> is not possible to revoke because once a web host uses a particular CA you are stuck trusting them forever

So, the fun thing about historical claims is that you can do Science (insert sound effect) by assuming they're right to make a prediction from that baseline and comparing what actually happened against that prediction.

Moxie gave that talk in August 2010, hence the "DEF CON 19" background. So almost 16 years ago. Over that time of course there have been numerous incidents that would give you good cause to distrust companies such as DigiNotar, StartCom and Symantec. Moxie's prediction tells us that we were "stuck trusting them forever" but er... nope, DigiNotar went bankrupt, StartCom exists only as some branding for the (now distrusted) Chinese company which bought it, and Symantec "pivoted" away from the CA business and now exists largely as branding as well.

> I am quite disappointed with the fact that clients are expressly forbidden from parsing CAA by RFC 8659.

This is a bad idea because it doesn't signal what you think it does. CAA is a signal about who may issue right now not a signal about who has issued in the past whether that's five seconds ago or five weeks ago. That's why it's a signal for the CAs and not for you.

Actually the humans come up all the time. The problem was that as always somehow highly paid executives conveniently don't know anything and had no idea anything was happening. Several Post Office executives testified that they had no idea they were ordering people to be prosecuted, they were just completely incompetent and signed whatever was put in front of them, while being paid a huge sum of money. If they received specific documentation telling them Horizon was busted and mustn't be relied on they mislaid it, and oops, forgot to take any action as a result.

Likewise politicians supervising those executives somehow conveniently didn't ask any questions, forgot what they'd been told and generally had no idea what was happening.

Some of the crimes so often committed by executives who walk free needs to delete Mens Rea so that when executives say they had no idea the prosecutor doesn't even skip a beat because it doesn't matter. For comparison in UK criminal law if you have sex with a ten year old, and you try to argue† you thought they were of age and also you had their consent, the prosecutors will move on because you haven't actually defended yourself at all, sex with the ten year old was rape by definition, the fact is the crime, what you believed about it was irrelevant, you're done.

† If you have defence counsel they'll strongly urge you not to try this because it can't work

And you believe it?

In both US and UK immigration law isn't law. It's government edicts. Which means parliament chooses not to have a say and just leaves it 100% in the hands of the executive (Prime minister or president respectively).

Mens rea is beside the point, until the government violates other laws (and enough for famously reluctant to convict the government courts to take notice)

Likewise, proof doesn't matter.

It's a cultural thing yeah. Americans genuinely do on the whole think that their approach is better. The good news I guess is that if you're an American and you think "Well I don't" you can (at least for now†) just leave.

† If you lived in the German Democratic Republic (aka "East Germany") in 1950 you could literally just walk to West Germany, by 1961 all other borders are closed and fenced and in Berlin the Wall is up and people who try to escape are being executed routinely. This didn't happen instantly over night, but it took about a decade to go from routine to "Vast majority of people who attempt it are killed".

I mean, in America we have similar regulations. Toys aren't allowed to burn down houses or poison babies. You have to get dietary supplements if you want to poison babies.

Enforcement on individually shipped imports is hard regardless of where you are. Traditionally enforcement is through spot checks of bulk imports, and leaning hard on the importer who has a clear nexus.

The key word is "again". This was a nostalgia play, America was a big deal fifty years ago, therefore just wind back to fifty years ago and we're "Great Again".

This play seems insane because Time's Arrow points only one way, but it succeeded (in the sense that people supported it) because it's predicated on Facts Aren't True. It doesn't matter that Time's Arrow points future-ward, that's just a Fact not a Truth so we can just disagree.

Facts Aren't True can actually work for stuff where all you're doing is messing with people. Your Courts are just people and they can reject observable reality and substitute your own Truth with the Kavanaugh Stop, a week in jail becomes "brief" and your skin colour becomes "reasonable suspicion" for example. Your executives can pay themselves huge bonuses for imaginary success while concretely the company fails and eventually collapses. Stock markets can soar as the real economy they're "reflecting" buckles and fails.

"Facts Aren't True" is a stupid choice because unlike the people, Mother Nature doesn't give a shit about your Truth. So America won't actually become Great Again, but it is able to delude itself about this at a cost to its standing in the world and to its own future.

What are you talking about? The US is something like 70% of global company value. The whole world revolves around it.

Your comment can be summed up by appearing to know the price of everything, and the value of nothing.

Or to look at that from another angle, if you were to define a Trait which has generic methods that Trait won't be "dyn-compatible" meaning that you can't do dynamic dispatch with this trait, which may be irrelevant to you (if you don't want dynamic dispatch anyway) or a showstopper (if you needed it, now your project won't compile).

That is another way of looking at it, but given the topic, you're gonna have to expand or contextualise that. I Rust a fair bit, and only barely follow.

Actually in hindsight I think my perspective was less helpful because you can write a dyn compatible trait with a generic method it's just that you can't call the method via the trait objects, dynamic dispatch isn't possible for your function. So the original way to think about it was superior.

FWIW I found, so far, that bringing up dyn-compatibility to Rust people was very useful in helping them understand why Go's interfaces won't ever have generic methods.

The one additional piece of information you need is that in Go, all interfaces are supposed to be trait objects. The exception are union-elements, but that's really a restriction the Go team is trying to remove, not a model to base more features on.

More strikingly, C++ doesn't distinguish what Rust would call IndexMut and just Index, the use of the [idx] operator in a context where we'll mutate things and one where we don't want that.

Rust's HashMap implements Index because answer = map[name] is a perfectly reasonable thing to do, and if there is no key matching name then we panic, makes sense but it does not provide IndexMut so that you could write map[name] = answer because the edge cases are non-obvious so better to make you write what you meant.

C++ hash tables implement operator[] but the result is mutable, in order that map[name] = 123.0 can work which in Rust would be IndexMut and isn't provided. Because this is true, the index operation always succeeds, if you ask for map["not-present"] it creates the hash table entry for "not-present" and tries to store a default value ready to update it if you later assign to the reference.

One of the interesting patterns for suffrage has been that it doesn't matter.

Before Great Reform the vast majority of British people can't vote, after it all the moderately wealthy men can now vote. So did that result in massive political change, reflecting the newly enfranchised people's preferences? Nope. Subsequent tinkering expanded suffrage slightly but again, the results were the same. Then last century they did several things in quick succession (often portrayed as "universal suffrage" but as we'll see that's just what people always call any expansion, the "universe" of one's imagination grows). First they gave all men (including poor men), and older women suffrage. This made no appreciable difference except that, having now entertained the idea that women should vote (it wasn't technically illegal before Great Reform it just didn't happen enough to matter) the women realised hey, maybe women should be politicians and that did cause some modest changes. Then they equalised voting age for men and women, so now a 21 year old can vote regardless of gender.

Later in that century the UK gave almost† all 18 year olds the vote too, and again the worry was maybe a 19 year old will vote differently? Nope. More or less the same results.

So, maybe giving corporations the vote changes nothing, but I'm less hopeful than I was for giving Sarah, an 18 year living with her parents on benefits the vote knowing that for some insane reason she's not actually much more likely to vote against a "Fuck Sarah, take her money away" policy than everybody else is because apparently all people are morons so giving more of them suffrage changed nothing. I think corporations are psychopaths not morons...

† Although most crooks in the UK aren't magically stopped from voting, they can't vote in prison and in practice it's very hard to vote from prison even if it would be legal for you because you're held there prior to a trial or whatever. So that's not ideal. It is controversial whether specific electoral interference crimes should result in withdrawal of suffrage, as is the practice today or whether that's just petty and ultimately futile.

[[ I still support universal suffrage, but because now it's everybody's fault. You're not going to get a good government, but now the terrible government is your fault too. ]]

Indeed Rust's standard library provides much better sorts both in terms of performance and in terms of resistance to abuse than those provided in the big three C++ implementations.

You say you are "summarizing" something but instead you seem to have just injected your opinion that C++ is "notably more performant than C and by implication Rust".

It's true that you can express many things in C++ -- the problem is that the language deliberately doesn't distinguish whether the things you've expressed are nonsense, so you might well have written total nonsense and you only find out when, much later, diagnosing a real world event you discover oh, this is nonsense, why did this even compile? Well sorry, it was "more performant" to allow nonsense.

I don't think the numbers bear out that "this works nicely" in C, it seems like you have worse perf numbers for some common cases like sorting ?

Not sure what numbers you are talking about. If you use qsort from the C library the comparison function will not be inlined, but if you provide your own, this is no problem.

> if you provide your own, this is no problem.

If just "providing my own" would help why wouldn't the stdlib benefit too? You're going to have to spell out what you think can actually work here if you want me to believe there's "no problem".

It would also, but nobody cares enough because qsort is already fast enough for most things, and if you cared it is simply enough to do yourself. Are you doubting that C compilers can devirtualize function calls? Here is a small example that illustrates this. The compiler dervirtualizes all calls than folds the result: https://godbolt.org/z/E6cMMr8vx