No, WebKit already traces through C++ for the DOM GC. Oilpan is a project to make it use GC for *all* Blink objects including objects not exposed to the DOM at all. Read the design doc to learn more.
Um, I did work at Google for quite some years, and given the vast size of their C++ codebase the chances of it all being ported to Go any time this decade is zero. And for what it's worth I keep hearing from people who still work there that they're desperately trying to avoid being forced to use Go. It's hardly a slam dunk language decision.
You must be a Java programmer. Garbage collection is generally a very bad idea for a systems language, because of the periodic stalls whilst it does the cleanup
Ah yes, the "systems language" debate. Oh how I love those.
Here are a few things to ponder.
The first is that your claim about Android underperforming iOS doesn't seem to have any merit. I have a Lollipop device here and it's as smooth as any iPhone I've ever used. Indeed I suspect by "smooth" you mean whether animations consistently hit 60fps and that has relatively little to do with garbage collection because most animations only last for a second or two, and you can easily delay GC until after it's finished. If you actually read about Project Butter and the work the Android team did to make things fast and smooth, it mostly involved deep changes to the graphics stack. The new GC in ART helps when doing things like scrolling down infinite lists, but otherwise, it's not a big deal. Bear in mind GC pauses on a modern Android device are in the realm of milliseconds - not fast enough to cause a frame skip unless you're really pushing up against the deadlines.
Another thing to consider is that people love to try and define "systems language" to mean whatever language they happen to prefer at the time. For instance the Linux guys have claimed for years that C++ isn't a "systems language" because you can't use it to write a kernel. However, quite a few successful kernels have done just that: for instance parts of the MacOS kernel are written in C++, the osV kernel is mostly C++ and so on. Microsoft even wrote an entire OS with kernel and everything in garbage collected C#. I've come to believe that the term "systems language" is so vague as to be useless for describing programming languages.
Final point. Rust claims to be superior for systems programming because it doesn't need a garbage collector. However, Mozilla is not in the business of writing kernels. They are in the business of writing web browsers. Web browsers absolutely can be garbage collected and due to the need to support Javascript, often are. At a time when Mozilla is dumping resources into designing an entirely new programming language and experimental layout engine that uses it (Servo), the Chrome guys are quietly getting on with migrating Blink (aka WebKit) to garbage collected C++. The project is called Oilpan, look it up. Apparently Google disagrees with Mozilla about the need for a non-GCd "systems language" for the kind of work they're doing.
WoT doesn't work anywhere. I know it's a popular idea but it doesn't work, period, end of story.
Problem: the PGP web of trust is tiny and has fewer than 4 million keys published to the SKS key pool, EVER. That's pathetic. But of those keys, many are not really connected to the WoT at all. The strong set is only 50k keys. The WoT is a failure, numerically. For comparison: "Yo", an app created as an April fools joke which only lets you send the word "yo" to other users, managed to get 3 million users. The WoT's entire existence has been matched by an April fools.
Problem: the PGP web of trust converts everyone you trust a CA. Unlike real CAs that protect their keys with hardware security modules, are audited, etc, PGP users routinely do things like carrying their private keys through airports on general purpose laptops onto which they install whatever the latest cool toy is. If any of the users you trust are compromised, the entire WoT can be faked through them and your client will accept it. Sure, if you're some kind of crypto guru you can maybe detect this. But most people aren't.
Problem: the "web of trust" is misleadingly named. The graph edges in it are not indicative of social trust. They are in fact reflecting a trust that is more like, "I trust you to protect your private key and do accurate ID verification" which has nothing to do with the more ordinary, human, every day use of the word trust. In your post you mix up these very different kinds of trust, and this is a very frequent but fundamental error. Protecting private keys and doing accurate ID verification are difficult, skilled tasks, whereas what being trustworthy usually means simply requires loyalty.
Problem: the primary criticism of the CA system is that CA's could be coerced by governments via legal means. However the same is true for people in the web of trust - any of those people can be served with a a court order forcing them to sign the governments key.
Problem: the WoT leaks the entire social graph to the entire public. In this day and age, that's unacceptable.
Problem: the WoT has fake keys uploaded to it and there's nothing anyone can do about it. This isn't theoretical, it has happened and routinely fools large numbers of people.
In short, after many years I've come to the conclusion that the web of trust has no redeeming qualities at all. It was a neat sounding idea, it was tried, it has failed. It should be taken out the back and quietly shot, so it can't mislead any more people into thinking it's a good idea.
Frankly, it would be just as easy to make Baidu serve up the script for them
Yes. That's exactly what I said in the last paragraph. Did you read the post all the way to the end?
Obviously China can build the equipment needed to do a massive MITM attack on Baidu. But it would be a big step up from what they're currently doing, cost wise. So it makes little sense for them to do that, given they'd need to coerce the private keys out of Baidu anyway. At that point they may as well just re-use Baidu's existing equipment for termination of SSL.
Bear in mind there are multiple subtle cases that interact with different systems in different ways.
The base case, that we have here, is no SSL. GFW injects packets, not much anyone can do about it.
The next step up is PRC minting fake certificates. However, CNNIC just got revoked by Chrome for gross negligence, so obviously browser makers are not unwilling to do that, and other than Hong Kong Post Office PRC doesn't control any other CAs. If one was found to be doing a MITM attack on Baidu it'd be immediately revoked again - game over.
So then the next step up is Chinese government coercing Baidu to give up their private keys. However PKI rules say that if a private key is lost either through coercion or theft the certificate is revoked. This happened to Lavabit: once they were forced to give up their key by court order Verisign revoked the cert explaining that industry policies required it to do so. So if Baidu started serving malicious Javascripts then most likely Baidus SSL cert itself would be revoked, on the assumption that a respectable company would not distribute malware under its own volition. This would have the effect of nuking most Baidu ads or analytics outside of China and probably breaking websites, but assuming the Chinese websites care, they would just adjust their code to stop including Baidu stuff for foreign users and that's the end of that.
Additionally even if the issuing CAs didn't want to revoke Baidu entirely, I suspect Google/Microsoft would add the pages to the SafeBrowsing blacklist for malware distribution and the outcome would be the same.
China could also try coercing ALL keys out of ALL websites and doing MITM on ALL of them, but the amount of effort required to do that would be astronomical.
So the conclusion is the same - SSL is the next step in this arms race.
It was tried already. It doesn't work. Nobody wants to be a volunteer CA, which is effectively what the web of trust demands of people.
The Great Firewall could just as easily act as a MITM attack
This must be a new use of the phrase "just as easily" that I haven't encountered before.
Line rate DPI is already expensive and slow. The Great Firewall has in the past routinely suffered from weird hotspots or outages at peak times where banned keywords were not always being spotted.
The injection technique that the GFW was using in this instance is very simple: on spotting a particular byte pattern in the packet stream, write three (probably pre-formatted) packets into a network port, sit back, see what happens. There were always exactly three packets and attempting to get normal behaviour out of the MITM TCP stack didn't work, meaning there probably is no stack.
Now throw "completely intercept the TCP handshake and redo it, then perform an SSL handshake on the client end, then perform ANOTHER connection to the Baidu server, then obtain a fake cert without tipping off the western browser/OS makers whose browsers you are trying to hack, THEN decrypt massive amounts of traffic (basically all traffic to the intended host) at line rate"
Then remember that this attack works by converting Chinese people abroad into a botnet. So the moment the Chinese fake cert is detected it would be revoked immediately. Attack over.
No way. It will never happen. If China wants to convert Baidu users into a weapon then it is MUCH simpler for them to simply
Doesn't that make you feel warm, fuzzy, and secure, knowing that the fine folks at that establishment could issue a fraudulent certificate for any website in the world?
The issue is that browsers and OS makers, not being a bunch of unprofessional amateurs, need policies that are more precise than "warm and fuzzy". So the CA system has very clearly written policies, audits, best practices and so on. If you pass them you can be a CA.
I'm not sure what kind of fix you have in mind, but I suspect it boils down to "America is more trustworthy when it comes to internet surveillance than Hong Kong". Except we know that's not true. So it seems intractable.
The brutal reality is what people want is a public key infrastructure that cannot be beaten by any government anywhere and no such infrastructure exists. Nor is there any credible design proposal for such a system.
Obama has no authority to impose sanctions on anybody for these acts, unless (1) Congress passes a law that says he does
They did. The PATRIOT Act allows the Treasury to sanction anyone at any time, for pretty much any reason.
it's established that Commanders-in-Chief can freeze the bank accounts of enemies of the US. This did require a statute, the PATRIOT Act, because it would not have been in the toolbox of an 18th-century monarch or George Washington. But now that it's established, and it's widely considered to have been a useful military tool against Al Qaeda, the administration can use it against anyone it thinks is a military opponent.
The case for financial sanctions against Al Qaeda is not as clear cut as you might think. The cost of 9/11 was in the low tens of thousands of dollars.
Regardless, the US sanctions list include many non-military targets, and the definition of "terrorist" is so flexible that it can be used to justify punitive non-judicial action against literally anyone. The US constitution specifically forbids laws of attainder, which are laws that specifically enumerate lists of victims. The PATRIOT Act doesn't include an actual list (though the Magnitsky act does), but a law that refers to a list maintained by a bureaucracy under direct command of the President is hardly different given the bans intent.
Unless you intend any form of punishment at all to be OK against any "military target" i.e. anyone, then no, this sort of thing is not OK.
For those that are wondering how foreigners can be charged with US law, look up "extradition treaty". For those with whom we haven't signed such a treaty, look up "financial sanctions" or "asset forfeiture".
Neither of those things involve charges. That's why they're effective - if they had to be backed by actual charges that went through an actual judicial system, the targets could win cases and get the sanctions dismissed. An arbitrary blacklist is a lot better from the viewpoint of the POTUS and his minions because what are you going to do about it? File an appeal?
This isn't about citizens in other countries simply minding their own business
Pretty staggeringly stupid position. Lots of countries have extradition treaties with the USA, including Germany. If you are OK with the head of the NSA being extradited, charged, found guilty of espionage and imprisoned in Europe or China then go right ahead and say such things
If it is so easy to do this, why haven't the Russian internet criminals rolled anything out on this scale? It seems to me that a platform like this would be all kinds of ideal for criminal purposes.
They have. That is exactly what I just said - Zeus is also a modular, plugin based malware platform that is developed by Russian/east European fraud gangs. It bears a lot of similarities to the NSA/GCHQ malware platforms in terms of how it gets onto people's systems, general design, etc.
because of the work they do and the requirements that work puts on their infrastructure they were probably into the whole "big data" mindset several years before mainstream commercial, civilian IT companies got there
It's not the case. For instance the NSA scalable data store (Accumulo) is basically a reimplementation of Google's BigTable, and they don't try to hide it. They adopted tech from the civilian space for their own requirements but it wasn't invented there.
With respect to your other points, I never said they don't know what they're doing, only that what they're doing is not particularly interesting and I don't think it will keep the best people interested for more than a few years before they find it becomes humdrum routine. And by "product" you knew perfectly well what I meant - not some crappy in house web app used by a few hundred people who have no other choice, I mean a product that's available in the marketplace which competes for end users, probably consumers or professionals. Something where quality matters.
I don't think so.
1) You don't see ads on Facebook.com if you aren't logged in, and DATR isn't sent for social plugins around the web.
2) They have already said they don't do that.
So we have both their own statements and technical evidence.
OK, so we have an article claiming Facebook is tracking everyone for evil advertising purposes, even when logged out. Facebook denies it and says it's garbage.
Let's go do 30 seconds of digging and see who is right, shall we?
There are three cookies set. Two of them appear to simply encode the loaded URL and have no ids or other interesting info. The last is the "DATR" cookie. What does DATR do? Well, we know what it does because last time this garbage blew up in the press Facebook explained what it does:
We set the ‘datr’ cookie when a web browser accesses facebook.com (except social plugin iframes), and the cookie helps us identify suspicious login activity and keep users safe. For instance, we use it to flag questionable activity like failed login attempts and attempts to create multiple spam accounts.
So it's an anti abuse and security feature. Nothing to do with advertising. Also, guess what - such cookies are common across many websites. They are quite useful for detecting spammers. Presumably Facebook tried to explain this to the Belgian regulator in question, but it's just so much better politically for said regulator to pretend they caught some evil company in their terrible advertising habits red handed, than learn how large websites work.
The problem is the more time the media and government regulators cry wolf over this stuff, the more inclined I am to believe they're all harmful idiots who want to break the web.
Yes The Equation Group [arstechnica.com] really seemed "2nd rate" and they sure didn't "make" anything.
TAO is what you would expect to see given a sufficiently large budget spent exclusively on hacking everything possible. The hacks are impressive in the sense that they take a lot of resources and time to develop and it wasn't previously obvious to what extent governments were committing resources to infrastructure subversion. They are not especially impressive from a technical perspective: it's basically a more professional and larger scale version of the types of malware produced by Russian banking fraudsters. Working from that down into BIOS hacks and the like is the inevitable result of spending billions on hackers year after year - they need to keep finding new things to exploit. Interesting, but only because it reinforces the idea that everything seems to be hackable.
But, what kind of people find this work interesting? I can imagine it would be interesting for a few years, especially if you're young and trapped inside a heavily propaganda controlled environment where you're told daily you're the Forces of Good in an epochal struggle against the Axis of Evil. But the amount of technical design work involved is minimal. The level of new technology is minimal. The "research" is simply finding ordinary bugs and flaws in other people's code. People oooh and aaah about the fact that these state malware platforms use a plugin architecture, whilst simultaneously finding the same thing in Photoshop entirely mundane.
Even the data analytics stuff is essentially just an A-B-C application of big data tech originally developed elsewhere, like at Google.
And the advanced maths the NSA is supposed to be famous for hardly shows up in the Snowden documents. It's pretty clear that their success against even crappy crypto is fragile at best (RC4), probably non-existent at worst (AES/strong RSA or anything past it). Their botched attempt to back door Dual-EC DRBG smells of desperation. They wouldn't build huge infrastructures for storing and obtaining stolen private keys if they had the mathematical tools to undo modern ciphers. So I suspect there are a lot of mathematicians at the NSA feeling kind of obsolete these days and wondering what they can contribute.
I'd say the only genuinely technically interesting work the FVEY guys are doing is the way they've been combining passive intercept with active, automated exploitation. QUANTUM is a pretty interesting thing and I'm not aware of anyone discussing anything like it before Snowden's leaks. However, it's also now a done deal. Beyond incremental improvements, there don't seem to be any obvious further directions for that project.
So as a programmer, developing hacks and malware can be entertaining for some years, but eventually I think most skilled people will want to flex their muscles in other ways. They will want to build something instead of break something. The best people will have a broad span of interests. In an organisation like Google or Facebook that's OK - you can work security for a few years, do some exploit research, then go on and transfer to some other project. Or leave but keep your work on your resume. At the NSA? There it's more limited. You can't easily leave the classified world because your work experience is a gaping void. They don't do product development. You will never make something that your family uses. You will never even develop the skills needed to do that.
Stories like this give me some hope that despite it's apparently bottomless budget, the NSA can still be beaten technically. They discard most of the qualified people because they aren't US citizens and the ones that are left would be well advised to take a career at a Silicon Valley firm where they can do very similar sorts of work, but for things that are unquestionably useful. If you go do big data analytics or security work in order to fight spam on Gmail (like I did), you don't have to worry about the moral impact of your work - spammers and hackers are unquestionably bad, so booting them off the platform is unquestionably good. If you go do the same work at the NSA you have to worry that the "terrorists" might just be random unlucky guys in Pakistan who were in the wrong place at the wrong time, or that the targets are simply foreign politicians or CEOs
Stellar rays prove fibbing never pays. Embezzlement is another matter.
