You left out the part where the biggest player in that industry produces a product that doesn't technically meet the standards, but is accepted anyway for your choice of reasons.
Oh, you can do much better than that: If you're the largest vendor, create a broken implementation of the spec, declare yourself to be fully compliant in your sales literature, and then threaten to prosecute any competitors who download your product in order to figure out what the fsck it's doing under the DMCA. This actually happened - your tax dollars at work.
How many places will buy them because they meet this government spec without regard to these problems? Government planning at its finest!
That's pretty common with (non-classified) government security standards. A bunch of guys, often ones whose last industry experience occurred twenty years ago, get together and, after 2-3 years of often acrimonious committee meetings, throw together enough random features to call it a standard. Far too frequently what gets certified for govt.standards is whatever's possible to itemise in a checkbox rather than what would actually add security (I've seen stuff that's little removed from EU banana-bentness requirements in USG security standards). It's not surprising then that you can have products that are fully compliant with (non-classified) USG standards while also being completely insecure.
Standards for classified security systems, now they're another matter, they're often written by the people who have the most experience in breaking them so they tend to be much better. They also work with a completely different development cycle, taking 5-10 years to get to market and costing an arm and a leg when they arrive.
The two firms involved have been told to get a grip on their security procedures
If it happens again, they have to go see the headmaster. After that, it's a note to their mother. Then, things get really serious. Wet bus tickets will be involved.
Still, the whole shebang will eventually become irrelevant next to the coming web-only paradigm (and yes, ChromeOS is a little ahead of the curve on this). Sure, some things will always want to be desktop-native - traditional cross-platform tools will have an advantage there. But the new standard's gonna be the web, and not even Microsoft can stop that.
Given that an OCZ Colossus 2 (just under 1TB) retails for $2,500 (and even when converted to Canadian dollars that's still a lot), you'd have to be using some awfully expensive power generation for it to pay for itself by years end. Or were you referring to the SATA cables that you needed in order to plug them in? You could probably pay those off in power savings.
On the topic of interpreted languages - is a Perl script data or code?
That leads to a related problem, that we have Turing machines everywhere. For example what should be a flat technical document (PDF) has no less than three complete programming environments built into it, even more if you include stuff like MHEG content embedded in video streams in the PDF. It seems like no technology has really "arrived" until it's programmable in some way, and with that programmability comes exploitability.
Hell, I've used languages where the statement separator was a 12-11-0-7-8-9 punch. (Bonus points if you can tell me what that is and how to make one.) So a NUL terminated string looks positively modern compared to that.
I've found that end-of-card was an even more effective delimiter than your $FF.
The problem isn't so much '\0' vs counted strings, it's in-band signalling in general. The telcos found this out in the 1970s with 2600 Hz whistles (and, eventually, fixed it), while the general computing world continues to use it, and in fact is busy inventing new and more complex ways of doing it all the time. String overruns, SQL injection, XSS, and many others are all examples of exploiting in-band signalling. The worst offender of the lot must be XML, which so thoroughly confuses what's data and what's control information that we'll still be trying to sort out the mess for decades to come. If you could remove in-band signalling, you'd also suddenly deal with a significant chunk of the OWASP perpetual top ten.
I gotta hand it to the Swedes here. While the Swedes give government agencies 26-letter names (with two of those letters being non-ASCII), us Americans would say "what, fuck that, abbreviate it."
Why do you think it took him six months to contact them? "Let's see, I've gotta call StrÃ¥lsÃkerhetsmin... no, StrÃ¥lsÃkerhats... no, StrÃ¥lsÃkerkets... no [six months later] StrÃ¥lsÃkerhetsmyndigheten, got it!"
(What are the chances Slashdot will mangle the accented chars, sigh)
This isn't in any way some anti-Facebook law, it's a knee-jerk reaction to a (now) 40-year-old who was molested by a teacher at age 12. Since the statute of limitations has long since expired on this but the politicians have to be seen to be doing something, they passed a check this/pry into that/disallow the other law. It's pretty much exactly what you'd expect if you got a bunch of politicians and social workers together and asked them for a generic "protect party X from party Y" law, with no clear idea of how they were to be protected, or exactly what from.
TCP/IPv4 is now a living fossil and will persist in its present form as an ISP access protocol, ironically filling exactly the same function that X.25 (so much derided by Internet professionals at the time because it wasn't end-to-end) was designed to provide.
The reason why most people derided X.25 wasn't because of any ideological issues, but simply because it sucked so much. I've worked with a huge range of networking technology (everything from Trailblazers over noisy phone lines in China to OC-xx's) and X.25 was by far the most painful technology I've ever dealt with. The worst part was that even if you managed to get the link up, because of all the stoopid^H^H^Hintelligence built into the network, it failed with 100% reliability. In other words all the handshakes were exchanged, checksums were OK, and half your packets fell on the floor somewhere because some PAD decided to drop them while at the same time running all the X.25 signalling to say everything was fine.
Excessive use of middleboxes really is a bit like X.25 (only a bit, because I've never seen a middlebox situation as bad as an X.25 network), the network is free to fsck with your packets in any way it pleases and the only mitigation you've got is to keep frobbing random options until you finally figure out what you need to tweak to get things to start working.
(With X.25, two-week outages weren't unheard of, that being the time it took until numerous network users managed to triangulate the PAD that was randomly misdirecting traffic while telling the rest of the network that everything was OK).
But now we're seeing most of the major browsers playing follow-the-leader by clumping menu operations into a single button, putting things indifferent places, and then Microsoft's ribbon bullshit that thinks every operation should be presented to you in a big kludgey mess of buttons and symbols.
ITYM "pre-Sumerian iconographic glyphs". So all you have to do is memorise the fact that the picture of Marduk means "reload", the Anu image is "back", clicking on Tammuz takes you to your home page, and so on. It's really simple once you get to know it. I have some old clay tablets that explain it all, if you need help.
First off, I've been using Firefox since it was Phoenix 0.3, and it's been my mainstream browser ever since. Back then, it was forked from Netscape because of the original's bloat, feature creep, and endless wanking around with the UI and assorted pointless bells and whistles.
Now look at what's been happening with Firefox in the last five year: Bloat, feature creep, and endless wanking around with the UI and assorted pointless bells and whistles. The recent pick-a-random-version-number and now this make-a-random-fashion-statement UI are just the icing on the cake. We really need someone to fork this thing while it can still be saved, and do to Firefox what Firefox did to Netscape.
As I said above, I've been using it since 0.3, but at the moment the only thing preventing me from jumping ship is that I'd lose a pile of useful extensions. In other words what's keeping me with Firefox isn't the browser any more, but the third-party add-ons.
Having backing from Microsoft just makes it irrelevant.
Arggh! Some folks at Microsoft research published a paper that discussed NoSQL. They've also published papers on computational linguistics, emerging markets, robot programming, synthetic biology, online sharing and mobile applications, pricing algorithms and market equilibriums, and who knows what else. It's a research institution that publishes all manner of stuff on esoteric research.
Microsoft corporate probably doesn't even know NoSQL exists.
The Justice Department wants to know whether [the consortium] intends to use them defensively to deter patent lawsuits against its members, or offensively against rivals.
As opposed to "innovatively, for the common good".
I don't have access to the paywalled article, but isn't this the DoJ publicly admitting that patents only serve two purposes, neither of which are the ones they're intended to serve?
Then all they need to do is reinvent ACID and they'll have made it to the 1980s.
Wouldn't that be the 1960s?
Having sat in on technical debates among users of different NoSQL implementations, I would say they have plenty of that type already.
It was kinda scary sitting with a roomful of heavy-duty NoSQL users debating technology and having the organiser ask if anyone had any experience across a range of NoSQL implementations, to allow comparisons to be made. Zero hands were raised. This led to an extended debate about "How can we know X is a good approach if we have no idea how it compares to anything else?". The impression was of lots of little islands of NoSQL use that were motivated more by "Well, at least it's not Oracle" than any real cost/benefit analysis. One or two people even mentioned that "We should really be using Postgres, but Mongo/Couch/whatever is trendier". A number of users also mentioned the pain of having to hand-implement ACID on top of NoSQL using chewing gum and rubber bands, and the inevitability of switching to a proper RDBMS at some point when the pain became too much, or when they started experiencing serious losses due to the lack of transactional capabilities and whatnot.
Maybe NoSQL should be renamed NoOracle, which seems to a major factor in its use.
"So, everyone will use this unified query language?"
"Yes, it'll be great. No need to rewrite things when moving from one database to another."
"Sounds great. Portable apps! Hooray!"
"It amazes me that nobody has ever done anything like this before."
"Yes, in hindsight it's blindingly obvious. There should have been a single query language all along."
"A single query language--we could call it `S-QL` or something like that."
Then all they need to do is reinvent ACID and they'll have made it to the 1980s. At that point they'll only have another thirty years of catching up left to go...
+1 came preceded Google+ by a few months. Google is trying to tie +1 into other Google services as well, not just Google+.
+1 preceded Google by decades, since it came out of TSR in the 1970s. Anyway, +1 is for munchkins, I wouldn't even go near a Mind Flayer without at least a +3 sword, better a +5 if you can get one.
In fact the only man-made object on the planet big enough to see unaided from orbit is the artificial island that was built for the Kansai Airport in Japan.
I'm pretty sure my co-workers pr0n collection would qualify as the second man-made object visible from space. It's starting to bend light towards it as well...
Slashdot Mirror
You left out the part where the biggest player in that industry produces a product that doesn't technically meet the standards, but is accepted anyway for your choice of reasons.
Oh, you can do much better than that: If you're the largest vendor, create a broken implementation of the spec, declare yourself to be fully compliant in your sales literature, and then threaten to prosecute any competitors who download your product in order to figure out what the fsck it's doing under the DMCA. This actually happened - your tax dollars at work.
Unfortunately these locks still happily open the door when fired on by a blaster.
Gimme a light saber any day. This is the weapon of a Jedi Knight. Not as clumsy or random as a blaster; an elegant weapon for a more civilized age.
(In addition you can use it to cut through the door directly, even if the lock is blaster-proof).
How many places will buy them because they meet this government spec without regard to these problems? Government planning at its finest!
That's pretty common with (non-classified) government security standards. A bunch of guys, often ones whose last industry experience occurred twenty years ago, get together and, after 2-3 years of often acrimonious committee meetings, throw together enough random features to call it a standard. Far too frequently what gets certified for govt.standards is whatever's possible to itemise in a checkbox rather than what would actually add security (I've seen stuff that's little removed from EU banana-bentness requirements in USG security standards). It's not surprising then that you can have products that are fully compliant with (non-classified) USG standards while also being completely insecure.
Standards for classified security systems, now they're another matter, they're often written by the people who have the most experience in breaking them so they tend to be much better. They also work with a completely different development cycle, taking 5-10 years to get to market and costing an arm and a leg when they arrive.
The two firms involved have been told to get a grip on their security procedures
If it happens again, they have to go see the headmaster. After that, it's a note to their mother. Then, things get really serious. Wet bus tickets will be involved.
Still, the whole shebang will eventually become irrelevant next to the coming web-only paradigm (and yes, ChromeOS is a little ahead of the curve on this). Sure, some things will always want to be desktop-native - traditional cross-platform tools will have an advantage there. But the new standard's gonna be the web, and not even Microsoft can stop that.
Andreesen, is that you?
Might even pay for itself by the years end
Given that an OCZ Colossus 2 (just under 1TB) retails for $2,500 (and even when converted to Canadian dollars that's still a lot), you'd have to be using some awfully expensive power generation for it to pay for itself by years end. Or were you referring to the SATA cables that you needed in order to plug them in? You could probably pay those off in power savings.
Any business dealing on the web (aka hosting) would benefit from ssd
Because SSD is web scale.
On the topic of interpreted languages - is a Perl script data or code?
That leads to a related problem, that we have Turing machines everywhere. For example what should be a flat technical document (PDF) has no less than three complete programming environments built into it, even more if you include stuff like MHEG content embedded in video streams in the PDF. It seems like no technology has really "arrived" until it's programmable in some way, and with that programmability comes exploitability.
Hell, I've used languages where the statement separator was a 12-11-0-7-8-9 punch. (Bonus points if you can tell me what that is and how to make one.) So a NUL terminated string looks positively modern compared to that.
I've found that end-of-card was an even more effective delimiter than your $FF.
The problem isn't so much '\0' vs counted strings, it's in-band signalling in general. The telcos found this out in the 1970s with 2600 Hz whistles (and, eventually, fixed it), while the general computing world continues to use it, and in fact is busy inventing new and more complex ways of doing it all the time. String overruns, SQL injection, XSS, and many others are all examples of exploiting in-band signalling. The worst offender of the lot must be XML, which so thoroughly confuses what's data and what's control information that we'll still be trying to sort out the mess for decades to come. If you could remove in-band signalling, you'd also suddenly deal with a significant chunk of the OWASP perpetual top ten.
I gotta hand it to the Swedes here. While the Swedes give government agencies 26-letter names (with two of those letters being non-ASCII), us Americans would say "what, fuck that, abbreviate it."
Why do you think it took him six months to contact them? "Let's see, I've gotta call StrÃ¥lsÃkerhetsmin... no, StrÃ¥lsÃkerhats... no, StrÃ¥lsÃkerkets... no [six months later] StrÃ¥lsÃkerhetsmyndigheten, got it!"
(What are the chances Slashdot will mangle the accented chars, sigh)
This isn't in any way some anti-Facebook law, it's a knee-jerk reaction to a (now) 40-year-old who was molested by a teacher at age 12. Since the statute of limitations has long since expired on this but the politicians have to be seen to be doing something, they passed a check this/pry into that/disallow the other law. It's pretty much exactly what you'd expect if you got a bunch of politicians and social workers together and asked them for a generic "protect party X from party Y" law, with no clear idea of how they were to be protected, or exactly what from.
TCP/IPv4 is now a living fossil and will persist in its present form as an ISP access protocol, ironically filling exactly the same function that X.25 (so much derided by Internet professionals at the time because it wasn't end-to-end) was designed to provide.
The reason why most people derided X.25 wasn't because of any ideological issues, but simply because it sucked so much. I've worked with a huge range of networking technology (everything from Trailblazers over noisy phone lines in China to OC-xx's) and X.25 was by far the most painful technology I've ever dealt with. The worst part was that even if you managed to get the link up, because of all the stoopid^H^H^Hintelligence built into the network, it failed with 100% reliability. In other words all the handshakes were exchanged, checksums were OK, and half your packets fell on the floor somewhere because some PAD decided to drop them while at the same time running all the X.25 signalling to say everything was fine.
Excessive use of middleboxes really is a bit like X.25 (only a bit, because I've never seen a middlebox situation as bad as an X.25 network), the network is free to fsck with your packets in any way it pleases and the only mitigation you've got is to keep frobbing random options until you finally figure out what you need to tweak to get things to start working.
(With X.25, two-week outages weren't unheard of, that being the time it took until numerous network users managed to triangulate the PAD that was randomly misdirecting traffic while telling the rest of the network that everything was OK).
What happened to function over form?
Well, they've had the function working right for a while.
Yeah, good thing they fixed all those memory leaks years ago so they've now got all this free time to waste to wank around with the UI.
But now we're seeing most of the major browsers playing follow-the-leader by clumping menu operations into a single button, putting things indifferent places, and then Microsoft's ribbon bullshit that thinks every operation should be presented to you in a big kludgey mess of buttons and symbols.
ITYM "pre-Sumerian iconographic glyphs". So all you have to do is memorise the fact that the picture of Marduk means "reload", the Anu image is "back", clicking on Tammuz takes you to your home page, and so on. It's really simple once you get to know it. I have some old clay tablets that explain it all, if you need help.
First off, I've been using Firefox since it was Phoenix 0.3, and it's been my mainstream browser ever since. Back then, it was forked from Netscape because of the original's bloat, feature creep, and endless wanking around with the UI and assorted pointless bells and whistles.
Now look at what's been happening with Firefox in the last five year: Bloat, feature creep, and endless wanking around with the UI and assorted pointless bells and whistles. The recent pick-a-random-version-number and now this make-a-random-fashion-statement UI are just the icing on the cake. We really need someone to fork this thing while it can still be saved, and do to Firefox what Firefox did to Netscape.
As I said above, I've been using it since 0.3, but at the moment the only thing preventing me from jumping ship is that I'd lose a pile of useful extensions. In other words what's keeping me with Firefox isn't the browser any more, but the third-party add-ons.
NoSQL databases, especially MongoDB, tend to be more web scale.
NoSQL databases, especially MongoDB, tend to be more cromulent.
There, FTFY.
Having backing from Microsoft just makes it irrelevant.
Arggh! Some folks at Microsoft research published a paper that discussed NoSQL. They've also published papers on computational linguistics, emerging markets, robot programming, synthetic biology, online sharing and mobile applications, pricing algorithms and market equilibriums, and who knows what else. It's a research institution that publishes all manner of stuff on esoteric research.
Microsoft corporate probably doesn't even know NoSQL exists.
According to the author of the O'Reilly book Learning SQL, SQL is not an acronym.
According to Wikipedia, it is. It was invented by the ancient Egyptians. Something to do with a sun god.
The Justice Department wants to know whether [the consortium] intends to use them defensively to deter patent lawsuits against its members, or offensively against rivals.
As opposed to "innovatively, for the common good".
I don't have access to the paywalled article, but isn't this the DoJ publicly admitting that patents only serve two purposes, neither of which are the ones they're intended to serve?
Then all they need to do is reinvent ACID and they'll have made it to the 1980s.
Wouldn't that be the 1960s?
Having sat in on technical debates among users of different NoSQL implementations, I would say they have plenty of that type already.
It was kinda scary sitting with a roomful of heavy-duty NoSQL users debating technology and having the organiser ask if anyone had any experience across a range of NoSQL implementations, to allow comparisons to be made. Zero hands were raised. This led to an extended debate about "How can we know X is a good approach if we have no idea how it compares to anything else?". The impression was of lots of little islands of NoSQL use that were motivated more by "Well, at least it's not Oracle" than any real cost/benefit analysis. One or two people even mentioned that "We should really be using Postgres, but Mongo/Couch/whatever is trendier". A number of users also mentioned the pain of having to hand-implement ACID on top of NoSQL using chewing gum and rubber bands, and the inevitability of switching to a proper RDBMS at some point when the pain became too much, or when they started experiencing serious losses due to the lack of transactional capabilities and whatnot.
Maybe NoSQL should be renamed NoOracle, which seems to a major factor in its use.
"So, everyone will use this unified query language?"
"Yes, it'll be great. No need to rewrite things when moving from one database to another."
"Sounds great. Portable apps! Hooray!"
"It amazes me that nobody has ever done anything like this before."
"Yes, in hindsight it's blindingly obvious. There should have been a single query language all along."
"A single query language--we could call it `S-QL` or something like that."
Then all they need to do is reinvent ACID and they'll have made it to the 1980s. At that point they'll only have another thirty years of catching up left to go...
+1 came preceded Google+ by a few months. Google is trying to tie +1 into other Google services as well, not just Google+.
+1 preceded Google by decades, since it came out of TSR in the 1970s. Anyway, +1 is for munchkins, I wouldn't even go near a Mind Flayer without at least a +3 sword, better a +5 if you can get one.
... I'm the cure. This is where the law stops and I start, sucker.
(Cue automatic weapons fire and explosions).
In fact the only man-made object on the planet big enough to see unaided from orbit is the artificial island that was built for the Kansai Airport in Japan.
I'm pretty sure my co-workers pr0n collection would qualify as the second man-made object visible from space. It's starting to bend light towards it as well...