It has ever been thus. Post offices were some of the first structures built in frontier America. In 1776 when the USPS was mandated in the Constitution, most of the country lived in rural areas. Socialism ain't all bad, you know, and in this case it's pretty obvious that this is how the system was designed to work. Take it up with those dead guys who are on all the money in this country.
Money! Now there's a socialist venture. We should go back to when all the banks printed their own notes.
Next time pick rural Alaska for the target of your sociopathy. It's an easier target.
That one is easy: because they are required to serve everyone.
If they were run as a normal company, they would not want to run rural routes because they're not cost-effective. Fedex does not deliver to rural Alaska. USPS does.
Government agencies are better when (a) the service being provided falls into the category of "natural monopoly", and (b) when coverage is required to be universal. Especially (b) because as long as you have to serve everyone, you should probably be accountable to everyone. That whole "by the people, for the people" thing, as opposed to "by the employees, for the shareholders" thing.
I'm not a big fan of having a universal tax for the benefit of the shareholders of some company.
You can disagree with the necessity of having a good postal system, but (a) as you mention, the Founders did not, and (b) I'd suggest you try living in someplace that does not have a well-run postal system.
I've lived in rural Alaska. It's a lot like frontier America in 1776: the USPS was often the only way to get things. I've also lived in rural Costa Rica, and the inability to get anything by mail was a sharp and unpleasant contrast.
Honestly, I see the USPS as being an excellent example of how government services should be run, although I would rather they be subsidized a bit more heavily. Service charges should be designed to prevent (or recoup the costs from) overuse; the majority of operating funds should come from taxation. Charges on services with a universal mandate are a form of hidden taxation: I'd rather be up-front about it. The idea of government agencies being run as for-profit businesses is actually a severe misunderstanding of what government is for.
Web developers don't have anything to say about IE10. Either we're already ignoring any browser-specific quirks, or we're condemned to support the legacy versions.
Now, if anyone were to raise the topic of killing off the security nightmare that XP has become, you might find that web developers have a thing or two to say on the subject.
For responses in the vein of "XP works for me!" : you want room 12A, just along the corridor.
Are there companies out there leaving their copyrighted code on the net just trying to get you to fix it for them for free?
<sarcasm>isn't that how BSD works?</sarcasm>
With commercial code I sign an explicit non-compete, have no doubt who owns the code and (wait for it) get paid.
What stops you from doing that with open source? You don't even need a non-compete or copyright license for that anyway, it's already covered by work for hire.
You'll pardon me if I don't think GP was arguing for a 'reasonable' tax rate. You should also show that we don't already have that, and further that reducing income tax would do anything to improve the situation. You can force budget cuts, but the problem is that our politicians' spending priorities are not aligned with yours, and that won't change.
We have a debt to pay down. Unless you like the idea of China owning 8% of everything you see in this country, you should be clamoring for higher taxes, not lower. At the risk of becoming a scoundrel, I submit that paying taxes is an act of patriotism.
I enjoyed the hell out of Costa Rica, and didn't pay them a dime in taxes. I would go back in a heartbeat -- they have a great (socialized) medical system too. It's not like emigration isn't an option, or would be hugely unpleasant. My suggestion to GP is: put your money where your mouth is. I did.
Yes, they do. Some of the most important political statements in history have been emotional gestures.
Burning flags, burning poppies, etc. express discontent but not much else. In fact, it seems to me that these events get in the way of actually having a discussion on the issue and getting closer to resolution.
Expressing discontent with your country's leadership is one of the very, very core ideas supporting freedom of speech. Expressing discontent publicly anounces to other people who aren't happy that they are not alone, allowing movements encouraging change to grow and flourish from small groups to larger ones.
They don't have taxes in lots of places. Nor any other hallmark of civilization.
I only work freelance at the moment. I about as much in taxes as I would working for anyone else, the difference being that I don't see the payroll taxes my employer has to pay. Perhaps I pay more this way -- so it goes. What the exactly is wrong with paying taxes? I don't pay for any of the code I use: someone else wrote it. I don't pay for clean air, food, and water: someone else passed laws for me. I don't pay for the liberties my society affords me: someone else died for those.
I spent a couple years in Costa Rica lately. It was beautiful, people were happy, the government was largely ineffective. The rivers had untreated sewage in them. Criminals went unpunished -- commit murder and you'd spend like, at least a day in jail. If there was such thing as an electrical code no one had heard of it. The country's Supreme Court equivalent had mandated wheelchair access to public buildings a few years back, and you probably don't need this reporter to tell you its efficacy.
You don't like paying taxes? Fine. There are plenty of places where you don't have to. You don't want to pay taxes, but still want the civilization that goes with them? Well, I can only really suggest living extraterrestrially.
See, there's that funny thing. All of the graphs that I've found had CO2 and Temp correlating extremely well; the one I linked had a longer timescale than most. What would cause CO2 and temperature to be correlated at the kiloannum level but not gigannum? You know, besides a lack of data points. What use is it to compare delta-T to constant CO2 levels? Your graph is an embarrassment to those that made it.
And again, why do we care about temperature/CO2 changes on the scale of millions years?
The idea that we've been in an "unusually cool period" for the last five million years is horseshit. The earth has gone through dozens of ice ages and interglacials in that period. If you zoom out to millions-of-years, you get a nice smooth line that hides changes that humans would consider to be pretty damn drastic.
More to the point, and the reason for the comparison with volcanism, is that humans are currently emitting CO2 at a level that is between 80 and 270 times larger than normal volcanic activity. The largest eruption in recent history (Pinatubo, 1991) released an enormous amount of CO2 --.05 gigatons, or about half a day's worth of the 30 gigatons that we do each year. Restated: we are doing two Pinatubos per day! That's not the most violent outgassing that the planet has seen; which as the previously linked PDF mentions, exceed our emissions by possibly three orders of magnitude, but it does break the top ten list, and is well into the range of 'global extinction event'. The Yellowstone supervolcano would be hard put to match what we're emitting every year.
But hey, from the timescale of tens of millions of years, the Yellowstone supervolcano doesn't even spike the curve. No problem right? You are planning on living that long, right?
Postscript: The aforementioned PDF does talk about particulate matter vs CO2, and while it's difficult to make absolute statements, superlarge volcanic events are more often correlated with warming periods than cooling, suggesting that the CO2 issues persist longer than the particulate matter. These are all also associated with severe global extinction events, particularly in primary producers (photosynthetic life). Since these are the largest carbon sinks, it makes intuitive sense that the elevated levels of CO2 would persist long after the particulate matter.
I know a locust that grows its own food. It doesn't even own a car. It doesn't matter that the other locusts do because this one is doing the Right Thing.
If he does do all that shit, you'll be pissed that he's trying to inflict his morality on you. If he doesn't, he's a hypocrite.
We have a term for posts like yours. "Ad hominem." Closely related is "tu quoque," and in this instance you may actually qualify for both. Troll harder.
For one, that graph has no scale on the vertical axis. That alone makes it completely worthless. For two, that's delta-T, not absolute temperature. Why not compare delta-T to delta-CO2? For three, those curves are far too smooth. As you can see in the above chart, actual data is pretty damn noisy.
Honestly, you're right that there are long-term trends that we can't do shit about. We really don't give a shit about the climate over a period of hundreds of millions of years. The Earth will adjust, humanity and co. will literally evolve over those time scales. It's the current rate of change that has everyone worried, because CO2 has spiked on a scale normally associated with the larger volcanic eruptions the planet has seen. These volcanic events have also been associated with mass extinction events with a high degree of correlation.[pdf, highly interesting]
Troll with data next time. Or at least a graph that has both axes labeled.
Sudo is not always equivalent to root, and SELinux can still put constraints on it anyway. Ubuntu and derivatives disable the root account by default; your more "appliance-like" distros (e.g. Meebo) will lock down things even further. It's relatively simple to configure what sudo will or will not do -- as a system administrator. It's not exactly grandma-friendly, though: sensible defaults are key.
I don't know about other people's use-cases. I need root on a wide variety of commands; restricting sudo on my (Debian) desktop would be more trouble than it is worth. Security always comes at a cost of usability.
The other consideration is that Linux users are, by and large, not downloading programs and scripts off the internet: Most programs are acquired through cryptographically signed repositories. IIRC, there have been a small number of cases where malware has been injected into an official repo, but to a first order approximation it doesn't happen. Win8 would have had a similarly good system with their App store, but they have API restrictions (Metro) which may not go over very well.
The rest of your points notwithstanding. Way too many Windows users are still stuck on XP, and a significant percentage of the rest disable UAC.
It's worth noting that security problems are more of an issue in single-user environments. A competent sysadmin is somewhat of a rarity, but if the NSA's documentation is anything to go by, the level of security achievable with Linux and Windows is pretty comparable -- in the same ballpark anyway. Now if you'll excuse me, I have to go flagellate myself for having said that.;)
Adblock can do #2 and #8, and it should not do these other things. When I want to fuck with my DNS, I'll use a tool designed for the job, not your broken and featureless hosts nonsense. And did I mention bloated? You have a tenth of the features for thousands of times more CPU and memory usage.
You don't need programming ability to use Adblock either -- I don't even bother to configure it, just install and forget about it. If an ad slips through, I right click on it and select "block this with AdBlock." It doesn't get easier than that.
Your silence on the subject of DNS servers is pretty telling. Really this hosts nonsense is just your complete ignorance of what the rest of the world uses DNS for, and how they do that. You don't understand CNAMES and AAA records, and so you've kludged your way through to something that *almost* a DNS server.
There's a colossal and impotent arrogance about you. Ozymandias is really quite perfect: You don't know how to learn from others -- it's vaguely impressive that you've managed to teach yourself anything. You don't even know how to process the idea that other people solved DNS years ago, because you have a solution.
It's probably an attitude that served you well in the 80s, when computers were an arcane art and there weren't any resources other than yourself. Today, if I have a problem, I can immediately find out how other people solved it. I would never try to write a script to update a hosts file, because people smarter than I am solved that issue and there are thirty or forty software packages that do that. Those smart people have moved on to other things like DNSSEC and automatically securing email.
Thirty years ago, using a hosts file was a good idea. Twenty years ago we replaced it with something better, but it was still useful. Ten years ago it was completely outmatched for the task. Today it is thoroughly obsolete and only ever in fringe cases. Ten years from now it won't be used at all, and in twenty years it will be entirely forgotten. "...Nothing beside remains."
With that in mind, here's a (partial) list of what hosts can't do:
Hosts can't block part of a domain.
Hosts can't block files based on content (e.g. swf or java applet).
One hosts file does not affect other computers on the same LAN (see also "shitty DNS server").
Hosts can't be changed from within the browser.
Hosts cannot block entire top-level-domains (*.ru), you have to use a Fully-Qualified Domain Name (FQDN).
Hosts cannot block things that are not explicitly listed in the hosts file.
Hosts can't return actual DNS records, only IP addresses. This can increase the number of DNS queries needed.
Hosts can't easily be edited remotely. You can do it with Powershell on a LAN, but not otherwise.
Your solution of logon scripts only works for windows computers. Real useful, that. How is it better than normal DNS propagation? Only in looney-land.
Hosts is vulnerable to DNS cache poisoning, MITM attacks, and denial-of-service attacks.
Hosts can't allow a domain but block cookies.
Being a simple file, hosts is an easy target for viruses and malware. Do you know if something has been added to it? I actually have mine under source control, but I'm not using windows and it's more of a byproduct.
Hosts can't point a single domain to multiple IP addresses.
In most systems, most of the time, hosts will not have a positive effect on how fast your favorite websites load. Your browser and the Windows DNS Client Service already have caches. As mentioned in the previous post (the microsoft.com article), when the WDNSCS is enabled, the hosts file is parsed into memory; the OS doesn't actually touch the file for every request. This can be verified by checking the access time. Other operating systems behave identically.
Hosts can't redirect one host name to another host name.
Entries 1-9 (4 and 5 are the same thing, did you notice that?):
This is what a DNS caching server does.
That is what your script is.
Except by using the hosts file, you screw yourself out of being able to use it to manage the whole network. Among other failures.
I asked some random tech, "What do you call a program that manages DNS entries?"
"A DNS server."
So, I'm going to look at your solution and compare it to other DNS servers. Hmm. Looks like it's broken, featureless, and bloated beyond belief.
With that in mind, #10 is pretty irrelevant. Oh, hey look. Windows DNS software with a nice GUI. I bet it doesn't do anything retarded like load an ASCII file into memory -- you literally double the size needed to represent IP addresses that way (8 bytes ASCII vs 4 bytes hex). But hey, features, performance, and a simple GUI aren't everything, right? Why have it all when you can have software by APK!
And for those of us who are actually paying attention, yes, Adblock can be configured to allow unobtrusive ads. It can also be configured not to do so, and I have. Further, since it's open-source, I've gone through the code and verified that that toggle actually does what it says. I have no problem forking the code if that ever changes.
Keep in mind, this is the same list you keep presenting, and I keep giving variations on the same answer. You have this one toy hammer, and this one nail, and you can't imagine that the rest of the world figured out DNS. No, the entire world must be wrong, and the 40-year-old solution is the still the best technology, and you are the only one who knows this. IT organizations around the world are waiting for you to swoop down on them and save them.
But man, that SimpleDNS program really looks...simple! And look at its impressive feature list -- I bet you don't know what half of those things are even for! I'm sure you'll get around to supporting those things any day now though. Your app has...uh...well.
I'm just eating this up, I swear. The delusions never cease!
Your "test"? Is bullshit - it doesn't account for processing AdBlock MUST be doing to determine what is an ad, and what is NOT an ad... period.
That'd take tag parsing on the webpage being rendered, and that means AdBlock's DOING such parsing... how else would it KNOW what is an ad, and what is not??
No, it does not do this. It operates on file requests, and parses the URI being requested -- specifically it runs it through a regex. It's really hilarious watching you fail to understand this.
You're a web browser. You're downloading (and parsing) some HTML. You run across an tag. Huh, well you'd better go find it. You check if images have been enabled, yup. Then you check what you're supposed to do with www.example.com/image.jpg, and Adblock says, "Let me take a look at that first." If it's okay with Adblock, then you check the browser cache to see if it's already there, if not, hit up the browser DNS cache to see if you already know where to find it, and if that fails, then you go to the OS.
At no point does Adblock parse anything but a URI.
This is also why the benchmark considers the total time taken to render a page. For me this varied about 30 ms each request, which can be chalked up to varying network latency. It's probably possible to set up a local server and domain in order to eliminate network effects, but again, if Adblock doesn't make a measurable difference to the load times, then you're not going to win doing the extra work of checking the hosts file.
I'm drilling down to one issue because you're too dumb to attack them all at once. Consider this the first lesson: What Adblock Does. You have my email, btw, feel free to change arenas anytime. I'll work with you until you understand the whole issue.
"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."
"...Nothing beside remains." Very apropos, but I doubt you meant that.
No, Adblock does not parse the webpage first. It blocks the request before the networking stack even gets involved. Get that one through the mass of granite that passes for your mind.
We're talking about two small pieces of software that both do one thing very well. That whole Unix concept, you know? Versus your hosts file and associated updating program, which are both larger and slower than their equivalent replacements.
If you don't know how to benchmark DNS requests, what the hell are you doing writing a DNS caching server? Firefox's web engine keeps statistics on how long DNS requests take. So do most other browsers. Do three tests:
1. Control. Load a web page normally (disable browser/file cache). Mark down how long DNS resolution takes, and how long the whole page takes to load.
2. Test: Block the domain using the hosts file. Mark down how long DNS resolution takes.
3. Test: Unblock the domain. Install Adblock Plus. The file is not requested (DNS resolution = 0ms). Time how long the page takes to load. Compare to control.
Repeat 10x. A small hosts file was only 3ms slower per request; I shudder to think what yours is like.
You keep mentioning "indexing". Maybe because it's a concept you're familiar with. It has nothing to do with anything being discussed, except in your mind.
How big is your app? How big is your hosts file? How can you say that other solutions consume more resources if you don't now how much you use?
Adblock is faster. So is a real DNS cache. The combination is more secure -- you can block far more things far more easily. That is, everything that you can do with a hosts file, plus many things that you can't.
My accomplishments include being able to read documentation and come up with numbers that prove that you've been completely wrong about this for what, a decade now? Hell, you can't even read my posts, you keep repeating the same busted ideas over and over again. I've given you links, benchmarks, and examples, and you've linked to your own posts and yelled a lot.
Really, everyone knows that you're a retarded troll, and let's face it, you know it too. When the windows desktop dies, you won't even have this rant any more.
Poor APK. The hosts file is the only thing he knows, and he doesn't even understand that. You know, that's sad. I feel bad, really I do. Like I was trying to take candy away from a special needs toddler.
Tell you what. I'll take these naughty benchmarks away, and then you can live in your little APK bubble with your little APK friends, and you and the hosts file can play together all day long!
I ran benchmarks. Adblock is faster. Requests that are not generated by the browser are faster than ones that are and resolve locally in the hosts file. The language being executed makes zero difference.
This is how Microsoft says DNS works. The ironic part is how you go through all these contortions to make sure that hosts is resident in RAM, when it would be anyway if you just used the Windows DNS Client.
You're totally ignorant, it seems, of how Firefox operates internally. What I outlined was exactly correct. Firefox handles a number of different types of content, such as http, https, ftp, ssh, images, javascript, etc. Before it goes to find something, it determines how it should do that. It parses the request. Is this a file? is it local ("file://") or remote? ("http://"). This is the stage that Adblock interrupts. The next stage would be Firefox asking the OS's host name resolution system for the IP address. Resolving a null address takes longer -- as benchmarked -- than not making the request at all.
Your DNS caching server can run on the same hardware as your browser, it doesn't have to be remote -- or complicated. Windows being Windows, people have easy solutions for this. Again, your program is just a bad example of one -- it's not that difficult to use is it? If you can make a simple product, then someone who knows what they're doing can too.
Regexes. Let's see if we can fill this vast gulf of your ignorance. So you want to block baddomain.com, baddomain.net, baddomain.xxx etc. A request comes in. You want to know if it is a domain that you should be blocking. If you are doing string matching (as in a hosts file), you must check entries in your list until you find it. You make N comparisons, and either find it or exhaust the list. If you are using a regex (e.g. baddomain.*), you make one comparison.
For short lists, string comparison can be faster. If you're parsing more than a kilobyte, you should probably think about regexes. Megabytes are no contest. I can provide benchmarks for that too.
So, you have my benchmarks. How big is this program of yours? How many cpu cycles does it use? Does it take more or less time than 0 ms to block a request? How big is your hosts file?
I get the feeling that you've never actually tested any of this, and are just going by your gut feeling.
Stop with your A, B, C list. A) a local DNS caching server will do the exact same thing. Because it is the exact same thing. B) a local DNS caching server will affect all webapps and all other devices on the local network. You just have a shitty version. C) See A. D) See A. E) See A, also see benchmark it before you claim it's faster. F) If you can access the hosts file on those devices, if it exists. See B.
And really, you're smoking something if you think the IP stack isn't being rewritten regularly. IPv6 ring a bell? DNSSEC? Networks have changed since the 80s. You don't understand how or why.
You have zero evidence that this actually works the way you think. None. Most of what you've said is factually wrong, even the parts where you try to call me out. You don't have any idea what the network stack looks like, or how it's actually being used. I have more than a sneaking suspicion that you've never configured a non-home network. Or a server.
You're not going to convince anyone with testimonials. Show some numbers. I don't want to hear bullshit about how many people suck your dick, or how bulletproof your systems are. If you can't prove your claims with actual numbers, you're just a loudmouthed excuse for a script kiddie.
Face it -- you're not even a mediocrity. You're just a laughingstock. Your complete lack of wit is painfully obvious to everyone on every forum that you troll.
You can't moderate and post on the same topic, dipshit.
You have this hilarious persecution complex, where you think all ACs are the same person, and the moderators *must* be sockpuppets of the same people who disagree with you.
If you really think I've been modding you down somehow, even though the site doesn't allow that, then you should write to the site admins and report me. They should be able to correlate the IPs and determine whether I've been sockpuppeting. I invite you to do this, because I am damn sure of what they would turn up.
And no, no one has the time to use separate proxies just for the pleasure of downmodding you. Basically you're the only one who is that much of a crazy asshole, and you're projecting onto everyone else.
Without Adblock, User requests a piece of content -> Firefox uses content policies to determine how and whether a request should be sent -> Firefox checks the local browser cache for the file -> Firefox requests the DNS record for the domain in question -> The OS parses the local DNS cache (the hosts file should be preloaded)-> finds address 0.0.0.0, returns that to Firefox.
Adblock stops that process at step 2. Hosts would be faster IFF Adblock adds more overhead to the content policy process than it would take to actually make the request.
I took a minute to actually test this. Atom netbook, Linux, Firefox 17 beta, Adblock Plus, Firebug, Mozilla's internal DNS/file cache disabled, hosts file 34 lines long: Normal DNS name resolution: 3 ms. With hosts blocking : 3 ms. With Adblock : 0 ms.
A larger hosts file would of course increase the time taken for DNS resolution.
Not only this, but it can also filter parts of addresses (e.g. filter example.com/badcontent but not example.com/goodcontent). You can filter all sorts of things with regexes that are completely impossible with naive blacklists, like blocking content based on its type.
Your A, B, C, D list is all handled by a DNS caching server. Do note, this is not the same thing as the built-in local DNS cache, so your comments are really completely off-base.
DNS caching servers may be a bit more complex, but again they're also more useful: they work for any device that supports TCP/IP networking. The one I am using weighs in at a hefty 39.9 kilobytes. How big is your implementation?
A "plain" manually updated hosts file is going to be larger in itself than any other form of blacklisting. Even so, you might have an argument still by virtue of simplicity. When you start updating it with a script, you've just tossed all that out the window: your software performs the exact same function as a dns caching server, except badly, with more resources, and less flexibility.
The fundamental weakness of hosts is that you can't do regexes, and you cannot enumerate all malicious domains. It is difficult to strictly compare the performance of string matching (hosts) versus regular expressions (DNS, ABP). A small hosts file would have a chance of beating the other solutions, in theory. In practice, not so much, and by the time we get to multi-megabyte hosts files, you're pretty much screwed for performance.
I don't believe that hosts is faster than adblock, which blocks content before the domain name is resolved. Firefox goes through a process to decide whether and how to send a request, which ABP uses. Benchmark it for me.
Also, why should I trust a piece of closed-source software with my DNS records?
If you're dynamically updating a hosts file, it would seem that you are reinventing the square wheel -- this is what a DNS cache is for. A local DNS caching server is going to be just as fast, and much more flexible. You can run one on your desktop, or have it on a separate machine, and either way you can route all other DNS requests to it, instead of having a script running on each machine. They support dynamic blacklists as well, and you can match wildcard addresses (e.g. *.malwareserver.com). What is the problem with using tools designed for this purpose?
You mention the home address. The problem with 127.0.0.1 isn't that it it's slower. The problem with it is that it's a valid IP address, usually for a local web server. If there is a server listening, it will process the request.
Or you could stick Firefox in a chroot and use HTTPS Everywhere. And y'know, NoScript and Adblock Plus and Ghostery -- but I presume you're using those already. SSL certs aren't necessarily handled by the browser anyway, but I think what you want there is the also-extant OCSP. Or if you wanted to extend the chroot concept to your entire OS, you can have that too.
Why do you need desktop links again? I'm having a failure of imagination as to how that might actually improve anything.
bee-tee-dub, you should keep in mind that Security and Usability are usually at odds with each other. We already have the technological solutions at hand, if you're not already using them, perhaps there's a reason why.
When talking about the expansion of web technologies, it is important that CSS3 is Turing-complete.
Which provokes the question of why we didn't just settle on a Turing-complete language or graphics library to begin with.
Ultimately, I don't think that web browsers are the security problem they're described as. Modern browsers have auto-update, rapid release schedules, and bug bounty programs. Most of them are also open-source to some degree. Adobe software could not be expunged from this Earth too quickly, but aside from that we're pretty well aware of the browser as the largest attack surface in modern systems, to the point where the easy hacks require multiple exploits.
Web technology is a strange and complex beast, but let's hold off on scrapping it until we actually have some web browsers on Kaspersky's Top 10 list.
We want proportional representation and instant runoff because they are mathematically more fair: they represent people's view's better. Vox populi, vox Dei. They also are somewhat more populist* in effect, although that should not be surprising.
Out of the available options, first-past-the-post (simple plurality) is actually the least fair method.
*The opposite of populism is elitism, and what that has to do with US politics is left as an exercise to the reader.
Mathematically, yes, you are correct. First past the post guarantees that only two parties will ever be relevant.
But as long as your state is already sewn up, why not vote for a third party? If you're in Texas, Alaska, California, or New York, you know where the electoral votes are headed.
Or you can try to ensure that a third party gets enough of the vote to get [a] on all of the ballots, and [b] federal matching funds next election cycle.
Really, if you're not in Ohio, you should vote third party.
I'm beginning to lose faith in the "great experiment". I've lived in other countries before, and come back. Yesterday I saw Obama speak in Cincinnati, to a crowd of people who might have equally been cheering a particularly articulate and well-dressed baboon as anyone who actually represented their interests. Worse, the people I attended the event with didn't understand what scared me about the blind tribalism -- they were voting blue team this season. I didn't need to see the same thing at the Romney events; I feel dumb enough for having stood in line yesterday.
Slashdot Mirror
It has ever been thus. Post offices were some of the first structures built in frontier America. In 1776 when the USPS was mandated in the Constitution, most of the country lived in rural areas. Socialism ain't all bad, you know, and in this case it's pretty obvious that this is how the system was designed to work. Take it up with those dead guys who are on all the money in this country.
Money! Now there's a socialist venture. We should go back to when all the banks printed their own notes.
Next time pick rural Alaska for the target of your sociopathy. It's an easier target.
That one is easy: because they are required to serve everyone.
If they were run as a normal company, they would not want to run rural routes because they're not cost-effective. Fedex does not deliver to rural Alaska. USPS does.
Government agencies are better when (a) the service being provided falls into the category of "natural monopoly", and (b) when coverage is required to be universal. Especially (b) because as long as you have to serve everyone, you should probably be accountable to everyone. That whole "by the people, for the people" thing, as opposed to "by the employees, for the shareholders" thing.
I'm not a big fan of having a universal tax for the benefit of the shareholders of some company.
You can disagree with the necessity of having a good postal system, but (a) as you mention, the Founders did not, and (b) I'd suggest you try living in someplace that does not have a well-run postal system.
I've lived in rural Alaska. It's a lot like frontier America in 1776: the USPS was often the only way to get things. I've also lived in rural Costa Rica, and the inability to get anything by mail was a sharp and unpleasant contrast.
Honestly, I see the USPS as being an excellent example of how government services should be run, although I would rather they be subsidized a bit more heavily. Service charges should be designed to prevent (or recoup the costs from) overuse; the majority of operating funds should come from taxation. Charges on services with a universal mandate are a form of hidden taxation: I'd rather be up-front about it. The idea of government agencies being run as for-profit businesses is actually a severe misunderstanding of what government is for.
Web developers don't have anything to say about IE10. Either we're already ignoring any browser-specific quirks, or we're condemned to support the legacy versions.
Now, if anyone were to raise the topic of killing off the security nightmare that XP has become, you might find that web developers have a thing or two to say on the subject.
For responses in the vein of "XP works for me!" : you want room 12A, just along the corridor.
Are there companies out there leaving their copyrighted code on the net just trying to get you to fix it for them for free?
<sarcasm>isn't that how BSD works?</sarcasm>
With commercial code I sign an explicit non-compete, have no doubt who owns the code and (wait for it) get paid.
What stops you from doing that with open source? You don't even need a non-compete or copyright license for that anyway, it's already covered by work for hire.
You'll pardon me if I don't think GP was arguing for a 'reasonable' tax rate. You should also show that we don't already have that, and further that reducing income tax would do anything to improve the situation. You can force budget cuts, but the problem is that our politicians' spending priorities are not aligned with yours, and that won't change.
We have a debt to pay down. Unless you like the idea of China owning 8% of everything you see in this country, you should be clamoring for higher taxes, not lower. At the risk of becoming a scoundrel, I submit that paying taxes is an act of patriotism.
I enjoyed the hell out of Costa Rica, and didn't pay them a dime in taxes. I would go back in a heartbeat -- they have a great (socialized) medical system too. It's not like emigration isn't an option, or would be hugely unpleasant. My suggestion to GP is: put your money where your mouth is. I did.
Emotional gestures don't actually do that.
Yes, they do. Some of the most important political statements in history have been emotional gestures.
Burning flags, burning poppies, etc. express discontent but not much else. In fact, it seems to me that these events get in the way of actually having a discussion on the issue and getting closer to resolution.
Expressing discontent with your country's leadership is one of the very, very core ideas supporting freedom of speech. Expressing discontent publicly anounces to other people who aren't happy that they are not alone, allowing movements encouraging change to grow and flourish from small groups to larger ones.
Case in point, this guy, and this guy.
We burn poppies -- and flags, and bibles -- because it's better than burning men.
They don't have taxes in lots of places. Nor any other hallmark of civilization.
I only work freelance at the moment. I about as much in taxes as I would working for anyone else, the difference being that I don't see the payroll taxes my employer has to pay. Perhaps I pay more this way -- so it goes. What the exactly is wrong with paying taxes? I don't pay for any of the code I use: someone else wrote it. I don't pay for clean air, food, and water: someone else passed laws for me. I don't pay for the liberties my society affords me: someone else died for those.
I spent a couple years in Costa Rica lately. It was beautiful, people were happy, the government was largely ineffective. The rivers had untreated sewage in them. Criminals went unpunished -- commit murder and you'd spend like, at least a day in jail. If there was such thing as an electrical code no one had heard of it. The country's Supreme Court equivalent had mandated wheelchair access to public buildings a few years back, and you probably don't need this reporter to tell you its efficacy.
You don't like paying taxes? Fine. There are plenty of places where you don't have to. You don't want to pay taxes, but still want the civilization that goes with them? Well, I can only really suggest living extraterrestrially.
See, there's that funny thing. All of the graphs that I've found had CO2 and Temp correlating extremely well; the one I linked had a longer timescale than most. What would cause CO2 and temperature to be correlated at the kiloannum level but not gigannum? You know, besides a lack of data points. What use is it to compare delta-T to constant CO2 levels? Your graph is an embarrassment to those that made it.
And again, why do we care about temperature/CO2 changes on the scale of millions years?
The idea that we've been in an "unusually cool period" for the last five million years is horseshit. The earth has gone through dozens of ice ages and interglacials in that period. If you zoom out to millions-of-years, you get a nice smooth line that hides changes that humans would consider to be pretty damn drastic.
More to the point, and the reason for the comparison with volcanism, is that humans are currently emitting CO2 at a level that is between 80 and 270 times larger than normal volcanic activity. The largest eruption in recent history (Pinatubo, 1991) released an enormous amount of CO2 -- .05 gigatons, or about half a day's worth of the 30 gigatons that we do each year. Restated: we are doing two Pinatubos per day! That's not the most violent outgassing that the planet has seen; which as the previously linked PDF mentions, exceed our emissions by possibly three orders of magnitude, but it does break the top ten list, and is well into the range of 'global extinction event'. The Yellowstone supervolcano would be hard put to match what we're emitting every year.
But hey, from the timescale of tens of millions of years, the Yellowstone supervolcano doesn't even spike the curve. No problem right? You are planning on living that long, right?
Postscript:
The aforementioned PDF does talk about particulate matter vs CO2, and while it's difficult to make absolute statements, superlarge volcanic events are more often correlated with warming periods than cooling, suggesting that the CO2 issues persist longer than the particulate matter. These are all also associated with severe global extinction events, particularly in primary producers (photosynthetic life). Since these are the largest carbon sinks, it makes intuitive sense that the elevated levels of CO2 would persist long after the particulate matter.
I know a locust that grows its own food. It doesn't even own a car. It doesn't matter that the other locusts do because this one is doing the Right Thing.
If he does do all that shit, you'll be pissed that he's trying to inflict his morality on you. If he doesn't, he's a hypocrite.
We have a term for posts like yours. "Ad hominem." Closely related is "tu quoque," and in this instance you may actually qualify for both. Troll harder.
Your graph sucks. Hard.
For one, that graph has no scale on the vertical axis. That alone makes it completely worthless. For two, that's delta-T, not absolute temperature. Why not compare delta-T to delta-CO2? For three, those curves are far too smooth. As you can see in the above chart, actual data is pretty damn noisy.
Honestly, you're right that there are long-term trends that we can't do shit about. We really don't give a shit about the climate over a period of hundreds of millions of years. The Earth will adjust, humanity and co. will literally evolve over those time scales. It's the current rate of change that has everyone worried, because CO2 has spiked on a scale normally associated with the larger volcanic eruptions the planet has seen. These volcanic events have also been associated with mass extinction events with a high degree of correlation.[pdf, highly interesting]
Troll with data next time. Or at least a graph that has both axes labeled.
Sudo is not always equivalent to root, and SELinux can still put constraints on it anyway. Ubuntu and derivatives disable the root account by default; your more "appliance-like" distros (e.g. Meebo) will lock down things even further. It's relatively simple to configure what sudo will or will not do -- as a system administrator. It's not exactly grandma-friendly, though: sensible defaults are key.
I don't know about other people's use-cases. I need root on a wide variety of commands; restricting sudo on my (Debian) desktop would be more trouble than it is worth. Security always comes at a cost of usability.
The other consideration is that Linux users are, by and large, not downloading programs and scripts off the internet: Most programs are acquired through cryptographically signed repositories. IIRC, there have been a small number of cases where malware has been injected into an official repo, but to a first order approximation it doesn't happen. Win8 would have had a similarly good system with their App store, but they have API restrictions (Metro) which may not go over very well.
The rest of your points notwithstanding. Way too many Windows users are still stuck on XP, and a significant percentage of the rest disable UAC.
It's worth noting that security problems are more of an issue in single-user environments. A competent sysadmin is somewhat of a rarity, but if the NSA's documentation is anything to go by, the level of security achievable with Linux and Windows is pretty comparable -- in the same ballpark anyway. Now if you'll excuse me, I have to go flagellate myself for having said that. ;)
Linux is immune to over 95% of users!
The rest of us have a terminal fascination.
There is even precedent.
It seems Americans will vote pretty much anyone into office. Really, I've heard worse ideas. Zombie Feynman 2016, anyone?
Adblock can do #2 and #8, and it should not do these other things. When I want to fuck with my DNS, I'll use a tool designed for the job, not your broken and featureless hosts nonsense. And did I mention bloated? You have a tenth of the features for thousands of times more CPU and memory usage.
You don't need programming ability to use Adblock either -- I don't even bother to configure it, just install and forget about it. If an ad slips through, I right click on it and select "block this with AdBlock." It doesn't get easier than that.
Your silence on the subject of DNS servers is pretty telling. Really this hosts nonsense is just your complete ignorance of what the rest of the world uses DNS for, and how they do that. You don't understand CNAMES and AAA records, and so you've kludged your way through to something that *almost* a DNS server.
There's a colossal and impotent arrogance about you. Ozymandias is really quite perfect: You don't know how to learn from others -- it's vaguely impressive that you've managed to teach yourself anything. You don't even know how to process the idea that other people solved DNS years ago, because you have a solution.
It's probably an attitude that served you well in the 80s, when computers were an arcane art and there weren't any resources other than yourself. Today, if I have a problem, I can immediately find out how other people solved it. I would never try to write a script to update a hosts file, because people smarter than I am solved that issue and there are thirty or forty software packages that do that. Those smart people have moved on to other things like DNSSEC and automatically securing email.
Thirty years ago, using a hosts file was a good idea. Twenty years ago we replaced it with something better, but it was still useful. Ten years ago it was completely outmatched for the task. Today it is thoroughly obsolete and only ever in fringe cases. Ten years from now it won't be used at all, and in twenty years it will be entirely forgotten. "...Nothing beside remains."
With that in mind, here's a (partial) list of what hosts can't do:
Hosts can't block part of a domain.
Hosts can't block files based on content (e.g. swf or java applet).
One hosts file does not affect other computers on the same LAN (see also "shitty DNS server").
Hosts can't be changed from within the browser.
Hosts cannot block entire top-level-domains (*.ru), you have to use a Fully-Qualified Domain Name (FQDN).
Hosts cannot block things that are not explicitly listed in the hosts file.
Hosts can't return actual DNS records, only IP addresses. This can increase the number of DNS queries needed.
Hosts can't easily be edited remotely. You can do it with Powershell on a LAN, but not otherwise.
Your solution of logon scripts only works for windows computers. Real useful, that. How is it better than normal DNS propagation? Only in looney-land.
Hosts is vulnerable to DNS cache poisoning, MITM attacks, and denial-of-service attacks.
Hosts can't allow a domain but block cookies.
Being a simple file, hosts is an easy target for viruses and malware. Do you know if something has been added to it? I actually have mine under source control, but I'm not using windows and it's more of a byproduct.
Hosts can't point a single domain to multiple IP addresses.
In most systems, most of the time, hosts will not have a positive effect on how fast your favorite websites load. Your browser and the Windows DNS Client Service already have caches. As mentioned in the previous post (the microsoft.com article), when the WDNSCS is enabled, the hosts file is parsed into memory; the OS doesn't actually touch the file for every request. This can be verified by checking the access time. Other operating systems behave identically.
Hosts can't redirect one host name to another host name.
And I've mentioned it before, but it's pretty im
That is what your script is.
Except by using the hosts file, you screw yourself out of being able to use it to manage the whole network. Among other failures.
I asked some random tech, "What do you call a program that manages DNS entries?"
"A DNS server."
So, I'm going to look at your solution and compare it to other DNS servers. Hmm. Looks like it's broken, featureless, and bloated beyond belief.
With that in mind, #10 is pretty irrelevant. Oh, hey look. Windows DNS software with a nice GUI. I bet it doesn't do anything retarded like load an ASCII file into memory -- you literally double the size needed to represent IP addresses that way (8 bytes ASCII vs 4 bytes hex). But hey, features, performance, and a simple GUI aren't everything, right? Why have it all when you can have software by APK!
And for those of us who are actually paying attention, yes, Adblock can be configured to allow unobtrusive ads. It can also be configured not to do so, and I have. Further, since it's open-source, I've gone through the code and verified that that toggle actually does what it says. I have no problem forking the code if that ever changes.
Keep in mind, this is the same list you keep presenting, and I keep giving variations on the same answer. You have this one toy hammer, and this one nail, and you can't imagine that the rest of the world figured out DNS. No, the entire world must be wrong, and the 40-year-old solution is the still the best technology, and you are the only one who knows this. IT organizations around the world are waiting for you to swoop down on them and save them.
But man, that SimpleDNS program really looks...simple! And look at its impressive feature list -- I bet you don't know what half of those things are even for! I'm sure you'll get around to supporting those things any day now though. Your app has...uh...well.
Oh yes, that's right. The power of delusion!
I'm just eating this up, I swear. The delusions never cease!
Your "test"? Is bullshit - it doesn't account for processing AdBlock MUST be doing to determine what is an ad, and what is NOT an ad... period.
That'd take tag parsing on the webpage being rendered, and that means AdBlock's DOING such parsing... how else would it KNOW what is an ad, and what is not??
No, it does not do this. It operates on file requests, and parses the URI being requested -- specifically it runs it through a regex. It's really hilarious watching you fail to understand this.
You're a web browser. You're downloading (and parsing) some HTML. You run across an tag. Huh, well you'd better go find it. You check if images have been enabled, yup. Then you check what you're supposed to do with www.example.com/image.jpg, and Adblock says, "Let me take a look at that first." If it's okay with Adblock, then you check the browser cache to see if it's already there, if not, hit up the browser DNS cache to see if you already know where to find it, and if that fails, then you go to the OS.
At no point does Adblock parse anything but a URI.
This is also why the benchmark considers the total time taken to render a page. For me this varied about 30 ms each request, which can be chalked up to varying network latency. It's probably possible to set up a local server and domain in order to eliminate network effects, but again, if Adblock doesn't make a measurable difference to the load times, then you're not going to win doing the extra work of checking the hosts file.
I'm drilling down to one issue because you're too dumb to attack them all at once. Consider this the first lesson: What Adblock Does. You have my email, btw, feel free to change arenas anytime. I'll work with you until you understand the whole issue.
"My Name is Ozymandias: King of Kings - Look upon my works, ye mighty, & DESPAIR..."
"...Nothing beside remains." Very apropos, but I doubt you meant that.
No, Adblock does not parse the webpage first. It blocks the request before the networking stack even gets involved. Get that one through the mass of granite that passes for your mind.
We're talking about two small pieces of software that both do one thing very well. That whole Unix concept, you know? Versus your hosts file and associated updating program, which are both larger and slower than their equivalent replacements.
If you don't know how to benchmark DNS requests, what the hell are you doing writing a DNS caching server?
Firefox's web engine keeps statistics on how long DNS requests take. So do most other browsers. Do three tests:
Repeat 10x. A small hosts file was only 3ms slower per request; I shudder to think what yours is like.
You keep mentioning "indexing". Maybe because it's a concept you're familiar with. It has nothing to do with anything being discussed, except in your mind.
How big is your app? How big is your hosts file? How can you say that other solutions consume more resources if you don't now how much you use?
Adblock is faster. So is a real DNS cache. The combination is more secure -- you can block far more things far more easily. That is, everything that you can do with a hosts file, plus many things that you can't.
My accomplishments include being able to read documentation and come up with numbers that prove that you've been completely wrong about this for what, a decade now? Hell, you can't even read my posts, you keep repeating the same busted ideas over and over again. I've given you links, benchmarks, and examples, and you've linked to your own posts and yelled a lot.
Really, everyone knows that you're a retarded troll, and let's face it, you know it too. When the windows desktop dies, you won't even have this rant any more.
Poor APK. The hosts file is the only thing he knows, and he doesn't even understand that. You know, that's sad. I feel bad, really I do. Like I was trying to take candy away from a special needs toddler.
Tell you what. I'll take these naughty benchmarks away, and then you can live in your little APK bubble with your little APK friends, and you and the hosts file can play together all day long!
I ran benchmarks. Adblock is faster. Requests that are not generated by the browser are faster than ones that are and resolve locally in the hosts file. The language being executed makes zero difference.
This is how Microsoft says DNS works. The ironic part is how you go through all these contortions to make sure that hosts is resident in RAM, when it would be anyway if you just used the Windows DNS Client.
You're totally ignorant, it seems, of how Firefox operates internally. What I outlined was exactly correct. Firefox handles a number of different types of content, such as http, https, ftp, ssh, images, javascript, etc. Before it goes to find something, it determines how it should do that. It parses the request. Is this a file? is it local ("file://") or remote? ("http://"). This is the stage that Adblock interrupts. The next stage would be Firefox asking the OS's host name resolution system for the IP address. Resolving a null address takes longer -- as benchmarked -- than not making the request at all.
Your DNS caching server can run on the same hardware as your browser, it doesn't have to be remote -- or complicated. Windows being Windows, people have easy solutions for this. Again, your program is just a bad example of one -- it's not that difficult to use is it? If you can make a simple product, then someone who knows what they're doing can too.
Regexes. Let's see if we can fill this vast gulf of your ignorance. So you want to block
baddomain.com, baddomain.net, baddomain.xxx etc.
A request comes in. You want to know if it is a domain that you should be blocking. If you are doing string matching (as in a hosts file), you must check entries in your list until you find it. You make N comparisons, and either find it or exhaust the list.
If you are using a regex (e.g. baddomain.*), you make one comparison.
For short lists, string comparison can be faster. If you're parsing more than a kilobyte, you should probably think about regexes. Megabytes are no contest. I can provide benchmarks for that too.
So, you have my benchmarks. How big is this program of yours? How many cpu cycles does it use? Does it take more or less time than 0 ms to block a request? How big is your hosts file?
I get the feeling that you've never actually tested any of this, and are just going by your gut feeling.
Stop with your A, B, C list.
A) a local DNS caching server will do the exact same thing. Because it is the exact same thing.
B) a local DNS caching server will affect all webapps and all other devices on the local network. You just have a shitty version.
C) See A.
D) See A.
E) See A, also see benchmark it before you claim it's faster.
F) If you can access the hosts file on those devices, if it exists. See B.
And really, you're smoking something if you think the IP stack isn't being rewritten regularly. IPv6 ring a bell? DNSSEC? Networks have changed since the 80s. You don't understand how or why.
You have zero evidence that this actually works the way you think. None. Most of what you've said is factually wrong, even the parts where you try to call me out. You don't have any idea what the network stack looks like, or how it's actually being used. I have more than a sneaking suspicion that you've never configured a non-home network. Or a server.
You're not going to convince anyone with testimonials. Show some numbers. I don't want to hear bullshit about how many people suck your dick, or how bulletproof your systems are. If you can't prove your claims with actual numbers, you're just a loudmouthed excuse for a script kiddie.
Face it -- you're not even a mediocrity. You're just a laughingstock. Your complete lack of wit is painfully obvious to everyone on every forum that you troll.
You can't moderate and post on the same topic, dipshit.
You have this hilarious persecution complex, where you think all ACs are the same person, and the moderators *must* be sockpuppets of the same people who disagree with you.
If you really think I've been modding you down somehow, even though the site doesn't allow that, then you should write to the site admins and report me. They should be able to correlate the IPs and determine whether I've been sockpuppeting. I invite you to do this, because I am damn sure of what they would turn up.
And no, no one has the time to use separate proxies just for the pleasure of downmodding you. Basically you're the only one who is that much of a crazy asshole, and you're projecting onto everyone else.
No, that's not how things work.
Without Adblock,
User requests a piece of content -> Firefox uses content policies to determine how and whether a request should be sent -> Firefox checks the local browser cache for the file -> Firefox requests the DNS record for the domain in question -> The OS parses the local DNS cache (the hosts file should be preloaded)-> finds address 0.0.0.0, returns that to Firefox.
Adblock stops that process at step 2. Hosts would be faster IFF Adblock adds more overhead to the content policy process than it would take to actually make the request.
I took a minute to actually test this.
Atom netbook, Linux, Firefox 17 beta, Adblock Plus, Firebug, Mozilla's internal DNS/file cache disabled, hosts file 34 lines long:
Normal DNS name resolution: 3 ms.
With hosts blocking : 3 ms.
With Adblock : 0 ms.
A larger hosts file would of course increase the time taken for DNS resolution.
Not only this, but it can also filter parts of addresses (e.g. filter example.com/badcontent but not example.com/goodcontent). You can filter all sorts of things with regexes that are completely impossible with naive blacklists, like blocking content based on its type.
Your A, B, C, D list is all handled by a DNS caching server. Do note, this is not the same thing as the built-in local DNS cache, so your comments are really completely off-base.
DNS caching servers may be a bit more complex, but again they're also more useful: they work for any device that supports TCP/IP networking. The one I am using weighs in at a hefty 39.9 kilobytes. How big is your implementation?
A "plain" manually updated hosts file is going to be larger in itself than any other form of blacklisting. Even so, you might have an argument still by virtue of simplicity. When you start updating it with a script, you've just tossed all that out the window: your software performs the exact same function as a dns caching server, except badly, with more resources, and less flexibility.
The fundamental weakness of hosts is that you can't do regexes, and you cannot enumerate all malicious domains. It is difficult to strictly compare the performance of string matching (hosts) versus regular expressions (DNS, ABP). A small hosts file would have a chance of beating the other solutions, in theory. In practice, not so much, and by the time we get to multi-megabyte hosts files, you're pretty much screwed for performance.
Are we done here?
I don't believe that hosts is faster than adblock, which blocks content before the domain name is resolved. Firefox goes through a process to decide whether and how to send a request, which ABP uses. Benchmark it for me.
Also, why should I trust a piece of closed-source software with my DNS records?
If you're dynamically updating a hosts file, it would seem that you are reinventing the square wheel -- this is what a DNS cache is for. A local DNS caching server is going to be just as fast, and much more flexible. You can run one on your desktop, or have it on a separate machine, and either way you can route all other DNS requests to it, instead of having a script running on each machine. They support dynamic blacklists as well, and you can match wildcard addresses (e.g. *.malwareserver.com). What is the problem with using tools designed for this purpose?
You mention the home address. The problem with 127.0.0.1 isn't that it it's slower. The problem with it is that it's a valid IP address, usually for a local web server. If there is a server listening, it will process the request.
Or you could stick Firefox in a chroot and use HTTPS Everywhere. And y'know, NoScript and Adblock Plus and Ghostery -- but I presume you're using those already. SSL certs aren't necessarily handled by the browser anyway, but I think what you want there is the also-extant OCSP. Or if you wanted to extend the chroot concept to your entire OS, you can have that too.
Why do you need desktop links again? I'm having a failure of imagination as to how that might actually improve anything.
bee-tee-dub, you should keep in mind that Security and Usability are usually at odds with each other. We already have the technological solutions at hand, if you're not already using them, perhaps there's a reason why.
When talking about the expansion of web technologies, it is important that CSS3 is Turing-complete.
Which provokes the question of why we didn't just settle on a Turing-complete language or graphics library to begin with.
Ultimately, I don't think that web browsers are the security problem they're described as. Modern browsers have auto-update, rapid release schedules, and bug bounty programs. Most of them are also open-source to some degree. Adobe software could not be expunged from this Earth too quickly, but aside from that we're pretty well aware of the browser as the largest attack surface in modern systems, to the point where the easy hacks require multiple exploits.
Web technology is a strange and complex beast, but let's hold off on scrapping it until we actually have some web browsers on Kaspersky's Top 10 list.
We want proportional representation and instant runoff because they are mathematically more fair: they represent people's view's better. Vox populi, vox Dei. They also are somewhat more populist* in effect, although that should not be surprising.
Out of the available options, first-past-the-post (simple plurality) is actually the least fair method.
*The opposite of populism is elitism, and what that has to do with US politics is left as an exercise to the reader.
Mathematically, yes, you are correct. First past the post guarantees that only two parties will ever be relevant.
But as long as your state is already sewn up, why not vote for a third party? If you're in Texas, Alaska, California, or New York, you know where the electoral votes are headed.
Or you can try to ensure that a third party gets enough of the vote to get [a] on all of the ballots, and [b] federal matching funds next election cycle.
Really, if you're not in Ohio, you should vote third party.
I'm beginning to lose faith in the "great experiment". I've lived in other countries before, and come back. Yesterday I saw Obama speak in Cincinnati, to a crowd of people who might have equally been cheering a particularly articulate and well-dressed baboon as anyone who actually represented their interests. Worse, the people I attended the event with didn't understand what scared me about the blind tribalism -- they were voting blue team this season. I didn't need to see the same thing at the Romney events; I feel dumb enough for having stood in line yesterday.
What hope is there for my country?