I’m getting so tired of hearing people say things like “our product for Mac OS X features a completely new Cocoa-based user interface to take maximum advantage of Apple’s new operating system.” Cocoa does not give an application any superiority over Carbon. Cocoa is not more stable, nor does it perform better. It doesn’t even really make life any easier on the developer.
But people continue to buy into the hype, and then regurgitate it on their customers.
Crap.
NPR always manages to play the most apropos music during their program breaks. Today on Talk of the Nation, Ira Flatow did a show about bats. While my local affiliate (KQED) was making announcements during the NPR break just before the bat segment, you could hear Nerf Herder’s theme song to Buffy the Vampire Slayer in the background.
Here’s a hint for those of you upgrading to Panther. I just tried running Office X for the first time since installing Panther, and Word kept crashing. After a little investigating, I realized that (for some reason I don’t remember), I had Office X 10.0.0. After applying three updaters, Office X 10.1.5 seems to work fine.
I have no idea what’s in store for HTTP 1.2 and beyond, or if there’s even any work being done on it. But here’s one feature I’d like to see.
In general, an HTTP request is made to be secure or non-secure by the scheme used in the URL sent by the user agent (https: or http:, respectively). However, this puts a burden on the developer of the website (usually a webapp) to ensure that URLs get written correctly.
This is a consequence of the use of SSL for HTTP security. SSL happens at a protocol layer below that of HTTP. The secure connection is established first, then the HTTP protocol is layered on top of that. By the time the server gets a chance to determine what resource is being requested, the SSL connection must have already been established.
It makes much more sense for an HTTP request to be made, and if the server determines that the requested resource is secure, that the connection then become secure. In other words, the requested resource should be able to dictate whether or not it needs to be secure.
This means we need a way to transparently make secure a connection that began unsecure.
There are complications with this, of course. Many times, information needs to be sent as part of the request in a secure fashion (your login and password information, for example). A way to handle this needs to be devised, of course.
Even the specific URL might need to be secure. That’s what HTTP currently does. The only thing you can’t keep from prying eyes is the IP address and port to which the request is being sent.
There are ways to mimic this behavior. For example, an unsecure request to a secure resource can cause a secure redirect. But redirects cause problems in the user agents, most notably involving the back button.
Okay, that’s all I can write for now, but I’ll try to get back to this subject later&hellpi;
A middle school teacher has chosen to educate her students about the many perils of drug abuse by discussing the financial costs. In the reported story, a young girl comes home and reveals to her parents that she has a $300 (monthly?) pot habit. I think that’s terrific. Not the addiction, but that the realization of the (very tangible) financial cost allowed her to go to her parents with it.
On the other hand, one parent figured it was a bad idea to educate kids in this way, saying that they have enough temptations as it is. Whatever. Information and education are never as dangerous as ignorance. The only time information becomes dangerous is when it’s incomplete.
