As long as there are people who really believe that this is something that can be settled "once and for all" there is going to be an endless series of tedious willy-waving contests with more or less random outcomes.
This is almost editorial trolling to get more pageviews from the feeble of mind.
I must say that it is very refreshing to see Microsoft finally start to take some serious action to help combat this rampant problem.
I would have preferred them focusing on making Windows less of a fertile breeding ground for malware rather than turning this into a game of whack-a-mole.
Also, this is reality. In the short term the acquisition means nothing at all to the consumer. What this means in the longer run remains to be seen.
I was kind of hoping that IBM would keep manufactoring laptops:-).
I certainly hope that Lenovo will be able to deliver quality laptops in the future. IBM ThinkPads are the only PC laptops I really like. I've tried a lot of other laptops and they just do not compare to the ThinkPads for professional use.
If Lenovo doesn't keep up quality I hope Apple will fix their laptops.
Apple are close to making decent laptops, but the attention to functional detail is still not quite up to par.
For instance, their keyboards have bad layouts What's up with the huge capslock and the miniscule Enter-key!? Please get some people who have at least looked at a decent keyboard layout before to design your keyboards, Apple.
Also, PowerBooks do not have the best key feel. There is something wrong that I can't quite put my finger on -- no pun intended.
Their touchpad and mouse-buttons are also a joke. Come on Apple! Is this your best shot? People are supposed to use these. They are supposed to have some minimal level of ergonomics.
And, of course, they need to get higher resolution screens. I borowed a 17" PowerMac for a while and although most things look OK, it could do with higher resolution.
Apple have a good OS now. Far better alternative than going with Windows. For most people. If they could just deliver more performant PowerBooks and iBooks with all the ergonomic issues tended to, they would have a competitive product. Right now they just look cute, but it aren't really all that usable.
(As long as ThinkPads are on the market I am not buying an inferior, from a hardware point of view, PowerBook)
Well, given the fact that you do not believe sufficiently in what you say to put your own name under it, I guess it is quite obvious who is the wuss here.
Because using compromised machines and open relays around the world to flood people's inboxes does not qualify as DDOS?
Technically: no. The intent is not to overload the infrastructure and usually it doesn't, unless the spammer is incredibly incompetent.
Note that you should not confuse the act of spamming with the retaliation attacks some spammers have been known to engage in. Attacks against RBL maintainers etc
Also the traffic patterns are different. A typical DDoS consists of a large number of nodes sending traffic to a single node or a small number of nodes, thus overloading it or its network connections. Typically the source nodes will be spread across many different networks, and their combined traffic will in most cases be enough to saturate the capacity of the target or (more often) network choke points along the path from the sources to the target.
Typical spamming scenarios have the opposite structure where instead of converging on one node, the spammer will try to fan out, dividing work to as many open relays as possible in order to reach disjoint sets of targets. The intent is to reach as many targets as possible as quickly as possible wile using the least amount of resources at the source.
You do see that these scenarios represent opposites?
Also, it is trivial to see that what Lycos perpetrated was in fact a DDoS-attack, no matter what spin Lycos put on it.
Five years from now, where will we be? Will people continue attacking each others' servers this way? Will governments impose more and more restrictions on the Internet to try to put a stop to it? Probably both, and that does not bode well for the rest of us.
I think it is obvious what this will give us in the long run: government regulation.
For those in favor of reducing he degrees of freedom enjoyed on the Internet today, for those in favor of more surveillance and direct govnernment control, for those in favor of more strict legislation, for them this is a great big "I told you so". They can say "well, this is what you get when you let the kids run loose".
In the current political climate, the tendency is towards more control, towards extending the powers of law enforcement.
When these things happen it does make the public more willing to give up their freedom in exchange for (percieved) security.
We can bicker and argue about this all day, but the fact remains that no matter what spin you put on this to fool the easily duped public, this was a DDoS-attack.
It doesn't make it less of a DDoS-attack even if they stop 2% short of flooring the servers.
And we all know by now that in fact it turned out to be a DDoS-attack in effect so what intention they had from the outset isn't really interesting anymore.
What is your point? Do you think I'm drunk because I'm running the screensaver?
My point is that they should have known that the chances of actually being able to stop before the servers hit the floor was very slim, and thus should have been responsible enough not to try. In the same way it is irresponsible to get behind the wheel when you know that you are under the influence of alcohol or drugs.
My point is that good intentions help very little when they are not accompanied by realism.
As for the users; they don't know any better. As has been demonstrated, they are easily lead and will buy into anything without much thought.
Yet it came as no surprise that it actually happened.
From a professional point of view, I think they should have abandoned the idea after analyzing it and realizing how much can go wrong, and how hard it is to model this problem given the observable information.
That they went ahead with it tells me that they either didn't care or that their developers lack basic analytic skills.
Do most drunk drivers intend to run over their victims?
Given that Lycos isn't exactly hot property this might present an excellent opportunity for them to actually make some money. How if they start selling access to their DDoS network of screensavers? Heck, they've already deployed the platform, all they need is to start feeding the screensavers URLs again.
"Got a competitor? Wanna drown his website? For only $99.95 a day we will pin down your competitors website so he won't be able to do any business! Satisfaction guaranteed. Proven technology as seen on Netcraft! DO BUSINESS THE LYCOS WAY!"
It worked? How come I didn't notice any statistically significant change in the amount of spam I get? How come nobody I've asked noticed any change? Please explain.
If you are going to postulate that it worked you had better cough up some numbers to support your claim.
But who's to say it isn't still beneficial? Lycos probably caused some problems for spammers
Lycos probably caused less distress among spammers than any form of legal action would have caused -- regardless of the outcome of any legal action.
As for Lycos and publicity: well, now we know that the management have questionable ethics to allow themselves to sink below the level of many spammers (most spammers do not instigate DDoS-attacks on their opponents although some do). I would think twice before getting entangled in any sort of business relationship with someone who is prone to operate outside the law so easily.
The lasting effect of this is that a line has been crossed. Lycos is the first legitimate business, with at least some brand-recognition, that has shown willingness to engage in activities that are exclusively associated with criminal elements on the net. The question now is whether others will follow or if Lycos represents the low point of the business.
I made some remarks about this in a blog entry on how Lycos is now contributing to the spam weapons race and how this might set some bad precedents.
I don't follow the logic of your argument -- does spam have the same status as political speech in your view? (And therefore is any attack on spammers an infringment on free speech?)
No, this is not about free speech. It is about not wanting to allow or encourage vigilantism.
Frankly, the fact that you seem to confuse this with a free speech issue scares me because it means that it isn't directly obvious to people that vigilantism is the problem here.
This form of retaliation would be wrong no matter what was being fought. Spam, kiddie porn, religion, political opponents, Barry Manilow or whatever.
If you burn down a neighborhood because someone you've never met said that a child molester lived there, that would make you a criminal. Get it?
First I have to say that I didn't like Lycos' DDoS-screensaver one bit. (And yes, while Lycos are technically trying to not quite floor the spammers' infrastructure, this is a distributed denial of service attack in form, and denying this just looks silly). It opens the door for corporate vigilantism and it certainly sets a bad example for others.
What next? Users attack hardware vendors for not releasing drivers for graphics cards? Political parties make screensavers which overload the web servers of the opposition? We do not want to go there.
I guess this time they should consider themselves lucky that someone didn't manage to remove positive control over the screensavers from Lycos, effectively turning their DDoS zombie network into a tool for spammers. It would have been such a sweet irony of the very network of DDoS-agents created to thwart spammers would be turned into a spamming network.
Many people (not just pornographers, other industries as well) view this the other way. Having many engines is wasteful, as it means that they must optimize their sites for multiple search engines.
I am sorry, but that has to be the dumbest argument I've ever heard.
If companies had focused more on the quality of their sites in the first place, both with regard to content and sensible use of technology, they would reach further and run fewer risks of being blacklisted for trying to influence ranking in a way that doesn't serve the consumer (ie. user of search engine).
Good sites don't optimize for search engines, they focus on doing business. The degree to which one wants to to business with any given site is usually inversely proportional to the apparent effort the site made to advertise its presence on the net.
Then again, you don't seem to talk about any kind of serious business since you talk about just dropping websites as they get blacklisted. That probably works if you're selling viagra and fake Rolex'es and advertise in email...
sorry, I can see how my posting can be misread. I was not talking about how this might reduce the number of pornographers, but the number of search engines.
since the pornographers depend on search engines to drive traffic to them it is in their interest that there are as many players (search engines) as possible so that they become less dependent on any one engine to drive traffic to them.
right now there are too few engines and good/bad listing (or even blacklisting) in one of them can make or break a web business operating right on the edge of profitability.
It is odd how an industry so dependent on search engines would help raise the cost of running a web scale search engine and thus even further contribute to reduce the number of players in that market.
But of course, it had to happen. Google now has money and is now an obvious target for the litigous sort of bottom feeders who aren't to converned with whom they blame -- as long as it is someone they can bully, extort or push into bankruptcy. Google, of course, has money, so they'll extort them.
I certainly hope that the courts will decide that Google cannot be blamed for not keeping track of what chunk of data represents someone's property or not, and whether said property is served from the site the owners intend it to. This is silly.
Then again, so is the judicial system since you can never be sure of the outcome of such a case. Unless, of course, one of the parties is willing to commit more money to the case than the other. You can always buy a victory in the courts, if not formally, then in effect.
Java isn't just the language or just the JVM, it also encompasses a rather large collection of APIs, without which Java would not be very useful. for instance it would be foolish to argue that the collection classes are not part of Java. or that the servlet API is not part of Java. or that the JDBC interface is not part of Java.
this is the very strength of Java. this is what sets Java apart from, for instance, C++. in C++ you have some containers and algorithms as part of the standard library -- and that's it. you have practically no standard infrastructural APIs to speak of. and even if you did, C++'s old fashioned heritage makes it nearly impossible to base anything on anything but source (and even then, you often have issues if various components were intended for different compilers).
Remember, folks, Java is more than just J2EE and J2EE is only a part of Java.
Very true.
What scares me a bit about parts of the Java community is that they seem to think that you can't realize business applications without basing the architecture around some application server.
Also the Java community is infested with all the wankers who worry about what is fashionable. For instance every decade has its own flavor of MDA, and it is amazing to see that in each incarnation this crowd fancies itself special "we're on the right track this time!"
It would be a shame if these wankers should represent Java. Just as much as if the more vocal participants in the PHP community should represent PHP.
-Bjørn
the cover of the reviewed book is good and the fact that the reviewer thinks otherwise makes me unsure how to interpret his review.
Is this a person who spends a lot of time reading technical books?
recently a friend of mine published a book. a pretty serious technical book and by my estimation one of the better books I have seen on the topic.
the problem is that if I saw this book in the store, I would probably just give it a cursory glance and never even bother to take it off the shelf to leaf through it. seriously.
I read a lot of books and I would hate to waste time on a book that isn't worth my time, so of course, I have to be selective. the cover is the first criterion by which I screen books, and I doubt that I am unique in starting there.
it scares me that I DO judge a book by its cover, but I do. all of us do. there is no way you can read through the TOC of hundreds of books when you visit a well-assorted book shop in order to make a more thorough judgement on a book.
O'Reilly seem to have understood this. their books usually have a sober, tasteful look about them, and it is somehow an irony that the average quality of an O'Reilly book has dropped in proportion to the degree of overall variation in cover design (I am not saying that the quality of an ORA-book is inversely proportional to its deviation from the "formula", but that it holds for ORA's annual output as a whole).
still, the no-bullshit, calm, and sober look of O'Reilly books make them a natural focus point in any computer book section. (that and the fact that their predominantly white covers stand out. how come the cover-designers of other publishers seem so ignorant about the use of colors?)
yes, the cover matters, and despite what the reviewer thinks: the cover on the reviewed book does it no disservice.
what IS questionable about the book is the fact that it has many spelling mistakes. this suggests that the editor has not done his or her job putting the book through even the most basic quality assurance, which in turn means that there could be factual errors in the book, which for this kind of book is really, really bad.
this would make me reluctant to shell out $50 for this book.
I think whomever invented the fork should sue all the people who make forks these days. I mean, come on, they're almost all the same so they must have ripped off the original.
right?
-Bjørn
So what is this guy supposed to say? "Our product doesn't work, use Firefox"? Of course he is going to say IE is okay. It is his job to be enthusiastic about their products, and for the right amount of cash, you would be enthusiastic too:-).
My bet, though, is that Microsoft are going to take back the lead. They are used to being laughed at, and when they have a product that lags sufficiently behind in public opinion, they usually make it a priority to take back the lead.
What people *should* be thinking of is what Microsoft will do to lock in customers and how this threat can be met.
As for your claim it's a "problem" that you have to parse everything, if your server is CPU bound and the SAX parser is dominating your profiling output you're doing something seriously wrong.
My point exactly. This should be an IO problem.
You're assuming that the cheap tokenization work a SAX parser has to do is massively more expensive than handling other types of framing, [...]
It is, but the worst part is that it is unecessarily complex for what you want to do. If you want to route messages you should not be required to parse the entire message to determine its boundaries. Why is this hard to understand?
Would you argue that it would make sense to transform IP to an XML protocol (people actually have suggested this in earnest. No kidding)
[...] and enough for it to become a problem. In my work it's never even showed up in profiling runs as a factor worth optimizing. Tuning the system to maximize IO throughput and minimize the frequency of system calls (to reduce context switches) is generally much more worthwhile.
Minimizing the number of system calls and doing efficient IO is usually not a problem. Most network code miserably fails to do so, but if you keep at it for a while, clues will emerge. We're not disagreeing there.
Where we disagree is probably that while you think it is a good solution to require *everything* to go through the XML parser, I would prefer not having to do so. Both because it requires you to process *every* byte in the XML parser and it increases the implementation complexity.
Slashdot Mirror
As long as there are people who really believe that this is something that can be settled "once and for all" there is going to be an endless series of tedious willy-waving contests with more or less random outcomes.
This is almost editorial trolling to get more pageviews from the feeble of mind.
Man, what I wouldn't give to be a kid again.
I would have preferred them focusing on making Windows less of a fertile breeding ground for malware rather than turning this into a game of whack-a-mole.
Also, this is reality. In the short term the acquisition means nothing at all to the consumer. What this means in the longer run remains to be seen.
I guess someone has been raiding the fridge at the ISS.
I certainly hope that Lenovo will be able to deliver quality laptops in the future. IBM ThinkPads are the only PC laptops I really like. I've tried a lot of other laptops and they just do not compare to the ThinkPads for professional use.
If Lenovo doesn't keep up quality I hope Apple will fix their laptops.
Apple are close to making decent laptops, but the attention to functional detail is still not quite up to par.
For instance, their keyboards have bad layouts What's up with the huge capslock and the miniscule Enter-key!? Please get some people who have at least looked at a decent keyboard layout before to design your keyboards, Apple. Also, PowerBooks do not have the best key feel. There is something wrong that I can't quite put my finger on -- no pun intended.
Their touchpad and mouse-buttons are also a joke. Come on Apple! Is this your best shot? People are supposed to use these. They are supposed to have some minimal level of ergonomics.
And, of course, they need to get higher resolution screens. I borowed a 17" PowerMac for a while and although most things look OK, it could do with higher resolution.
Apple have a good OS now. Far better alternative than going with Windows. For most people. If they could just deliver more performant PowerBooks and iBooks with all the ergonomic issues tended to, they would have a competitive product. Right now they just look cute, but it aren't really all that usable.
(As long as ThinkPads are on the market I am not buying an inferior, from a hardware point of view, PowerBook)
Well, given the fact that you do not believe sufficiently in what you say to put your own name under it, I guess it is quite obvious who is the wuss here.
Technically: no. The intent is not to overload the infrastructure and usually it doesn't, unless the spammer is incredibly incompetent.
Note that you should not confuse the act of spamming with the retaliation attacks some spammers have been known to engage in. Attacks against RBL maintainers etc
Also the traffic patterns are different. A typical DDoS consists of a large number of nodes sending traffic to a single node or a small number of nodes, thus overloading it or its network connections. Typically the source nodes will be spread across many different networks, and their combined traffic will in most cases be enough to saturate the capacity of the target or (more often) network choke points along the path from the sources to the target.
Typical spamming scenarios have the opposite structure where instead of converging on one node, the spammer will try to fan out, dividing work to as many open relays as possible in order to reach disjoint sets of targets. The intent is to reach as many targets as possible as quickly as possible wile using the least amount of resources at the source.
You do see that these scenarios represent opposites?
Also, it is trivial to see that what Lycos perpetrated was in fact a DDoS-attack, no matter what spin Lycos put on it.
Five years from now, where will we be? Will people continue attacking each others' servers this way? Will governments impose more and more restrictions on the Internet to try to put a stop to it? Probably both, and that does not bode well for the rest of us.
I think it is obvious what this will give us in the long run: government regulation.
For those in favor of reducing he degrees of freedom enjoyed on the Internet today, for those in favor of more surveillance and direct govnernment control, for those in favor of more strict legislation, for them this is a great big "I told you so". They can say "well, this is what you get when you let the kids run loose".
In the current political climate, the tendency is towards more control, towards extending the powers of law enforcement.
When these things happen it does make the public more willing to give up their freedom in exchange for (percieved) security.
It doesn't make it less of a DDoS-attack even if they stop 2% short of flooring the servers.
And we all know by now that in fact it turned out to be a DDoS-attack in effect so what intention they had from the outset isn't really interesting anymore.
My point is that they should have known that the chances of actually being able to stop before the servers hit the floor was very slim, and thus should have been responsible enough not to try. In the same way it is irresponsible to get behind the wheel when you know that you are under the influence of alcohol or drugs.
My point is that good intentions help very little when they are not accompanied by realism.
As for the users; they don't know any better. As has been demonstrated, they are easily lead and will buy into anything without much thought.
Yet it came as no surprise that it actually happened.
From a professional point of view, I think they should have abandoned the idea after analyzing it and realizing how much can go wrong, and how hard it is to model this problem given the observable information.
That they went ahead with it tells me that they either didn't care or that their developers lack basic analytic skills.
Do most drunk drivers intend to run over their victims?
It worked? How come I didn't notice any statistically significant change in the amount of spam I get? How come nobody I've asked noticed any change? Please explain.
If you are going to postulate that it worked you had better cough up some numbers to support your claim.
How do you figure? Because they said so?
Lycos probably caused less distress among spammers than any form of legal action would have caused -- regardless of the outcome of any legal action.
As for Lycos and publicity: well, now we know that the management have questionable ethics to allow themselves to sink below the level of many spammers (most spammers do not instigate DDoS-attacks on their opponents although some do). I would think twice before getting entangled in any sort of business relationship with someone who is prone to operate outside the law so easily.
The lasting effect of this is that a line has been crossed. Lycos is the first legitimate business, with at least some brand-recognition, that has shown willingness to engage in activities that are exclusively associated with criminal elements on the net. The question now is whether others will follow or if Lycos represents the low point of the business.
I made some remarks about this in a blog entry on how Lycos is now contributing to the spam weapons race and how this might set some bad precedents.
No, this is not about free speech. It is about not wanting to allow or encourage vigilantism.
Frankly, the fact that you seem to confuse this with a free speech issue scares me because it means that it isn't directly obvious to people that vigilantism is the problem here.
This form of retaliation would be wrong no matter what was being fought. Spam, kiddie porn, religion, political opponents, Barry Manilow or whatever.
If you burn down a neighborhood because someone you've never met said that a child molester lived there, that would make you a criminal. Get it?
What next? Users attack hardware vendors for not releasing drivers for graphics cards? Political parties make screensavers which overload the web servers of the opposition? We do not want to go there.
I guess this time they should consider themselves lucky that someone didn't manage to remove positive control over the screensavers from Lycos, effectively turning their DDoS zombie network into a tool for spammers. It would have been such a sweet irony of the very network of DDoS-agents created to thwart spammers would be turned into a spamming network.
I am sorry, but that has to be the dumbest argument I've ever heard.
If companies had focused more on the quality of their sites in the first place, both with regard to content and sensible use of technology, they would reach further and run fewer risks of being blacklisted for trying to influence ranking in a way that doesn't serve the consumer (ie. user of search engine).
Good sites don't optimize for search engines, they focus on doing business. The degree to which one wants to to business with any given site is usually inversely proportional to the apparent effort the site made to advertise its presence on the net.
Then again, you don't seem to talk about any kind of serious business since you talk about just dropping websites as they get blacklisted. That probably works if you're selling viagra and fake Rolex'es and advertise in email...
since the pornographers depend on search engines to drive traffic to them it is in their interest that there are as many players (search engines) as possible so that they become less dependent on any one engine to drive traffic to them.
right now there are too few engines and good/bad listing (or even blacklisting) in one of them can make or break a web business operating right on the edge of profitability.
But of course, it had to happen. Google now has money and is now an obvious target for the litigous sort of bottom feeders who aren't to converned with whom they blame -- as long as it is someone they can bully, extort or push into bankruptcy. Google, of course, has money, so they'll extort them.
I certainly hope that the courts will decide that Google cannot be blamed for not keeping track of what chunk of data represents someone's property or not, and whether said property is served from the site the owners intend it to. This is silly.
Then again, so is the judicial system since you can never be sure of the outcome of such a case. Unless, of course, one of the parties is willing to commit more money to the case than the other. You can always buy a victory in the courts, if not formally, then in effect.
Java isn't just the language or just the JVM, it also encompasses a rather large collection of APIs, without which Java would not be very useful. for instance it would be foolish to argue that the collection classes are not part of Java. or that the servlet API is not part of Java. or that the JDBC interface is not part of Java.
this is the very strength of Java. this is what sets Java apart from, for instance, C++. in C++ you have some containers and algorithms as part of the standard library -- and that's it. you have practically no standard infrastructural APIs to speak of. and even if you did, C++'s old fashioned heritage makes it nearly impossible to base anything on anything but source (and even then, you often have issues if various components were intended for different compilers).
Very true.
What scares me a bit about parts of the Java community is that they seem to think that you can't realize business applications without basing the architecture around some application server.
Also the Java community is infested with all the wankers who worry about what is fashionable. For instance every decade has its own flavor of MDA, and it is amazing to see that in each incarnation this crowd fancies itself special "we're on the right track this time!"
It would be a shame if these wankers should represent Java. Just as much as if the more vocal participants in the PHP community should represent PHP. -Bjørn
Is this a person who spends a lot of time reading technical books?
recently a friend of mine published a book. a pretty serious technical book and by my estimation one of the better books I have seen on the topic.
the problem is that if I saw this book in the store, I would probably just give it a cursory glance and never even bother to take it off the shelf to leaf through it. seriously.
I read a lot of books and I would hate to waste time on a book that isn't worth my time, so of course, I have to be selective. the cover is the first criterion by which I screen books, and I doubt that I am unique in starting there.
it scares me that I DO judge a book by its cover, but I do. all of us do. there is no way you can read through the TOC of hundreds of books when you visit a well-assorted book shop in order to make a more thorough judgement on a book.
O'Reilly seem to have understood this. their books usually have a sober, tasteful look about them, and it is somehow an irony that the average quality of an O'Reilly book has dropped in proportion to the degree of overall variation in cover design (I am not saying that the quality of an ORA-book is inversely proportional to its deviation from the "formula", but that it holds for ORA's annual output as a whole).
still, the no-bullshit, calm, and sober look of O'Reilly books make them a natural focus point in any computer book section. (that and the fact that their predominantly white covers stand out. how come the cover-designers of other publishers seem so ignorant about the use of colors?)
yes, the cover matters, and despite what the reviewer thinks: the cover on the reviewed book does it no disservice.
what IS questionable about the book is the fact that it has many spelling mistakes. this suggests that the editor has not done his or her job putting the book through even the most basic quality assurance, which in turn means that there could be factual errors in the book, which for this kind of book is really, really bad.
this would make me reluctant to shell out $50 for this book.
I think whomever invented the fork should sue all the people who make forks these days. I mean, come on, they're almost all the same so they must have ripped off the original. right? -Bjørn
My bet, though, is that Microsoft are going to take back the lead. They are used to being laughed at, and when they have a product that lags sufficiently behind in public opinion, they usually make it a priority to take back the lead.
What people *should* be thinking of is what Microsoft will do to lock in customers and how this threat can be met.
in a wider perspective; is Miguel the piper leading all the children of the open source into the river? will Microsoft unleash IP-litigation on a scale never seen before? will it be at all possible to tell the users that Microsoft's wet dreat is to forever in the darkness bind them...to their products.
My point exactly. This should be an IO problem. You're assuming that the cheap tokenization work a SAX parser has to do is massively more expensive than handling other types of framing, [...]
It is, but the worst part is that it is unecessarily complex for what you want to do. If you want to route messages you should not be required to parse the entire message to determine its boundaries. Why is this hard to understand? Would you argue that it would make sense to transform IP to an XML protocol (people actually have suggested this in earnest. No kidding)
[...] and enough for it to become a problem. In my work it's never even showed up in profiling runs as a factor worth optimizing. Tuning the system to maximize IO throughput and minimize the frequency of system calls (to reduce context switches) is generally much more worthwhile.
Minimizing the number of system calls and doing efficient IO is usually not a problem. Most network code miserably fails to do so, but if you keep at it for a while, clues will emerge. We're not disagreeing there.
Where we disagree is probably that while you think it is a good solution to require *everything* to go through the XML parser, I would prefer not having to do so. Both because it requires you to process *every* byte in the XML parser and it increases the implementation complexity.