Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #91044 > unrolled thread

Ah Python, you have spoiled me for all other languages

Back to article view | Back to comp.lang.python

Contents

  Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-05-23 00:58 +1000
    Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-23 01:29 +1000
      Re: Ah Python, you have spoiled me for all other languages wxjmfauth@gmail.com - 2015-05-22 10:57 -0700
      Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-22 16:40 -0500
      Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-22 16:40 -0500
        Re: Ah Python, you have spoiled me for all other languages Terry Reedy <tjreedy@udel.edu> - 2015-05-22 21:54 -0400
          Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-23 06:12 -0500
          Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-23 06:12 -0500
            Re: Ah Python, you have spoiled me for all other languages Terry Reedy <tjreedy@udel.edu> - 2015-05-23 13:26 -0400
        Re: Ah Python, you have spoiled me for all other languages Michael Torrie <torriem@gmail.com> - 2015-05-22 21:31 -0600
          Re: Ah Python, you have spoiled me for all other languages Johannes Bauer <dfnsonfsduifb@gmx.de> - 2015-05-23 08:55 +0200
            Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-23 06:21 -0500
              Re: Ah Python, you have spoiled me for all other languages Johannes Bauer <dfnsonfsduifb@gmx.de> - 2015-05-23 15:24 +0200
                Re: Ah Python, you have spoiled me for all other languages Marko Rauhamaa <marko@pacujo.net> - 2015-05-23 20:05 +0300
                  Re: Ah Python, you have spoiled me for all other languages Johannes Bauer <dfnsonfsduifb@gmx.de> - 2015-05-24 20:29 +0200
            Re: Ah Python, you have spoiled me for all other languages Marko Rauhamaa <marko@pacujo.net> - 2015-05-23 15:44 +0300
              Re: Ah Python, you have spoiled me for all other languages Johannes Bauer <dfnsonfsduifb@gmx.de> - 2015-05-23 15:17 +0200
              Re: Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-05-24 00:00 +1000
                Re: Ah Python, you have spoiled me for all other languages Marko Rauhamaa <marko@pacujo.net> - 2015-05-23 19:53 +0300
                  Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-24 03:41 +1000
                    Re: Ah Python, you have spoiled me for all other languages Marko Rauhamaa <marko@pacujo.net> - 2015-05-23 22:02 +0300
                  Re: Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-05-24 20:26 +1000
                    Re: Ah Python, you have spoiled me for all other languages Marko Rauhamaa <marko@pacujo.net> - 2015-05-24 18:26 +0300
                      Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-25 01:35 +1000
                        Re: Ah Python, you have spoiled me for all other languages Marko Rauhamaa <marko@pacujo.net> - 2015-05-25 09:57 +0300
                          Re: Ah Python, you have spoiled me for all other languages Laura Creighton <lac@openend.se> - 2015-05-25 11:39 +0200
                          Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-25 21:09 +1000
              Re: Ah Python, you have spoiled me for all other languages Michael Torrie <torriem@gmail.com> - 2015-05-23 21:00 -0600
                Re: Ah Python, you have spoiled me for all other languages Marko Rauhamaa <marko@pacujo.net> - 2015-05-24 11:23 +0300
        Re: Ah Python, you have spoiled me for all other languages Ian Kelly <ian.g.kelly@gmail.com> - 2015-05-22 22:10 -0600
        Re: Ah Python, you have spoiled me for all other languages amber <amber.of.luxor@gmail.com> - 2015-05-23 04:11 +0000
          Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-23 06:11 -0500
          Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-23 06:11 -0500
        Re: Ah Python, you have spoiled me for all other languages Ben Finney <ben+python@benfinney.id.au> - 2015-05-23 14:20 +1000
        Re: Ah Python, you have spoiled me for all other languages Michael Torrie <torriem@gmail.com> - 2015-05-22 22:30 -0600
          Re: Ah Python, you have spoiled me for all other languages Jon Ribbens <jon+usenet@unequivocal.co.uk> - 2015-05-23 11:10 +0000
            Re: Ah Python, you have spoiled me for all other languages Tim Chase <python.list@tim.thechases.com> - 2015-05-23 06:34 -0500
            Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-23 21:40 +1000
            Re: Ah Python, you have spoiled me for all other languages Michael Torrie <torriem@gmail.com> - 2015-05-23 20:57 -0600
            Re: Ah Python, you have spoiled me for all other languages Ian Kelly <ian.g.kelly@gmail.com> - 2015-05-24 01:22 -0600
        Re: Ah Python, you have spoiled me for all other languages Ian Kelly <ian.g.kelly@gmail.com> - 2015-05-22 22:29 -0600
        Re: Ah Python, you have spoiled me for all other languages Ian Kelly <ian.g.kelly@gmail.com> - 2015-05-22 22:49 -0600
        Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-23 14:49 +1000
          Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-23 06:29 -0500
        Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-23 14:55 +1000
        Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-23 14:28 +1000
        Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-23 14:21 +1000
      Re: Ah Python, you have spoiled me for all other languages Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2015-05-23 14:33 +0200
        Re: Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-05-23 23:01 +1000
          Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-23 23:12 +1000
            Re: Ah Python, you have spoiled me for all other languages wxjmfauth@gmail.com - 2015-05-23 23:37 -0700
          Re: Ah Python, you have spoiled me for all other languages Ned Batchelder <ned@nedbatchelder.com> - 2015-05-23 06:35 -0700
            Re: Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-05-24 00:09 +1000
            Re: Ah Python, you have spoiled me for all other languages Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2015-06-07 10:21 +0200
              Re: Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-06-07 21:42 +1000
                Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-06-07 22:08 +1000
                  Re: Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-06-07 23:24 +1000
                    Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-06-08 00:47 +1000
                Re: Ah Python, you have spoiled me for all other languages random832@fastmail.us - 2015-06-07 10:58 -0400
                  Re: Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-06-08 02:28 +1000
    Re: Ah Python, you have spoiled me for all other languages Tony the Tiger <tony@tiger.invalid> - 2015-05-22 16:31 +0000
      Re: Ah Python, you have spoiled me for all other languages Mark Lawrence <breamoreboy@yahoo.co.uk> - 2015-05-22 17:57 +0100
      Re: Ah Python, you have spoiled me for all other languages Tim Daneliuk <tundra@tundraware.com> - 2015-05-22 16:41 -0500
        Re: Ah Python, you have spoiled me for all other languages Tony the Tiger <tony@tiger.invalid> - 2015-05-23 20:25 +0000
    Re: Ah Python, you have spoiled me for all other languages Grant Edwards <invalid@invalid.invalid> - 2015-05-22 17:47 +0000
      Re: Ah Python, you have spoiled me for all other languages Chris Angelico <rosuav@gmail.com> - 2015-05-23 04:11 +1000
      Re: Ah Python, you have spoiled me for all other languages mm0fmf <none@mailinator.com> - 2015-05-22 19:19 +0100
      Re: Ah Python, you have spoiled me for all other languages Laura Creighton <lac@openend.se> - 2015-05-22 21:14 +0200
        Re: Ah Python, you have spoiled me for all other languages Steven D'Aprano <steve@pearwood.info> - 2015-05-23 11:36 +1000
      Re: Ah Python, you have spoiled me for all other languages MRAB <python@mrabarnett.plus.com> - 2015-05-22 20:34 +0100
      Re: Ah Python, you have spoiled me for all other languages Ian Kelly <ian.g.kelly@gmail.com> - 2015-05-22 13:56 -0600
        Re: Ah Python, you have spoiled me for all other languages Marko Rauhamaa <marko@pacujo.net> - 2015-05-22 23:34 +0300
          Re: Ah Python, you have spoiled me for all other languages Tim Chase <python.list@tim.thechases.com> - 2015-05-22 15:55 -0500
          Re: Ah Python, you have spoiled me for all other languages Ethan Furman <ethan@stoneleaf.us> - 2015-05-22 14:15 -0700
          Re: Ah Python, you have spoiled me for all other languages Ian Kelly <ian.g.kelly@gmail.com> - 2015-05-22 15:20 -0600
    Re: Ah Python, you have spoiled me for all other languages Paul Rubin <no.email@nospam.invalid> - 2015-05-22 16:00 -0700
      Re: Ah Python, you have spoiled me for all other languages Michael Torrie <torriem@gmail.com> - 2015-05-22 21:33 -0600

Page 1 of 4  [1] 2 3 4  Next page →

#91044 — Ah Python, you have spoiled me for all other languages

It's good to have at least a passing familiarity in more than one
programming language, so for I've re-written a small Python script (56
lines, including blanks and comments) into Lua (67 lines), Ruby (73 lines)
and Javascript (102 lines).

Re-writing the code in Lua and Ruby was actually quite simple. There are
some syntactic differences and semantic differences, and Ruby lacks a
standard "assert" function or statement, but that only required seven lines
of code. (Three of them "end" statements.) I think Python is a prettier
language visually than either Lua or Ruby, but they're in the ball-park.
Both languages have their warts and quirks, but if Python were declared
illegal overnight[1] I'd probably have no trouble adapting to Ruby or Lua.
Python would still be my first love, but these two languages make a
reasonable rebound language.

But Javascript... 

Javascript also lacks a standard assert mechanism, but that wasn't too hard
to fix. It also has two different equality operators, each of which are so
complicated and confusing that apparently there are two-year Masters
degrees on them[2], and yet with neither of these operators does the array
[1, 2] equal the array [1, 2].

It's visually an ugly language, requiring braces and semi-colons.
Technically, some of the semi-colons are optional, and some of them aren't
optional but change the meaning of the code if you leave them out, so it's
just best to stick semi-colons after; everything; you; can; just; to; be;
sure.

I know that first impressions aren't necessarily to be trusted, but the
impression I get after a couple of hours is that Javascript tries really
hard to do everything it can for you except what you actually want. If it
were a remote control for a DVD player, there would be a button to turn the
volume up, skip to the next chapter, and turn subtitles off; and another
button to change the language to French and return to the menus; but no way
to just mute the sound.




[1] Anything that good has got to be either illegal, immoral, or fattening.

[2] If there aren't, there ought to be. 


-- 
Steven

[toc] | [next] | [standalone]

#91045

On Sat, May 23, 2015 at 12:58 AM, Steven D'Aprano <steve@pearwood.info> wrote:
> I think Python is a prettier
> language visually than either Lua or Ruby, but they're in the ball-park.
> Both languages have their warts and quirks, but if Python were declared
> illegal overnight[1] I'd probably have no trouble adapting to Ruby or Lua.
> Python would still be my first love, but these two languages make a
> reasonable rebound language.

A good start. Toy programs don't always tell the whole story, though.
How good are the three languages at making your code reliable in the
face of user action? My hobby-horse, Unicode, is a notable flaw in
many languages - if you ask the user for information (in the most
obvious way for whatever environment you're in, be that via a web
browser request, or a GUI widget, or text entered at the console), can
it cope equally with all the world's languages? What if you want to
manipulate that text - is it represented as a sequence of codepoints
(Python 3), UTF-16 code units (JavaScript), UTF-8 bytes (quite a few),
or "bytes in whatever codepage your system was set to" (anything that
hasn't cared)?

ChrisA

[toc] | [prev] | [next] | [standalone]

#91058

Le vendredi 22 mai 2015 17:37:19 UTC+2, Chris Angelico a écrit :
> On Sat, May 23, 2015 at 12:58 AM, Steven D'Aprano <steve@pearwood.info> wrote:
> > I think Python is a prettier
> > language visually than either Lua or Ruby, but they're in the ball-park.
> > Both languages have their warts and quirks, but if Python were declared
> > illegal overnight[1] I'd probably have no trouble adapting to Ruby or Lua.
> > Python would still be my first love, but these two languages make a
> > reasonable rebound language.
> 
> A good start. Toy programs don't always tell the whole story, though.
> How good are the three languages at making your code reliable in the
> face of user action? My hobby-horse, Unicode, is a notable flaw in
> many languages - if you ask the user for information (in the most
> obvious way for whatever environment you're in, be that via a web
> browser request, or a GUI widget, or text entered at the console), can
> it cope equally with all the world's languages? What if you want to
> manipulate that text - is it represented as a sequence of codepoints
> (Python 3), UTF-16 code units (JavaScript), UTF-8 bytes (quite a few),
> or "bytes in whatever codepage your system was set to" (anything that
> hasn't cared)?
> 
> ChrisA

I agree.
See my comment on textwrap:
https://groups.google.com/forum/#!topic/comp.lang.python/j_Kbb0lfyGc

jmf

[toc] | [prev] | [next] | [standalone]

#91077

On 05/22/2015 10:29 AM, Chris Angelico wrote:
> On Sat, May 23, 2015 at 12:58 AM, Steven D'Aprano <steve@pearwood.info> wrote:
>> I think Python is a prettier
>> language visually than either Lua or Ruby, but they're in the ball-park.
>> Both languages have their warts and quirks, but if Python were declared
>> illegal overnight[1] I'd probably have no trouble adapting to Ruby or Lua.
>> Python would still be my first love, but these two languages make a
>> reasonable rebound language.
> 
> A good start. Toy programs don't always tell the whole story, though.
> How good are the three languages at making your code reliable in the
> face of user action? My hobby-horse, Unicode, is a notable flaw in
> many languages - if you ask the user for information (in the most
> obvious way for whatever environment you're in, be that via a web
> browser request, or a GUI widget, or text entered at the console), can
> it cope equally with all the world's languages? What if you want to
> manipulate that text - is it represented as a sequence of codepoints
> (Python 3), UTF-16 code units (JavaScript), UTF-8 bytes (quite a few),
> or "bytes in whatever codepage your system was set to" (anything that
> hasn't cared)?
> 
> ChrisA
> 


Lo these many years ago, I argued that Python is a whole lot more than 
a programming language:

   https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

[toc] | [prev] | [next] | [standalone]

#91078

On 05/22/2015 10:29 AM, Chris Angelico wrote:
> On Sat, May 23, 2015 at 12:58 AM, Steven D'Aprano <steve@pearwood.info> wrote:
>> I think Python is a prettier
>> language visually than either Lua or Ruby, but they're in the ball-park.
>> Both languages have their warts and quirks, but if Python were declared
>> illegal overnight[1] I'd probably have no trouble adapting to Ruby or Lua.
>> Python would still be my first love, but these two languages make a
>> reasonable rebound language.
> 
> A good start. Toy programs don't always tell the whole story, though.
> How good are the three languages at making your code reliable in the
> face of user action? My hobby-horse, Unicode, is a notable flaw in
> many languages - if you ask the user for information (in the most
> obvious way for whatever environment you're in, be that via a web
> browser request, or a GUI widget, or text entered at the console), can
> it cope equally with all the world's languages? What if you want to
> manipulate that text - is it represented as a sequence of codepoints
> (Python 3), UTF-16 code units (JavaScript), UTF-8 bytes (quite a few),
> or "bytes in whatever codepage your system was set to" (anything that
> hasn't cared)?
> 
> ChrisA
> 


Lo these many years ago, I argued that Python is a whole lot more than 
a programming language:

   https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

[toc] | [prev] | [next] | [standalone]

#91086

On 5/22/2015 5:40 PM, Tim Daneliuk wrote:

> Lo these many years ago, I argued that Python is a whole lot more than
> a programming language:
>
>     https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/

Perhaps something at tundraware needs updating.
'''
This Connection is Untrusted

You have asked Firefox to connect securely to www.tundraware.com, but we 
can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted 
identification to prove that you are going to the right place. However, 
this site's identity can't be verified.
'''

-- 
Terry Jan Reedy

[toc] | [prev] | [next] | [standalone]

#91112

On 05/22/2015 08:54 PM, Terry Reedy wrote:
> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
> 
>> Lo these many years ago, I argued that Python is a whole lot more than
>> a programming language:
>>
>>     https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
> 
> Perhaps something at tundraware needs updating.
> '''
> This Connection is Untrusted
> 
> You have asked Firefox to connect securely to www.tundraware.com, but we can't confirm that your connection is secure.
> 
> Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
> '''
> 

It's self signed - something done quite routinely on the net.

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

[toc] | [prev] | [next] | [standalone]

#91115

On 05/22/2015 08:54 PM, Terry Reedy wrote:
> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
> 
>> Lo these many years ago, I argued that Python is a whole lot more than
>> a programming language:
>>
>>     https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
> 
> Perhaps something at tundraware needs updating.
> '''
> This Connection is Untrusted
> 
> You have asked Firefox to connect securely to www.tundraware.com, but we can't confirm that your connection is secure.
> 
> Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
> '''
> 

It's self signed - something done quite routinely on the net.

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

[toc] | [prev] | [next] | [standalone]

#91143

On 5/23/2015 7:12 AM, Tim Daneliuk wrote:
> On 05/22/2015 08:54 PM, Terry Reedy wrote:
>> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
>>
>>> Lo these many years ago, I argued that Python is a whole lot more than
>>> a programming language:
>>>
>>>      https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/

>> Perhaps something at tundraware needs updating.
>> '''
>> This Connection is Untrusted
>>
>> You have asked Firefox to connect securely to www.tundraware.com, but we can't confirm that your connection is secure.
>>
>> Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
>> '''
>>
>
> It's self signed - something done quite routinely on the net.

I do not routinely see the message above.  In fact, it has been months. 
  I think the last time was a python.org site that *did* need updating. 
Hence the 'perhaps'. But maybe I do not get around to new sites often 
enough.

I went ahead and clicked through the warnings to read you somewhat 
prescient 13-year-old piece.

-- 
Terry Jan Reedy

[toc] | [prev] | [next] | [standalone]

#91090

On 05/22/2015 07:54 PM, Terry Reedy wrote:
> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
> 
>> Lo these many years ago, I argued that Python is a whole lot more than
>> a programming language:
>>
>>     https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
> 
> Perhaps something at tundraware needs updating.
> '''
> This Connection is Untrusted
> 
> You have asked Firefox to connect securely to www.tundraware.com, but we 
> can't confirm that your connection is secure.
> 
> Normally, when you try to connect securely, sites will present trusted 
> identification to prove that you are going to the right place. However, 
> this site's identity can't be verified.
> '''

Sigh. I blame this as much on the browser.  There's no inherent reason
why a connection to a site secured with a self-signed certificate is
insecure.  In fact it's definitely not.  Browsers need a better way to
deal with self-signed certs, but I think they'd rather we all just pay
up to the cert authorities and buy some false sense of security.

Personally I created my own CA with the wonderful xca program, and sign
all my certs with that.  If a person adds my CA certificate to their
browser, then my sites are trusted (and verified).  But for a public web
page this isn't very automatic.

[toc] | [prev] | [next] | [standalone]

#91104

On 23.05.2015 05:31, Michael Torrie wrote:

> Sigh. I blame this as much on the browser.  There's no inherent reason
> why a connection to a site secured with a self-signed certificate is
> insecure.

The problem is *not* that the certificate is self-signed.

It's that it's unknown previously to being encountered within the TLS
handshake. And that *does* make it inherently insecure.

Not algorithmically, obviously.  I can still do a DH-handshake with the
remote peer that will generate a shared secret no eavesdropper will
know. The browser just can't be sure that whoever it negotiated the DH
with is really the endpoint (i.e. the webserver). That is the problem.

I dislike CAs as much as the next guy. But the problem of distributing
trust is just not easy to solve, a TTP is a way out. Do you have an
alternative that does not at the same time to providing a solution also
opens up obvious attack surface?

Cheers,
Johannes

-- 
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
 - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>

[toc] | [prev] | [next] | [standalone]

#91116

On 05/23/2015 01:55 AM, Johannes Bauer wrote:
> On 23.05.2015 05:31, Michael Torrie wrote:
> 
>> Sigh. I blame this as much on the browser.  There's no inherent reason
>> why a connection to a site secured with a self-signed certificate is
>> insecure.
> 
> The problem is *not* that the certificate is self-signed.
> 
> It's that it's unknown previously to being encountered within the TLS
> handshake. And that *does* make it inherently insecure.
> 
> Not algorithmically, obviously.  I can still do a DH-handshake with the
> remote peer that will generate a shared secret no eavesdropper will
> know. The browser just can't be sure that whoever it negotiated the DH
> with is really the endpoint (i.e. the webserver). That is the problem.
> 
> I dislike CAs as much as the next guy. But the problem of distributing
> trust is just not easy to solve, a TTP is a way out. Do you have an
> alternative that does not at the same time to providing a solution also
> opens up obvious attack surface?
> 
> Cheers,
> Johannes
> 

Trust has context.  You're going to that site to read an article.  This
is rather different than, say, going somewhere to transact commerce or
move money.

I have been doing an experiment with tundraware.com to try out https
everywhere to see just what breaks and who squawks.  I've seen a number
of concerns like the ones on this thread.  Most interestingly, this
seems to be breaking the FreeBSD ports build mechanism for the ports
I'd previously contributed to the project.

This is a tough tradeoff.  If you don't run https, then your every interaction
with the website can be trivially monitored by a third party.   Even just
the metadata of when you do use https and when you do not can be useful
to an eavesdropper.  So, there is increasing thought that we should all just
run https everywhere all the time.  But then we run into the signing problem.
I am hoping that we will soon see free or inexpensive CAs to make that
problem go away.  See:

  https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web



-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

[toc] | [prev] | [next] | [standalone]

#91125

On 23.05.2015 13:21, Tim Daneliuk wrote:

> Trust has context.  You're going to that site to read an article.  This
> is rather different than, say, going somewhere to transact commerce or
> move money.

Sure, for your site it doesn't really make a difference. And, as I said
before, having a self-signed CA certificate doing https is still WAY
better than not having it. Especially if you have PFS-only ciphersuites
configured (I didn't check, but you should if you're unsure). Because
this effectively means that you're protected against passive
eavesdropping, no matter what.

> So, there is increasing thought that we should all just
> run https everywhere all the time.  But then we run into the signing problem.
> I am hoping that we will soon see free or inexpensive CAs to make that
> problem go away.  See:

Running TLS everywhere is an awesome idea and I'm all for it. So good
that you've already made the switch :-)

But I don't think inexpensive CAs would make the signing problem go away.

I think the major flaw of the X.509 certificate PKI we have today is
that there's no namespacing whatsoever. This is a major problem, as the
Government of Untrustworthia may give out certifictes for google.de if
they wish to do so.

In my opinion, it would be great to have a suffix-option in X.509 (maybe
there's even an extension for this already and I'm not aware -
regardless, nobody is using it if there is such a thing). For example,
there'd be root certificates in the certificate store:

CA1: PF=.com signs -> CA2: PF=.google.com
CA3: PF=.de

So CA1 could give out certificates for
foo.com
www.google.com

And CA2 could give out certificates for
www.google.com

And CA3 could give out certificates for
google.de

But CA1 could never sign any .de domain webserver certificate. It would
only ever get more restrictive down the chain.

Sounds like it's trivial to implement, I wonder why it's not in place.
It must have some huge drawback that I can't think of right now.

Cheers,
Johannes


-- 
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
 - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>

[toc] | [prev] | [next] | [standalone]

#91142

Johannes Bauer <dfnsonfsduifb@gmx.de>:

> I think the major flaw of the X.509 certificate PKI we have today is
> that there's no namespacing whatsoever. This is a major problem, as
> the Government of Untrustworthia may give out certifictes for
> google.de if they wish to do so.

But you're fine with the Government of Germany, I take it? Or any
accredited German CA?

Even well-meaning CA's do a lousy job. I remember when I purchased a
domain certificate from a reputable CA. How did they verify I was a
rightful representative of the domain? They called the phone number I
had filled in the application form -- since somebody (me) picked up the
phone, they accepted my application as legitimate.

When an HTTPS URL is displayed with the green lock icon, all it means is
that someone has paid good money for the certificate.

> Sounds like it's trivial to implement, I wonder why it's not in place.
> It must have some huge drawback that I can't think of right now.

How would your scheme address .com, .net, .org etc?


Marko

[toc] | [prev] | [next] | [standalone]

#91191

On 23.05.2015 19:05, Marko Rauhamaa wrote:
> Johannes Bauer <dfnsonfsduifb@gmx.de>:
> 
>> I think the major flaw of the X.509 certificate PKI we have today is
>> that there's no namespacing whatsoever. This is a major problem, as
>> the Government of Untrustworthia may give out certifictes for
>> google.de if they wish to do so.
> 
> But you're fine with the Government of Germany, I take it? Or any
> accredited German CA?

Of course not. But namespacing *enables* separation of trusted entities
where we currently have none whatsoever.

>> Sounds like it's trivial to implement, I wonder why it's not in place.
>> It must have some huge drawback that I can't think of right now.
> 
> How would your scheme address .com, .net, .org etc?

I don't see any problem, why do you see one?

The thing was that I was just giving an example of how nesting could
work. If those are domain names or nested OIDs or any other form of
unique identifier does not matter at all. de, org, fudis, it's all the same.

Cheers,
Johannes

-- 
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
 - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>

[toc] | [prev] | [next] | [standalone]

#91121

Johannes Bauer <dfnsonfsduifb@gmx.de>:

> I dislike CAs as much as the next guy. But the problem of distributing
> trust is just not easy to solve, a TTP is a way out. Do you have an
> alternative that does not at the same time to providing a solution
> also opens up obvious attack surface?

Here's an idea: an authentication is considered valid if it is vouched
for by the United States, China, Russia *and* the European Union. Those
governments are the only entities that would have the right to delegate
their respective certification powers to private entities. The
governments would also offer to certify anybody in the world free of
charge.


Marko

[toc] | [prev] | [next] | [standalone]

#91124

On 23.05.2015 14:44, Marko Rauhamaa wrote:
> Johannes Bauer <dfnsonfsduifb@gmx.de>:
> 
>> I dislike CAs as much as the next guy. But the problem of distributing
>> trust is just not easy to solve, a TTP is a way out. Do you have an
>> alternative that does not at the same time to providing a solution
>> also opens up obvious attack surface?
> 
> Here's an idea: an authentication is considered valid if it is vouched
> for by the United States, China, Russia *and* the European Union. Those
> governments are the only entities that would have the right to delegate
> their respective certification powers to private entities. The
> governments would also offer to certify anybody in the world free of
> charge.

You propose that a set of multiple CA signatures (TTPs) is required and
that those CAs work for free.

Multiple problems with that.

Firstly, who is going to choose the TTPs? In your example you
arbitrarily chose four instances. Japan is missing from there, why?
Because you made arbitrary rules. Good luck convincing everyone
(especially the Japanese) that your choice is the "right" one. There is
never going to be agreement.

Secondly, any of the "chosen" TTPs can effectively DoS every other
country in your scenario. If the US and Russia have a conflict, each
party can become sloppy at their certifications and slow things down a
bit. Suddenly bank-of-russia.ru doesn't have a valid certificate
anymore, ooops.

Thirdly, the more TTPs you have, the less well the whole thing scales.
The whole idea of a trusted third party is that you can TRUST that party
and don't have to do additional checks (like checking agreement with
other TTPs).

Fourthly and lastly: How would this work? If I have a website running
https, how would I get my identity certified by Russia or China? I
should maybe mention that I speak neither Russian nor Chinese. And even
if I did or maybe if their CAs provided service in English, how would
they certify me? For personal identification purposes you often have to
appear in person, something that is impossible if you distribute the
scheme around the whole world.

All in all, the current CA system is shitty and has numerous problems,
but it's not like it's been designed by monkeys. Every alternative has
new problems, some of which may be even worse than the problems we have now.

Cheers,
Johannes

-- 
>> Wo hattest Du das Beben nochmal GENAU vorhergesagt?
> Zumindest nicht öffentlich!
Ah, der neueste und bis heute genialste Streich unsere großen
Kosmologen: Die Geheim-Vorhersage.
 - Karl Kaos über Rüdiger Thomas in dsa <hidbv3$om2$1@speranza.aioe.org>

[toc] | [prev] | [next] | [standalone]

#91128

On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:

> Johannes Bauer <dfnsonfsduifb@gmx.de>:
> 
>> I dislike CAs as much as the next guy. But the problem of distributing
>> trust is just not easy to solve, a TTP is a way out. Do you have an
>> alternative that does not at the same time to providing a solution
>> also opens up obvious attack surface?
> 
> Here's an idea: an authentication is considered valid if it is vouched
> for by the United States, China, Russia *and* the European Union. Those
> governments are the only entities that would have the right to delegate
> their respective certification powers to private entities.

An interesting mix of:

- one explicitly non-democratic one-party state;

- one nominally democratic but de facto autocratic state;

- one nominally democratic but de facto two-party corporatocracy;

- one supranational union of states;


If you gave them veto power over all certificate authorities (since you need
all four to agree, any of them can veto a CA), I'm not sure that they would
necessarily agree on *any* CAs. Especially since at least two of them would
be looking for any opportunity to subvert the system for the purposes of
espionage and mass surveillance.

I also don't see any reason why national governments would give up their
existing certification powers.


> The governments would also offer to certify anybody in the world free of
> charge.

Why would they do that?



-- 
Steven

[toc] | [prev] | [next] | [standalone]

#91140

Steven D'Aprano <steve@pearwood.info>:

> On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
>> Here's an idea: an authentication is considered valid if it is
>> vouched for by the United States, China, Russia *and* the European
>> Union. Those governments are the only entities that would have the
>> right to delegate their respective certification powers to private
>> entities.
>
> An interesting mix of:
>
> - one explicitly non-democratic one-party state;
> - one nominally democratic but de facto autocratic state;
> - one nominally democratic but de facto two-party corporatocracy;
> - one supranational union of states;

Yes, the same principles that make UN do a lot of good in the world
despite those shortcomings.

> If you gave them veto power over all certificate authorities (since
> you need all four to agree, any of them can veto a CA),

No, they wouldn't be able to veto a CA. At worst, they would be able to
refuse you a certificate. If they did that, they would risk being
dropped from the power pool.

>> The governments would also offer to certify anybody in the world free
>> of charge.
>
> Why would they do that?

They would have something to gain and something to lose:

 1. They would gain protection for their citizens and companies against
    foreign MitM attacks.

 2. They would lose the power to perform MitM attacks on their own
    citizens.

Unfortunately, the governments of the world fear their own citizens more
than each other, so they would likely not go with the kind of plan I
presented.

At the moment any sovereign government and sizeable criminal outfit can
cook up valid certificates for any website in the world. That's because
each CA is trusted completely.


Marko

[toc] | [prev] | [next] | [standalone]

#91144

On Sun, May 24, 2015 at 2:53 AM, Marko Rauhamaa <marko@pacujo.net> wrote:
> Steven D'Aprano <steve@pearwood.info>:
>
>> On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
>>> Here's an idea: an authentication is considered valid if it is
>>> vouched for by the United States, China, Russia *and* the European
>>> Union. Those governments are the only entities that would have the
>>> right to delegate their respective certification powers to private
>>> entities.
>>
>> If you gave them veto power over all certificate authorities (since
>> you need all four to agree, any of them can veto a CA),
>
> No, they wouldn't be able to veto a CA. At worst, they would be able to
> refuse you a certificate. If they did that, they would risk being
> dropped from the power pool.

You start out by saying it's valid if vouched for by X, Y, Z., *and*
A. That means that if it's vouched for by X, Y, and A, but not Z, then
it's not valid. That gives Z the power to veto any certificate.
Correspondingly each of the others.

Alternatively, you could say that it's valid if vouched for by *any*
of your authorities... but then you have the same situation as
currently, where multiple authorities can create identical
certificates.

You could try for some kind of voting scheme, where it takes X/2+1
authorities to create a certificate (so you'd need three of your four,
or if you added a fifth (say Japan), then three out of the five); but
this just entails ridiculous overheads for uncertain benefit.

Also, there's one huge question outstanding: Since when should country
governments and the EU be in charge of any of this?

ChrisA

[toc] | [prev] | [next] | [standalone]

Page 1 of 4  [1] 2 3 4  Next page →

Back to top | Article view | comp.lang.python

csiph-web