Forgot your password?
typodupeerror

Comment: easier != better for all cases of easy (Score 1) 755

by Desert Raven (#35627442) Attached to: CMU Eliminates Object Oriented Programming For Freshman

And OO is not a complicated extra of programming, it is a simple ideology that makes programming so much easier when you know it.

I'll admit that OO does make programming easier in the long run. Though to do it right, you MUST spend a fair amount of time planning before throwing down that first line of code.

However, OO is just not suitable for all programming tasks. I currently work with an app that processes over 70,000 transactions per second. I doubt I could get a tenth of that performance with any OO language. Even in C, I spend quite a bit of time looking for ways to cut down on the number of conditionals, etc, since eliminating just one IF statement in the right place can get me as much as a 5% performance increase.

I fully agree that one should learn to program well procedurally FiRST, before tackling OO. If you don't have a firm grasp of that basics, you will never reach your full potential/

Comment: Re:Can we please stop already? (Score 3) 124

by Desert Raven (#34731634) Attached to: Replacing Traditional Storage, Databases With In-Memory Analytics

Agreed, someone comes up with something new to solve a very specific issue, and all of a sudden someone's predicting how it will completely replace everything else in the next month.

Grow up.

Physical storage and relational databases aren't going anywhere anytime soon. in-memory this and non-relational that are all well and good for the specific problems they were designed for, but physically stored and relational data fits the needs of 90% of data storage and retrieval. I sure as HECK don't want my bank storing my financial data purely in memory.

So keep yelling to yourselves about how the sky is falling on traditional techniques. Meanwhile the rest of us have real work to do.

Comment: Re:Hrmmm (Score 5, Insightful) 348

by Desert Raven (#34719246) Attached to: Beware of Using Google Or OpenDNS For iTunes

No, it's not particularly elegant. But on the other hand, split-horizon DNS is nothing new or magical either. Nor would I classify it as "abuse". The capability has been there since the early days of BIND.

In the DNS trade, we refer to it under the category of "stupid DNS tricks"

That said, it does have some significant advantages over other techniques.

#1, It's protocol-independent. Sure you can do intelligent redirects with HTTP, but not everything in the world is HTTP
#2, Even with HTTP, in order for it to work, you have to now change the name of the server, and often the links to internal content. Your initial request to www.domain.com will now have to be redirected to hostx.domain.com or www.location.domain.com etc., and links on the pages to content servers will also have to be altered. This can be confusing to end-users, and may require additional SSL certs. It's also a code maintenance issue.
#2a, While the renaming seems trivial on first glance, it has HUGE implications for search engines, etc, since those "local" servers will get indexed instead of a generic name
#2b, It also means that a calculation will have to be made by the web server deciding where to redirect you to, then the actual redirect, increasing load and latency. DNS solutions are "pre-computed" and thus do not have similar issues.
#2c, If you solve 2a by checking every request at every location, you make 2b much worse
#3, It's simple.

Downsides:

#1, Third-party DNS recursive services throw it off. (There is a proposed RFC that would allow for such recursives to pass the originating network in the request)
#2, It makes DNSSEC a right royal PITA (Much more than it already is)

Comment: Re:When can we have DNSSEC-derived TLS certs? (Score 1) 62

by Desert Raven (#34517474) Attached to: DNSSEC Comes To<nobr> <wbr></nobr>.Net Zone Today

This is definitely theoretically possible. However, you're going to have to convince the major application developers to play along.

Though to be fair, it would only be the equivalent of the cheaper certs that only verify domain control for authority when issuing certs. The higher-level certs truly do involve a third-party verification of identity of the cert recipient.

Comment: Re:More security in what way? (Score 1) 62

by Desert Raven (#34517436) Attached to: DNSSEC Comes To<nobr> <wbr></nobr>.Net Zone Today

Sure, they could pressure the parent to supply bogus records. On the other hand, they always could have pressured them to change the NS records, which they would also have to do if they published bogus DS records.

So at absolute worst, no security was gained from the "government". It cannot be made worse, because any theoretical compromise by the governing agency was already possible, and much easier before.

Comment: Re:More security in what way? (Score 4, Informative) 62

by Desert Raven (#34514246) Attached to: DNSSEC Comes To<nobr> <wbr></nobr>.Net Zone Today

You really don't know what DNSSEC is, do you?

What DNSSEC does: DNSSEC provides a means for an end-user to determine the authenticity of the DNS data they receive by proving that only someone in control of the domain could have served the record.

What DNSSEC does not do: DNSSEC does not provide for the security of data being exchanged between systems.

With DNSSEC, each domain admin holds their own private keys. Nobody else should ever see them. Chain of authenticity is provided by each parent domain signing the delegation records provided by the child domain.

So, for the "government" to "exert control" over your domain, they would have to completely spoof every parent of your domain. This would affect not just your domain, but all domains in that TLD. Pretty sure if everyone in .com all broke at the same time, someone would notice. In short, this makes it harder for someone to take control of your DNS. If the "government" wanted it to be easier, they never would have allowed the root to be signed.

And let's face it, DNSSEC was not designed for you. DNSSEC is designed for businesses, banks and other large entities who are trying to protect their customers from being spoofed. It is just another tool like SSL. And, IMO, anyone who uses SSL certs should use DNSSEC. If you don't use SSL, it's highly unlikely you need DNSSEC.

But hey, if all you want to do is spew ridiculous conspiracy theories, never mind, rant on.

Genius is ten percent inspiration and fifty percent capital gains.

Working...