure do have alot to say.
Go on, tell us more about how you don't like x behavoir that people enage in everyday with or without the aid of technology? Ever comment on somone without their consent, even if there may be some truth to it or not in an unaccountable fashion? Ever upload a photo to a social network without asking all possible parties if that was ok? Did you give the ok for mass surveillance by corperations and governments and the secret profiles they compile and leverage in private?
DDG has every right to not want to allow x for their platform, but let's not pretend that them making that decision is going to make things just go away, especially just because one may or not like x. Not all of us can create The Names Database, cash out for $10m and try to sell privacy as a service through a search engine and ignore the elephant in the room.
I often find myself guessing at some of the DDG goodies or !bang searches, and more often than not the thing I want already exists.
I wish the !bang searches in particular were more discoverable, though. Perhaps if you search for "foo site:bar", or "foo bar" where bar is a well-known site or service, DDG should suggest 'Try "foo !bar" or "!bar foo" to ...".
I too have had trouble finding where the bang codes are.
I think the easiest is this: Go to the ddg home page, click on the drop down to the right of the search field, and at the bottom of that is "By category (!bang)"
We plan to overhaul the !bangs page when we get a moment and something that's already in place is a categorization system: https://duckduckgo.com/bang.html i.e. they're arranged by type! So someone could, for example, modifying the upcoming instant answer to show all the available !bangs and their associated domains by searching for "image !bangs" (which would show all the available !bangs under the "image" category) or !blogs, etc.
Is that more of what you mean?
It seems a little strange that typing in a search term, and then the interrobang, gives you a simple text autocomplete drop-down, without the very useful logos and search engine descriptions you get if you type the interrobang first, without the search term.
Would be nice if, as you say, you could type in, for instance, 'lung scaffold biomedical !', and have a drop-down bang search appear, populated with the relevant scientific search engines, and then also include graphical logos, and descriptions. It would make the !bang options much more discoverable.
--the !bangs are already categorized and it sounds like you're looking for a way to see which !bangs might apply to your search (for better results). ~explore mode. Would the suggestion of making them searchable by category be a good solution or something even different?
The categories are useful, but it would be great if you could work out a way of returning relevant search engines to a particular request, inline with that request. It just reduces friction.
> Would the suggestion of making them searchable by category be a good solution or something even different?
On the /bang.html page I think it would be good if you could search through the !bangs using a small text description, or a series of tags, because a single category doesn't really cover it. For instance, scirus or google scholar are science search engines, you can't just put them in the 'academic' or 'learning' section, and expect people to be able to find them, unless they already know the sites.
An interrobang is a combination of a question mark and an exclamation mark. You mean a bang, which is a shorthand for an exclamation mark. See http://en.wikipedia.org/wiki/Interrobang
The IMDB example in the Entertainment section is showing a pretty weird result for "Shawshank Redemption". Instead of the well known movie, the highlighted result is an episode of a quite obscure TV series ("Dating a Puppet").
-- Edit: I've just noticed the query goes straight to imdbapi.com, which returns the same results when searching for "Shawshank Redemption", without the "The" prefix. Which is still a bit weird, but has nothing to do with DDG.
Thanks for the heads up! We're going to update this page soon--IMDBAPI uses a variety of sources, one of them (iirc) is OMDBAPI.com and it looks like the error is stemming from there: http://www.omdbapi.com/?t=Shawshank%20Redemption
Very cool. DDG should consider displaying the goodies page as default for beginners, with choice to collapse the section in favour of the plain page if desired. It would encourage more experimentation and additions. Suggesting it because even a regular user like myself had no idea this page existed, much less a newbie.
FYI the sidebar scrolling doesn't work (and general layout is a bit iffy) on Nexus 7 chrome. I wasn't going to say anything but if the audience is very general it might be worth fixing - the new ddg works awesomely other than that! :)
Found a security issue with the Goodies (XSS at duckduckgo.com). I just posted it through your feedback form "I found a bug", hope that reaches the right people.
I'm sad to see that the "hash" goodie just identifies the type of the hash. It'd sure be nice if some web-crawler index or another would hash the documents it crawled before throwing them away--then you could search arbitrary web-resources by hash, the same way you can currently search images by image-fingerprint. (And such a feature, in "I Feel Lucky" mode, would effectively turn the entire web into a DHT.)
This is awesome. They've managed to identify many little utilities that users need occasionally. Google has a similar set of utilities, but it is only accessible through the search-bar, and you need to know what you're looking for. DDG's is much easier to browse/use.
So, anyone can suggest or create instant answers and it works out better that they're open source, since people who are most passionate about a topic (movies, legos, pokemon, gardening, etc) will know the best sources for it and the best information to display.
Awesome. An easy interface explaining each goodie.
Such a simple idea- and yet I've never seen Google figure something like this out. I mean I'm sure it's buried somewhere in Google's technical docs, but those docs don't qualify as easy interfaces.
If you don't know Perl, that's OK! Some instant answer types (Fathead, Longtail) don't require the use of Perl. Also, if you know PHP, Ruby, or Python you should be able to write a Goodie in Perl pretty easily using this awesome cheat sheet.
You have no idea how nice the majority of web is that way. Sites load fast, they don't spawn annoying rubbish, tracking is mostly broken, cpu usage is low, etc etc. Maybe I should write about it some day.
I used noscript for a while in blocking everything mode, then requestpolicy for better filtering, but got tired of having to allow stuff for most of my browsing (now I'm on adblock privacy + ghostery + privacy badger + cookie monster + biscuit + self-destructing cookie + smart referer).
I'd love to read about what others do and their usage, how they get around.
I use NoScript but have enabled the option "Temporarily allow top-level sites by default". That means any site I directly visit is allowed to run JS. But any references to scripts on other domains are blocked. That makes the web pretty usable but more secure.
You can if you want, but you shouldn't expect everything to work. If you disable something, you can't complain when sites try to use something that's, more often than not, enabled.
