1. Home
  2. Categories
  3. Side Bar WTF
  4. Now that we have sufficiently beaten Go into the ground, what about Dart?

Now that we have sufficiently beaten Go into the ground, what about Dart?

  • blakeyrat

    @Lorne Kates said:

    Everyone at the office is constantly coming up to me and asking me where I got my sweet merch, and where they can get their own.

    You better fucking give me a cut of that action, bitch!

    0
  • R

    @da Doctah said:

    @Ronald said:

    Notice to the reader: if you have in your house computer spare parts that haven't been used in more than one year, then YES you show early signs of hoarding.
    You've inspired me to turn my life around.  First thing tomorrow, I rip out that floppy drive.

    Wait, first have a look at how expensive those are nowadays. Last year I needed a floppy drive for an x-ray machine (yeah I know) and the price tag was $15 and it only came in barf beige, black was sold out.

    0
  • morbiuswilters

    @dkf said:

    ...(though where that's proved, they get kicked out)...

    Have you taken a look at the list of root CAs lately? The Chinese government is in there, as is the Department of Homeland Security. Plus, when even the commercial, American CAs have had major lapses, nobody's ever kicked them out. So I call shenanigans on your statement all-around.

    @dkf said:

    Doing anything about these problems is very tricky indeed, especially as virtually no end user is competent to make a decision about the validity of a certificate or the policies relating to that.

    Yeah, the CA system is badly broken, but at the same time alternatives are hard. Are you familiar with Perspectives and Convergence? Both seem like interesting solutions to the problem. Then there's also DANE which still has the centralization problem of the CA system, but at least it's locked down by TLD, which is a lot more secure than the CA system.

    0
  • morbiuswilters

    @joe.edwards said:

    So wouldn't the proliferation of SPDY (and therefore of TLS encryption) conflict with Google Fiber's interest in spying on subscriber Internet traffic?

    Sure, somewhat, but it's not unusual for Google's left hand to not know what the right is doing. Besides, as I pointed out before, they haven't made much of a move to monetize Fiber yet. I'm sure they're losing lots of money on it right now, they're just using it as a testbed. However, if they did roll it out nation-wide they'd either need to charge for the lowest tier or find some other way to make money off of them (e.g. ads, tracking, etc.)

    0
  • dkf
    Discourse touched me in a no-no place

    @morbiuswilters said:

    Have you taken a look at the list of root CAs lately?
    Yes, I have. (I've also run a small CA in the past, so I know what's actually involved.) I think this is the qualified-authority problem. To explain, there's no problem with trusting the DOD for .mil addresses (assuming you connect to them at all) but I doubt China would be happy with them issuing .cn addresses (or vice versa, of course). A sane solution to this would mean that the likes of GoDaddy wouldn't be able to offer cheap certificate signing to everyone in the world (without operating many subsidiaries) but that's something I can live with easily. Technically, that would just require a suitable critical extension (“authoritative domain”) to be in CA certificates and for browser makers (who have a lot of influence here) to insist on all root CA certificates to have them. Which would be a huge shake-up, but would massively improve the amount that people can trust the system overall to just do what it should.

    I don't know if anyone is proposing anything like that though.@morbiuswilters said:

    Are you familiar with Perspectives and Convergence? Both seem like interesting solutions to the problem. Then there's also DANE which still has the centralization problem of the CA system, but at least it's locked down by TLD, which is a lot more secure than the CA system.
    I'm not entirely convinced by both Perspectives and Convergence; they seem like they are Very Smart Solutions For Very Smart People, which is going to have problems getting much traction in the real world where there's still a lot of people who find the (substantially-simpler) existing CA system a real trial. DANE transfers the real trust to DNS, and I'm not convinced that that's a net improvement.

    0
  • PSWorx

    @morbiuswilters said:

    @alphadogg said:

    @morbiuswilters said:

    @alphadogg said:
    So, what's your favorite language now?

    I don't know that I have one. Maybe C, because it's stuck by the principle of being portable assembly

     

    So, for you, C is the best language out there, but it sucks, and all other established languages also suck, and new languages suck even more?

    That sums it up pretty well.

    Besides, I didn't say C was the best at everything, I just admire their spirit of "Fuck the fucking programmer". It's like Go, except people use it.

    COBOL has been around even longer than C, is still in widespread use and is in fact being actively developed by IBM. And it sucks even more than C! By your logic, you should guve it a try. You'll love it!

    0
  • morbiuswilters

    @dkf said:

    I don't know if anyone is proposing anything like that though.

    I think Google was pushing for it. They already do "pinning" for large domains in Chrome--they know Facebook only uses Verisign, then only a Verisign cert is accepted for Facebook. It's a hack and it's all hard-coded in the source last I checked, but it does help protect the biggest domains, which are usually the targets of fraudulent certs in the first place.

    @dkf said:

    I'm not entirely convinced by both Perspectives and Convergence; they seem like they are Very Smart Solutions For Very Smart People, which is going to have problems getting much traction in the real world where there's still a lot of people who find the (substantially-simpler) existing CA system a real trial.

    I don't think they'd work as-is, but I could see the major browser manufacturers running their own trust servers and just baking it all in so the it was seamless to end-users. I really like the idea and I hope it gains traction. I'd really like to see it replace the antiquated CA system--anyone can just throw up a self-signed cert and have it work. No more Danegeld to Verisign or Thawte or GoDaddy.

    @dkf said:

    DANE transfers the real trust to DNS, and I'm not convinced that that's a net improvement.

    It's still problematic, but it is safer than the CA system. For example, it guarantees that China can't issue certs against .com domains. Instead of worrying about one of the thousands of CA certs being stolen or one of the CAs being hacked or co-opted, you'd just have to worry about the root key or your TLD's key from being stolen, which is a lot less exposure.

    0
Log in to reply