undefined | Better HN

0 pointstacos10y ago0 comments

Actually the trick is to pick software that meets the needs of the technical problem at hand.

Getting a read on where the product is headed -- by being aware of corporate motives or by reading developer's ranty blog posts -- can be part of the strategy. Percival, Torvalds, Fried -- I kinda know what to expect from them moving forward.

This guy is playing a similar game but not doing it right.

0 comments

stephenr10y ago

I agree with what you said about picking the right tool for the job, but I don't see how he's "not doing it right"

I 100% agree with the view that caching and tls termination/load balancing are two different tasks, suited to two different tools.

The stated reason for this approach is keeping the existing excellent solution, from becoming worse without any real gain.

Yes the author has stated views about the use of tls "everywhere" - specifically because varnish doesn't handle tls, those opinions don't affect the tool at all.

Edit: s/told/tls/ damn you autocorrect!

tacosOP10y ago

I'm all for reducing complexity but ignoring the bigger problem so you can focus on a smaller one isn't necessarily the path.

Customers are trying to solve a pretty basic, common problem here. I don't see how a ranty, opinionated position paper moves anyone closer to the finish line.

All it did was further influence my opinion of where Varnish would likely be in five years. While I appreciate the candor I'm not sure he did himself any favors.

phkamp10y ago

I have a really hard time following your argumentation, because it seems to have very little to do with both reality and what I wrote.

What I did WRT moving people closer to the finish line was to implement the PROXY protocol, so that using a(ny) preexisting and well-tested SSL-termination solution works seamlessly with Varnish.

IMO, that is a far superior solution to adding a lot of security critical code to Varnish which, at the end of that huge effort, doesn't work any better.

As I wrote in my piece: "the world really don't need another piece of code that does an half-assed job at cryptography"

And doing a full-assed job only makes sense if you have the resources, competence (important with crypto!) and the result makes a positive contribution, one way or another, which offsets the cost of its production.

Nobody has yet been able to point out what the positive contribution would be, compared to a solution where SSL termination is its own layer.

Do you know something about that which I don't ?

If so, please share...

1 more reply

j / k navigate · click thread line to collapse