Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
Four CAs Have Been Compromised Since June
Trailrunner7 writes "The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The only widely known CA compromise since June is the attack on DigiNotar this summer that completely compromised that company's CA infrastructure and eventually led to it being shut down. All of the major browser vendors were forced to revoke their trust in the DigiNotar root certificates and the attacker who claimed credit for the attack said that he also had compromised several other CAs. There are apparently three other CAs that have discovered compromises since June, but have not made them public." -
Four CAs Have Been Compromised Since June
Trailrunner7 writes "The EFF, through the use of its SSL Observatory, has taken a look at the data from certificate revocation lists for SSL certificates in recent months, and found that there were four separate CAs compromised in the last four months. The only widely known CA compromise since June is the attack on DigiNotar this summer that completely compromised that company's CA infrastructure and eventually led to it being shut down. All of the major browser vendors were forced to revoke their trust in the DigiNotar root certificates and the attacker who claimed credit for the attack said that he also had compromised several other CAs. There are apparently three other CAs that have discovered compromises since June, but have not made them public." -
TSA's VIPR Bites Rail, Bus, and Ferry Passengers
OverTheGeicoE writes "TSA's VIPR program may be expanding. According to the Washington Times, 'TSA has always intended to expand beyond the confines of airport terminals. Its agents have been conducting more and more surprise groping sessions for women, children and the elderly in locations that have nothing to do with aviation.' In Tennessee earlier this month, bus passengers in Nashville and Knoxville were searched in addition to the truck searches discussed here previously. Earlier this year in Savannah, Georgia, TSA forced a group of train travelers, including young children, to be patted down. (They were getting off the train, not on.) Ferry passengers have also been targeted. According to TSA Administrator John Pistole's testimony before the Senate last June, 'TSA conducted more than 8,000 VIPR operations in the [previous] 12 months, including more than 3,700 operations in mass-transit and passenger-railroad venues.' He wants a 50% budget increase for VIPR for 2012. Imagine what TSA would do with the extra funding." -
Agile Quadruped Robot Unveiled By Italian Roboticists
An anonymous reader writes "Italian roboticists have built a quadruped robot called HyQ that can walk, trot, jump, and rear. Unlike with another quadruped project, the famous BigDog from Boston Dynamics, the Italian team wants to make their design 'as open as possible,' so other research groups can use it to collaborate. HyQ is a hydraulic system with torque-controlled, compliant legs. It's currently tethered, but the researchers plan to make the robot self-contained with an on-board pump, add a head with cameras and laser-range finder, and take it for tests outdoors." -
Smarter Thread Scheduling Improves AMD Bulldozer Performance
crookedvulture writes "The initial reviews of the first Bulldozer-based FX processors have revealed the chips to be notably slower than their Intel counterparts. Part of the reason is the module-based nature of AMD's new architecture, which requires more intelligent thread scheduling to extract optimum performance. This article takes a closer look at how tweaking Windows 7's thread scheduling can improve Bulldozer's performance by 10-20%. As with Intel's Hyper-Threading tech, Bulldozer performs better when resource sharing is kept to a minimum and workloads are spread across multiple modules rather than the multiple cores within them." -
Linux Foundation Releases Document On UEFI Secure Boot
mvar writes "The Linux Foundation today released technical guidance to PC makers on how to implement secure UEFI without locking Linux or other free software off of new Windows 8 machines. The guidance included a subtle tisk-tisk at Microsoft's Steven Sinofsky for suggesting that PC owners won't want to mess with control of their hardware and would happily concede it to operating system makers and hardware manufacturers." Canonical and Red Hat have also published a white paper (PDF) suggesting that all OEMs "allow secure boot to be easily disabled and enabled through a firmware configuration interface," among other things. -
Superluminal Neutrinos, Take Two
Coisiche writes "To address the many responses to their original findings, the OPERA team who reported the detection of faster-than-light neutrinos is starting a new and improved version of their experiment. 'The neutrinos that emerge at Gran Sasso start off as a beam of proton particles at CERN. Through a series of complex interactions, neutrino particles are generated from this beam and stream through the Earth's crust to Italy. Originally, CERN fired the protons in a long pulse lasting 10 microseconds (10 millionths of a second). ... [In the new experiment], protons are sent in a series of short bursts — lasting just one or two nanoseconds, thousands of times shorter — with a large gap (roughly 500 nanoseconds) in between each burst. This system, says Dr Bertolucci, is more efficient: "For every neutrino event at Gran Sasso, you can connect it unambiguously with the batch of protons at CERN," he explained.'" -
Superluminal Neutrinos, Take Two
Coisiche writes "To address the many responses to their original findings, the OPERA team who reported the detection of faster-than-light neutrinos is starting a new and improved version of their experiment. 'The neutrinos that emerge at Gran Sasso start off as a beam of proton particles at CERN. Through a series of complex interactions, neutrino particles are generated from this beam and stream through the Earth's crust to Italy. Originally, CERN fired the protons in a long pulse lasting 10 microseconds (10 millionths of a second). ... [In the new experiment], protons are sent in a series of short bursts — lasting just one or two nanoseconds, thousands of times shorter — with a large gap (roughly 500 nanoseconds) in between each burst. This system, says Dr Bertolucci, is more efficient: "For every neutrino event at Gran Sasso, you can connect it unambiguously with the batch of protons at CERN," he explained.'" -
1 MW Cold Fusion Plant Supposedly To Come Online
First time accepted submitter Jherico writes "Andrea Rossi (covered here a few times before) is scheduled to bring his 1MW plant online Oct. 28th. This will likely either be the point where 'unexpected technical difficulties' unmask this for the scam it is, or the presence of an actual 1MW plant with no chemical fuel source will silence a lot of skeptics. What would you do if it were real?" -
1 MW Cold Fusion Plant Supposedly To Come Online
First time accepted submitter Jherico writes "Andrea Rossi (covered here a few times before) is scheduled to bring his 1MW plant online Oct. 28th. This will likely either be the point where 'unexpected technical difficulties' unmask this for the scam it is, or the presence of an actual 1MW plant with no chemical fuel source will silence a lot of skeptics. What would you do if it were real?" -
Boeing 787 Dreamliner Makes First Passenger Flight
After years of delays in production, technical worries, and technical advances, Zothecula writes with this excerpt that says "The 787 Dreamliner has entered commercial service. The mid-size airliner's first passenger-carrying outing took place earlier today when Boeing's launch customer All Nippon Airways flew 240 passengers on a four and a half hour charter flight from Tokyo to Hong Kong. Two hour-long 'domestic excursion flights' out of Tokyo are planned for October 28 and 29 before regular domestic flights commence on November 1." -
Boeing 787 Dreamliner Makes First Passenger Flight
After years of delays in production, technical worries, and technical advances, Zothecula writes with this excerpt that says "The 787 Dreamliner has entered commercial service. The mid-size airliner's first passenger-carrying outing took place earlier today when Boeing's launch customer All Nippon Airways flew 240 passengers on a four and a half hour charter flight from Tokyo to Hong Kong. Two hour-long 'domestic excursion flights' out of Tokyo are planned for October 28 and 29 before regular domestic flights commence on November 1." -
Boeing 787 Dreamliner Makes First Passenger Flight
After years of delays in production, technical worries, and technical advances, Zothecula writes with this excerpt that says "The 787 Dreamliner has entered commercial service. The mid-size airliner's first passenger-carrying outing took place earlier today when Boeing's launch customer All Nippon Airways flew 240 passengers on a four and a half hour charter flight from Tokyo to Hong Kong. Two hour-long 'domestic excursion flights' out of Tokyo are planned for October 28 and 29 before regular domestic flights commence on November 1." -
Book Review: Drupal 7 Themes
Michael J. Ross writes "If you need a theme for a web site based on Drupal 7, then you have a few options for obtaining one. You could go with an existing theme, but the current crop of prebuilt themes is even more limited for Drupal 7 than its predecessor. You could hire a dedicated Drupal themer to create one for you. Or, to avoid the expense, you could try to build your own. In that case, you will need to get up to speed on the changes in the Drupal presentation layer. Unfortunately, most of the Drupal 7 books devote only one or two chapters to the topic. Several Drupal training firms offer video instruction, but the bulk of their material is still geared to version 6, or even 5. The online documentation is of little help. Yet there is a book that is wholly dedicated to the topic: Drupal 7 Themes, authored by Ric Shreves." Read on for the rest of Michael's review. Drupal 7 Themes author Ric Shreves pages 320 pages publisher Packt Publishing rating 7/10 reviewer Michael J. Ross ISBN 978-1849512763 summary A guide on how to work with and create themes in Drupal 7. This title was released by Packt Publishing on 24 May 2011, under the ISBN 978-1849512763. This review is based on a print version of the book, kindly provided by the publisher. An e-book version — in both the PDF and Mobipocket formats — is available from the publisher's page. Visitors will also find a book description, the table of contents, a sample chapter (the seventh one, "Dynamic Theming"), and, elsewhere on their site, the reported errata (only one at this time). None of the example code presented in the book appears to be downloadable — probably because there is little of it. Like so many Packt Publishing titles, this one is relatively slender compared to other publishers' Drupal books, at 320 pages. The material is organized into ten chapters, as well as an extensive appendix occupying a quarter of the book. The preface notes that the only requisite knowledge is "basic experience of working with Drupal," as well as HTML, CSS, and, optionally, some basic knowledge of PHP. This book is a revised and expanded edition of his previous book, Drupal 6 Themes.
The first chapter provides an overview of the basic concepts of Drupal theming, including its purpose, its customization capabilities, the intercept/override paradigm, sub-themes, some online resources, theme engines, theming output, front-end versus admin themes, the default Drupal 7 themes, and theme files. It is a decent introduction, but would likely be more helpful to theming newbies if the basic concepts — such as what themes are — were discussed prior to more advanced topics — such as intercepting and overriding. All of the material is clear, except for the reference on page 21 to "the Add Shortcut icon," which is not identified or apparently even present in the referenced screenshot. Chapter 2 covers the basics of the configuration settings for themes (global and specific), blocks, and regions, as well as how to install and uninstall themes. It can be safely skipped by anyone familiar with administering a Drupal site.
PHPTemplate has become the de facto templating engine in Drupal, and is introduced in the third chapter. The author focuses on the key files that compose a Drupal theme, and for illustrative purposes uses two themes built into Drupal 7: Seven and Bartik. The author of the latter, Jen Simmons, a female web designer, is oddly referenced in the masculine (page 80). The subsequent chapter gets off to a poor start with nine paragraphs that essentially state the same thing, over and over. But it eventually delves into the critical topics of default templates, themeable functions, individual styles, and whole stylesheets, as well as how they can be overridden using custom CSS and PHP code, including template preprocessing functions. The theory is later illustrated with a focused examination of Bartik. It is with this material that the author begins digging into the technical details of how custom Drupal theming is accomplished.
Chapter 5, "Customizing an Existing Theme," demonstrates how to create a sub-theme, in order to leverage the functionality of a base theme. Readers may be confused as to why the author chose to not present his list of recommended base themes, until the next chapter. After all, readers presumably would want to know the optimal candidates for starter themes while first learning how to select and use them. This confusion could have been avoided had the author explained that those are not just base themes, but starter themes. More importantly, the narrative contains a technical error: On page 115, readers are told that "This is a requirement for a valid sub-theme; you need at least one stylesheet." Testing shows that assertion to be untrue; only a .info file is required. Four pages later, readers are told to refresh Drupal's cached registry to see changes to the template files and theme functions, which contradicts the tip on page 94 that such refreshes are only needed when theme functions or templates are added or removed, but not if they are changed. Aside from these blemishes, the material presented is more than adequate to help get readers started with sub-theming.
Some readers will likely be disappointed that the first half of Chapter 6 discusses how to build a theme using a base theme — the previous chapter's topic — except instead of Bartik as the base theme, a more basic starter theme, Fusion, is used. Aside from that, it's the same process, and large chunks of the text are duplicated — even the erroneous claim of a stylesheet being required (page 130). Finally, the reader arrives at the second half of the chapter, which explains how to create a new theme from scratch. Other sections of the book are referenced heavily, which is possible because the first five chapters have set the stage for this topic.
With Chapter 7, the author takes the earlier introductions to theme templates, and explores them in much greater detail, showing how to separately theme specific groups of pages, including a site's homepage, as well as regions, blocks, and specific elements on a page. The author states (page 158) that all the theming baseline variables are documented inside of the page.tpl.php file, but that only seems to be true for the Bartik and Zen themes. Also, the concept of a block delta is not adequately explained or illustrated. Otherwise, this chapter provides more content and less repetition than most of the others. It concludes with a discussion of CSS classes dynamically generated by Drupal.
Traditionally, one of the most problematic areas of web design is the styling of forms — the focus of Chapter 8. The forms that are built into Drupal by default — user, search, poll, and administration — are presented from a functional standpoint. It is then shown how they can be modified using half a dozen techniques, with varying levels of control over the output and the amount of complexity in achieving that control. The next chapter looks more broadly at other difficult aspects of Drupal theming — including cross-browser compatibility, accessibility, validation, theming the output of various core modules, and many more topics. Some of the tips provided could be quite valuable if and when the reader is stymied by one such problem or another. The final chapter, "Useful Extensions for Themers," introduces a number of helpful tools, most of which are contributed modules. The book concludes with a lengthy and detailed appendix that lists the files, paths, and descriptions for all of the theming system-wide functions and mostly the core module-specific templates.
The author's writing style is conversational, with generally comprehensible explanations. But there are a few baffling phrases, such as "displayed in courtesy of a conditional statement" (page 70); and the common phrase "you likely need to" is twisted into "you are likely needed to" (page 119), which actually has a different meaning. All sorts of phrases are set in title case, without reason, such as "Dev Server" (page 111). Something else that may be difficult to fathom, is that the book's code does not reflect the fact that Drupal.org transitioned from CVS to Git for version control, in February 2011, three months before publication of Drupal 7 Themes.
There is a fair amount of redundant information, even on the same page — such as the theme settings instructions, in duplicate on page 36, and partly repeated again on the next page. Each chapter concludes with a summary, which in most cases is of no benefit to the reader, given how short most of the chapters are. Far too much of the text is presented in bracketed and indented warnings and tips. For instance, page 180 has no fewer than four such blocks of text, and they take up most of the page. In fact, there are several places where a paragraph of the main narrative is inexplicably turned into a warning, indented with large brackets (e.g., pages 71 and 95).
Punctuation is another area where this book could be improved. Most computer programmers use far too few commas in their writing, but this book demonstrates the opposite problem in several places, such as twice on page 71. On the other hand, there are places where a comma could have made the narrative more clear upon first reading. Fortunately, this problem is not nearly as prevalent as seen in the preface, which appears to have been written by someone whose first language is not English. As with most books written by techies, this one contains too many exclamation marks — invariably an indication that the author is trying to make a dull subject seem more exciting. Fortunately, most of this is limited to the early material, and dissipates as the author settles into the important topics. Lastly, there are many spots where the wrong punctuation symbol is used, e.g., a comma trying to perform the duties of a semicolon.
Seemingly every Packt title contains a long list of errata, and this one is no exception: "focuses is on" (page 2), "you Drupal 7 site" (2), "Identifying" (2), "access to [a] Drupal 7 installation" (3), "Addition[al] tools" (3), "function [of] Drupal themes" (11), "an as" (24; should read "as an"), "Supports [a] four-column area" (24), "all/ themes" (30), "those global setting[s]" (40), "<none>" (49; should read "- None -"), "jump[ ]start" (56), "a temporary CSS files" (87), "in [the] last style sheet" (89), "go ahead [and] make" (100), "Why it is" (113; should read "Why is it"), "functionbartik_menu_tree" and "functionjeanb_menu_tree" (123; similar mistakes are seen on pages 181, 189, and 195), "be name[d]" (124), "cssto" (130), "the advantages" (147), "is it" (151; should read "it is"), and "different appearance[s]" (153). At this point, roughly halfway through the book, I stopped recording errata. Packt Publishing's copyeditors should have spotted and fixed these problems, as well as those scattered throughout the rest of the manuscript.
Yet the major weakness of this book is the extensive repetition of material — ranging from the paragraph level (one paragraph repeating information from earlier, nearby ones) to the chapter level (e.g., Chapter 6's wholesale copy-and-paste of material from the previous chapter). Also, the book would have been more current if it addressed the critical web design topics of responsive design, media queries, and how they can be employed in Drupal theming. But it is possible that constraints of space and available time for this project, prevented the inclusion of these advanced topics.
Aside from these problems, and those mentioned earlier, this book does a fine job of explaining the key concepts, and demonstrating them in sample code. Drupal 7 Themes is possibly the best available resource for anyone who wants to learn how Drupal themes work, and how to build custom themes.
Michael J. Ross is a freelance web developer and writer.
You can purchase Drupal 7 Themes from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Review: Drupal 7 Themes
Michael J. Ross writes "If you need a theme for a web site based on Drupal 7, then you have a few options for obtaining one. You could go with an existing theme, but the current crop of prebuilt themes is even more limited for Drupal 7 than its predecessor. You could hire a dedicated Drupal themer to create one for you. Or, to avoid the expense, you could try to build your own. In that case, you will need to get up to speed on the changes in the Drupal presentation layer. Unfortunately, most of the Drupal 7 books devote only one or two chapters to the topic. Several Drupal training firms offer video instruction, but the bulk of their material is still geared to version 6, or even 5. The online documentation is of little help. Yet there is a book that is wholly dedicated to the topic: Drupal 7 Themes, authored by Ric Shreves." Read on for the rest of Michael's review. Drupal 7 Themes author Ric Shreves pages 320 pages publisher Packt Publishing rating 7/10 reviewer Michael J. Ross ISBN 978-1849512763 summary A guide on how to work with and create themes in Drupal 7. This title was released by Packt Publishing on 24 May 2011, under the ISBN 978-1849512763. This review is based on a print version of the book, kindly provided by the publisher. An e-book version — in both the PDF and Mobipocket formats — is available from the publisher's page. Visitors will also find a book description, the table of contents, a sample chapter (the seventh one, "Dynamic Theming"), and, elsewhere on their site, the reported errata (only one at this time). None of the example code presented in the book appears to be downloadable — probably because there is little of it. Like so many Packt Publishing titles, this one is relatively slender compared to other publishers' Drupal books, at 320 pages. The material is organized into ten chapters, as well as an extensive appendix occupying a quarter of the book. The preface notes that the only requisite knowledge is "basic experience of working with Drupal," as well as HTML, CSS, and, optionally, some basic knowledge of PHP. This book is a revised and expanded edition of his previous book, Drupal 6 Themes.
The first chapter provides an overview of the basic concepts of Drupal theming, including its purpose, its customization capabilities, the intercept/override paradigm, sub-themes, some online resources, theme engines, theming output, front-end versus admin themes, the default Drupal 7 themes, and theme files. It is a decent introduction, but would likely be more helpful to theming newbies if the basic concepts — such as what themes are — were discussed prior to more advanced topics — such as intercepting and overriding. All of the material is clear, except for the reference on page 21 to "the Add Shortcut icon," which is not identified or apparently even present in the referenced screenshot. Chapter 2 covers the basics of the configuration settings for themes (global and specific), blocks, and regions, as well as how to install and uninstall themes. It can be safely skipped by anyone familiar with administering a Drupal site.
PHPTemplate has become the de facto templating engine in Drupal, and is introduced in the third chapter. The author focuses on the key files that compose a Drupal theme, and for illustrative purposes uses two themes built into Drupal 7: Seven and Bartik. The author of the latter, Jen Simmons, a female web designer, is oddly referenced in the masculine (page 80). The subsequent chapter gets off to a poor start with nine paragraphs that essentially state the same thing, over and over. But it eventually delves into the critical topics of default templates, themeable functions, individual styles, and whole stylesheets, as well as how they can be overridden using custom CSS and PHP code, including template preprocessing functions. The theory is later illustrated with a focused examination of Bartik. It is with this material that the author begins digging into the technical details of how custom Drupal theming is accomplished.
Chapter 5, "Customizing an Existing Theme," demonstrates how to create a sub-theme, in order to leverage the functionality of a base theme. Readers may be confused as to why the author chose to not present his list of recommended base themes, until the next chapter. After all, readers presumably would want to know the optimal candidates for starter themes while first learning how to select and use them. This confusion could have been avoided had the author explained that those are not just base themes, but starter themes. More importantly, the narrative contains a technical error: On page 115, readers are told that "This is a requirement for a valid sub-theme; you need at least one stylesheet." Testing shows that assertion to be untrue; only a .info file is required. Four pages later, readers are told to refresh Drupal's cached registry to see changes to the template files and theme functions, which contradicts the tip on page 94 that such refreshes are only needed when theme functions or templates are added or removed, but not if they are changed. Aside from these blemishes, the material presented is more than adequate to help get readers started with sub-theming.
Some readers will likely be disappointed that the first half of Chapter 6 discusses how to build a theme using a base theme — the previous chapter's topic — except instead of Bartik as the base theme, a more basic starter theme, Fusion, is used. Aside from that, it's the same process, and large chunks of the text are duplicated — even the erroneous claim of a stylesheet being required (page 130). Finally, the reader arrives at the second half of the chapter, which explains how to create a new theme from scratch. Other sections of the book are referenced heavily, which is possible because the first five chapters have set the stage for this topic.
With Chapter 7, the author takes the earlier introductions to theme templates, and explores them in much greater detail, showing how to separately theme specific groups of pages, including a site's homepage, as well as regions, blocks, and specific elements on a page. The author states (page 158) that all the theming baseline variables are documented inside of the page.tpl.php file, but that only seems to be true for the Bartik and Zen themes. Also, the concept of a block delta is not adequately explained or illustrated. Otherwise, this chapter provides more content and less repetition than most of the others. It concludes with a discussion of CSS classes dynamically generated by Drupal.
Traditionally, one of the most problematic areas of web design is the styling of forms — the focus of Chapter 8. The forms that are built into Drupal by default — user, search, poll, and administration — are presented from a functional standpoint. It is then shown how they can be modified using half a dozen techniques, with varying levels of control over the output and the amount of complexity in achieving that control. The next chapter looks more broadly at other difficult aspects of Drupal theming — including cross-browser compatibility, accessibility, validation, theming the output of various core modules, and many more topics. Some of the tips provided could be quite valuable if and when the reader is stymied by one such problem or another. The final chapter, "Useful Extensions for Themers," introduces a number of helpful tools, most of which are contributed modules. The book concludes with a lengthy and detailed appendix that lists the files, paths, and descriptions for all of the theming system-wide functions and mostly the core module-specific templates.
The author's writing style is conversational, with generally comprehensible explanations. But there are a few baffling phrases, such as "displayed in courtesy of a conditional statement" (page 70); and the common phrase "you likely need to" is twisted into "you are likely needed to" (page 119), which actually has a different meaning. All sorts of phrases are set in title case, without reason, such as "Dev Server" (page 111). Something else that may be difficult to fathom, is that the book's code does not reflect the fact that Drupal.org transitioned from CVS to Git for version control, in February 2011, three months before publication of Drupal 7 Themes.
There is a fair amount of redundant information, even on the same page — such as the theme settings instructions, in duplicate on page 36, and partly repeated again on the next page. Each chapter concludes with a summary, which in most cases is of no benefit to the reader, given how short most of the chapters are. Far too much of the text is presented in bracketed and indented warnings and tips. For instance, page 180 has no fewer than four such blocks of text, and they take up most of the page. In fact, there are several places where a paragraph of the main narrative is inexplicably turned into a warning, indented with large brackets (e.g., pages 71 and 95).
Punctuation is another area where this book could be improved. Most computer programmers use far too few commas in their writing, but this book demonstrates the opposite problem in several places, such as twice on page 71. On the other hand, there are places where a comma could have made the narrative more clear upon first reading. Fortunately, this problem is not nearly as prevalent as seen in the preface, which appears to have been written by someone whose first language is not English. As with most books written by techies, this one contains too many exclamation marks — invariably an indication that the author is trying to make a dull subject seem more exciting. Fortunately, most of this is limited to the early material, and dissipates as the author settles into the important topics. Lastly, there are many spots where the wrong punctuation symbol is used, e.g., a comma trying to perform the duties of a semicolon.
Seemingly every Packt title contains a long list of errata, and this one is no exception: "focuses is on" (page 2), "you Drupal 7 site" (2), "Identifying" (2), "access to [a] Drupal 7 installation" (3), "Addition[al] tools" (3), "function [of] Drupal themes" (11), "an as" (24; should read "as an"), "Supports [a] four-column area" (24), "all/ themes" (30), "those global setting[s]" (40), "<none>" (49; should read "- None -"), "jump[ ]start" (56), "a temporary CSS files" (87), "in [the] last style sheet" (89), "go ahead [and] make" (100), "Why it is" (113; should read "Why is it"), "functionbartik_menu_tree" and "functionjeanb_menu_tree" (123; similar mistakes are seen on pages 181, 189, and 195), "be name[d]" (124), "cssto" (130), "the advantages" (147), "is it" (151; should read "it is"), and "different appearance[s]" (153). At this point, roughly halfway through the book, I stopped recording errata. Packt Publishing's copyeditors should have spotted and fixed these problems, as well as those scattered throughout the rest of the manuscript.
Yet the major weakness of this book is the extensive repetition of material — ranging from the paragraph level (one paragraph repeating information from earlier, nearby ones) to the chapter level (e.g., Chapter 6's wholesale copy-and-paste of material from the previous chapter). Also, the book would have been more current if it addressed the critical web design topics of responsive design, media queries, and how they can be employed in Drupal theming. But it is possible that constraints of space and available time for this project, prevented the inclusion of these advanced topics.
Aside from these problems, and those mentioned earlier, this book does a fine job of explaining the key concepts, and demonstrating them in sample code. Drupal 7 Themes is possibly the best available resource for anyone who wants to learn how Drupal themes work, and how to build custom themes.
Michael J. Ross is a freelance web developer and writer.
You can purchase Drupal 7 Themes from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Nokia Unveils Its First Windows 7 Phone
mikejuk writes with an excerpt from an I Programmer article: "Nokia has just launched the Lumia 800, its first Windows 7 phone, and it is basically a modified N9. CEO Stephen Elop said: 'It's a new dawn for Nokia.' He also called it 'the first real Windows Phone,' and said, 'We believe it is the first ever instantiation of the Windows Phone platform that properly embodies, complements and amplifies the design sensibilities of Windows Phone' ... It is being launched in Europe now but the US wont see one until early 2012." By "modified N9" they mean the N9 but running WP7 bundled with Nokia's navigation application and a streaming music service. -
Mitsubishi Hack Stole Nuclear, Defense Data
judgecorp writes "When Mitsubishi announced in September it had been hacked in August it was criticized for keeping quiet for a month. Now it appears that the attackers got nuclear power plant and military aircraft details according to sources quoted in the Japanese media." -
Vint Cerf Answers Your Questions About IPv6 and More
Last week, you asked questions of "father of the Internet" Vint Cerf; read on below for Cerf's thoughts on the present and future of IPv6, standards and nomenclature, the origin of his beard, and more. Thanks, Vint! What can we do to get ISPs to switch on IPv6?
by jandrese
One of the biggest hurdles to IPv6 adoption today is that the average home user simply cannot get an IPv6 address from their ISP. Tunnels are hacker toys, and completely impractical/impossible for people who are using their ISP's "home router". What do you think we can do to convince ISPs to start rolling out IPv6 [i]before[/i] there is a crisis? Everybody agrees that the transition will go smoother if we take it slow and easy, but nobody is willing to make the first step, and IPv4 addresses aren't still being inexorably depleted the world over.
VC: I have been asking myself (and others) this question for some years now! When you try to explain that they can't really expand the Internet effectively relying solely on cascading NAT boxes they kind of glaze over. Sadly, now that we really are in the IPv4 end-game, there is not much choice but to deploy NATs to try to make dual-stack work as a transition plan. If ISPs had started implementing IPv6 5 years ago we would not have this problem. I think only pressure from consumers, businesses and governments to demand IPv6 implementation will help. Even then, I can imagine the bean counters insisting that there be incremental revenue for implementing IPv6 despite the simple fact that the only serious path to supporting smart devices (including smart grid, mobiles with IP addresses, etc) is through implementation of IPv6. We are also going to have to find some incentives for users to upgrade their home routers to handle both IPv4 and IPv6. Maybe a trade-in policy???
IPV6, and a related question
by gr8_phk
With IPv6 we could all have fixed IP addresses (or blocks of them) at home. Is this likely to happen? What do you see as the pros and cons from the ISP point of view for doing this? I think the reasons I want it are the reasons they don't, but I'd like to know how someone with your perspective sees it.
VC: We could actually have a fairly large group of IPv6 addresses at each termination point. An advantage is that one could then run servers but some ISPs might find that problematic because of the potential uplink traffic. I ended up paying for "business" class service to assure fixed IP addresses for that reason. I did not have servers of video or imagery in mind, but, rather, controllers and sensors (and ability to print remotely, for instance).
Hardware accelerated IPv6
by vlm
Hardware accelerated ipv4 routing/switching was out there, I dunno, at least a decade ago, or more. Your expectations on the rollout of hardware accelerated ipv6 switching?
VC: It probably won't happen until there is clear evidence of an IPv6 tipping point. Of course, it makes every bit of good sense and the IPv6 format is better geared to hardware assist than IPv4.
Why the colon in IPv6?
by jandrese
The biggest thing I hate about IPv6 is that the standard format uses colon as the digit separator. On most keyboards, that is a fairly awkward character to type, especially in rapid fire between groups of hex digits. Also, it causes problems for the many many programs that specify ports after IP addresses with a colon (like URIs!). IPv4's use of the period instead is much nicer. If you didn't want to reuse the period (so programs can distinguish between the two types of addresses more easily), why not use dash instead? It's just as visually appealing and doesn't require you to hit shift to type it. It would have saved a whole lot of ugly brackets around IP addresses.
Any aesthetic qualities of the colon are lost when you have to do this:
http:/// [http] [1005:3321:5a52:4fca::1]:8080/
instead of: http://1005-3321-5a52-4fca--1:8080/ [1005-3321-5a52-4fca--1]
And that second example was noticeably quicker for me to type.
Edit: And of course because this is Slashdot it made a huge mess of the first URL and forced me to mess it up slightly to be readable!
VC: The colon was needed to allow for compressed display of IPv6 addresses and to avoid confusion with a dotted representation of IPv4. It was apparently the only character thought to be unencumbered for this purpose at the time. Other slashdot readers may have additional comments on this.
Hindsight is 20/20
by eldavojohn
If there was one thing you could go back and change about TCP/IP -- something that is far too entrenched to change now -- what would it be?
VC: Well, I wish I had realized we'd need more than 32 bits of address space! At the time, I thought this was still an experiment and that, if successful, we would develop a production version. I guess IPv6 is the production version! I would also have included a lot of strong authentication mechanisms but at the time we were standardizing TCP/IP (version 4), there was no practical public key crypto capability ready in hand.
.here TLD?
by TheLink
Do you think there should be a .here TLD, reserved officially for local use in an analogous way to the way that the RFC1918 IP addresses are reserved officially for private use?
Currently many are coming up with their own ad hoc TLDs for local use. In my opinion this is suboptimal. Having a standard official TLD would allow more interesting things to "organically grow" on it.
(See also: http://tools.ietf.org/html/draft-yeoh-tldhere-01)
VC: Hard to say, honestly. I am not sure just what ".here" might actually mean unless intended to be self-referential (in other words, the server is the same as the referring party - kind of like 127.0.0.1? In that case, it need only be a reserved term rather than something you register in.
Ooh! Settle An Argument For Me!
by Greyfox
Though my deep and thoughtful meditation on IP addressing, I have realized that an IP address is simply a number. We canonically break it up into 4 smaller numbers that are presumably easier to remember. However if you stack all the bits of those smaller numbers together, you get a bigger number, and that number is actually the address. Moreover, every C standard library that I have ever tried is able to resolve this bigger number to the correct address. If I ping a 10 digit number in that address range, the C standard library will figure it out. It is my position that this is a feature and not a bug.
It seems that the OS X Firefox Guys don't agree with me. Admittedly they do have an RFC on the subject, but their browser breaks a known behavior that every other TCP/IP client program on the planet exhibits, including other operating system versions of Firefox!
Would you kindly bludgeon one of us into submission? I don't really care which side of the argument you come down on, but one of us has to be able to say "Because Vint Cerf said so!"
Oh, and while I've got you, I'm sick of writing stateless http applications. May I have your permission to go back to writing plain old socket servers on other ports, providing data based on whatever query format I feel like implementing? It kind of looks like REST, I suppose, except that I don't have to load 14 layers of frameworks to get to that point.
VC: LOL! actually, most of us assumed that any way to generate the 32 number should be acceptable since the connection process doesn't actually use the text representation of the IP address. I think any value in the range 0 to 2^32-1 should be acceptable as an IP reference. As to stateless operation, I know what you mean; you have to get used to figuring out how to stash intermediate state (cookies usually)...
SMTP, DNS, U.S. Customs
by molo
It seems that it is getting more and more difficult to successfully run your own SMTP server. See, for example, this post responding to the idea that a user was going to move off gmail to their own server. Are there any prospects for meaningful SMTP reform that would lower the barrier to entry for legitimate emailers?
DNS has been often criticized as a centralized single point of failure / censorship. Have you been following the development of namecoin and P2P DNS? Are these systems viable in your estimation? How would you improve them or encourage their adoption?
The U.S. Customs department recently created headlines in seizing domains. These seizures appear to be extra-legal (not founded in law), but ICANN has gone along with them. Are those fair statements? Should ICANN's trustworthiness be suspect as a result of this process?
VC: On SMTP, the problem is spam. If SMTP relays could be authenticated in some way, perhaps running your own would work better. As of now, it is a problem to validate relays and most ISPs don't allow it. Maybe we will make some progress in this when we can strongly authenticate/validate end points in the network better. Regarding alternatives to DNS, it would be interesting to find alternatives to DNS that might be less prone to the business models that produce domaining, for example, but I have not yet seen evidence that such an outcome is likely to gain traction. I am not sure that ICANN has any ability to resist effectively the so-called seizures of domain names by the DHS/ICE. I am disturbed by the argument that this is comparable to FBI "seizures" of contraband for many reasons but I think the ability to resist this would rest on a successful court challenge to the practice, not to an ICANN policy.
Smart Grid
by kiwimate
You're currently on the Governing Board of the NIST Smart Grid Interoperability Panel. What is the state of standards development, and how big an impact does it have to move national infrastructure communications into the public IP arena so far as our ability to strengthen and expand our infrastructure? Conversely, how big are the threats in this new world?
VC: The process is moving along reasonably well although adoption of the standards that are emerging in the US will depend on endorsement by FERC and NERC. I think the standards can be very beneficial to the creation of interoperable energy management systems, edge devices, and device controllers. I am pleased that IPv6 forms a major basis for edge communication but concerned that the domestic ISPs, with some notable exceptions, have been slow to roll out support for IPv6. I imagine that an IPv6-equipped mobile could easily become a remote controller for a wide range of IPv6-labelled devices.
What would you like to see developed next?
by techmuse
I'm curious what technologies you would like to see developed next, or what you think would be most important to develop next. In other words, what do you think researchers should work on now that would be most significant? (Oh, and thank you for changing my life!)
V: My major wish right now, apart from ISP implementation of IPv6, DNSSEC and more end/end crypto and strong, 2-factor authentication, is the implementation of true broadcast IP. Satellites raining IP(v6) packets to Earth in range of millions of receivers could make widespread digital distribution of information far more efficient.
Interplanetary Internet
by immakiku TCP/IP started as a military project but has been adapted for all the Internet applications we see today. What sort of applications do you foresee/imagine for the Interplanetary Internet, aside from the stated purpose of coordinating NASA devices?
VC: The primary terrestrial applications are military tactical communications and enhanced mobile communications. I see a role for these delay and disruption tolerant protocols in public safety networking as well. All devices in the system could also serve as relays to allow for the dynamic creation of Mobile Ad hoc Networks, making more resilient emergency services communications and any number of popular user apps on mobiles.
The IP of TCP/IP
BY WHOM
The head of UN's WIPO believes that the Internet (and obviously the stack on which it runs) should have been patented. How do you believe it would have evolved, would TCP/IP be protected by patents?
VC: This is really pretty silly. Bob Kahn and I consciously did NOT patent or control distribution of the design and protocol specifications for TCP/IP for the simple reason that we wanted no intellectual property barriers to the adoption of TCP/IP as an international standard. I see absolutely no utility in the proposition to patent TCP/IP. It would have given a reason for SNA, DECNET and other proprietary protocols to persist since their inventors/purveyors could have argued that licensing TCP/IP (had it been patented) would be of no interest to them - indeed, its use opened up interoperability among many brands of computers (and networks) leading to more competition.
Has the Internet become too centralized?
by slashsloth
That is to say, do you think that too much power & control now lies in the hands of the Internet Service Providers, thereby making it, at least in terms of control if not routing, too centralized & too easily manipulated by the powerful few. I guess this question stems from a viewpoint that it should be somehow democratic & free (as in free speech). Also do you share my pedantic belief that the public Internet should be spelt with a capital 'I'?
VC: As to the latter, yes, I strongly believe that the capital was intended to refer to the public Internet (I have written on this in the past). We accepted the notion that "internet" could use the protocols but be private and disconnected from the public Internet but that "Internet" referred to the latter. Some people disagree but I still believe it to be a useful distinction. As to centralization, it is possible that the lack of competition among Internet access providers is a bad outcome. I have always been a proponent of intra-modal competition through open access to underlying transport networks but not everyone agrees with me.
How can we bring trust back to the internet?
by Madman
One of the secrets of the internet's massive success is the lack of controls over it; if there had been strict security and processes in place it would likely not have come about. One of the downsides is that all our security measures are tacked-on, there is no built-in security to the protocols used on the internet and as a result security is a massive problem. How do we go from the wild west to having at least a reasonable level of trusted computing?
VC: Better and stronger authentication would help. 2-factor "passwords" and registration of devices. We may also need to adopt international norms for acceptable usage of the net with some kind of enforceable rules with reciprocity. Until we have some collective and cross-border ability to bring miscreants to justice, we will continue to see relatively unconstrained behaviors including harmful ones.
No more "peace and love" in software designs
by BeforeCoffee
I take it that the "route around failures" and other original design features of TCP/IP and the Internet as a whole relied upon trusting others always having good intentions and cooperating. Those designs were necessary at the time and the reason the internet exists today.
Nowadays distrust, firewalls, and coding defensively is the norm (or it should be). In that light, the internet's design seems creaky and vulnerable.
Do you have any thoughts or feelings on how software has changed and seemingly become so treacherous since you first designed TCP/IP? Would you advocate a ground-up redesign of internet transports and protocols starting with TCP/IP?
VC: I have always been a fan of trying clean-sheet designs. Sometimes you discover retrofits that don't require a re-design. In other cases (such as delay and disruption tolerance) you need serious re-implementation of new designs. It is clear that authentication, various forms of cryptographic protections and the like are needed at several layers in the architecture. Deploying something wholly new is hard, though.
Future of the Internet
by H0bb3z
Do you feel the security concerns over collected information will trump the leveraging of information in future Internet technologies? Will there be a separate "opt-in" or "opt-out" web to cater to each preference?
Context: There have been many controversies recently regarding the collection of data and the privacy of individual information. As we move forward, I've heard a mixed set of messages regarding the direction we should expect to see.
Consumerism is indeed driving innovation and everything is going mobile these days (there's an app for that I think). One example I heard recently of the benefit of the convergence of information and mobility: a consumer can point their mobile phone at a shelf of groceries, get an active "overlay" of information regarding the products and determine which best suits the customer needs. On the flip side, sensors that track customer behavior are installed at the grocery shelf and based on detected behavior (like stopping for a moment to reminisce about Coco-Puffs even though you know they are bad for you) initiates a coupon for whatever the vendor may feel would provide enough motivation to purchase their product -- in the example a $1 off coupon to the mobile phone of a shopper.
Will this become reality in the future?
I think there are benefits to be had, but also am fiercely protective of my personal information and preferences.
VC: At least in America, we have tended to readily give up privacy in exchange for convenience. Credit card information bases being a good example of that. If one can divorce identity from behavior patterns, it might be acceptable to many to benefit from system reactions to our choices and behavior if these are not correlated with identity.
Postel and Crocker
by vlm
So you went to high school with Postel and Crocker, according to Wikipedia; did you guys hang out all along or meet up decades later?
V: Crocker and I have been best friends since about 1959. Jon was in a later class and we didn't know him until we all reconvened at UCLA in the late 1960s.
A Simple Pogonological Question
by eldavojohn
What level of success does TCP/IP owe to your glorious beard?
VC: LOL!! not much! I just got tired of nicks and cuts from shaving my whole face and went with the beard!! I did shave it off once, but quickly re-grew it after being painfully reminded why I had grown it in the first place!!! -
Vint Cerf Answers Your Questions About IPv6 and More
Last week, you asked questions of "father of the Internet" Vint Cerf; read on below for Cerf's thoughts on the present and future of IPv6, standards and nomenclature, the origin of his beard, and more. Thanks, Vint! What can we do to get ISPs to switch on IPv6?
by jandrese
One of the biggest hurdles to IPv6 adoption today is that the average home user simply cannot get an IPv6 address from their ISP. Tunnels are hacker toys, and completely impractical/impossible for people who are using their ISP's "home router". What do you think we can do to convince ISPs to start rolling out IPv6 [i]before[/i] there is a crisis? Everybody agrees that the transition will go smoother if we take it slow and easy, but nobody is willing to make the first step, and IPv4 addresses aren't still being inexorably depleted the world over.
VC: I have been asking myself (and others) this question for some years now! When you try to explain that they can't really expand the Internet effectively relying solely on cascading NAT boxes they kind of glaze over. Sadly, now that we really are in the IPv4 end-game, there is not much choice but to deploy NATs to try to make dual-stack work as a transition plan. If ISPs had started implementing IPv6 5 years ago we would not have this problem. I think only pressure from consumers, businesses and governments to demand IPv6 implementation will help. Even then, I can imagine the bean counters insisting that there be incremental revenue for implementing IPv6 despite the simple fact that the only serious path to supporting smart devices (including smart grid, mobiles with IP addresses, etc) is through implementation of IPv6. We are also going to have to find some incentives for users to upgrade their home routers to handle both IPv4 and IPv6. Maybe a trade-in policy???
IPV6, and a related question
by gr8_phk
With IPv6 we could all have fixed IP addresses (or blocks of them) at home. Is this likely to happen? What do you see as the pros and cons from the ISP point of view for doing this? I think the reasons I want it are the reasons they don't, but I'd like to know how someone with your perspective sees it.
VC: We could actually have a fairly large group of IPv6 addresses at each termination point. An advantage is that one could then run servers but some ISPs might find that problematic because of the potential uplink traffic. I ended up paying for "business" class service to assure fixed IP addresses for that reason. I did not have servers of video or imagery in mind, but, rather, controllers and sensors (and ability to print remotely, for instance).
Hardware accelerated IPv6
by vlm
Hardware accelerated ipv4 routing/switching was out there, I dunno, at least a decade ago, or more. Your expectations on the rollout of hardware accelerated ipv6 switching?
VC: It probably won't happen until there is clear evidence of an IPv6 tipping point. Of course, it makes every bit of good sense and the IPv6 format is better geared to hardware assist than IPv4.
Why the colon in IPv6?
by jandrese
The biggest thing I hate about IPv6 is that the standard format uses colon as the digit separator. On most keyboards, that is a fairly awkward character to type, especially in rapid fire between groups of hex digits. Also, it causes problems for the many many programs that specify ports after IP addresses with a colon (like URIs!). IPv4's use of the period instead is much nicer. If you didn't want to reuse the period (so programs can distinguish between the two types of addresses more easily), why not use dash instead? It's just as visually appealing and doesn't require you to hit shift to type it. It would have saved a whole lot of ugly brackets around IP addresses.
Any aesthetic qualities of the colon are lost when you have to do this:
http:/// [http] [1005:3321:5a52:4fca::1]:8080/
instead of: http://1005-3321-5a52-4fca--1:8080/ [1005-3321-5a52-4fca--1]
And that second example was noticeably quicker for me to type.
Edit: And of course because this is Slashdot it made a huge mess of the first URL and forced me to mess it up slightly to be readable!
VC: The colon was needed to allow for compressed display of IPv6 addresses and to avoid confusion with a dotted representation of IPv4. It was apparently the only character thought to be unencumbered for this purpose at the time. Other slashdot readers may have additional comments on this.
Hindsight is 20/20
by eldavojohn
If there was one thing you could go back and change about TCP/IP -- something that is far too entrenched to change now -- what would it be?
VC: Well, I wish I had realized we'd need more than 32 bits of address space! At the time, I thought this was still an experiment and that, if successful, we would develop a production version. I guess IPv6 is the production version! I would also have included a lot of strong authentication mechanisms but at the time we were standardizing TCP/IP (version 4), there was no practical public key crypto capability ready in hand.
.here TLD?
by TheLink
Do you think there should be a .here TLD, reserved officially for local use in an analogous way to the way that the RFC1918 IP addresses are reserved officially for private use?
Currently many are coming up with their own ad hoc TLDs for local use. In my opinion this is suboptimal. Having a standard official TLD would allow more interesting things to "organically grow" on it.
(See also: http://tools.ietf.org/html/draft-yeoh-tldhere-01)
VC: Hard to say, honestly. I am not sure just what ".here" might actually mean unless intended to be self-referential (in other words, the server is the same as the referring party - kind of like 127.0.0.1? In that case, it need only be a reserved term rather than something you register in.
Ooh! Settle An Argument For Me!
by Greyfox
Though my deep and thoughtful meditation on IP addressing, I have realized that an IP address is simply a number. We canonically break it up into 4 smaller numbers that are presumably easier to remember. However if you stack all the bits of those smaller numbers together, you get a bigger number, and that number is actually the address. Moreover, every C standard library that I have ever tried is able to resolve this bigger number to the correct address. If I ping a 10 digit number in that address range, the C standard library will figure it out. It is my position that this is a feature and not a bug.
It seems that the OS X Firefox Guys don't agree with me. Admittedly they do have an RFC on the subject, but their browser breaks a known behavior that every other TCP/IP client program on the planet exhibits, including other operating system versions of Firefox!
Would you kindly bludgeon one of us into submission? I don't really care which side of the argument you come down on, but one of us has to be able to say "Because Vint Cerf said so!"
Oh, and while I've got you, I'm sick of writing stateless http applications. May I have your permission to go back to writing plain old socket servers on other ports, providing data based on whatever query format I feel like implementing? It kind of looks like REST, I suppose, except that I don't have to load 14 layers of frameworks to get to that point.
VC: LOL! actually, most of us assumed that any way to generate the 32 number should be acceptable since the connection process doesn't actually use the text representation of the IP address. I think any value in the range 0 to 2^32-1 should be acceptable as an IP reference. As to stateless operation, I know what you mean; you have to get used to figuring out how to stash intermediate state (cookies usually)...
SMTP, DNS, U.S. Customs
by molo
It seems that it is getting more and more difficult to successfully run your own SMTP server. See, for example, this post responding to the idea that a user was going to move off gmail to their own server. Are there any prospects for meaningful SMTP reform that would lower the barrier to entry for legitimate emailers?
DNS has been often criticized as a centralized single point of failure / censorship. Have you been following the development of namecoin and P2P DNS? Are these systems viable in your estimation? How would you improve them or encourage their adoption?
The U.S. Customs department recently created headlines in seizing domains. These seizures appear to be extra-legal (not founded in law), but ICANN has gone along with them. Are those fair statements? Should ICANN's trustworthiness be suspect as a result of this process?
VC: On SMTP, the problem is spam. If SMTP relays could be authenticated in some way, perhaps running your own would work better. As of now, it is a problem to validate relays and most ISPs don't allow it. Maybe we will make some progress in this when we can strongly authenticate/validate end points in the network better. Regarding alternatives to DNS, it would be interesting to find alternatives to DNS that might be less prone to the business models that produce domaining, for example, but I have not yet seen evidence that such an outcome is likely to gain traction. I am not sure that ICANN has any ability to resist effectively the so-called seizures of domain names by the DHS/ICE. I am disturbed by the argument that this is comparable to FBI "seizures" of contraband for many reasons but I think the ability to resist this would rest on a successful court challenge to the practice, not to an ICANN policy.
Smart Grid
by kiwimate
You're currently on the Governing Board of the NIST Smart Grid Interoperability Panel. What is the state of standards development, and how big an impact does it have to move national infrastructure communications into the public IP arena so far as our ability to strengthen and expand our infrastructure? Conversely, how big are the threats in this new world?
VC: The process is moving along reasonably well although adoption of the standards that are emerging in the US will depend on endorsement by FERC and NERC. I think the standards can be very beneficial to the creation of interoperable energy management systems, edge devices, and device controllers. I am pleased that IPv6 forms a major basis for edge communication but concerned that the domestic ISPs, with some notable exceptions, have been slow to roll out support for IPv6. I imagine that an IPv6-equipped mobile could easily become a remote controller for a wide range of IPv6-labelled devices.
What would you like to see developed next?
by techmuse
I'm curious what technologies you would like to see developed next, or what you think would be most important to develop next. In other words, what do you think researchers should work on now that would be most significant? (Oh, and thank you for changing my life!)
V: My major wish right now, apart from ISP implementation of IPv6, DNSSEC and more end/end crypto and strong, 2-factor authentication, is the implementation of true broadcast IP. Satellites raining IP(v6) packets to Earth in range of millions of receivers could make widespread digital distribution of information far more efficient.
Interplanetary Internet
by immakiku TCP/IP started as a military project but has been adapted for all the Internet applications we see today. What sort of applications do you foresee/imagine for the Interplanetary Internet, aside from the stated purpose of coordinating NASA devices?
VC: The primary terrestrial applications are military tactical communications and enhanced mobile communications. I see a role for these delay and disruption tolerant protocols in public safety networking as well. All devices in the system could also serve as relays to allow for the dynamic creation of Mobile Ad hoc Networks, making more resilient emergency services communications and any number of popular user apps on mobiles.
The IP of TCP/IP
BY WHOM
The head of UN's WIPO believes that the Internet (and obviously the stack on which it runs) should have been patented. How do you believe it would have evolved, would TCP/IP be protected by patents?
VC: This is really pretty silly. Bob Kahn and I consciously did NOT patent or control distribution of the design and protocol specifications for TCP/IP for the simple reason that we wanted no intellectual property barriers to the adoption of TCP/IP as an international standard. I see absolutely no utility in the proposition to patent TCP/IP. It would have given a reason for SNA, DECNET and other proprietary protocols to persist since their inventors/purveyors could have argued that licensing TCP/IP (had it been patented) would be of no interest to them - indeed, its use opened up interoperability among many brands of computers (and networks) leading to more competition.
Has the Internet become too centralized?
by slashsloth
That is to say, do you think that too much power & control now lies in the hands of the Internet Service Providers, thereby making it, at least in terms of control if not routing, too centralized & too easily manipulated by the powerful few. I guess this question stems from a viewpoint that it should be somehow democratic & free (as in free speech). Also do you share my pedantic belief that the public Internet should be spelt with a capital 'I'?
VC: As to the latter, yes, I strongly believe that the capital was intended to refer to the public Internet (I have written on this in the past). We accepted the notion that "internet" could use the protocols but be private and disconnected from the public Internet but that "Internet" referred to the latter. Some people disagree but I still believe it to be a useful distinction. As to centralization, it is possible that the lack of competition among Internet access providers is a bad outcome. I have always been a proponent of intra-modal competition through open access to underlying transport networks but not everyone agrees with me.
How can we bring trust back to the internet?
by Madman
One of the secrets of the internet's massive success is the lack of controls over it; if there had been strict security and processes in place it would likely not have come about. One of the downsides is that all our security measures are tacked-on, there is no built-in security to the protocols used on the internet and as a result security is a massive problem. How do we go from the wild west to having at least a reasonable level of trusted computing?
VC: Better and stronger authentication would help. 2-factor "passwords" and registration of devices. We may also need to adopt international norms for acceptable usage of the net with some kind of enforceable rules with reciprocity. Until we have some collective and cross-border ability to bring miscreants to justice, we will continue to see relatively unconstrained behaviors including harmful ones.
No more "peace and love" in software designs
by BeforeCoffee
I take it that the "route around failures" and other original design features of TCP/IP and the Internet as a whole relied upon trusting others always having good intentions and cooperating. Those designs were necessary at the time and the reason the internet exists today.
Nowadays distrust, firewalls, and coding defensively is the norm (or it should be). In that light, the internet's design seems creaky and vulnerable.
Do you have any thoughts or feelings on how software has changed and seemingly become so treacherous since you first designed TCP/IP? Would you advocate a ground-up redesign of internet transports and protocols starting with TCP/IP?
VC: I have always been a fan of trying clean-sheet designs. Sometimes you discover retrofits that don't require a re-design. In other cases (such as delay and disruption tolerance) you need serious re-implementation of new designs. It is clear that authentication, various forms of cryptographic protections and the like are needed at several layers in the architecture. Deploying something wholly new is hard, though.
Future of the Internet
by H0bb3z
Do you feel the security concerns over collected information will trump the leveraging of information in future Internet technologies? Will there be a separate "opt-in" or "opt-out" web to cater to each preference?
Context: There have been many controversies recently regarding the collection of data and the privacy of individual information. As we move forward, I've heard a mixed set of messages regarding the direction we should expect to see.
Consumerism is indeed driving innovation and everything is going mobile these days (there's an app for that I think). One example I heard recently of the benefit of the convergence of information and mobility: a consumer can point their mobile phone at a shelf of groceries, get an active "overlay" of information regarding the products and determine which best suits the customer needs. On the flip side, sensors that track customer behavior are installed at the grocery shelf and based on detected behavior (like stopping for a moment to reminisce about Coco-Puffs even though you know they are bad for you) initiates a coupon for whatever the vendor may feel would provide enough motivation to purchase their product -- in the example a $1 off coupon to the mobile phone of a shopper.
Will this become reality in the future?
I think there are benefits to be had, but also am fiercely protective of my personal information and preferences.
VC: At least in America, we have tended to readily give up privacy in exchange for convenience. Credit card information bases being a good example of that. If one can divorce identity from behavior patterns, it might be acceptable to many to benefit from system reactions to our choices and behavior if these are not correlated with identity.
Postel and Crocker
by vlm
So you went to high school with Postel and Crocker, according to Wikipedia; did you guys hang out all along or meet up decades later?
V: Crocker and I have been best friends since about 1959. Jon was in a later class and we didn't know him until we all reconvened at UCLA in the late 1960s.
A Simple Pogonological Question
by eldavojohn
What level of success does TCP/IP owe to your glorious beard?
VC: LOL!! not much! I just got tired of nicks and cuts from shaving my whole face and went with the beard!! I did shave it off once, but quickly re-grew it after being painfully reminded why I had grown it in the first place!!! -
Vint Cerf Answers Your Questions About IPv6 and More
Last week, you asked questions of "father of the Internet" Vint Cerf; read on below for Cerf's thoughts on the present and future of IPv6, standards and nomenclature, the origin of his beard, and more. Thanks, Vint! What can we do to get ISPs to switch on IPv6?
by jandrese
One of the biggest hurdles to IPv6 adoption today is that the average home user simply cannot get an IPv6 address from their ISP. Tunnels are hacker toys, and completely impractical/impossible for people who are using their ISP's "home router". What do you think we can do to convince ISPs to start rolling out IPv6 [i]before[/i] there is a crisis? Everybody agrees that the transition will go smoother if we take it slow and easy, but nobody is willing to make the first step, and IPv4 addresses aren't still being inexorably depleted the world over.
VC: I have been asking myself (and others) this question for some years now! When you try to explain that they can't really expand the Internet effectively relying solely on cascading NAT boxes they kind of glaze over. Sadly, now that we really are in the IPv4 end-game, there is not much choice but to deploy NATs to try to make dual-stack work as a transition plan. If ISPs had started implementing IPv6 5 years ago we would not have this problem. I think only pressure from consumers, businesses and governments to demand IPv6 implementation will help. Even then, I can imagine the bean counters insisting that there be incremental revenue for implementing IPv6 despite the simple fact that the only serious path to supporting smart devices (including smart grid, mobiles with IP addresses, etc) is through implementation of IPv6. We are also going to have to find some incentives for users to upgrade their home routers to handle both IPv4 and IPv6. Maybe a trade-in policy???
IPV6, and a related question
by gr8_phk
With IPv6 we could all have fixed IP addresses (or blocks of them) at home. Is this likely to happen? What do you see as the pros and cons from the ISP point of view for doing this? I think the reasons I want it are the reasons they don't, but I'd like to know how someone with your perspective sees it.
VC: We could actually have a fairly large group of IPv6 addresses at each termination point. An advantage is that one could then run servers but some ISPs might find that problematic because of the potential uplink traffic. I ended up paying for "business" class service to assure fixed IP addresses for that reason. I did not have servers of video or imagery in mind, but, rather, controllers and sensors (and ability to print remotely, for instance).
Hardware accelerated IPv6
by vlm
Hardware accelerated ipv4 routing/switching was out there, I dunno, at least a decade ago, or more. Your expectations on the rollout of hardware accelerated ipv6 switching?
VC: It probably won't happen until there is clear evidence of an IPv6 tipping point. Of course, it makes every bit of good sense and the IPv6 format is better geared to hardware assist than IPv4.
Why the colon in IPv6?
by jandrese
The biggest thing I hate about IPv6 is that the standard format uses colon as the digit separator. On most keyboards, that is a fairly awkward character to type, especially in rapid fire between groups of hex digits. Also, it causes problems for the many many programs that specify ports after IP addresses with a colon (like URIs!). IPv4's use of the period instead is much nicer. If you didn't want to reuse the period (so programs can distinguish between the two types of addresses more easily), why not use dash instead? It's just as visually appealing and doesn't require you to hit shift to type it. It would have saved a whole lot of ugly brackets around IP addresses.
Any aesthetic qualities of the colon are lost when you have to do this:
http:/// [http] [1005:3321:5a52:4fca::1]:8080/
instead of: http://1005-3321-5a52-4fca--1:8080/ [1005-3321-5a52-4fca--1]
And that second example was noticeably quicker for me to type.
Edit: And of course because this is Slashdot it made a huge mess of the first URL and forced me to mess it up slightly to be readable!
VC: The colon was needed to allow for compressed display of IPv6 addresses and to avoid confusion with a dotted representation of IPv4. It was apparently the only character thought to be unencumbered for this purpose at the time. Other slashdot readers may have additional comments on this.
Hindsight is 20/20
by eldavojohn
If there was one thing you could go back and change about TCP/IP -- something that is far too entrenched to change now -- what would it be?
VC: Well, I wish I had realized we'd need more than 32 bits of address space! At the time, I thought this was still an experiment and that, if successful, we would develop a production version. I guess IPv6 is the production version! I would also have included a lot of strong authentication mechanisms but at the time we were standardizing TCP/IP (version 4), there was no practical public key crypto capability ready in hand.
.here TLD?
by TheLink
Do you think there should be a .here TLD, reserved officially for local use in an analogous way to the way that the RFC1918 IP addresses are reserved officially for private use?
Currently many are coming up with their own ad hoc TLDs for local use. In my opinion this is suboptimal. Having a standard official TLD would allow more interesting things to "organically grow" on it.
(See also: http://tools.ietf.org/html/draft-yeoh-tldhere-01)
VC: Hard to say, honestly. I am not sure just what ".here" might actually mean unless intended to be self-referential (in other words, the server is the same as the referring party - kind of like 127.0.0.1? In that case, it need only be a reserved term rather than something you register in.
Ooh! Settle An Argument For Me!
by Greyfox
Though my deep and thoughtful meditation on IP addressing, I have realized that an IP address is simply a number. We canonically break it up into 4 smaller numbers that are presumably easier to remember. However if you stack all the bits of those smaller numbers together, you get a bigger number, and that number is actually the address. Moreover, every C standard library that I have ever tried is able to resolve this bigger number to the correct address. If I ping a 10 digit number in that address range, the C standard library will figure it out. It is my position that this is a feature and not a bug.
It seems that the OS X Firefox Guys don't agree with me. Admittedly they do have an RFC on the subject, but their browser breaks a known behavior that every other TCP/IP client program on the planet exhibits, including other operating system versions of Firefox!
Would you kindly bludgeon one of us into submission? I don't really care which side of the argument you come down on, but one of us has to be able to say "Because Vint Cerf said so!"
Oh, and while I've got you, I'm sick of writing stateless http applications. May I have your permission to go back to writing plain old socket servers on other ports, providing data based on whatever query format I feel like implementing? It kind of looks like REST, I suppose, except that I don't have to load 14 layers of frameworks to get to that point.
VC: LOL! actually, most of us assumed that any way to generate the 32 number should be acceptable since the connection process doesn't actually use the text representation of the IP address. I think any value in the range 0 to 2^32-1 should be acceptable as an IP reference. As to stateless operation, I know what you mean; you have to get used to figuring out how to stash intermediate state (cookies usually)...
SMTP, DNS, U.S. Customs
by molo
It seems that it is getting more and more difficult to successfully run your own SMTP server. See, for example, this post responding to the idea that a user was going to move off gmail to their own server. Are there any prospects for meaningful SMTP reform that would lower the barrier to entry for legitimate emailers?
DNS has been often criticized as a centralized single point of failure / censorship. Have you been following the development of namecoin and P2P DNS? Are these systems viable in your estimation? How would you improve them or encourage their adoption?
The U.S. Customs department recently created headlines in seizing domains. These seizures appear to be extra-legal (not founded in law), but ICANN has gone along with them. Are those fair statements? Should ICANN's trustworthiness be suspect as a result of this process?
VC: On SMTP, the problem is spam. If SMTP relays could be authenticated in some way, perhaps running your own would work better. As of now, it is a problem to validate relays and most ISPs don't allow it. Maybe we will make some progress in this when we can strongly authenticate/validate end points in the network better. Regarding alternatives to DNS, it would be interesting to find alternatives to DNS that might be less prone to the business models that produce domaining, for example, but I have not yet seen evidence that such an outcome is likely to gain traction. I am not sure that ICANN has any ability to resist effectively the so-called seizures of domain names by the DHS/ICE. I am disturbed by the argument that this is comparable to FBI "seizures" of contraband for many reasons but I think the ability to resist this would rest on a successful court challenge to the practice, not to an ICANN policy.
Smart Grid
by kiwimate
You're currently on the Governing Board of the NIST Smart Grid Interoperability Panel. What is the state of standards development, and how big an impact does it have to move national infrastructure communications into the public IP arena so far as our ability to strengthen and expand our infrastructure? Conversely, how big are the threats in this new world?
VC: The process is moving along reasonably well although adoption of the standards that are emerging in the US will depend on endorsement by FERC and NERC. I think the standards can be very beneficial to the creation of interoperable energy management systems, edge devices, and device controllers. I am pleased that IPv6 forms a major basis for edge communication but concerned that the domestic ISPs, with some notable exceptions, have been slow to roll out support for IPv6. I imagine that an IPv6-equipped mobile could easily become a remote controller for a wide range of IPv6-labelled devices.
What would you like to see developed next?
by techmuse
I'm curious what technologies you would like to see developed next, or what you think would be most important to develop next. In other words, what do you think researchers should work on now that would be most significant? (Oh, and thank you for changing my life!)
V: My major wish right now, apart from ISP implementation of IPv6, DNSSEC and more end/end crypto and strong, 2-factor authentication, is the implementation of true broadcast IP. Satellites raining IP(v6) packets to Earth in range of millions of receivers could make widespread digital distribution of information far more efficient.
Interplanetary Internet
by immakiku TCP/IP started as a military project but has been adapted for all the Internet applications we see today. What sort of applications do you foresee/imagine for the Interplanetary Internet, aside from the stated purpose of coordinating NASA devices?
VC: The primary terrestrial applications are military tactical communications and enhanced mobile communications. I see a role for these delay and disruption tolerant protocols in public safety networking as well. All devices in the system could also serve as relays to allow for the dynamic creation of Mobile Ad hoc Networks, making more resilient emergency services communications and any number of popular user apps on mobiles.
The IP of TCP/IP
BY WHOM
The head of UN's WIPO believes that the Internet (and obviously the stack on which it runs) should have been patented. How do you believe it would have evolved, would TCP/IP be protected by patents?
VC: This is really pretty silly. Bob Kahn and I consciously did NOT patent or control distribution of the design and protocol specifications for TCP/IP for the simple reason that we wanted no intellectual property barriers to the adoption of TCP/IP as an international standard. I see absolutely no utility in the proposition to patent TCP/IP. It would have given a reason for SNA, DECNET and other proprietary protocols to persist since their inventors/purveyors could have argued that licensing TCP/IP (had it been patented) would be of no interest to them - indeed, its use opened up interoperability among many brands of computers (and networks) leading to more competition.
Has the Internet become too centralized?
by slashsloth
That is to say, do you think that too much power & control now lies in the hands of the Internet Service Providers, thereby making it, at least in terms of control if not routing, too centralized & too easily manipulated by the powerful few. I guess this question stems from a viewpoint that it should be somehow democratic & free (as in free speech). Also do you share my pedantic belief that the public Internet should be spelt with a capital 'I'?
VC: As to the latter, yes, I strongly believe that the capital was intended to refer to the public Internet (I have written on this in the past). We accepted the notion that "internet" could use the protocols but be private and disconnected from the public Internet but that "Internet" referred to the latter. Some people disagree but I still believe it to be a useful distinction. As to centralization, it is possible that the lack of competition among Internet access providers is a bad outcome. I have always been a proponent of intra-modal competition through open access to underlying transport networks but not everyone agrees with me.
How can we bring trust back to the internet?
by Madman
One of the secrets of the internet's massive success is the lack of controls over it; if there had been strict security and processes in place it would likely not have come about. One of the downsides is that all our security measures are tacked-on, there is no built-in security to the protocols used on the internet and as a result security is a massive problem. How do we go from the wild west to having at least a reasonable level of trusted computing?
VC: Better and stronger authentication would help. 2-factor "passwords" and registration of devices. We may also need to adopt international norms for acceptable usage of the net with some kind of enforceable rules with reciprocity. Until we have some collective and cross-border ability to bring miscreants to justice, we will continue to see relatively unconstrained behaviors including harmful ones.
No more "peace and love" in software designs
by BeforeCoffee
I take it that the "route around failures" and other original design features of TCP/IP and the Internet as a whole relied upon trusting others always having good intentions and cooperating. Those designs were necessary at the time and the reason the internet exists today.
Nowadays distrust, firewalls, and coding defensively is the norm (or it should be). In that light, the internet's design seems creaky and vulnerable.
Do you have any thoughts or feelings on how software has changed and seemingly become so treacherous since you first designed TCP/IP? Would you advocate a ground-up redesign of internet transports and protocols starting with TCP/IP?
VC: I have always been a fan of trying clean-sheet designs. Sometimes you discover retrofits that don't require a re-design. In other cases (such as delay and disruption tolerance) you need serious re-implementation of new designs. It is clear that authentication, various forms of cryptographic protections and the like are needed at several layers in the architecture. Deploying something wholly new is hard, though.
Future of the Internet
by H0bb3z
Do you feel the security concerns over collected information will trump the leveraging of information in future Internet technologies? Will there be a separate "opt-in" or "opt-out" web to cater to each preference?
Context: There have been many controversies recently regarding the collection of data and the privacy of individual information. As we move forward, I've heard a mixed set of messages regarding the direction we should expect to see.
Consumerism is indeed driving innovation and everything is going mobile these days (there's an app for that I think). One example I heard recently of the benefit of the convergence of information and mobility: a consumer can point their mobile phone at a shelf of groceries, get an active "overlay" of information regarding the products and determine which best suits the customer needs. On the flip side, sensors that track customer behavior are installed at the grocery shelf and based on detected behavior (like stopping for a moment to reminisce about Coco-Puffs even though you know they are bad for you) initiates a coupon for whatever the vendor may feel would provide enough motivation to purchase their product -- in the example a $1 off coupon to the mobile phone of a shopper.
Will this become reality in the future?
I think there are benefits to be had, but also am fiercely protective of my personal information and preferences.
VC: At least in America, we have tended to readily give up privacy in exchange for convenience. Credit card information bases being a good example of that. If one can divorce identity from behavior patterns, it might be acceptable to many to benefit from system reactions to our choices and behavior if these are not correlated with identity.
Postel and Crocker
by vlm
So you went to high school with Postel and Crocker, according to Wikipedia; did you guys hang out all along or meet up decades later?
V: Crocker and I have been best friends since about 1959. Jon was in a later class and we didn't know him until we all reconvened at UCLA in the late 1960s.
A Simple Pogonological Question
by eldavojohn
What level of success does TCP/IP owe to your glorious beard?
VC: LOL!! not much! I just got tired of nicks and cuts from shaving my whole face and went with the beard!! I did shave it off once, but quickly re-grew it after being painfully reminded why I had grown it in the first place!!! -
Vint Cerf Answers Your Questions About IPv6 and More
Last week, you asked questions of "father of the Internet" Vint Cerf; read on below for Cerf's thoughts on the present and future of IPv6, standards and nomenclature, the origin of his beard, and more. Thanks, Vint! What can we do to get ISPs to switch on IPv6?
by jandrese
One of the biggest hurdles to IPv6 adoption today is that the average home user simply cannot get an IPv6 address from their ISP. Tunnels are hacker toys, and completely impractical/impossible for people who are using their ISP's "home router". What do you think we can do to convince ISPs to start rolling out IPv6 [i]before[/i] there is a crisis? Everybody agrees that the transition will go smoother if we take it slow and easy, but nobody is willing to make the first step, and IPv4 addresses aren't still being inexorably depleted the world over.
VC: I have been asking myself (and others) this question for some years now! When you try to explain that they can't really expand the Internet effectively relying solely on cascading NAT boxes they kind of glaze over. Sadly, now that we really are in the IPv4 end-game, there is not much choice but to deploy NATs to try to make dual-stack work as a transition plan. If ISPs had started implementing IPv6 5 years ago we would not have this problem. I think only pressure from consumers, businesses and governments to demand IPv6 implementation will help. Even then, I can imagine the bean counters insisting that there be incremental revenue for implementing IPv6 despite the simple fact that the only serious path to supporting smart devices (including smart grid, mobiles with IP addresses, etc) is through implementation of IPv6. We are also going to have to find some incentives for users to upgrade their home routers to handle both IPv4 and IPv6. Maybe a trade-in policy???
IPV6, and a related question
by gr8_phk
With IPv6 we could all have fixed IP addresses (or blocks of them) at home. Is this likely to happen? What do you see as the pros and cons from the ISP point of view for doing this? I think the reasons I want it are the reasons they don't, but I'd like to know how someone with your perspective sees it.
VC: We could actually have a fairly large group of IPv6 addresses at each termination point. An advantage is that one could then run servers but some ISPs might find that problematic because of the potential uplink traffic. I ended up paying for "business" class service to assure fixed IP addresses for that reason. I did not have servers of video or imagery in mind, but, rather, controllers and sensors (and ability to print remotely, for instance).
Hardware accelerated IPv6
by vlm
Hardware accelerated ipv4 routing/switching was out there, I dunno, at least a decade ago, or more. Your expectations on the rollout of hardware accelerated ipv6 switching?
VC: It probably won't happen until there is clear evidence of an IPv6 tipping point. Of course, it makes every bit of good sense and the IPv6 format is better geared to hardware assist than IPv4.
Why the colon in IPv6?
by jandrese
The biggest thing I hate about IPv6 is that the standard format uses colon as the digit separator. On most keyboards, that is a fairly awkward character to type, especially in rapid fire between groups of hex digits. Also, it causes problems for the many many programs that specify ports after IP addresses with a colon (like URIs!). IPv4's use of the period instead is much nicer. If you didn't want to reuse the period (so programs can distinguish between the two types of addresses more easily), why not use dash instead? It's just as visually appealing and doesn't require you to hit shift to type it. It would have saved a whole lot of ugly brackets around IP addresses.
Any aesthetic qualities of the colon are lost when you have to do this:
http:/// [http] [1005:3321:5a52:4fca::1]:8080/
instead of: http://1005-3321-5a52-4fca--1:8080/ [1005-3321-5a52-4fca--1]
And that second example was noticeably quicker for me to type.
Edit: And of course because this is Slashdot it made a huge mess of the first URL and forced me to mess it up slightly to be readable!
VC: The colon was needed to allow for compressed display of IPv6 addresses and to avoid confusion with a dotted representation of IPv4. It was apparently the only character thought to be unencumbered for this purpose at the time. Other slashdot readers may have additional comments on this.
Hindsight is 20/20
by eldavojohn
If there was one thing you could go back and change about TCP/IP -- something that is far too entrenched to change now -- what would it be?
VC: Well, I wish I had realized we'd need more than 32 bits of address space! At the time, I thought this was still an experiment and that, if successful, we would develop a production version. I guess IPv6 is the production version! I would also have included a lot of strong authentication mechanisms but at the time we were standardizing TCP/IP (version 4), there was no practical public key crypto capability ready in hand.
.here TLD?
by TheLink
Do you think there should be a .here TLD, reserved officially for local use in an analogous way to the way that the RFC1918 IP addresses are reserved officially for private use?
Currently many are coming up with their own ad hoc TLDs for local use. In my opinion this is suboptimal. Having a standard official TLD would allow more interesting things to "organically grow" on it.
(See also: http://tools.ietf.org/html/draft-yeoh-tldhere-01)
VC: Hard to say, honestly. I am not sure just what ".here" might actually mean unless intended to be self-referential (in other words, the server is the same as the referring party - kind of like 127.0.0.1? In that case, it need only be a reserved term rather than something you register in.
Ooh! Settle An Argument For Me!
by Greyfox
Though my deep and thoughtful meditation on IP addressing, I have realized that an IP address is simply a number. We canonically break it up into 4 smaller numbers that are presumably easier to remember. However if you stack all the bits of those smaller numbers together, you get a bigger number, and that number is actually the address. Moreover, every C standard library that I have ever tried is able to resolve this bigger number to the correct address. If I ping a 10 digit number in that address range, the C standard library will figure it out. It is my position that this is a feature and not a bug.
It seems that the OS X Firefox Guys don't agree with me. Admittedly they do have an RFC on the subject, but their browser breaks a known behavior that every other TCP/IP client program on the planet exhibits, including other operating system versions of Firefox!
Would you kindly bludgeon one of us into submission? I don't really care which side of the argument you come down on, but one of us has to be able to say "Because Vint Cerf said so!"
Oh, and while I've got you, I'm sick of writing stateless http applications. May I have your permission to go back to writing plain old socket servers on other ports, providing data based on whatever query format I feel like implementing? It kind of looks like REST, I suppose, except that I don't have to load 14 layers of frameworks to get to that point.
VC: LOL! actually, most of us assumed that any way to generate the 32 number should be acceptable since the connection process doesn't actually use the text representation of the IP address. I think any value in the range 0 to 2^32-1 should be acceptable as an IP reference. As to stateless operation, I know what you mean; you have to get used to figuring out how to stash intermediate state (cookies usually)...
SMTP, DNS, U.S. Customs
by molo
It seems that it is getting more and more difficult to successfully run your own SMTP server. See, for example, this post responding to the idea that a user was going to move off gmail to their own server. Are there any prospects for meaningful SMTP reform that would lower the barrier to entry for legitimate emailers?
DNS has been often criticized as a centralized single point of failure / censorship. Have you been following the development of namecoin and P2P DNS? Are these systems viable in your estimation? How would you improve them or encourage their adoption?
The U.S. Customs department recently created headlines in seizing domains. These seizures appear to be extra-legal (not founded in law), but ICANN has gone along with them. Are those fair statements? Should ICANN's trustworthiness be suspect as a result of this process?
VC: On SMTP, the problem is spam. If SMTP relays could be authenticated in some way, perhaps running your own would work better. As of now, it is a problem to validate relays and most ISPs don't allow it. Maybe we will make some progress in this when we can strongly authenticate/validate end points in the network better. Regarding alternatives to DNS, it would be interesting to find alternatives to DNS that might be less prone to the business models that produce domaining, for example, but I have not yet seen evidence that such an outcome is likely to gain traction. I am not sure that ICANN has any ability to resist effectively the so-called seizures of domain names by the DHS/ICE. I am disturbed by the argument that this is comparable to FBI "seizures" of contraband for many reasons but I think the ability to resist this would rest on a successful court challenge to the practice, not to an ICANN policy.
Smart Grid
by kiwimate
You're currently on the Governing Board of the NIST Smart Grid Interoperability Panel. What is the state of standards development, and how big an impact does it have to move national infrastructure communications into the public IP arena so far as our ability to strengthen and expand our infrastructure? Conversely, how big are the threats in this new world?
VC: The process is moving along reasonably well although adoption of the standards that are emerging in the US will depend on endorsement by FERC and NERC. I think the standards can be very beneficial to the creation of interoperable energy management systems, edge devices, and device controllers. I am pleased that IPv6 forms a major basis for edge communication but concerned that the domestic ISPs, with some notable exceptions, have been slow to roll out support for IPv6. I imagine that an IPv6-equipped mobile could easily become a remote controller for a wide range of IPv6-labelled devices.
What would you like to see developed next?
by techmuse
I'm curious what technologies you would like to see developed next, or what you think would be most important to develop next. In other words, what do you think researchers should work on now that would be most significant? (Oh, and thank you for changing my life!)
V: My major wish right now, apart from ISP implementation of IPv6, DNSSEC and more end/end crypto and strong, 2-factor authentication, is the implementation of true broadcast IP. Satellites raining IP(v6) packets to Earth in range of millions of receivers could make widespread digital distribution of information far more efficient.
Interplanetary Internet
by immakiku TCP/IP started as a military project but has been adapted for all the Internet applications we see today. What sort of applications do you foresee/imagine for the Interplanetary Internet, aside from the stated purpose of coordinating NASA devices?
VC: The primary terrestrial applications are military tactical communications and enhanced mobile communications. I see a role for these delay and disruption tolerant protocols in public safety networking as well. All devices in the system could also serve as relays to allow for the dynamic creation of Mobile Ad hoc Networks, making more resilient emergency services communications and any number of popular user apps on mobiles.
The IP of TCP/IP
BY WHOM
The head of UN's WIPO believes that the Internet (and obviously the stack on which it runs) should have been patented. How do you believe it would have evolved, would TCP/IP be protected by patents?
VC: This is really pretty silly. Bob Kahn and I consciously did NOT patent or control distribution of the design and protocol specifications for TCP/IP for the simple reason that we wanted no intellectual property barriers to the adoption of TCP/IP as an international standard. I see absolutely no utility in the proposition to patent TCP/IP. It would have given a reason for SNA, DECNET and other proprietary protocols to persist since their inventors/purveyors could have argued that licensing TCP/IP (had it been patented) would be of no interest to them - indeed, its use opened up interoperability among many brands of computers (and networks) leading to more competition.
Has the Internet become too centralized?
by slashsloth
That is to say, do you think that too much power & control now lies in the hands of the Internet Service Providers, thereby making it, at least in terms of control if not routing, too centralized & too easily manipulated by the powerful few. I guess this question stems from a viewpoint that it should be somehow democratic & free (as in free speech). Also do you share my pedantic belief that the public Internet should be spelt with a capital 'I'?
VC: As to the latter, yes, I strongly believe that the capital was intended to refer to the public Internet (I have written on this in the past). We accepted the notion that "internet" could use the protocols but be private and disconnected from the public Internet but that "Internet" referred to the latter. Some people disagree but I still believe it to be a useful distinction. As to centralization, it is possible that the lack of competition among Internet access providers is a bad outcome. I have always been a proponent of intra-modal competition through open access to underlying transport networks but not everyone agrees with me.
How can we bring trust back to the internet?
by Madman
One of the secrets of the internet's massive success is the lack of controls over it; if there had been strict security and processes in place it would likely not have come about. One of the downsides is that all our security measures are tacked-on, there is no built-in security to the protocols used on the internet and as a result security is a massive problem. How do we go from the wild west to having at least a reasonable level of trusted computing?
VC: Better and stronger authentication would help. 2-factor "passwords" and registration of devices. We may also need to adopt international norms for acceptable usage of the net with some kind of enforceable rules with reciprocity. Until we have some collective and cross-border ability to bring miscreants to justice, we will continue to see relatively unconstrained behaviors including harmful ones.
No more "peace and love" in software designs
by BeforeCoffee
I take it that the "route around failures" and other original design features of TCP/IP and the Internet as a whole relied upon trusting others always having good intentions and cooperating. Those designs were necessary at the time and the reason the internet exists today.
Nowadays distrust, firewalls, and coding defensively is the norm (or it should be). In that light, the internet's design seems creaky and vulnerable.
Do you have any thoughts or feelings on how software has changed and seemingly become so treacherous since you first designed TCP/IP? Would you advocate a ground-up redesign of internet transports and protocols starting with TCP/IP?
VC: I have always been a fan of trying clean-sheet designs. Sometimes you discover retrofits that don't require a re-design. In other cases (such as delay and disruption tolerance) you need serious re-implementation of new designs. It is clear that authentication, various forms of cryptographic protections and the like are needed at several layers in the architecture. Deploying something wholly new is hard, though.
Future of the Internet
by H0bb3z
Do you feel the security concerns over collected information will trump the leveraging of information in future Internet technologies? Will there be a separate "opt-in" or "opt-out" web to cater to each preference?
Context: There have been many controversies recently regarding the collection of data and the privacy of individual information. As we move forward, I've heard a mixed set of messages regarding the direction we should expect to see.
Consumerism is indeed driving innovation and everything is going mobile these days (there's an app for that I think). One example I heard recently of the benefit of the convergence of information and mobility: a consumer can point their mobile phone at a shelf of groceries, get an active "overlay" of information regarding the products and determine which best suits the customer needs. On the flip side, sensors that track customer behavior are installed at the grocery shelf and based on detected behavior (like stopping for a moment to reminisce about Coco-Puffs even though you know they are bad for you) initiates a coupon for whatever the vendor may feel would provide enough motivation to purchase their product -- in the example a $1 off coupon to the mobile phone of a shopper.
Will this become reality in the future?
I think there are benefits to be had, but also am fiercely protective of my personal information and preferences.
VC: At least in America, we have tended to readily give up privacy in exchange for convenience. Credit card information bases being a good example of that. If one can divorce identity from behavior patterns, it might be acceptable to many to benefit from system reactions to our choices and behavior if these are not correlated with identity.
Postel and Crocker
by vlm
So you went to high school with Postel and Crocker, according to Wikipedia; did you guys hang out all along or meet up decades later?
V: Crocker and I have been best friends since about 1959. Jon was in a later class and we didn't know him until we all reconvened at UCLA in the late 1960s.
A Simple Pogonological Question
by eldavojohn
What level of success does TCP/IP owe to your glorious beard?
VC: LOL!! not much! I just got tired of nicks and cuts from shaving my whole face and went with the beard!! I did shave it off once, but quickly re-grew it after being painfully reminded why I had grown it in the first place!!! -
Copiale Cipher Decoded
eldavojohn writes "The 18th century Copiale Cipher has finally been decoded after a few minor breakthroughs were made by linguists versed in machine translation analyzing the document. From the article, 'Kevin Knight, a computer scientist at the Information Sciences Institute at the University of Southern California, collaborated with Beata Megyesi and Christiane Schaefer of Uppsala University in Sweden to decipher the first 16 pages. They turn out to be a detailed description of a ritual from a secret society that apparently had a fascination with eye surgery and ophthalmology.' The Roman characters and abstract symbols turned out to be a sort of encryption of the German language. The important clues they discovered were that the Roman characters were nulls (misleading junk) and the bogus looking symbols the actual text. Lastly, a colon would mean a duplication of the last consonant. A cipher falls to word-frequency analysis. Perhaps the researchers could start another 'weekend project' and tackle The Voynich Manuscript for us?" Update: 10/25 15:25 GMT by T : eldavojohn adds also a link to the final translation. -
John McCarthy, Discoverer of Lisp, Has Passed Away
The first of a few submitters, szo sent in an early report that John McCarthy passed early yesterday. Paul Graham (among others) confirmed: the news was true. And so, shortly after a fellow founder of countless language descendants, goes the founder of the Lisp tree at the age of 84. -
Is Verizon Breaking FCC Regulations With Locked Bootloaders?
First time accepted submitter PcItalian writes with an excerpt from an interesting editorial on XDA Developers: "The open access provision requires Verizon to 'not deny, limit, or restrict the ability of their customers to use the devices and applications of their choice on the licensee's C Block network.' It goes on to say, 'The potential for excessive bandwidth demand alone shall not constitute grounds for denying, limiting or restricting access to the network.' Verizon bought Block C and tried to have the provisions removed. They failed. ... That means if a device uses the Block C frequencies, Verizon cannot insist what apps or firmware it runs. ... So the question is, do any devices use Block C frequencies? Yes. Some are called Hotspots. Others are called the HTC Thunderbolt... [Hotspots] comply with FCC regulations as far as I'm aware. The HTC Thunderbolt, on the other hand, does not. In the list of rules and exceptions for the Block C license, it says this: 'Handset locking prohibited. No licensee may disable features on handsets it provides to customers, to the extent such features are compliant with the licensee's standards pursuant to paragraph (b) of this section'...'" -
Is Verizon Breaking FCC Regulations With Locked Bootloaders?
First time accepted submitter PcItalian writes with an excerpt from an interesting editorial on XDA Developers: "The open access provision requires Verizon to 'not deny, limit, or restrict the ability of their customers to use the devices and applications of their choice on the licensee's C Block network.' It goes on to say, 'The potential for excessive bandwidth demand alone shall not constitute grounds for denying, limiting or restricting access to the network.' Verizon bought Block C and tried to have the provisions removed. They failed. ... That means if a device uses the Block C frequencies, Verizon cannot insist what apps or firmware it runs. ... So the question is, do any devices use Block C frequencies? Yes. Some are called Hotspots. Others are called the HTC Thunderbolt... [Hotspots] comply with FCC regulations as far as I'm aware. The HTC Thunderbolt, on the other hand, does not. In the list of rules and exceptions for the Block C license, it says this: 'Handset locking prohibited. No licensee may disable features on handsets it provides to customers, to the extent such features are compliant with the licensee's standards pursuant to paragraph (b) of this section'...'" -
Stanford Scientists Show Stretchable Skin-Like Sensor
SkinnyGuy writes with news of an invention out of Stanford that improves upon previous work: a transparent, stretchable, skin-like sensor that could have applications for prosthetic limbs and robotics. Quoting: "The sensor uses a transparent film of single-walled carbon nanotubes that act as tiny springs, enabling the sensor to accurately measure the force on it, whether it's being pulled like taffy or squeezed like a sponge. ... The sensors consist of two layers of the nanotube-coated silicone, oriented so that the coatings are face-to-face, with a layer of a more easily deformed type of silicone between them. The middle layer of silicone stores electrical charge, much like a battery. When pressure is exerted on the sensor, the middle layer of silicone compresses, which alters the amount of electrical charge it can store. That change is detected by the two films of carbon nanotubes, which act like the positive and negative terminals on a typical automobile or flashlight battery. The change sensed by the nanotube films is what enables the sensor to transmit what it is 'feeling.'" -
Ask The Bad Astronomer
Astronomer, author, columnist, and successful populizer of science Phil Plait, perhaps best known as The Bad Astronomer, is a regular sight on Slashdot for his unusual ability to find lucid explanations of esoteric scientific claims and controversies. Phil has graciously agreed to answer Slashdot readers' questions, so ask him below about space, science, debunking conspiracy claims, and anything else that makes sense. Asking more than one question is fine (and encouraged!), but please separate unrelated questions into separate posts, lest your questions be moderated down. -
Predicting When Space Junk Will Come Home To Earth
Following up on recent news of a NASA satellite falling from the sky and a German satellite that did the same, new submitter blais writes "NPR has an interesting interview about space junk falling back to Earth — and the odds of it possibly hitting someone. I thought it might be of interest to the other space nerds out there. Quoting: '... it's very difficult to know exactly when a satellite's going to come down. The Earth's atmosphere is hard to model. It's very thin up there, 100 miles or more up, but it exists. And sometimes it's a little bit denser, sometimes not, and the satellite might be tumbling, and so it makes it very difficult to know exactly when it's ... going to come down." -
Predicting When Space Junk Will Come Home To Earth
Following up on recent news of a NASA satellite falling from the sky and a German satellite that did the same, new submitter blais writes "NPR has an interesting interview about space junk falling back to Earth — and the odds of it possibly hitting someone. I thought it might be of interest to the other space nerds out there. Quoting: '... it's very difficult to know exactly when a satellite's going to come down. The Earth's atmosphere is hard to model. It's very thin up there, 100 miles or more up, but it exists. And sometimes it's a little bit denser, sometimes not, and the satellite might be tumbling, and so it makes it very difficult to know exactly when it's ... going to come down." -
Ron Paul Wants To End the Federal Student Loan Program
On the heels of declaring his intent to axe a few departments from the federal government, Ron Paul has revealed more plans should he become President. The_THOMAS writes "Ron Paul wants to end Federal student loans stating that the Government involvement artificially inflates the cost of a college education and that once the government is out of the situation, students will be able to work their way to a college degree. What do you think?" -
Microsoft Now Collects Royalties From Over Half of All Android Devices
An anonymous reader writes "Microsoft has inked a deal with Compal Electronics, which pumps out gadgets that run Android and Chrome OS, for an undisclosed sum." Microsoft has an explanatory weblog post; with this deal over half of all Android devices are licensing patents from Microsoft. Notably refusing to cooperate and instead opting for the court battle route are Motorola and Barnes and Noble. -
Microsoft Now Collects Royalties From Over Half of All Android Devices
An anonymous reader writes "Microsoft has inked a deal with Compal Electronics, which pumps out gadgets that run Android and Chrome OS, for an undisclosed sum." Microsoft has an explanatory weblog post; with this deal over half of all Android devices are licensing patents from Microsoft. Notably refusing to cooperate and instead opting for the court battle route are Motorola and Barnes and Noble. -
Nasdaq Intrusion Spreads To Listed Companies
New submitter SpzToid writes "Nasdaq's Directors Desk is a program sold to both listed and private companies, whose board members use it to share documents and communicate with executives. Apparently Directors Desk was infected during a breach widely publicized earlier this year. It has now become known that hackers were able to access confidential documents and communications of the corporate directors and board members who received this infected application, said Tom Kellermann, chief technology officer with security technology firm AirPatrol Corp. It is unclear how long the Directors Desk application was infected before the exchange identified the breach, according to Kellermann and another source." -
$529M DOE Loan Spawns $97K Made-in-Finland Cars
theodp writes "With PR successes like the Fisker Karma, does the Department of Energy need to worry about PR failures like Solyndra? ABC News and others are reporting that electric car company Fisker, which received a $529M federal loan guarantee with the approval of the Obama administration, is assembling its first line of $96,985 base-priced hybrid cars in Finland, saying it could not find a facility in the United States capable of doing the work. According to Green Car Reports, Fisker said the EPA had rated the Karma at 54 MPGe (MPG-equivalent) when running on electricity from its battery pack, and that the EPA-rated electric range would be 32 miles. Omitted from the press release was the 20-mpg rating for a Karma running on power from its range-extending gasoline engine." -
$529M DOE Loan Spawns $97K Made-in-Finland Cars
theodp writes "With PR successes like the Fisker Karma, does the Department of Energy need to worry about PR failures like Solyndra? ABC News and others are reporting that electric car company Fisker, which received a $529M federal loan guarantee with the approval of the Obama administration, is assembling its first line of $96,985 base-priced hybrid cars in Finland, saying it could not find a facility in the United States capable of doing the work. According to Green Car Reports, Fisker said the EPA had rated the Karma at 54 MPGe (MPG-equivalent) when running on electricity from its battery pack, and that the EPA-rated electric range would be 32 miles. Omitted from the press release was the 20-mpg rating for a Karma running on power from its range-extending gasoline engine." -
Android 4.0 Source Code Coming "Soon"
itwbennett writes "Good news today for those of you who have been waiting for news about whether Google would be opening up the ICS source and for those of you who thought it was gone for good. Android engineer Dan Morrill revealed new information in the Android Building Google group yesterday evening, saying that Google plans 'to release the source for the recently-announced Ice Cream Sandwich soon, once it's available on devices.'" -
Open Source CPUs Coming To a Club Near You?
lekernel writes "The Milkymist project (also mentioned earlier this year) have started shipping their so-called 'video synthesizer,' a device used by concert and other event organizers to create live visual effects. Most interestingly, the device is based on their fully open source system-on-chip design, including both a CPU and graphics accelerators — the latter being a significant part of what the Open Graphics project is still struggling with." -
Google+ To End Real Names Policy
bs0d3 writes "After months of Google+ being unsuccessful at taking the edge over Facebook, Google announces a new plan. Google executive Vic Gundotra announced yesterday that they will be 'adding features that will "support other forms of identity,"' a major victory for security and privacy advocates. If Google+ gets rid of their 'real names' policy, they will finally be the social networking site that people will flock to when running away from Facebook." JWZ is a skeptic; he describes as "premature victory" (and much harsher things, too) any rejoicing in the announced policy change, writing in part "My guess? I'll bet they still require you to register with your 'real' name, but then they'll graciously allow you to have a linked nickname or two, meaning they're still fully prepared to roll over on you to authoritarian governments or advertisers at the drop of a hat." -
Android Source Code Gone For Good?
First time accepted submitter vyrus128 writes "Many people were upset at the revelation, reported here in May, that the Honeycomb version of Android would not be open sourced. But Google promised that the next version, Ice Cream Sandwich, would have full source available. Now that ICS is out, though, the source is nowhere in sight. In the thread, Android's Jean-Baptiste Queru offers the following, as to the question of whether source will ever be made available: 'At the moment I don't have anything to say on that subject.'" -
Ballmer Slams Android As Cheap and Overcomplicated
jfruhlinger writes "On the day Android Ice Cream Sandwich was released, Steve Ballmer livened up the Web 2.0 conference by lobbing potshots at Google's mobile OS, calling it the choice of 'cheap' phones and claiming 'the biggest advantage we have over Android is that you don't need to be a computer scientist to use a Windows Phone.'" -
German Surveillance Trojan Spies On Fifteen Apps
itwbennett writes "Researchers from Kaspersky Lab have discovered that the R2D2 surveillance Trojan, which is used by German law enforcement to intercept Internet phone calls, is capable of monitoring traffic from popular browsers and instant messaging applications. 'Amongst the new things we found in there are two rather interesting ones: Firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows,' said Tillmann Werner, a security researcher with Kaspersky in Germany. 'Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total.'" -
German Surveillance Trojan Spies On Fifteen Apps
itwbennett writes "Researchers from Kaspersky Lab have discovered that the R2D2 surveillance Trojan, which is used by German law enforcement to intercept Internet phone calls, is capable of monitoring traffic from popular browsers and instant messaging applications. 'Amongst the new things we found in there are two rather interesting ones: Firstly, this version is not only capable of running on 32 bit systems; it also includes support for 64 bit versions of Windows,' said Tillmann Werner, a security researcher with Kaspersky in Germany. 'Secondly, the list of target processes to monitor is longer than the one mentioned in the CCC report. The number of applications infected by the various components is 15 in total.'" -
Android Ice Cream Sandwich SDK Released
Hitting the front page for the first time, ttong writes "The highly anticipated Android 4.0 (codenamed Ice Cream Sandwich) has been released and finally brings the features of 3.x Honeycomb to smaller devices. Some of the highlights include: a revamped UI, a much faster browser, face unlock, a vastly improved camera app, improved task switching, streaming voice recognition, Wi-Fi Direct, and Bluetooth Health Device Profile. ... The API level is 14, download the new SDK here." calc noted that the source code has yet to be released (Google account required) except to legally required GPL components. Supposedly progress is being made toward getting AOSP back online: "We're working on it and we're making good progress, but we're not ready to announce any additional details yet." How many of the new features will remain proprietary and tied to Google services remains to be seen. -
Space Is (Not) the Place, Says Professor
snoop.daub writes "A while back, we discussed UCSD professor Tom Murphy's post about the limits on growth in energy use and economies. Partly in reaction to Slashdot's response (and my own writeup!), he's back with a new post arguing that space is not a solution to enable continued growth. There's a lot of good stuff in here about public misconceptions regarding the difficulty of space travel and the like; again definitely worth the read." -
Investors Campaign To Oust Murdochs From News Corp
Hugh Pickens writes "Alan Mutter writes that the California Public Employees Retirement System, the nation's largest pension fund, has become the latest investor to say it would vote against the re-election of Rupert Murdoch and his sons to the company's board of directors, joining several other institutional investors opposed to the tenure of not only the Murdoch trio but also most of the rest of the leader's hand-picked board. 'The company appears to have devolved into a free-wheeling, cut-throat and paranoid culture that reached its logical conclusion in the phone-hacking scandal at The News of the World, where deceit and naked ambition trumped common decency, good judgment and even simple compliance with the law,' writes Mutter... Further proof of the anything-goes atmosphere at News Corp was supplied last week when the Guardian reported that ... the European edition of the Wall Street Journal evidently sold access to its news columns and created back-channel payment networks to lift the otherwise sagging circulation of the paper... 'It's not clear whether the outside shareholders have the votes to change anything at a corporation where Murdoch effectively controls 40% of the shares,' concludes Mutter, 'But adult supervision most certainly is in order, because News Corp. seems to be operating with only the sketchiest of business plans and no effective executive oversight of his many far-flung initiatives. '" -
Ask Internet Visionary and Pioneer Vint Cerf
As co-designer of TCP/IP (along with Robert E. Kahn), and former chairman of ICANN, it is no exaggeration to say that Vint Cerf is certainly one of the fathers of the internet, and is often referred to as simply the father. His lifetime of network engineering accomplishments — meriting, among many other laurels, the Turing Award — leaves little doubt as to why he's now a full-time internet visionary for Google (and formerly with WorldCom) as well as a Google VP. Now, Cerf has graciously agreed to answer Slashdot readers' inquiries about the past and future of this little thing called the Internet, and his role in it thus far. This short call for questions is inadequate to sum up his contributions to engineering the data flows that entangle and enlighten us in 2011, but read through a few of these capsule descriptions to get a sense of them. In accord with the interview guidelines, please try not to lump together unrelated questions. (You may find that your questions are moderated downward if they aren't concise; if you have several distinct questions, simply submit separately as many as you'd like.) -
Facebook Is Building Shadow Profiles of Non-Users
An anonymous reader writes "As noted previously, Max Schrems of Europe Versus Facebook has filed numerous complaints about Facebook's data collection practices. One complaint that has failed to draw much scrutiny regards Facebook's creation of Shadow Profiles. 'This is done by different functions that encourage users to hand personal data of other users and non-users to Facebook... (e.g. synchronizing mobile phones, importing personal data from e-mail providers, importing personal information from instant messaging services, sending invitations to friends or saving search queries when users search for other people on facebook.com). This means that even if you don't use it, you may already have a profile on Facebook.'" -
Continuing the Distributed DNS System
bs0d3 writes "Last year, piratebay co-founder Peter Sunde gathered coders to begin a decentralized dns system. This is a direct result of the increasing control which the US government has over ICANN. The project is called P2P-DNS and according to the project's wiki, this is how the project is described: 'P2P-DNS is a community project that will free internet users from imperial control of DNS by ICANN. In order to prevent unjust prosecution or denial of service, P2P-DNS will operate as a distributed and less centralized service hosted by the users of DNS. Today the project continues, barely. A majority of interest shifted to namecoin once the idea was realized, but coder Caleb James DeLisle continues on the first project. So far he has DHT nodes and routers worked out, and awaits help on his IRC channel whenever volunteers are willing to join." -
Comet Nearly Hit Earth? Not So Fast
Phil Plait ("The Bad Astronomer") writes with a skeptical take on the recent report that a comet may have narrowly missed earth. According to the linked post from Plait, "When a comet breaks up, it spreads out. Even when intact, the material surrounding a comet can be tens or even hundreds of thousands of kilometers across! Claiming that a comet broke apart, yet managed to constrain its pieces to volume of space less than a few thousand kilometers across strains credulity. Mind you, Bonilla claimed to have seen these objects over the course of two days. That means they would’ve been stretched out along a path that was a million km long at least, yet so narrow that only one observatory on Earth saw them transit the Sun. That is highly unlikely. Worse, the very fact that no one else saw anything makes this claim even less tenable." -
Final Fantasy XIV Subscriptions Returning, PS3 Version In 2012
Just over a year ago, Square Enix released Final Fantasy XIV. It was not well received, and to atone for their mistake, the company removed the game's subscription fee, replaced a bunch of the developers, and delayed the PS3 version. Now, they are confident enough in the updates they've brought to the game that they are re-instituting the subscription plan and working again on the PS3 version, though it's still about a year away. They've also explained their roadmap for version 2.0 of the game, which will include a new UI, a new graphics engine, and a redesign of all current maps.