I'd ignore excitement -- if you are actually dying to work on something then put the motivation to fruition. If the problem you're working on isn't fulfilling then challenge yourself by trying to solve it by using a non-conventional approach.
I'm sort of confused, because TLS 1.1/1.2 support across browsers looks to be quite poor at the moment. Especially when given a large number of IE visitors that will likely upgrade to IE11 (first version that will have TLS 1.1/1.2 enabled by default) sometime around the year 2016.
With that said, I was under the impression that sites will need to support TLS 1.0 for a good long while, and if that is indeed the case, would they not be better off using RC4? From my understanding, the RC4 attacks seemed less practical than attacks against the implementation of CBC mode in SSL 3.0 / TLS 1.0?
Yes, the installed base is going to keep TLS 1.0 and the legacy SSL block cipher construction in deployment for a long time.
Yes, smart people (among them AGL) have said that the RC4 attack is less practical than the M-t-E timing attack on the SSL CBC ciphers. (By the way, it would be great if we could start putting the blame on M-t-E instead of CBC; the vulnerability isn't in CBC per se. CBC is fine; M-t-E is proven not to be.)
But:
* The timing attack also has remediations (see AGL's famous NSS patch) which don't change the protocol.
* The timing attack is fundamentally unlikely to get more powerful; it's exploiting a very simple, well-understood problem.
* Work on exploiting the RC4 attack is in its infancy, and there are multiple ways the attack could get both fundamentally more powerful and more efficiently implemented.
* There are no software-only fixes to the RC4 problem that don't break the protocol; RC4 is fundamentally and irrevocably broken.
I found a lot of this film incredibly interesting. But just seeing the behavior of wild tigers in the presence of humans (especially compared to what many of us have likely seen in a zoo) was incredible. The look they give to humans just screams pure murder and unexplainable hatred.
Anyway, watching that documentary also made me watch other tiger related ones, of which this one ranked pretty well: http://www.youtube.com/watch?v=LljDuIUtvbQ (Operation Snow Tiger) also by BBC (and I recall correctly it is in 2 parts).
My guesses are: 1) maybe it's a mockery of the redundancy of using "www" in URLs, 2) a clever prank on anyone that attempts to communicate the site's address verbally and doesn't know that the sub-domain portion is optional, 3) a way of making the link catch the eye and create enough curiosity to result in a click.
Just guesses though, I really couldn't find anything concrete about it.
Yeah, it really gets interesting if you compare his recent press conferences on the matter against what his speeches sounded like in 2007; here's an example: http://www.youtube.com/watch?v=Ix4sy25wF-E
Which is not the same thing as node's modules. There's nothing stopping me from making global variables within a module "pattern". Contrast that with a node.js module where even if a variable declaration leaves out a 'var' by accident, the global will not show up in anything that imports that module. I.e., there is no chance of name collisions because each node module gets its own unique and clean global scope.
True, but the question was whether JS had any native ways to support modules, and closures are literally right there. That's a good way to start them. Add more shit on top to make it robust, but they're still there.
