I would rather say we rely on CAs to avoid the hassle. If I trust "X", and "X" says I can trust "Y", that should be enough. I think dropping the hierarchical scheme and adopting a distributed scheme is better than individual verification (most people don't understand what is good for them anyways).
That may very well work for you or your organization. Not so much for third parties or the internet, which is the case here. I mean... would you trust a bank's homepage if it's self-signed?
This feature is going to make Facebook even more annoying.
I disagree. It may be imperfect, but I have friends that speak either German, Spanish or English. This feature will spare me the effort of saying the same thing three times.
I've seen one of those, although I'm willing to bet he's one of a kind.
He was a really bright person, a people person. Sadly, we were both bullheaded, he was a friend before he was my boss, and the project was tough and stressful, so we naturally made mistakes (he was 24 or so when he started, and I was around 22). He had strong opinions on how we should work, and I was difficult to manage. In the end, I quited, which at least saved our friendship. He got some huge projects afterwards, finished them successfully, and cooled his permanent hot blood; I eliminated most of my quirks and took a job on a field that suits my working style (R&D).
People who are really intelligent know to evaluate based on content, not form. Grammar nazi's, by contrast, are just autistics who've managed to find a dictionary.
So their, put *that* in you're pipe and smoke it.
People who are really intelligent should also understand that snarky, sarcastic, or otherwise offensive responses never help. Why should someone endure a certain "content"? Most people are not *that* important/relevant.
To be honest, I was aiming for "Funny", but got "Informative" instead. Since we are serious, I guess I'll answer like an adult:) . Believe me, I spent too many hours on LDAP to have any love for it. I even contributed a few scripting lines to the OpenLDAP page in Ubuntu. Just look at Amplicate and you'll see I'm not alone;).
I'm not against authenticating. I would have liked authentication and LDAP to be defined/handled separately, though, not in a single protocol. Everything ends up cleaner. LDAP remains as a truly lightweight directory access protocol, it defines operations and that's that. It's not even a new idea: Kerberos is just an authentication protocol. That would have saved us from the present situation: we authenticate against LDAP not to see its contents, but to know if we can authenticate. If we use a relational database instead of a hierarchical one, we may as well use PostgreSQL or SQL Server just to know if the user is allowed to proceed instead of querying its data. Sounds too much like a hack, even if we query data about users and groups once they log on.
I mixed up TLS and ldaps, you got that right. I guess it was the port numbers.
For some reason, when I started filling objects, I thought they were more like prototypes, not classes. Maybe because I was too influenced by Self or Python. Or maybe because I expect information about an account to be fixed and predictable, but not for a person. After all, when I put people in my contact list, I add info about them that's not defined on the metadata, like T-Shirt size. In my particular case, I needed to add a PGP fingerprint to a bunch of people. So, I had to create a whole new class to store a single piece of additional data.
Although you surely know it, you can use views to speed the whole stuff up in RDBs. Oracle offers an LDAP solution built on top of its relational database, after all. As to which is simpler... I agree that's is small and somewhat legible, but it's like saying DVORAK keyboards are faster. Nobody would say otherwise, yet the number of people that uses it is smaller.
Which leads us to the syntax. Whereas I just complain about authentication and ldaps/StartTLS, the syntax really anguishes me. Especially the domain component chains. I understand that the protocol is old, but why do we keep using dn: cn=John Doe,dc=example,dc=com. I suffered because I had a domain once that was goddamn large, so I had to painfully type it again and again.
As for command line interfaces... I guess it's vendor-independent because I hated OpenLDAP while a friend raged against ActiveDirectory. Administration with the CLI is hard as hell. I don't doubt you are experienced on it, but grant me that it isn't user-friendly.
Finally, naturally I didn't went to IANA for an OID, but they advise you to use one if you want to share it... which is crazy nonetheless. If a schema is private, the most likely place to get the latest version is with that private party.
I know we aren't going to completely convince the other one, but you are right, I have to give a clear message if people are to decide objectively.
Thanks, now I know what LDAP is, and I dont even have to read the article!
I don't know if you really know it, but just to be sure: it's a piece of shit.
LDAP means Lightweight Directory Access Piece-of-Shit-Protocol. It was created as a lightweight replacement for another protocol. Either the oldest one was designed by Cthulhu itself, or the designers were trolling the hell out of ourselves.
So, what's the deal with this PoS? The idea is to access data in a hierarchical storage. This was a system administrator's wet dream: every piece of information and configuration for a user, person, service, computer, and organizational unit, and everything neatly organized and in a single place. Even more, everything is Standard(TM)! Cool, you imagine. Yeah, I thought the same... but here ends the coolness. What follows is what happened at the IETF headquarters, just after the original idea was presented:
Someone said, "Surely not everyone should access the database! We must add authentication!". So, we bloated the protocol a bit, and now it's a directory access protocol that also handles authentication. Ok, maybe it's an acceptable tradeoff, everyone thought. But then someone else said "Since we added authentication to this protocol, we should use it as the central authority for all authentication purposes in our organizations!". WTF, this was designed for directory access, not for authentication. So, after this kludge, someone reasoned, "Since we now have to handle authentication, we need to use TLS on the same port where we handle the directory access! We wouldn't want authentication without an encrypted channel!". And then, another engineer, who was clearly stoned, said "Yeah, let's have that AND let's have an LDAPS protocol that is just like that but on another port". At this point, we can assume that he shared his drugs with the rest of the people involved and everyone said "YES!". And then, someone else, clearly influenced by object-oriented design and abstract data types, said, "We should have defined types, so people won't forget to add data that's important and everything stays consistent, even across organizations". And another one, clearly influenced by Stalin, demanded, "Ok, but people can add only what's explicitly defined, nobody is allowed to enter new data unless we allow it, no deviations whatsoever". Another engineer, clearly influenced by Evil(TM), added "Not only do they have to enter just the data that we will allow them to enter on our defined type, should they want new types for their organizations... they must ask an ID from IANA. Nobody is allowed to share their custom types on demand, they must first come to us". Finally, Cthulhu itself showed up, saw what they did, and said, "Puny insects, you can't design a protocol even if you tried. Protocols are tame unless they are difficult to manage and fail often". And everyone lost their minds and yelled "Let's make it painfully difficult to administrate! Let's add the worst databases the world has seen! Let's make it the most unaccessible service on Earth! Let's make DNS look like a failsafe service!".
This photograph was taken at the end of this meeting. It was 4th of July, and the engineers went outside while Washington DC was having a parade. A peaceful photo is superimposed to reduce trauma on the unlucky ones that choose to see it.
Mozilla will revert the whole-number version scheme. Major_version.minor_version.bug_patch, or even Major_version.bug_patch, was not a bad arrangement at all, why reinvent the wheel?
I would suggest instead "Relativity Simply Explained", by Martin Gardner. Even my best friend, a Lit. teacher with little patience for Algebra or Math. Analysis, understood special and general relativity after reading it.
Something that I always noted in explanations about relativity is that they never tell you which problems it solves, or why it's even necessary to come up with such a crazy theory. That book explained those to me in layman's terms.
...Our company philosophy discourages all forms of discrimination, violence and abuse, including human rights abuses....
In other words, we aren't taking a stand. You can forget about that that, buster.
They can say lots of things without saying anything.
So... they just "discourage" human right abuses. Like in "I hope you don't abuse our surveillance tools, or else we would be very sad and cry a little".
My best friend is a Spanish and Lit. teacher. She doesn't have Facebook, but uses instead a social network for students and teachers (I forgot the exact name though, I'll ask her next time I see her and leave it over here). That way, both worlds, the academic and the real, are physically segregated. Can't tell if it's better than FB or platforms like Moodle, only that she was happy to use it to communicate more effectively with her students. Anything 2.0 beats student apathy, I guess...
I myself am an teacher, and work with multiple school districts.
please let us decide not to make up redundant && annoying new words.
Although Firefox's spell-checker already gave its OK, search "define: educator" in Google if you are still unconvinced. Educator is a common word in Pedagogy. The gerund form of educate (namely, the students) is also used, if not in English, at least in Portuguese and Spanish. Finally, if you correct "educator", you have to change the an into a, it's only fair.
Slashdot Mirror
That would be Susan "Sue" Pervisor ;) .
I would rather say we rely on CAs to avoid the hassle. If I trust "X", and "X" says I can trust "Y", that should be enough. I think dropping the hierarchical scheme and adopting a distributed scheme is better than individual verification (most people don't understand what is good for them anyways).
That may very well work for you or your organization. Not so much for third parties or the internet, which is the case here. I mean... would you trust a bank's homepage if it's self-signed?
Arranged marriages? You monster!
This feature is going to make Facebook even more annoying.
I disagree. It may be imperfect, but I have friends that speak either German, Spanish or English. This feature will spare me the effort of saying the same thing three times.
Want.
Good point.
FORTRAN: FOR The Really ANalphabet.
*Taking cover from flamebait flak*
I've seen one of those, although I'm willing to bet he's one of a kind.
He was a really bright person, a people person. Sadly, we were both bullheaded, he was a friend before he was my boss, and the project was tough and stressful, so we naturally made mistakes (he was 24 or so when he started, and I was around 22). He had strong opinions on how we should work, and I was difficult to manage. In the end, I quited, which at least saved our friendship. He got some huge projects afterwards, finished them successfully, and cooled his permanent hot blood; I eliminated most of my quirks and took a job on a field that suits my working style (R&D).
People who are really intelligent know to evaluate based on content, not form. Grammar nazi's, by contrast, are just autistics who've managed to find a dictionary.
So their, put *that* in you're pipe and smoke it.
People who are really intelligent should also understand that snarky, sarcastic, or otherwise offensive responses never help. Why should someone endure a certain "content"? Most people are not *that* important/relevant.
What do prostitutes and programmers have in common? They both have trouble explaining their jobs to 2nd graders!
To be honest, I was aiming for "Funny", but got "Informative" instead. Since we are serious, I guess I'll answer like an adult :) . Believe me, I spent too many hours on LDAP to have any love for it. I even contributed a few scripting lines to the OpenLDAP page in Ubuntu. Just look at Amplicate and you'll see I'm not alone ;) .
I'm not against authenticating. I would have liked authentication and LDAP to be defined/handled separately, though, not in a single protocol. Everything ends up cleaner. LDAP remains as a truly lightweight directory access protocol, it defines operations and that's that. It's not even a new idea: Kerberos is just an authentication protocol. That would have saved us from the present situation: we authenticate against LDAP not to see its contents, but to know if we can authenticate. If we use a relational database instead of a hierarchical one, we may as well use PostgreSQL or SQL Server just to know if the user is allowed to proceed instead of querying its data. Sounds too much like a hack, even if we query data about users and groups once they log on.
I mixed up TLS and ldaps, you got that right. I guess it was the port numbers.
For some reason, when I started filling objects, I thought they were more like prototypes, not classes. Maybe because I was too influenced by Self or Python. Or maybe because I expect information about an account to be fixed and predictable, but not for a person. After all, when I put people in my contact list, I add info about them that's not defined on the metadata, like T-Shirt size. In my particular case, I needed to add a PGP fingerprint to a bunch of people. So, I had to create a whole new class to store a single piece of additional data.
Although you surely know it, you can use views to speed the whole stuff up in RDBs. Oracle offers an LDAP solution built on top of its relational database, after all. As to which is simpler... I agree that's is small and somewhat legible, but it's like saying DVORAK keyboards are faster. Nobody would say otherwise, yet the number of people that uses it is smaller.
Which leads us to the syntax. Whereas I just complain about authentication and ldaps/StartTLS, the syntax really anguishes me. Especially the domain component chains. I understand that the protocol is old, but why do we keep using dn: cn=John Doe,dc=example,dc=com. I suffered because I had a domain once that was goddamn large, so I had to painfully type it again and again.
As for command line interfaces... I guess it's vendor-independent because I hated OpenLDAP while a friend raged against ActiveDirectory. Administration with the CLI is hard as hell. I don't doubt you are experienced on it, but grant me that it isn't user-friendly.
Finally, naturally I didn't went to IANA for an OID, but they advise you to use one if you want to share it... which is crazy nonetheless. If a schema is private, the most likely place to get the latest version is with that private party.
I know we aren't going to completely convince the other one, but you are right, I have to give a clear message if people are to decide objectively.
Thanks, now I know what LDAP is, and I dont even have to read the article!
I don't know if you really know it, but just to be sure: it's a piece of shit.
LDAP means Lightweight Directory Access Piece-of-Shit-Protocol. It was created as a lightweight replacement for another protocol. Either the oldest one was designed by Cthulhu itself, or the designers were trolling the hell out of ourselves.
So, what's the deal with this PoS? The idea is to access data in a hierarchical storage. This was a system administrator's wet dream: every piece of information and configuration for a user, person, service, computer, and organizational unit, and everything neatly organized and in a single place. Even more, everything is Standard(TM)! Cool, you imagine. Yeah, I thought the same... but here ends the coolness. What follows is what happened at the IETF headquarters, just after the original idea was presented:
Someone said, "Surely not everyone should access the database! We must add authentication!". So, we bloated the protocol a bit, and now it's a directory access protocol that also handles authentication. Ok, maybe it's an acceptable tradeoff, everyone thought. But then someone else said "Since we added authentication to this protocol, we should use it as the central authority for all authentication purposes in our organizations!". WTF, this was designed for directory access, not for authentication. So, after this kludge, someone reasoned, "Since we now have to handle authentication, we need to use TLS on the same port where we handle the directory access! We wouldn't want authentication without an encrypted channel!". And then, another engineer, who was clearly stoned, said "Yeah, let's have that AND let's have an LDAPS protocol that is just like that but on another port". At this point, we can assume that he shared his drugs with the rest of the people involved and everyone said "YES!". And then, someone else, clearly influenced by object-oriented design and abstract data types, said, "We should have defined types, so people won't forget to add data that's important and everything stays consistent, even across organizations". And another one, clearly influenced by Stalin, demanded, "Ok, but people can add only what's explicitly defined, nobody is allowed to enter new data unless we allow it, no deviations whatsoever". Another engineer, clearly influenced by Evil(TM), added "Not only do they have to enter just the data that we will allow them to enter on our defined type, should they want new types for their organizations... they must ask an ID from IANA. Nobody is allowed to share their custom types on demand, they must first come to us". Finally, Cthulhu itself showed up, saw what they did, and said, "Puny insects, you can't design a protocol even if you tried. Protocols are tame unless they are difficult to manage and fail often". And everyone lost their minds and yelled "Let's make it painfully difficult to administrate! Let's add the worst databases the world has seen! Let's make it the most unaccessible service on Earth! Let's make DNS look like a failsafe service!".
This photograph was taken at the end of this meeting. It was 4th of July, and the engineers went outside while Washington DC was having a parade. A peaceful photo is superimposed to reduce trauma on the unlucky ones that choose to see it.
Mozilla will revert the whole-number version scheme. Major_version.minor_version.bug_patch, or even Major_version.bug_patch, was not a bad arrangement at all, why reinvent the wheel?
Modem handshake noise is no longer widely recognised.
I call people who recognize it "the baud generation".
Agreed. Somehow I think this submission was just a huge trolling taking place...
Wow, your comment looks like a conspiracy theorist's cannabic dream. XD
I would suggest instead "Relativity Simply Explained", by Martin Gardner. Even my best friend, a Lit. teacher with little patience for Algebra or Math. Analysis, understood special and general relativity after reading it.
Something that I always noted in explanations about relativity is that they never tell you which problems it solves, or why it's even necessary to come up with such a crazy theory. That book explained those to me in layman's terms.
Granted, it's biased. But I didn't know about Violet Blue, so maybe if he had toned down the submission, it would have been ok.
We've always been at war with Eastasia.
...Our company philosophy discourages all forms of discrimination, violence and abuse, including human rights abuses....
In other words, we aren't taking a stand. You can forget about that that, buster. They can say lots of things without saying anything.
So... they just "discourage" human right abuses. Like in "I hope you don't abuse our surveillance tools, or else we would be very sad and cry a little".
I wondered if the rise of autism, at least discursively, was due to a change of definition rather than a real cause...
A magician in charge of security? Sounds reasonable. Now you see it... NOW YOU DON'T!
My best friend is a Spanish and Lit. teacher. She doesn't have Facebook, but uses instead a social network for students and teachers (I forgot the exact name though, I'll ask her next time I see her and leave it over here). That way, both worlds, the academic and the real, are physically segregated. Can't tell if it's better than FB or platforms like Moodle, only that she was happy to use it to communicate more effectively with her students. Anything 2.0 beats student apathy, I guess...
I myself am an teacher, and work with multiple school districts.
please let us decide not to make up redundant && annoying new words.
Although Firefox's spell-checker already gave its OK, search "define: educator" in Google if you are still unconvinced. Educator is a common word in Pedagogy. The gerund form of educate (namely, the students) is also used, if not in English, at least in Portuguese and Spanish. Finally, if you correct "educator", you have to change the an into a, it's only fair.
I have three words for you: Anger Management Class
Heh, I was going for Consume Clonazepam Quickly.