SNI is available for IE7 and IE8 on Vista and IE8 on Windows 7, it is actually the library which is part of Windows XP where the problems is with SNI, which also effects Safari on Windows XP.
At the end of the day, only JavaScript is in the browser by default and the rest seems to getting less attention and only used as 'a fallback' for things where HTML/JS/CSS hadn't found widespread adoption, like video (mostly Flash).
I think the creator of JavaScript came from Silicon Graphics and they (Netscape) needed him to release something in that timeframe. At the time they probably didn't expect it to be important. Microsoft took that project and reverse engineered it exactly (better than anything else Microsoft ever copied or implemented a specification, before that point and after that point) and made it bug for bug compatible. Thus you had 2 implementations in the market and it couldn't be easily changed anymore.
I could also ask you something else: do you think you could have created something better in 10 days ? That is the time it took Brendan Eich to create something from scratch, 10 days from doing to language design to a working and shipping version.
Most of what is bad about JavaScript isn't so much the language, but the environment. People still drag their IE6 on to the internet and they expect things to work and it seems many website builders try to oblige them. They work around the problems in that 10 year old software. Many things have changed since then.
I do not know what you do, but let's say you are a Java programmer, when you code do you always keep in the back of your mind it should still work on the 1.3 runtimes from 10 years ago ? And do you check/test it too ?
If you are a C-programmer developing programs which run on Linux, you always create 2 code paths ? One which compiles and runs on Linux 2.2.x/gcc 2.95.x ? And some #ifdef where you take advantage of the newer features which Linux and other modern operating systems offer you ?
Or do your programs still compile against the libraries of KDE3 ? QT from before 3.0 ? Or the GTK1.2 ? And do you test this ? And regularly ?
So yes, there is some cruft. That doesn't mean the newer stuff can be exciting to people.
The HTML5 and other new specifications has a lot of good things in it, the WHATWG was specifically created to create a new specification for creating applications, which has now grown into the HTML5-specification as it is now. JavaScript it self has some really interresting properties.
1. The easiest thing you can do is to use a DNSSEC capable resolver and give it the 'root key material' and have it setup to update automatically. Every 6 or so months a new key will be generated, so it needs to be updated. Most of the software has a mechanism for that. The root key material is at: https://data.iana.org/root-anchors/ If you use Unbound, you just create a file with the right information and put in the configuration file: auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
That way, everything which can be checked will be checked and you will be less vulnerable to DNS attacks.
2. Deploy DNSSEC for the zones you manage: The most used TLDs are all signed, although they may not all be available to the general public yet. You will obviously need DNSSEC-capable authoritive DNS-server software or use Phreebird as a proxy. When your zone data is signed, obviously clients/resolvers need to be able to check what you signed, you do this by communicating the 'DS'-record (dig +norec @ns1.zone.tld zone.tld DS) to your registrar or TLD-operator, the same people who you are paying for the domain/where you communicate the name and possibly IP-addresses of your DNS-zone. Some registrars might not be ready, but other are. You might need to shop around. Unfortunately you will need to that every X months as well.
On desktops and so on, there currently are very little tools which make use of it.
You could put the SSH-fingerprint in DNS which is signed by DNSSEC and enable VerifyHostKeyDNS, that way when you choose yes when connecting to a SSH-server the first time, you can have more confidence that what you are connecting to is the real server.
There are efforts to make it available for the browsers and so on:
There is a DANE-proposal which makes it possible for the browser to check DNS/DNSSEC and use it for certificate-chain checking for HTTPS instead (or together with) the current CA-system.
That is the easiest part to solve, it is called prioritizing. Your bits obviously go first on your connection. Only the bandwidth you don't use should be available to others for free.
As the other reply says, it has a UPS+PSU builtin, it is actually a lot more efficient. Because a normal UPS converts the power coming into the UPS for the batteries, then it gets converted again when it is sent to the PSU, the PSU converts it again...
All of that is a waste.
If you have the UPS next to the PSU, you convert the power ones coming into the PSU, it sends power to the board/CPU and so on and also to the UPS if it needs to be charged. When the PSU does not get power, the UPS delivers power to the board/CPU, no conversion needed.
From an older article: "This design provides Google with UPS efficiency of 99.9 percent, compared to a top end of 92 to 95 percent for the most efficient facilities using a central UPS."
Slashdot Mirror
I don't think this is a pro-Google site, it is an anti-Microsoft site. :-)
SNI is available for IE7 and IE8 on Vista and IE8 on Windows 7, it is actually the library which is part of Windows XP where the problems is with SNI, which also effects Safari on Windows XP.
At the end of the day, only JavaScript is in the browser by default and the rest seems to getting less attention and only used as 'a fallback' for things where HTML/JS/CSS hadn't found widespread adoption, like video (mostly Flash).
Maybe you would like to listen to him tell people about the history:
http://www.livestream.com/etsy/video?clipId=pla_1463e546-47ed-4a93-b59a-bd52b236e8b8
The talk starts at 1:30
He starts to explain the history at about 4:48
Do you know JavaScript ? I know it is misleading, but have a look here:
http://javascript.crockford.com/javascript.html
It was intended as a scheme syntax (I think it was), but they thought that no one was familair with it so that is why it got the C syntax.
I think the creator of JavaScript came from Silicon Graphics and they (Netscape) needed him to release something in that timeframe. At the time they probably didn't expect it to be important. Microsoft took that project and reverse engineered it exactly (better than anything else Microsoft ever copied or implemented a specification, before that point and after that point) and made it bug for bug compatible. Thus you had 2 implementations in the market and it couldn't be easily changed anymore.
I could also ask you something else: do you think you could have created something better in 10 days ? That is the time it took Brendan Eich to create something from scratch, 10 days from doing to language design to a working and shipping version.
Most of what is bad about JavaScript isn't so much the language, but the environment. People still drag their IE6 on to the internet and they expect things to work and it seems many website builders try to oblige them. They work around the problems in that 10 year old software. Many things have changed since then.
I do not know what you do, but let's say you are a Java programmer, when you code do you always keep in the back of your mind it should still work on the 1.3 runtimes from 10 years ago ? And do you check/test it too ?
If you are a C-programmer developing programs which run on Linux, you always create 2 code paths ? One which compiles and runs on Linux 2.2.x/gcc 2.95.x ? And some #ifdef where you take advantage of the newer features which Linux and other modern operating systems offer you ?
Or do your programs still compile against the libraries of KDE3 ? QT from before 3.0 ? Or the GTK1.2 ? And do you test this ? And regularly ?
So yes, there is some cruft. That doesn't mean the newer stuff can be exciting to people.
The HTML5 and other new specifications has a lot of good things in it, the WHATWG was specifically created to create a new specification for creating applications, which has now grown into the HTML5-specification as it is now. JavaScript it self has some really interresting properties.
Everything you can do in VBScript you can do in JavaScript. And JavaScript is a much better language.
So ? If someone contributes good code, it gets accepted.
Isn't that the point of open source ?
It doesn't matter if you are a small disabled child in his bedroom, a big corporation or a movie star.
The problem is, many people act like it is a fullproof solution.
And the other reason why I mentioned it, because the problem is getting worse.
Maybe I should add why.
There are more viruses created every hour (automated) than any anti-virus company can handle.
I actually doubt that if they all worked together really well they would be able to have an up to date list.
I'm surprised the botnet operators haven't yet used the botnet to create the new variants every few emails/HTML-form-posts/whatever they do.
As many have already figured out, AV is pretty useless.
It is nowhere near fullproof.
I'm fairly certain that 200MB worth of pictures is 200MB wordt of uncompressed pictures.
"Doing what"
Maybe you could take a look at about:memory and post it on http://bugs.mozilla.org/
It could be they have something to say about it or could fix something, they are usually very responsive, but you have to report it.
Yes, you can split the KSK/ZSK and all that, it is optional. Probably most will want to do so though.
SSH needs a local validating resolver, yes. I don't know why I left that out, but it can forward to the network resolver for quick response.
There are a lot of details I left out. ;-)
There are 2 things you could do.
1. The easiest thing you can do is to use a DNSSEC capable resolver and give it the 'root key material' and have it setup to update automatically. Every 6 or so months a new key will be generated, so it needs to be updated. Most of the software has a mechanism for that. The root key material is at: https://data.iana.org/root-anchors/ If you use Unbound, you just create a file with the right information and put in the configuration file: auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
That way, everything which can be checked will be checked and you will be less vulnerable to DNS attacks.
2. Deploy DNSSEC for the zones you manage: The most used TLDs are all signed, although they may not all be available to the general public yet. You will obviously need DNSSEC-capable authoritive DNS-server software or use Phreebird as a proxy. When your zone data is signed, obviously clients/resolvers need to be able to check what you signed, you do this by communicating the 'DS'-record (dig +norec @ns1.zone.tld zone.tld DS) to your registrar or TLD-operator, the same people who you are paying for the domain/where you communicate the name and possibly IP-addresses of your DNS-zone. Some registrars might not be ready, but other are. You might need to shop around. Unfortunately you will need to that every X months as well.
On desktops and so on, there currently are very little tools which make use of it.
You could put the SSH-fingerprint in DNS which is signed by DNSSEC and enable VerifyHostKeyDNS, that way when you choose yes when connecting to a SSH-server the first time, you can have more confidence that what you are connecting to is the real server.
There are efforts to make it available for the browsers and so on:
https://os3sec.org/
There is a DANE-proposal which makes it possible for the browser to check DNS/DNSSEC and use it for certificate-chain checking for HTTPS instead (or together with) the current CA-system.
I'm glad that North America (ARIN) is now doing what Europe (RIPE) did earlier this month.
I mostly agree with your, but your last sentence.... well, let's have a look shall we ?:
"Also, similar to SSH, only you hold the private keys for your zones. You don't give those to anyone."
Which is similair to SSL/TLS protocols like HTTPS. ;-)
That is the easiest part to solve, it is called prioritizing. Your bits obviously go first on your connection. Only the bandwidth you don't use should be available to others for free.
It does however show you have a disadvantage in life, even though it might not be an IQ-specific problem. ;-)
As the other reply says, it has a UPS+PSU builtin, it is actually a lot more efficient. Because a normal UPS converts the power coming into the UPS for the batteries, then it gets converted again when it is sent to the PSU, the PSU converts it again...
All of that is a waste.
If you have the UPS next to the PSU, you convert the power ones coming into the PSU, it sends power to the board/CPU and so on and also to the UPS if it needs to be charged. When the PSU does not get power, the UPS delivers power to the board/CPU, no conversion needed.
From an older article:
"This design provides Google with UPS efficiency of 99.9 percent, compared to a top end of 92 to 95 percent for the most efficient facilities using a central UPS."
http://www.datacenterknowledge.com/archives/2009/04/01/efficient-ups-aids-googles-extreme-pue/
Neach, I just like to point at Microsoft and laugh. :-)
Activation isn't a problem, but a gadget isn't a zip-file, it is a cab-file.
But the javascript does use some gadgets-specific events like dock and undock. Which would only be available in the dock obviously.
I love how they use table for layout instead of proper CSS like the rest of the world. ;-)
It takes 2 minutes of hacking to disable some of that stuff, it does work on Windows XP just fine.