Way before 1.0 existed (and using an early version of Polymer called WebUI) we built a first version of our app, e.g. http://woven.co/miamitech, which is a fairly complex client and server side application. (The slowness is due to our poor pgsql data design.) I'm now building a more focused version with the latest SDK and Polymer, the beginnings of which are at http://mycommunity.org. For me it's simple: Google is arguably the greatest champion of the open web and probably does more to advance modern web development than most anyone else. V8 was a game changer, and enabled Node. The same folks behind V8 are building, in essence, a better Node. Modern web development with JavaScript is exciting, and there are so many great libraries and resources out there, but there is also much to be desired such as more structure, a saner language and a strong suite of core libraries that play well together. In my experience, Dart is what they say it is: a more structured approach to modern web app development.
I evaluated it. Didn't work in Firefox 31 Beta. Reported the bug. Was fixed in Dart around the time when Firefox 32 RC got released.
Please remember to recompile all your apps you deployed with Dart < 1.6. There are still some Firefox users out there. (Majority in Germany uses Firefox.)
I'm not sure why people inform organizations about vulnerabilities. All what they will get from informing them is to get shock when they slap you on the face and call the police for the alleged hack!
it is better to sell the vulnerability in the underground forums
No it is better to do absolutely nothing, and quietly divest yourself from them because that's not illegal.
But what we really need are some damn whistleblower protections for cybersecurity - buzz-wordy enough for government funding and command centers, but no actual help for the people who want to help because it feels like the right thing to do.
There are protections for cybersecurity here. From the article:
> HIPAA explicitly forbids LSU from retaliating against me for reporting a HIPAA violation, so I filed a federal complaint against them for their illegal retaliation.
Consider it a ethics thing. Willing to take the risk to protect those innocent people's data or sell a grandma's SSN to the highest bidder. I think identity theft takes a certain amount of self centeredness and lack of empathy that I could never deal with. The option to do nothing is a strong one as well. I would say its best to report it but do it anonymously.
The users password acts as a symmetric key. It is never sent to the server, but a hashed copy is sent to the server for authentication, which is then rehashed and stored in the DB.
The users private key is AES encrypted with the password as key and sent to the server for storage. A JSON hash of their contacts is also encrypted in the same way and sent to the server for storage.
