OFX servers for financial institutions. Without name dropping, check out the list of banks, brokerages, tax services, and credit card providers (Quicken) out there successfully serving up client data.
I'm aware of OFX, and it is something I consider a non-evil use of XML. It is all about the data, and the data is high-volume, structured and text-like, so something like XML makes sense for representing it.
OTOH, name dropping gets nowhere with me. Large institutions routinely adopt very stupid technologies for the most ridiculous of reasons. I'm much more interesting in what a small, nimble high-tech company like Automated Trading Desk is doing than what Chase-Manhattan is doing. Of course, ATD appears to have gone to an all-flash homepage, which is an impressive level of stupidity, so maybe they've gotten all grown up now.
I have to admit, I'm clueless about your Java dependency issues. The only way I can see that ever happening is if you're dumping all of your classes into the default top-level package; and that's major user error if you are.
I do a build with Maven and it pulls down at least 20 different Java libraries and packages them all up with my program for even the most innocent of dependencies. Not only that, but then when something is deployed it tends to get deployed with all of its dependencies. No sense of a standard place to put libraries or trying to make sure that you don't have 20 different versions of a library around for the 10 different apps that use it. It's a nightmare.
And when I complain to Java people they tend to tell me "Oh, enterprises like it that way, it means they can stay in crufty code land forever and never have to upgrade anything if they don't want to!" which I read as "We don't really want to actually spend any time trying to make our development process vaguely reasonable, we just want to toss code on the wall and wait for things to stick.". It's pathetic and makes for intolerable integration issues for larger projects. I guess it all fits with the idea of Java being for programmers who don't actually want to think about the code they write.
CORBA is a minor pain to parse. From what I could tell you could just sit down with a spec and code up your own parser for ye-old random language in a day or two. But that's not my major issue with it.
My major issue with it was that it promotes designing distributed systems that focus on the semantic roles of the participants instead of the data moving around. In fact it discourages programmers using it from even thinking of what they're doing as sending messages to some system many milliseconds away. Among other evils this leads to all kinds of interesting issues with threading and concurrency that didn't even have to exist.
And, of course, my post is incomplete with reference to my little rant on why CORBA and other forms of RPC are bad. Both Thrift and D-BUS are pretty close to the ideal solution I describe later. They focus on message content over semantics and are extremely easy to parse. SOAP and XML-RPC fail on both of those counts. They are about semantics (you are making a remote function call that does some specific thing, not sending a hunk of data that has some particular content) over content and they are a huge pain to parse.
I've recently taken a job at a primarily Java shop. After seeing XML used and abused for ant, maven and various other things I've grown even more disenchanted with it. And now I've also gotten the chance to see that not only does Java represent a poor trade off between the annoyances of a strongly typed language and the speed of a dynamic interpreted one, it has a horrible mess of dependency issues that nobody really solves besides.
I'm much more hopeful about technologies like Thrift and/or D-Bus than I ever was about such abysmal abominations as SOAP, or the only slightly better XML-RPC.
The Java XML world seems like this little closed ecology of mutual masturbators who all come up with more Java and XML 'solutions' to problems that never existed before they started using Java and XML.
I see the value of XML for long-lived documents that don't spend a lot of their life on the wire. And possibly for config files, though IMHO it is too ugly and unreadable for those. But as a general tool for Internet plumbing it's awful.
Octopuses are on my "Do not eat because they're too darned bright." list and have been there for awhile. I think uplift experiments involving them would be very interesting.:-)
I am not assuming that just because you have good algorithms and are implementing tested protocols that everything will be fine. I'm just saying that assuming that there are no such things and a deplorable lack of security is therefor acceptable is stupid.
It is possible to implement software that has very few or no vulnerabilities. It isn't easy, but it's possible. That it isn't being done is deplorable, not "no big deal".
Anyway, I think if you re-read what I wrote you'll discover you're attacking me for saying something I didn't say.
You're completely ignoring the reality of implementation flaws.
I'm not. If you read again you'll see that I cite them as the reason why various implementations of cryptographic algorithms and protocols we know are well tested and secure fail in the field.
That book sounds really excellent though and I will have to check it out. I'm all for increasing my (and everybody else's) knowledge of how to avoid those sorts of flaws.
Lack of security in wireless isn't that huge of a deal. If you meet a skilled hacker, no matter what you throw at him/her they will be able to beat it.
Bzzzt! Wrong! I really hope you aren't a programmer.
There are encryption algorithms and protocols that are so good that nobody has figured how to defeat them, most likely even including the secret labs of various governments. Mostly what happens is that in practice they are misapplied or the person applying them doesn't understand them well enough and cuts a corner that results in a fatal implementation flaw.
What I really don't get is public standards that have this problem.
Those facile assumptions of yours as well as the pervasive defeatist attitude are likely the main reason there are so many problems in various commercial products.
I'm going to ignore your obvious spelling and grammar errors and focus on content. But if you want to be taken seriously by most people you might want to fix your writing style.
basically u say "here, this is the best tool we have but we shouldnt use it to make the most important decisions that influence our lives"... doesnt that sound stupid to u?
Well, it does, but that isn't what I said. What I said was that science doesn't give us a framework for ethics and morals. That comes from someplace else. It gives us a lot of data about who people are and how they get along, but where we go with that information is up to us. So, science should inform our decisions, yes, but it shouldn't (and can't) dictate them.
and if scientists and the scientific method shouldnt be involved in politics than who should be? politicians like monkey-boy-georgie and their evangelical "methods"?
How about you and I? That's really who should be making political decisions. People who claim some sort of authority as a scientist and then use it to justify political decisions shouldn't be trusted and definitely should not be given any more authority than any other random person has.
those land mines had a few interesting letters on them... like "made in US"... or maybe u think that there is no problem with selling weapons to a known tyrant or criminal !? afaik, that is a crime even in a guns-for-all culture like the US.
This might well be true. But the responsibility isn't all ours, and those things have a way of finding their way into those kinds of hands regardless. And there's no mention of the ones that had "Made in the USSR" stamped on them. Saddling us with all the responsibility isn't reasonable no matter how you slice it.
Ultimately it's up to the people of the various sovereignties involved to decide what they will and won't put up with. Our government has proven itself completely incompetent at even deciding who is or isn't a tyrant or a criminal, so I think chastising us for selling to them is fairly ineffective anyway.
You make an interesting point, and my feelings are along the same lines. But I'm very much on the fence about this. Really though, Real just made their own bed by releasing such buggy software.
I have noticed that people are complete and utter idiots about two very important cryptographic algorithms. PRNGs and hash functions. I can't believe the number of people who still use a simple MD5 hash for software download verification. First, it isn't signed, so all someone has to do is alter both the hash and the code. Secondly, even if it were it's not very hard to make two pieces of code, one innocuous and one malicious that both have the same MD5 hash, and it's been true for years.
DNS cache poisoning is a real danger. I bet someone dedicated could set up a website and evil exploiting DNS server pretty easily. You sprinkle some things in the website that will make a predictable series of requests for names in the domain of the evil DNS server, then a request for the name of bankofamerica say. Then the evil DNS server spits out the IP spoofed evil answer with the predicted sequence number for bankofamerica so the target computer gets it instead of the legitimate answer from their own DNS server. Bonus points if you can poison an ISPs recursive DNS server, then all their customers will go to the evil bankofamerica instead of the real one.
IP sequence number prediction is likely a much lesser danger because if you're in a situation where it can be exploited the router is likely compromised anyway. At least, I can't think of a way to exploit it without compromising a router.
But, regardless, if you have a PRNG in place to make a certain number unpredictable, you ought to actually care enough for the fix to actually make it that way. Either have code that works, or no code at all, not some half-assed piece of garbage that someone might mistakenly trust. Just because it runs doesn't mean it works. Anybody with that mindset should never be placed in charge of something security sensitive.
Can you point me at an example article from the NYT that illustrates your point? I've not read Nature. Does it publish raw journal papers, or is it a bit more digested? I like SciAm because it puts things in terms that make sense to someone who isn't an active participant in the field in question. But I do think that sometimes its articles are a little dumbed down from what I would prefer. I most strongly notice this, of course, in articles that are about computer science.
Re:"The Republican War on Science"?
on
Science Debate 2008
·
· Score: 3, Interesting
While I, personally think that there is ample evidence that human caused global warming is a real threat, I also recognize that you are completely correct in questioning the motivations of scientists as a whole in the manner you describe.
I've been reading Scientific American for a long time. There is a certain smug underlying attitude expressed there that scientists really know best for everybody. And they're wrong. Being a scientist does not better equip you to be able to make better ethical or moral decisions. It doesn't tell you where people want to go. It can tell you how people are and why they make decisions and a whole host of other interesting things. It can even tell you that people have an ingrained sense of morality that transcends all cultures and languages. But it can't tell you what is moral or what isn't.
Describing me as an atheist would be fairly close to accurate. I believe that the scientific method is the most useful tool we have for accurately discerning various facts about the world. Science as a whole is extremely valuable and useful. But its domain isn't politics and it never should be.
There was a time in the late 90s and early 00s when Scientific American was much more aggressively political than it is now. One issue in particular that I remember was all about how incredibly evil land mines are, complete with detailed pictures of the results. And it blamed and shamed the US for the problem, completely ignoring the despots, tyrants and military actions that put the land mines there in the first place. I nearly canceled my subscription over that. Luckily they changed and are only a little political here and there now.
And I recognize this danger in the global warming debate. But in the long run, we must develop ways of using resources that are sustainable. We must pay attention to ecological cycles and make sure that what we do works with them, or add cycles of our own. Ultimately our economy must be completely based on a net input of energy and a conscious knowledge of how to recycle every single waste product we produce.
So, in the larger context, I don't really care if the global warming is caused by humans or not. We need to get a handle on the carbon cycle, a thing we've been almost completely ignoring until now. If worrying about a possibly (though I don't think likely) fictitious danger to our continued comfortable existence here is what it takes, then so be it.
There is ample evidence we've been ignoring this cycle. Just look at the rising trend in atmospheric CO2 levels. There is no natural explanation for it. The activity of humans is the cause of this. Whether or not this will result in a climate catastrophe is open to debate (though I know which side of that I'm on) but the fact we've been ignoring this and not making sure there is a cycle is clear and something should be done about it. Sustainable development is in our long term best interests.
I read through the summary and totally missed it. Some people are better proofreaders than others. I care more about the 'editors' ability to pick decent stories than their ability to proofread nitpicky details like that. It should be corrected, sure. It might be that there's an extra 0, not a misplaced comma. It's ambiguous as it stands. But it's not that bad and the article is interesting.
I get a surprising number of IPv6 hits...
on
One Step Closer to IPv6
·
· Score: 4, Informative
I get a surprising number of IPv6 hits on my webserver at home. Most of these appear to be XP or Vista boxes with Internet connection sharing turned on that automatically assign themselves a 6to4 addresses when they have an interface with a public IPv4 address.
IPv6 with 6to4 is easy to set up, and I'd recommend it to anybody who has a static IPv4 address. You can use NAT-PT so all your IPv6 hosts can still get to the IPv4 network. If you have a couple of DNS servers, you can even set up reverse DNS for your IPv6 network just the way you want using this nice web interface from the NRO.
I hate NAT. And I think IPv6 can be just as secure. Partly because a 64-bit address space is really hard to effectively randomly probe working addresses and partly because it's fairly easy to configure a firewall to not allow incoming connections.
I hope that you and Microsoft are equally cheerful about all this when the 520 bridge capsizes with a ton of Microsoft employees on it. Or will that then be the state's fault somehow?
I tend towards libertarianism myself, but the article makes an excellent point. The 520 bridge is a crucial piece of infrastructure that Microsoft and its employees benefits greatly from the existence of. Do you have a reasonable proposal for how to pay for it? If you think it should be a privately owned toll bridge, I will tell you that almost all toll roads I've been on have been fantastically inconvenient, have a lot of extra real-estate (there is prime park land on the Seattle side of the 520 bridge) and are poorly maintained. I don't think they're the answer. I'm all ears for better answers though.
Ahh, my stated requirements do not actually require that it be possible to make an inter-operating implementation in a clean room environment.:-) I require this set of things:
There exist inter-operating implementations of the standard by largely independent groups
At least one such implementation must be Open Source.
The Open Source implementation must be generally considered to be a reference implementation.
ODF does meet these requirements. I specified them this way because I think the clean-room requirement is nearly impossible to achieve for anything non-trivial. But I also agree that things like how formulas are evaluated is important enough that it should be in the standard.
In this post and the posts above and below it I have an interesting discussion with someone who says essentially the same thing.
Personally, when it comes down to it, I don't care who is behind the standard as long as the standard meets certain *ahem* standards. Mainly I want inter-operable implementations from more than one vendor, and I would like at least one implementation that's fully Open Source and considered the reference implementation.
ODF meets all of those requirements. OOXML meets none of them. I don't think even Microsoft could make an implementation of OOXML in a clean room without using any of their other source code.
So, I care not one whit for the political machinations behind it all. All I care about is having a standard that's really a standard. Putting the political machinations to the fore is a mistake, and Microsoft is trying to capitalize on that to create a smokescreen that obscures the real issue, which is that their 'standard' is awful and unimplementable.
Legally speaking, you are correct. There is no legal way for people to make a GPLv3 game for the Xbox 360 or the Wii. There is a way to hack each of those platforms, but that way is quasi-legal or illegal and not suitable for a game distributed under the GPLv3.
That is irritating, and I agree that it presents a problem for the GPLv3, even though I think those hardware platforms are essentially defective. I don't think not supporting defective hardware is quite the right choice at this point in the evolution of Free Software.
That's an interesting point, and I'm going to have to consider dual licensing my code under the GPLv2 and GPLv3 for the time being.
Any of them. As near as I can tell the hardware protection they offer is fairly easily bypassed. Many people I know have done it. So having it is fairly pointless.
The GPLv3 requires that if you sell a piece of hardware that allows the software in it to be updated, and that software is covered by the GPLv3, the user must be able to update it with their own version as well as versions you supply. There's nothing about not allowing DRM.
This makes it easier for a user to bypass DRM for end-user devices like Kindle or the iPhone and such. But it doesn't disallow you from implementing it. So your point is basically as wrong as saying that the GPLv2 doesn't allow you to make money on your software.
It sounds like you think you're disagreeing with me in some way. My question was rehtorical, not a question I seriously had. I was pointing out that as a group we want laws against spam because in general we think that accessing public services according to their provided interfaces is not a crime.
That is why we want anti-spam laws. So this one particular act can be rendered illegal. If we felt that it was already illegal, why would we want more laws saying it was?
Slashdot Mirror
OFX servers for financial institutions. Without name dropping, check out the list of banks, brokerages, tax services, and credit card providers (Quicken) out there successfully serving up client data.
I'm aware of OFX, and it is something I consider a non-evil use of XML. It is all about the data, and the data is high-volume, structured and text-like, so something like XML makes sense for representing it.
OTOH, name dropping gets nowhere with me. Large institutions routinely adopt very stupid technologies for the most ridiculous of reasons. I'm much more interesting in what a small, nimble high-tech company like Automated Trading Desk is doing than what Chase-Manhattan is doing. Of course, ATD appears to have gone to an all-flash homepage, which is an impressive level of stupidity, so maybe they've gotten all grown up now.
I have to admit, I'm clueless about your Java dependency issues. The only way I can see that ever happening is if you're dumping all of your classes into the default top-level package; and that's major user error if you are.I do a build with Maven and it pulls down at least 20 different Java libraries and packages them all up with my program for even the most innocent of dependencies. Not only that, but then when something is deployed it tends to get deployed with all of its dependencies. No sense of a standard place to put libraries or trying to make sure that you don't have 20 different versions of a library around for the 10 different apps that use it. It's a nightmare.
And when I complain to Java people they tend to tell me "Oh, enterprises like it that way, it means they can stay in crufty code land forever and never have to upgrade anything if they don't want to!" which I read as "We don't really want to actually spend any time trying to make our development process vaguely reasonable, we just want to toss code on the wall and wait for things to stick.". It's pathetic and makes for intolerable integration issues for larger projects. I guess it all fits with the idea of Java being for programmers who don't actually want to think about the code they write.
CORBA is a minor pain to parse. From what I could tell you could just sit down with a spec and code up your own parser for ye-old random language in a day or two. But that's not my major issue with it.
My major issue with it was that it promotes designing distributed systems that focus on the semantic roles of the participants instead of the data moving around. In fact it discourages programmers using it from even thinking of what they're doing as sending messages to some system many milliseconds away. Among other evils this leads to all kinds of interesting issues with threading and concurrency that didn't even have to exist.
*laugh* It's so funny because it's true!
And, of course, my post is incomplete with reference to my little rant on why CORBA and other forms of RPC are bad. Both Thrift and D-BUS are pretty close to the ideal solution I describe later. They focus on message content over semantics and are extremely easy to parse. SOAP and XML-RPC fail on both of those counts. They are about semantics (you are making a remote function call that does some specific thing, not sending a hunk of data that has some particular content) over content and they are a huge pain to parse.
I've recently taken a job at a primarily Java shop. After seeing XML used and abused for ant, maven and various other things I've grown even more disenchanted with it. And now I've also gotten the chance to see that not only does Java represent a poor trade off between the annoyances of a strongly typed language and the speed of a dynamic interpreted one, it has a horrible mess of dependency issues that nobody really solves besides.
I'm much more hopeful about technologies like Thrift and/or D-Bus than I ever was about such abysmal abominations as SOAP, or the only slightly better XML-RPC.
The Java XML world seems like this little closed ecology of mutual masturbators who all come up with more Java and XML 'solutions' to problems that never existed before they started using Java and XML.
I see the value of XML for long-lived documents that don't spend a lot of their life on the wire. And possibly for config files, though IMHO it is too ugly and unreadable for those. But as a general tool for Internet plumbing it's awful.
Octopuses are on my "Do not eat because they're too darned bright." list and have been there for awhile. I think uplift experiments involving them would be very interesting. :-)
I am not assuming that just because you have good algorithms and are implementing tested protocols that everything will be fine. I'm just saying that assuming that there are no such things and a deplorable lack of security is therefor acceptable is stupid.
It is possible to implement software that has very few or no vulnerabilities. It isn't easy, but it's possible. That it isn't being done is deplorable, not "no big deal".
Anyway, I think if you re-read what I wrote you'll discover you're attacking me for saying something I didn't say.
You're completely ignoring the reality of implementation flaws.
I'm not. If you read again you'll see that I cite them as the reason why various implementations of cryptographic algorithms and protocols we know are well tested and secure fail in the field.
That book sounds really excellent though and I will have to check it out. I'm all for increasing my (and everybody else's) knowledge of how to avoid those sorts of flaws.
Lack of security in wireless isn't that huge of a deal. If you meet a skilled hacker, no matter what you throw at him/her they will be able to beat it.
Bzzzt! Wrong! I really hope you aren't a programmer.
There are encryption algorithms and protocols that are so good that nobody has figured how to defeat them, most likely even including the secret labs of various governments. Mostly what happens is that in practice they are misapplied or the person applying them doesn't understand them well enough and cuts a corner that results in a fatal implementation flaw.
What I really don't get is public standards that have this problem.
Those facile assumptions of yours as well as the pervasive defeatist attitude are likely the main reason there are so many problems in various commercial products.
I'm going to ignore your obvious spelling and grammar errors and focus on content. But if you want to be taken seriously by most people you might want to fix your writing style.
basically u say "here, this is the best tool we have but we shouldnt use it to make the most important decisions that influence our lives"Well, it does, but that isn't what I said. What I said was that science doesn't give us a framework for ethics and morals. That comes from someplace else. It gives us a lot of data about who people are and how they get along, but where we go with that information is up to us. So, science should inform our decisions, yes, but it shouldn't (and can't) dictate them.
and if scientists and the scientific method shouldnt be involved in politics than who should be? politicians like monkey-boy-georgie and their evangelical "methods"?How about you and I? That's really who should be making political decisions. People who claim some sort of authority as a scientist and then use it to justify political decisions shouldn't be trusted and definitely should not be given any more authority than any other random person has.
those land mines had a few interesting letters on themThis might well be true. But the responsibility isn't all ours, and those things have a way of finding their way into those kinds of hands regardless. And there's no mention of the ones that had "Made in the USSR" stamped on them. Saddling us with all the responsibility isn't reasonable no matter how you slice it.
Ultimately it's up to the people of the various sovereignties involved to decide what they will and won't put up with. Our government has proven itself completely incompetent at even deciding who is or isn't a tyrant or a criminal, so I think chastising us for selling to them is fairly ineffective anyway.
You make an interesting point, and my feelings are along the same lines. But I'm very much on the fence about this. Really though, Real just made their own bed by releasing such buggy software.
I have noticed that people are complete and utter idiots about two very important cryptographic algorithms. PRNGs and hash functions. I can't believe the number of people who still use a simple MD5 hash for software download verification. First, it isn't signed, so all someone has to do is alter both the hash and the code. Secondly, even if it were it's not very hard to make two pieces of code, one innocuous and one malicious that both have the same MD5 hash, and it's been true for years.
DNS cache poisoning is a real danger. I bet someone dedicated could set up a website and evil exploiting DNS server pretty easily. You sprinkle some things in the website that will make a predictable series of requests for names in the domain of the evil DNS server, then a request for the name of bankofamerica say. Then the evil DNS server spits out the IP spoofed evil answer with the predicted sequence number for bankofamerica so the target computer gets it instead of the legitimate answer from their own DNS server. Bonus points if you can poison an ISPs recursive DNS server, then all their customers will go to the evil bankofamerica instead of the real one.
IP sequence number prediction is likely a much lesser danger because if you're in a situation where it can be exploited the router is likely compromised anyway. At least, I can't think of a way to exploit it without compromising a router.
But, regardless, if you have a PRNG in place to make a certain number unpredictable, you ought to actually care enough for the fix to actually make it that way. Either have code that works, or no code at all, not some half-assed piece of garbage that someone might mistakenly trust. Just because it runs doesn't mean it works. Anybody with that mindset should never be placed in charge of something security sensitive.
Can you point me at an example article from the NYT that illustrates your point? I've not read Nature. Does it publish raw journal papers, or is it a bit more digested? I like SciAm because it puts things in terms that make sense to someone who isn't an active participant in the field in question. But I do think that sometimes its articles are a little dumbed down from what I would prefer. I most strongly notice this, of course, in articles that are about computer science.
While I, personally think that there is ample evidence that human caused global warming is a real threat, I also recognize that you are completely correct in questioning the motivations of scientists as a whole in the manner you describe.
I've been reading Scientific American for a long time. There is a certain smug underlying attitude expressed there that scientists really know best for everybody. And they're wrong. Being a scientist does not better equip you to be able to make better ethical or moral decisions. It doesn't tell you where people want to go. It can tell you how people are and why they make decisions and a whole host of other interesting things. It can even tell you that people have an ingrained sense of morality that transcends all cultures and languages. But it can't tell you what is moral or what isn't.
Describing me as an atheist would be fairly close to accurate. I believe that the scientific method is the most useful tool we have for accurately discerning various facts about the world. Science as a whole is extremely valuable and useful. But its domain isn't politics and it never should be.
There was a time in the late 90s and early 00s when Scientific American was much more aggressively political than it is now. One issue in particular that I remember was all about how incredibly evil land mines are, complete with detailed pictures of the results. And it blamed and shamed the US for the problem, completely ignoring the despots, tyrants and military actions that put the land mines there in the first place. I nearly canceled my subscription over that. Luckily they changed and are only a little political here and there now.
And I recognize this danger in the global warming debate. But in the long run, we must develop ways of using resources that are sustainable. We must pay attention to ecological cycles and make sure that what we do works with them, or add cycles of our own. Ultimately our economy must be completely based on a net input of energy and a conscious knowledge of how to recycle every single waste product we produce.
So, in the larger context, I don't really care if the global warming is caused by humans or not. We need to get a handle on the carbon cycle, a thing we've been almost completely ignoring until now. If worrying about a possibly (though I don't think likely) fictitious danger to our continued comfortable existence here is what it takes, then so be it.
There is ample evidence we've been ignoring this cycle. Just look at the rising trend in atmospheric CO2 levels. There is no natural explanation for it. The activity of humans is the cause of this. Whether or not this will result in a climate catastrophe is open to debate (though I know which side of that I'm on) but the fact we've been ignoring this and not making sure there is a cycle is clear and something should be done about it. Sustainable development is in our long term best interests.
I read through the summary and totally missed it. Some people are better proofreaders than others. I care more about the 'editors' ability to pick decent stories than their ability to proofread nitpicky details like that. It should be corrected, sure. It might be that there's an extra 0, not a misplaced comma. It's ambiguous as it stands. But it's not that bad and the article is interesting.
I get a surprising number of IPv6 hits on my webserver at home. Most of these appear to be XP or Vista boxes with Internet connection sharing turned on that automatically assign themselves a 6to4 addresses when they have an interface with a public IPv4 address.
IPv6 with 6to4 is easy to set up, and I'd recommend it to anybody who has a static IPv4 address. You can use NAT-PT so all your IPv6 hosts can still get to the IPv4 network. If you have a couple of DNS servers, you can even set up reverse DNS for your IPv6 network just the way you want using this nice web interface from the NRO.
I maintain some good links to stuff about IPv6 on del.icio.us.
I hate NAT. And I think IPv6 can be just as secure. Partly because a 64-bit address space is really hard to effectively randomly probe working addresses and partly because it's fairly easy to configure a firewall to not allow incoming connections.
I hope that you and Microsoft are equally cheerful about all this when the 520 bridge capsizes with a ton of Microsoft employees on it. Or will that then be the state's fault somehow?
I tend towards libertarianism myself, but the article makes an excellent point. The 520 bridge is a crucial piece of infrastructure that Microsoft and its employees benefits greatly from the existence of. Do you have a reasonable proposal for how to pay for it? If you think it should be a privately owned toll bridge, I will tell you that almost all toll roads I've been on have been fantastically inconvenient, have a lot of extra real-estate (there is prime park land on the Seattle side of the 520 bridge) and are poorly maintained. I don't think they're the answer. I'm all ears for better answers though.
Ahh, my stated requirements do not actually require that it be possible to make an inter-operating implementation in a clean room environment. :-) I require this set of things:
ODF does meet these requirements. I specified them this way because I think the clean-room requirement is nearly impossible to achieve for anything non-trivial. But I also agree that things like how formulas are evaluated is important enough that it should be in the standard.
In this post and the posts above and below it I have an interesting discussion with someone who says essentially the same thing.
Personally, when it comes down to it, I don't care who is behind the standard as long as the standard meets certain *ahem* standards. Mainly I want inter-operable implementations from more than one vendor, and I would like at least one implementation that's fully Open Source and considered the reference implementation.
ODF meets all of those requirements. OOXML meets none of them. I don't think even Microsoft could make an implementation of OOXML in a clean room without using any of their other source code.
So, I care not one whit for the political machinations behind it all. All I care about is having a standard that's really a standard. Putting the political machinations to the fore is a mistake, and Microsoft is trying to capitalize on that to create a smokescreen that obscures the real issue, which is that their 'standard' is awful and unimplementable.
Legally speaking, you are correct. There is no legal way for people to make a GPLv3 game for the Xbox 360 or the Wii. There is a way to hack each of those platforms, but that way is quasi-legal or illegal and not suitable for a game distributed under the GPLv3.
That is irritating, and I agree that it presents a problem for the GPLv3, even though I think those hardware platforms are essentially defective. I don't think not supporting defective hardware is quite the right choice at this point in the evolution of Free Software.
That's an interesting point, and I'm going to have to consider dual licensing my code under the GPLv2 and GPLv3 for the time being.
Any of them. As near as I can tell the hardware protection they offer is fairly easily bypassed. Many people I know have done it. So having it is fairly pointless.
Wow, way to spread FUD.
The GPLv3 requires that if you sell a piece of hardware that allows the software in it to be updated, and that software is covered by the GPLv3, the user must be able to update it with their own version as well as versions you supply. There's nothing about not allowing DRM.
This makes it easier for a user to bypass DRM for end-user devices like Kindle or the iPhone and such. But it doesn't disallow you from implementing it. So your point is basically as wrong as saying that the GPLv2 doesn't allow you to make money on your software.
It sounds like you think you're disagreeing with me in some way. My question was rehtorical, not a question I seriously had. I was pointing out that as a group we want laws against spam because in general we think that accessing public services according to their provided interfaces is not a crime.
That is why we want anti-spam laws. So this one particular act can be rendered illegal. If we felt that it was already illegal, why would we want more laws saying it was?
With Open Source, I get that team feel via IM and IRC. I think more companies should adopt internal IM servers and use them consistently.