On Mon, 8 Jun 2015 12:58 am, random...@fastmail.us wrote:
> On Sun, Jun 7, 2015, at 07:42, Steven D'Aprano wrote:
>> The question of graphemes (what "ordinary people" consider letters and
>> characters, e.g. "ch" is two letters to an English speaker but one letter
>> to a Czech speaker) should be
On Mon, Jun 8, 2015 at 12:58 AM, wrote:
> On Sun, Jun 7, 2015, at 07:42, Steven D'Aprano wrote:
>> The question of graphemes (what "ordinary people" consider letters and
>> characters, e.g. "ch" is two letters to an English speaker but one letter
>> to a Czech speaker) should be left to libraries
On Sun, Jun 7, 2015, at 07:42, Steven D'Aprano wrote:
> The question of graphemes (what "ordinary people" consider letters and
> characters, e.g. "ch" is two letters to an English speaker but one letter
> to a Czech speaker) should be left to libraries.
Do Czech speakers expect to be able to selec
On Sun, Jun 7, 2015 at 11:24 PM, Steven D'Aprano wrote:
>> (Unless you want to say that all strings are guaranteed to
>> be NFC/NFD normalized, such that s1 and s2 would actually be
>> identical, which I suppose is plausible. I'm not sure what the
>> advantage would be, though. And certainly you w
On Sun, 7 Jun 2015 10:08 pm, Chris Angelico wrote:
> On Sun, Jun 7, 2015 at 9:42 PM, Steven D'Aprano
> wrote:
>> My opinion is that a programming language like Python or ECMAScript
>> should operate on *code points*. If we want to call them "characters"
>> informally, that should be allowed, but
On Sun, Jun 7, 2015 at 9:42 PM, Steven D'Aprano wrote:
> My opinion is that a programming language like Python or ECMAScript should
> operate on *code points*. If we want to call them "characters" informally,
> that should be allowed, but whenever there is ambiguity we should remember
> we're deal
On Sun, 7 Jun 2015 06:21 pm, Thomas 'PointedEars' Lahn wrote:
> Ned Batchelder wrote:
>
>> On Saturday, May 23, 2015 at 9:01:29 AM UTC-4, Steven D'Aprano wrote:
>>> On Sat, 23 May 2015 10:33 pm, Thomas 'PointedEars' Lahn wrote:
>>> > If only characters were represented as sequences UTF-16 code un
Ned Batchelder wrote:
> On Saturday, May 23, 2015 at 9:01:29 AM UTC-4, Steven D'Aprano wrote:
>> On Sat, 23 May 2015 10:33 pm, Thomas 'PointedEars' Lahn wrote:
>> > If only characters were represented as sequences UTF-16 code units in
>> > ECMAScript implementations like JavaScript, there would no
On Mon, May 25, 2015 at 7:39 PM, Laura Creighton wrote:
> What people need to understand is that unless you want to stamp out
> freedom altogether, there will be crime.
Or stamp out legislation altogether and have complete anarchy. There's
no such thing as crime among animals, because there's no
In a message of Mon, 25 May 2015 09:57:28 +0300, Marko Rauhamaa writes:
>Certificates can be revoked, kinda, yes. Or more to the point,
>roadblocks could be put in the way of certifying some applicants.
>However, if that started happening, the OS and browser makers would
>simply drop the obnoxious
Chris Angelico :
> You've added extra levels of indirection, but it comes to the same
> thing. You're requiring that everyone who wants to conduct business on
> the internet (taking credit card numbers etc) has to go through four
> separate authentication processes, and a failure in any one of the
On Mon, May 25, 2015 at 1:26 AM, Marko Rauhamaa wrote:
> Steven D'Aprano :
>
>> On Sun, 24 May 2015 02:53 am, Marko Rauhamaa wrote:
>> "an authentication is considered valid if it is vouched for by the United
>> States, China, Russia *and* the European Union."
>>
>> [Emphasis in the original.]
>>
On 23.05.2015 19:05, Marko Rauhamaa wrote:
> Johannes Bauer :
>
>> I think the major flaw of the X.509 certificate PKI we have today is
>> that there's no namespacing whatsoever. This is a major problem, as
>> the Government of Untrustworthia may give out certifictes for
>> google.de if they wish
Steven D'Aprano :
> On Sun, 24 May 2015 02:53 am, Marko Rauhamaa wrote:
> "an authentication is considered valid if it is vouched for by the United
> States, China, Russia *and* the European Union."
>
> [Emphasis in the original.]
>
> So if (let's say) the US, China and Russia all agree that a Cer
On Sun, 24 May 2015 02:53 am, Marko Rauhamaa wrote:
> Steven D'Aprano :
>
>> On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
>>> Here's an idea: an authentication is considered valid if it is
>>> vouched for by the United States, China, Russia *and* the European
>>> Union. Those governments a
Michael Torrie :
> Why trust governments?
They have the means and are doing analogous things already wrt property
titles, passports, taxation, voting etc.
> Why not use peer-to-peer trust. If I trust you and you trust site X
> with a fingerprint of Y, then I should trust it also.
That's a huge
On Sat, May 23, 2015 at 8:57 PM, Michael Torrie wrote:
> On 05/23/2015 05:40 AM, Chris Angelico wrote:
>> On Sat, May 23, 2015 at 9:34 PM, Tim Chase
>> wrote:
>>> A self-signed certificate may be of minimal worth the *first* time you
>>> visit a site, but if you return to the site, that initial
>
On 05/23/2015 06:44 AM, Marko Rauhamaa wrote:
> Johannes Bauer :
>
>> I dislike CAs as much as the next guy. But the problem of distributing
>> trust is just not easy to solve, a TTP is a way out. Do you have an
>> alternative that does not at the same time to providing a solution
>> also opens up
On 05/23/2015 05:40 AM, Chris Angelico wrote:
> On Sat, May 23, 2015 at 9:34 PM, Tim Chase
> wrote:
>> A self-signed certificate may be of minimal worth the *first* time you
>> visit a site, but if you return to the site, that initial
>> certificate's signature can be used to confirm that you're t
Chris Angelico :
> On Sun, May 24, 2015 at 2:53 AM, Marko Rauhamaa wrote:
>> Steven D'Aprano :
>>> If you gave them veto power over all certificate authorities (since
>>> you need all four to agree, any of them can veto a CA),
>>
>> No, they wouldn't be able to veto a CA. At worst, they would be
On Sun, May 24, 2015 at 2:53 AM, Marko Rauhamaa wrote:
> Steven D'Aprano :
>
>> On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
>>> Here's an idea: an authentication is considered valid if it is
>>> vouched for by the United States, China, Russia *and* the European
>>> Union. Those governments
On 5/23/2015 7:12 AM, Tim Daneliuk wrote:
On 05/22/2015 08:54 PM, Terry Reedy wrote:
On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
Lo these many years ago, I argued that Python is a whole lot more than
a programming language:
https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
Johannes Bauer :
> I think the major flaw of the X.509 certificate PKI we have today is
> that there's no namespacing whatsoever. This is a major problem, as
> the Government of Untrustworthia may give out certifictes for
> google.de if they wish to do so.
But you're fine with the Government of G
Steven D'Aprano :
> On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
>> Here's an idea: an authentication is considered valid if it is
>> vouched for by the United States, China, Russia *and* the European
>> Union. Those governments are the only entities that would have the
>> right to delegate
On Sat, 23 May 2015 11:35 pm, Ned Batchelder wrote:
> On Saturday, May 23, 2015 at 9:01:29 AM UTC-4, Steven D'Aprano wrote:
>> On Sat, 23 May 2015 10:33 pm, Thomas 'PointedEars' Lahn wrote:
>>
>> > If only characters were represented as sequences UTF-16 code units in
>> > ECMAScript implementatio
On Sat, 23 May 2015 10:44 pm, Marko Rauhamaa wrote:
> Johannes Bauer :
>
>> I dislike CAs as much as the next guy. But the problem of distributing
>> trust is just not easy to solve, a TTP is a way out. Do you have an
>> alternative that does not at the same time to providing a solution
>> also o
On Saturday, May 23, 2015 at 9:01:29 AM UTC-4, Steven D'Aprano wrote:
> On Sat, 23 May 2015 10:33 pm, Thomas 'PointedEars' Lahn wrote:
>
> > If only characters were represented as sequences UTF-16 code units in
> > ECMAScript implementations like JavaScript, there would not be a problem
> > beyond
On 23.05.2015 13:21, Tim Daneliuk wrote:
> Trust has context. You're going to that site to read an article. This
> is rather different than, say, going somewhere to transact commerce or
> move money.
Sure, for your site it doesn't really make a difference. And, as I said
before, having a self-s
On 23.05.2015 14:44, Marko Rauhamaa wrote:
> Johannes Bauer :
>
>> I dislike CAs as much as the next guy. But the problem of distributing
>> trust is just not easy to solve, a TTP is a way out. Do you have an
>> alternative that does not at the same time to providing a solution
>> also opens up ob
On Sat, May 23, 2015 at 11:01 PM, Steven D'Aprano wrote:
> I'm not saying that it is impossible to have a correct Unicode implemention
> using UTF-16, but I've never seen one.
I suspect this is partly because, if you're aiming for correct Unicode
semantics, UTF-8 offers everything that UTF-16 doe
On Sat, 23 May 2015 10:33 pm, Thomas 'PointedEars' Lahn wrote:
> If only characters were represented as sequences UTF-16 code units in
> ECMAScript implementations like JavaScript, there would not be a problem
> beyond the BMP;
Are you being sarcastic?
This is Rhino:
js> var c = String.fromChar
Johannes Bauer :
> I dislike CAs as much as the next guy. But the problem of distributing
> trust is just not easy to solve, a TTP is a way out. Do you have an
> alternative that does not at the same time to providing a solution
> also opens up obvious attack surface?
Here's an idea: an authentic
Chris Angelico wrote:
> […] My hobby-horse, Unicode, is a notable flaw in many languages - if you
> ask the user for information (in the most obvious way for whatever
> environment you're in, be that via a web browser request, or a GUI widget,
> or text entered at the console), can it cope equa
On Sat, May 23, 2015 at 9:34 PM, Tim Chase
wrote:
> A self-signed certificate may be of minimal worth the *first* time you
> visit a site, but if you return to the site, that initial
> certificate's signature can be used to confirm that you're talking to
> the same site you talked to previously.
On 05/23/2015 01:55 AM, Johannes Bauer wrote:
> On 23.05.2015 05:31, Michael Torrie wrote:
>
>> Sigh. I blame this as much on the browser. There's no inherent reason
>> why a connection to a site secured with a self-signed certificate is
>> insecure.
>
> The problem is *not* that the certificate
On 05/22/2015 11:49 PM, Chris Angelico wrote:
> When the information you're sharing is completely public,
> there's no point taking the overhead of encryption.
I disagree. With two different ways to access data, the metadata about
when you do- and do not use an encrypted channel can be useful to
On 2015-05-23 11:10, Jon Ribbens wrote:
> On 2015-05-23, Michael Torrie wrote:
> > The same can be said of CA-signed certificates.
>
> I think you are falling into the trap of believing that all things
> are either perfect or they are worthless. CAs aren't perfect, but
> neither are they worthles
On 2015-05-23, Michael Torrie wrote:
> On 05/22/2015 10:10 PM, Ian Kelly wrote:
>> There is still some value in TLS with a self-signed certificate in
>> that at least the connection is encrypted and can't be eavesdropped
>> by an attacker who can only read the channel, but there is no
>> assuranc
On 05/22/2015 08:54 PM, Terry Reedy wrote:
> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
>
>> Lo these many years ago, I argued that Python is a whole lot more than
>> a programming language:
>>
>> https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
>
> Perhaps something at tundrawa
On 05/22/2015 11:11 PM, amber wrote:
> «»
>
> On 22/05/2015 21:40, Tim Daneliuk wrote:
>>https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
> Quoting that article
> «And no, you couldn't get a C based OS to do what TPF does even if you
> did have a couple hundred million dollars t
On 23.05.2015 05:31, Michael Torrie wrote:
> Sigh. I blame this as much on the browser. There's no inherent reason
> why a connection to a site secured with a self-signed certificate is
> insecure.
The problem is *not* that the certificate is self-signed.
It's that it's unknown previously to be
On Sat, May 23, 2015 at 2:10 PM, Ian Kelly wrote:
>> Sigh. I blame this as much on the browser. There's no inherent reason
>> why a connection to a site secured with a self-signed certificate is
>> insecure. In fact it's definitely not.
>
> Sure it is. Without some prior reason to trust the cert
On Sat, May 23, 2015 at 2:20 PM, Ben Finney wrote:
> Where I disagree is that this is somehow less secure than a completely
> *unencrypted* HTTP connection. No, the opposite is true.
No, it isn't less secure. However, people have been trained for years
to look for the padlock (including looking f
On Sat, May 23, 2015 at 2:49 PM, Ian Kelly wrote:
>> The same can be said of CA-signed certificates. The only way to know if
>> the site is who they say they are is to know what the cert's fingerprint
>> ought to be and see if it still is. I used to use a firefox plugin for
>> this purpose, but c
On Sat, May 23, 2015 at 2:29 PM, Ian Kelly wrote:
> There *should* be scary warnings for plain
> HTTP connections (although there is a counter-argument that many sites
> don't need any encryption and HTTPS would just be wasteful in those
> cases).
I don't think there should be "scary warnings", f
On Fri, May 22, 2015 at 10:30 PM, Michael Torrie wrote:
> On 05/22/2015 10:10 PM, Ian Kelly wrote:
>> Sure it is. Without some prior reason to trust the certificate, the
>> certificate is meaningless. How is the browser to distinguish between
>> a legitimate self-signed cert and a self-signed cert
On Fri, May 22, 2015 at 10:20 PM, Ben Finney wrote:
> Ian Kelly writes:
>
>> On Fri, May 22, 2015 at 9:31 PM, Michael Torrie wrote:
>> > On 05/22/2015 07:54 PM, Terry Reedy wrote:
>> >> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
>> >>
>> >>> Lo these many years ago, I argued that Python is a whol
On 05/22/2015 10:10 PM, Ian Kelly wrote:
> On Fri, May 22, 2015 at 9:31 PM, Michael Torrie wrote:
>> On 05/22/2015 07:54 PM, Terry Reedy wrote:
>>> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
>>>
Lo these many years ago, I argued that Python is a whole lot more than
a programming language:
Ian Kelly writes:
> On Fri, May 22, 2015 at 9:31 PM, Michael Torrie wrote:
> > On 05/22/2015 07:54 PM, Terry Reedy wrote:
> >> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
> >>
> >>> Lo these many years ago, I argued that Python is a whole lot more than
> >>> a programming language:
> >>>
> >>>
«»
On 22/05/2015 21:40, Tim Daneliuk wrote:
>https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
Quoting that article
«And no, you couldn't get a C based OS to do what TPF does even if you
did have a couple hundred million dollars to redo it, »
Why couldn't a C based OS do what TP
On Fri, May 22, 2015 at 9:31 PM, Michael Torrie wrote:
> On 05/22/2015 07:54 PM, Terry Reedy wrote:
>> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
>>
>>> Lo these many years ago, I argued that Python is a whole lot more than
>>> a programming language:
>>>
>>> https://www.tundraware.com/Technica
On 05/22/2015 07:54 PM, Terry Reedy wrote:
> On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
>
>> Lo these many years ago, I argued that Python is a whole lot more than
>> a programming language:
>>
>> https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
>
> Perhaps something at tundrawa
On 05/22/2015 05:00 PM, Paul Rubin wrote:
> Steven D'Aprano writes:
>> the impression I get after a couple of hours is that Javascript tries
>> really hard to do everything it can for you except what you actually want.
>
> Javascript is like C++ in that it's a lot of layers of legacy cruft, but
>
On 5/22/2015 5:40 PM, Tim Daneliuk wrote:
Lo these many years ago, I argued that Python is a whole lot more than
a programming language:
https://www.tundraware.com/TechnicalNotes/Python-Is-Middleware/
Perhaps something at tundraware needs updating.
'''
This Connection is Untrusted
You ha
On Sat, 23 May 2015 05:14 am, Laura Creighton wrote:
> The first time you discover that in javascript typeof(null) is 'object'
> and
> not 'null' you will scream. I wonder how many home versions of typeof
> to replace the system one exist out in the wild?
What weirds me out is that that Javascri
Steven D'Aprano writes:
> the impression I get after a couple of hours is that Javascript tries
> really hard to do everything it can for you except what you actually want.
Javascript is like C++ in that it's a lot of layers of legacy cruft, but
if you ignore the ugly parts, the good parts that a
On 05/22/2015 11:31 AM, Tony the Tiger wrote:
> On Sat, 23 May 2015 00:58:17 +1000, Steven D'Aprano wrote:
>
>> I get after a couple of hours is that Javascript tries really hard to do
>> everything it can for you except what you actually want.
>
> You just described a certain operating system, w
On 05/22/2015 10:29 AM, Chris Angelico wrote:
> On Sat, May 23, 2015 at 12:58 AM, Steven D'Aprano wrote:
>> I think Python is a prettier
>> language visually than either Lua or Ruby, but they're in the ball-park.
>> Both languages have their warts and quirks, but if Python were declared
>> illegal
On Fri, May 22, 2015 at 2:55 PM, Tim Chase
wrote:
> I've wondered this on multiple occasions, as I've wanted to just make
> an attribute bag and have to do something like
>
> class AttrBag(object): pass
> ab = AttrBag()
> ab.x = 42
> ab.y = "some other value"
>
> because just doing
>
> a
On 05/22/2015 01:34 PM, Marko Rauhamaa wrote:
Ian Kelly :
An "object" in Javascript is basically just a collection of
properties. For example:
js> typeof([1, 2, 3])
"object"
js> typeof({a: 1, b: 2, c: 3})
"object"
Here's what happens when you try to access a property on null:
js> null.foo
ty
On 2015-05-22 23:34, Marko Rauhamaa wrote:
> >>> object().x = 3
> Traceback (most recent call last):
> File "", line 1, in
> AttributeError: 'object' object has no attribute 'x'
>
> Why are object instances immutable in Python?
I've wondered this on multiple occasions, as I've wanted to just mak
Ian Kelly :
> An "object" in Javascript is basically just a collection of
> properties. For example:
>
> js> typeof([1, 2, 3])
> "object"
> js> typeof({a: 1, b: 2, c: 3})
> "object"
>
> Here's what happens when you try to access a property on null:
>
> js> null.foo
> typein:18:0 TypeError: null ha
On Fri, May 22, 2015 at 1:34 PM, MRAB wrote:
> On 2015-05-22 20:14, Laura Creighton wrote:
>>
>> The first time you discover that in javascript typeof(null) is 'object'
>> and
>> not 'null' you will scream. I wonder how many home versions of typeof
>> to replace the system one exist out in the wi
On 2015-05-22 20:14, Laura Creighton wrote:
The first time you discover that in javascript typeof(null) is 'object' and
not 'null' you will scream. I wonder how many home versions of typeof
to replace the system one exist out in the wild?
I don't think that typeof(null) should be 'null'.
If t
The first time you discover that in javascript typeof(null) is 'object' and
not 'null' you will scream. I wonder how many home versions of typeof
to replace the system one exist out in the wild?
Laura
--
https://mail.python.org/mailman/listinfo/python-list
On 22/05/2015 18:47, Grant Edwards wrote:
And of course, the truly_great_ thing about Javascript is...
It's not PHP!
ROTFL ;-)
--
https://mail.python.org/mailman/listinfo/python-list
On Sat, May 23, 2015 at 3:47 AM, Grant Edwards wrote:
> * When used in a browser, the rather odd meanings of 'this' in
>certain situations.
Yes. Closures can retain state exactly the way you'd expect them to,
yet what Python would call a bound method (another way of retaining
state, specific
On 2015-05-22, Steven D'Aprano wrote:
> But Javascript...
>
> Javascript also lacks a standard assert mechanism, but that wasn't
> too hard to fix. It also has two different equality operators, each
> of which are so complicated and confusing that apparently there are
> two-year Masters degrees
On 22/05/2015 17:31, Tony the Tiger wrote:
On Sat, 23 May 2015 00:58:17 +1000, Steven D'Aprano wrote:
I get after a couple of hours is that Javascript tries really hard to do
everything it can for you except what you actually want.
You just described a certain operating system, which shall re
On Sat, May 23, 2015 at 12:58 AM, Steven D'Aprano wrote:
> I think Python is a prettier
> language visually than either Lua or Ruby, but they're in the ball-park.
> Both languages have their warts and quirks, but if Python were declared
> illegal overnight[1] I'd probably have no trouble adapting
It's good to have at least a passing familiarity in more than one
programming language, so for I've re-written a small Python script (56
lines, including blanks and comments) into Lua (67 lines), Ruby (73 lines)
and Javascript (102 lines).
Re-writing the code in Lua and Ruby was actually quite sim
71 matches
Mail list logo
