Re: [dev] seif opinions?

2016-09-27 Thread Louis Santillan 
I personally feel that Hixie's Laws of the Web (I'm trademarking that
since I just thought of it) #3 & #4 are mishandled but as a result of
the experiences of the early web.

I remember the early "mobile" web (Palm Treo 650 & BB World Edition in
2004-2009).  They weren't as bad as many people made them out to be.
Especially if sites focused on content over media.  I never did any
WAP/WML browsing [0][1] but I guess that was good for Asia & Europe
for a little while (?).

My answer to #3 is to not worry about it.  Vendors & developers
naturally respond and improve the experience (usually by removing
stuff).  MIME/Content types are then important and fallback rendering
should be something useable.  Must use "IE Edge v. 50+" is a cop out
especially if no fallback mode is provided.  I'll go somewhere else to
get that content, thank you!

I remember the early web (95-97) having dozens of plugins available to
do different things.  And they were shitty (slow, broken, etc).  And
super insecure (and the matter was compounded by the insecurity of
Windows).  They required too much of the browser's context and the
plugin's context to be shared.  Eventually the web down-selected to a
few (Java & Flash).

My answer to #4 is to have something like sandboxed plugins which act
more file extension handlers.  I really hate that my browser decides
to render a PDF for me instead of downloading it.  Browsers have
become more complex than OSes and that's not good.  Let a native app
handle it.

[0] https://en.wikipedia.org/wiki/Wireless_Application_Protocol
[1] https://en.wikipedia.org/wiki/Wireless_Markup_Language

On Mon, Sep 26, 2016 at 11:49 PM, Martin Kühne  wrote:
> So, what about the impact of #3 and #4 on the code size of modern browsers.
> That means it should be easier to understand (and implement) than DOM.
> Or is there an even harder problem?
>
> cheers!
> mar77i
>

Re: [dev] seif opinions?

2016-09-27 Thread Martin Kühne 
So, what about the impact of #3 and #4 on the code size of modern browsers.
That means it should be easier to understand (and implement) than DOM.
Or is there an even harder problem?

cheers!
mar77i

Re: [dev] seif opinions?

2016-09-26 Thread Thomas 
This is interesting. Thanks for sharing.

However, as welcome as alternatives to the current PKI system must be at
this point, replacing HTTPS and the rest of what we call "the web" with
nodejs, Qt, and JSON has got to be some sort of sick joke.

Talk about having only a hammer... Mr. Crockford needs to get out of the
house more.

Sat, Sep 24, 2016 at 10:44:33PM -0700, Louis Santillan:
> Has anybody considered seif [0][1]?
> 
> I disagree with the choice of nodejs & Qt, and the idea of capturing
> entropy from microphone and camera are interesting but gameable. I
> think the overall concept is viable.
> 
> [0] (Repo) http://www.seif.place
> [1] (Talk) https://www.oreilly.com/ideas/the-seif-project
>

Re: [dev] seif opinions?

2016-09-25 Thread Ben Woolley 

> On Sep 25, 2016, at 9:29 AM, Nick Warne  wrote:
> 
> On Sun, 25 Sep 2016 09:23:11 -0700
> Louis Santillan  wrote:
> 
> 
>> infrastructure player (like a bank {PayPal}...
> 
> Paypal isn't a bank.
> 

It operates multiple banks. It depends on the legal definition of where it is 
operating. It even now owns the bank that issues credit for PayPal Credit, so 
it is more than one type of bank. 

And they are certainly an infrastructure player, and is exactly the appropriate 
type of company for this example. 

> Nick
> -- 
> "Gosh that takes me back... or is it forward?  That's the trouble with
> time travel, you never can tell."
>-- Doctor Who "Androids of Tara"
>

Re: [dev] seif opinions?

2016-09-25 Thread Nick Warne 
On Sun, 25 Sep 2016 09:23:11 -0700
Louis Santillan  wrote:


> infrastructure player (like a bank {PayPal}...

Paypal isn't a bank.

Nick
-- 
"Gosh that takes me back... or is it forward?  That's the trouble with
time travel, you never can tell."
-- Doctor Who "Androids of Tara"

Re: [dev] seif opinions?

2016-09-25 Thread Louis Santillan 
On Sun, Sep 25, 2016 at 1:47 AM, Hiltjo Posthuma  wrote:
> On Sat, Sep 24, 2016 at 10:44:33PM -0700, Louis Santillan wrote:
>> Has anybody considered seif [0][1]?
>>
>> I disagree with the choice of nodejs & Qt, and the idea of capturing
>> entropy from microphone and camera are interesting but gameable. I
>> think the overall concept is viable.
>>
>> [0] (Repo) http://www.seif.place
>> [1] (Talk) https://www.oreilly.com/ideas/the-seif-project
>>
>
> Can you give a (brief) background information what the project does?

Sorry, not brief.

The talks, the code [0][1] and the lone protocol document [2] say it
best.  A little what like the HTTPSSH [3] Sylvain was describing but
prescriptive as to the technology stack.

Instead of HTTP or HTTPS (which is HTTP+TLS these days), replace the
negotiation of the HTTP protocol with a PKI style 2 packet handshake
over TCP that are in the form of JSON messages.  All future (also
encrypted JSON message) commands & responses are then processed using
nodejs client/servers.  Instead using a markup + stylesheets (or SVG
or VRML or XForm or etc or W3C crap standard) as the presentation
layer, specify & utilize Qt.  Lastly, to support eventual replacement
of the web (instead of wholesale replacement) create & support an open
browser plugin so that seif clients/servers can be ed &
utilized in the current set of web infrastructure.  A new
browser/client/mobile app is also supportable if a large
infrastructure player (like a bank {PayPal} or healthcare provider or
etc) can provide value through it.

The specification is so far very high level and client/server examples
are relatively new.  I would have leaned towards extending a gopher
protocol like solution.

What I like:
* Use of the PKI-style handshake for secure communication without CA
infrstructure
* Non-use of HTML/CSS
* The use of JSON as command response language (almost anything is an
improvement over HTTP though)
* Use of an actual GUI command set

What I dislike:
* The specification of nodejs
* The specification of Qt (I would have been ok even a new GUI lib but
understand that this is compromise of what's available)
* The invasive & prescriptive use of hardware for entropy collection
* The lack of unencrypted fallback for human readable messages & debugging
* The lack of a document mode (or text mode) vs. application mode


[0] https://github.com/paypal/seifnode
[1] https://github.com/paypal/seif-protocol/blob/master/examples/
[2] 
https://raw.githubusercontent.com/paypal/seif-protocol/master/doc/seifhandshake.html
[3] http://lists.suckless.org/dev/1609/30541.html

Re: [dev] seif opinions?

2016-09-25 Thread Hiltjo Posthuma 
On Sat, Sep 24, 2016 at 10:44:33PM -0700, Louis Santillan wrote:
> Has anybody considered seif [0][1]?
> 
> I disagree with the choice of nodejs & Qt, and the idea of capturing
> entropy from microphone and camera are interesting but gameable. I
> think the overall concept is viable.
> 
> [0] (Repo) http://www.seif.place
> [1] (Talk) https://www.oreilly.com/ideas/the-seif-project
> 

Can you give a (brief) background information what the project does?

-- 
Kind regards,
Hiltjo

[dev] seif opinions?

2016-09-24 Thread Louis Santillan 
Has anybody considered seif [0][1]?

I disagree with the choice of nodejs & Qt, and the idea of capturing
entropy from microphone and camera are interesting but gameable. I
think the overall concept is viable.

[0] (Repo) http://www.seif.place
[1] (Talk) https://www.oreilly.com/ideas/the-seif-project