If someone *really* needs to use a member function of some member pointer in some pointer in some namespace I'd like to see how C# or java avoids syntax like this without trivial substitutions of "." for "->".
It is the trivial substitution of . for any of.,:: or -> that is the advantage. Instead of having to spend 30 seconds remembering whether something is a structure, a pointer or whatever each time you just hit the same key.
And yeeeessss this is not exactly rocket science, but add up the time saved from not having the compiler reject a change because of finger trouble and you have probably saved yourself 15 minutes or so over the course of the day.
More importantly for me, not having to piss arround with the C++ indirection operator guessing game means that I keep my train of thought focused on the problem I am trying to solve and not the makework introduced by the braindamage in the language.
Language X > Language Y statements are some of the most pointless ever made. Suppose you wanted to write an accelerated 3d game? Suppose you wanted to do some numerical physics?
There is probably a good deal of discussion about baseball which is more pointless.
But just because most discussion in that vein is pointless does not mean that all of it is.
C++ was from the start a language with major difficulties. C had a bunch of problems that could only be fixed by taking bad ideas out of C, C++ took nothing out and added a lot more complexity in.
Java and C# both started from the premise that people wanted a good language for writing new code in and absolute backwards compatibility was not their principle concern. As a result C# has a switch statement that allows a compiler to catch the common programming error of forgetting the break statement, Java likewise avoids that problem (slightly differently). Both C# and Java eliminate buffer overrun errors which are the #1 cause of security problems and so it goes on.
But the main reason for using C# or Java is that you don't have the tortured aaa::b.c->d.e->g (x,y) syntax which is only necessary because in the dim and distant past much of the C and C++ core was coded as separate preprocessors.
As for the efficiency question, C# is certainly as fast as C++ if you use the compile on install option and for numeric stuff is quite a bit better as the compilers are optimised for the specific intel processors.
Mono only is addressing the development and exection environments portion of the pie. Mono has nothing to do with the "web services" you are talking about.
If you implement the.NET framework you can pretty quickly build the Web Services framework. Most of the Web Services support in.NET is bound up in the XML Serialization layer which uses the metadata supported in.NET to generate XML serialization and deserialization code directly from.NET classes.
OK so this is a trick that appeared in the LISP machine 15 years ago but none of the mainstream companies have supported it since - up to now.
Having tried to use the MSFT Web Services tools I decided that it would be easier to roll my own for my purposes (although since I bought the cheapo standard version of C# rather than the whole.NET studio that may just be I was doing things the hard way). However it is a heck of a lot easier to deal with XML in C# than in any other language I have used.
They are. Can you name a single "technology" MS has announced recently that *nix hasn't had for years (if not decades)?
Can you name a single new technology that has appeared in UNIX in recent years that was not in VMS or MULTICS?
This type of argument is pure sophistry, either Microsoft are accused of stealling other peoples stuff (hard to do with open standards) or they are ignoring open standards.
Until WS-Security was proposed nobody had had any success with a transaction layer security enhancement. HTTPS failled, SHEN failled, PEM and MOSS failled. PGP and S/MIME had some success but they are limited to email.
Now nobody would claim WS-Security to be amazingly novel, however Microsoft, IBM and VeriSign have got the whole industry behind a spec in that niche which has never happened before.
As for all the 'nothing new has happened since Xerox' stuff, I suggest the people with that dellusion stop eating the mushrooms and go and use one of the things. OK so you can kinda sorta see the beginings of the ideas we use twenty years later, but they got as much wrong as they got right.
Please don't tar all of us with the USPTO brush. We all know they are crap - that's why most Americans ask the EPO to examine their internations patent applications.
Absolutely, my company does two types of patent, defensive patents and serious ones. With defensive patents all we are trying to do is to make sure that no shit comes along and files a claim on the stuff we developed (which has happened repeatedly). We file those at the USPTO, but by the time any are granted we have usually committed to granting a royalty free license to use the stuff in a standards body.
If we have a real invention and think we may seriously demand royalty fees we also file in Europe and Japan, even if the invention is pretty US specific. The main reason we do that is for credibility. If you send someone a demand letter that cites a USPTO patent the recipient pretty much knows it is 95% certain to be extortion. If you can cite a European patent you have a heck of a lot more credibility.
And in your musings about the IETF, has it ever struck you that maybe the IETF also think that adding an incomprehensibly slow transport layer on top of an existing and widely supported transport layer is a shit idea? BEEP is NOT an application level protocol, even if it wants to claim to be one.
If the IESG thought that it is strange that BEEP should be allowed to progress through the process at such a breakneck pace and then have ADs going round telling others they have to give reasons why they are not using it.
You are right about BEEP really being a transport layer protocol. Actually in the ISO model Marshall claims now to know nothing about it would be 'presentation'.
There are several reasons why such a layer is useful, the main one being that the old farts were not as clever as they think they were. TCP has a lot of problems and you often end up wanting a protocol layer to insulate your application from them. There are all sorts of hideous things that happen if you don't close out TCP/IP sessions correctly for instance which the Berkley sockets library won't fix for you.
The other reason people want a presentation layer is that TCP has pretty wierd performance characteristics. In the early days of the Internet you could litterally bring the system down by sending packets in faster than people could consume them. The solution to this was 'slow start' which essentially means that sessions start out at a slow speed and only ramp up the rate of packet submission as they get feedback indicating the recipient can handle it. All good stuff eh? Well yes but the parameters were set in the days of 300 baud modems and are completely inappropriate for broadband.
What this means is that once you set up a connection you really want to keep it going. That can be problematic however since simply serializing all your requests into one channel can get real ugly when you are interleaving 32 byte instant messages onto realtime video streams.
The way to fix a lot of these problems is to fix the TCP protocol. There is no technical reason why slow start could not be designed with memory so when you connect to CNN.com it remembers the speed it used last time. That would break the current RFC for the Internet standard but it is what a lot of vendors are actually doing on the quiet.
What the IESG and IAB do not get is that a lot of the Internet are regarding them as damage and routing arround them. The IETF is collectively working in interupt driven mode, people propose working groups, they do stuff in response. What I do not see is a group of people stepping back and examining the internet architecture as a whole and working out ways to improve it. We just have a bunch of incremental fixes.
In any IETF discussion the status quo is always accorded a ridiculously high status, even when it is clearly broken.
You miss the point about SGML encoding vs SGML data model. The SGML encoding of XML is simply an artifact. If you want to apply XML at that layer in the stack you should write a better encoding.
Disclaimer, I have not yeat read the Liberty specs, but I did write part of the SAML specs which I am told Liberty is based on.
Are passwords ever sent through service providers?
Well your description of Kerberos is not quite right, a TGT is actually used to re-authenticate you to the KDC that issued it. You go to the KDC, get a TGT, then you go back to the KDC, give it the TGT and get back a ticket. The only time TGTs get flung arround is in some folks inter-realm stuff.
Assume that the Liberty people know all about security in Kerberos etc. and are not going to send passwords in the clear. The SAML group had at least eight or nine of the people who would appear on most informed peoples list of 'top 100 security protocol designers'.
Does it work for protocols other than HTTP?
SAML has an HTTP binding but the spec anticipates other bindings. We are currently working on a SOAP binding that uses WS-Security.
Who can set up providers?
I don't know, under SAML anyone can set up a server. It would be really nice to see a slashdot server for example.
Can multiple Service Providers requiring the same credentials without knowing the identity is the same?
SAML is designed to allow pseudonyms etc. In fact one of the original consumers for SAML was Shiboleth which is a single sign on system for academic libraries and such and so they have really big psuedonymity and anonymity requirements.
SAML does not provide Chaumian style cryptographic anonymity, but then again neither does Chaum for this application. I did discuss SAML with Chaum a few months ago and we conculded it was not an easy problem.
It is a very well founded observation based on many hours of contact with the people behind Liberty.
Microsoft also announced at the conference that they will be developing SAML under WS-Security, which is a group under Oasis (http://www.oasis-open.org).
I very much doubt they said that. I suspect that what they said is that they will be working with WS-Security group in OASIS so that WS-Security can carry SAML authentication assertions as WS-Security credentials, just as the SAML group has stated that they will be developing a WS-Security binding of SAML.
Microsoft has no control over the WS-Security group in OASIS and I don't believe that their people would make a public statement which implied they did. A Microsoft person is nominated to be a co-chair of the WS-Security working group but the working group decisions are taken by the TC members and the meetings run acording to Roberts rules of order. If Microsoft wanted a rubber stamp they would have done what everyone else does and taken the thing to ECMA or whatever.
However it is fairly obvious that some people wanted the SAML/WS-Security harmonization was going to happen given that the editor of the core SAML spec is also an author of the original WS-Security proposal.
Opera fills in all the fields for me, making creating an account easy. I can give each vendor exactly the information I want.
That is not as usefull. What companies want is a way that people can login to a site without having to register.
The nytimes and the latimes do not really want to know all that much about individual readers, but they do want to be able to tell advertisers that 60% of readers come from zipcodes where 30% of households are in the A1 income bracket and such.
The yahoo and raging bull don't really give a monkeys about who you really are but they do need to be able to tell the SEC that they can at least tie a poster to an email address if necessary. Same at slashdot.
The identity business will work a lot better if the sites we log into do not need to maintain statistics at the level of the individual account.
OK in extremis someone might get litigious and file a lawsuit and get info from the identity broker, but that is likely to have a lot more safeguards for the individual if the identity is held by an identity broker for whom identity (and pseudonymity) is a business. It really does not take that big a threat for yahoo to rat you out. There is a lawsuit going on at the moment in Texas in which a company which has made less than $150K in revenues in any quarter for the past five years is suing visa over nasty statements one of their employees made about them on a Web site - the topic today is apparently claiming that the nasty statements cost the company over a billion dollars.
I have no idea if this is what Liberty will eventually end up doing but I know how SAML could be used to achieve that.
PS I predict that if Liberty would let up on the anti-Microsoft hecktoring for a few months we could actually broker a union of Passport/Liberty and make them at least interoperable at a certain level.
Hmmmm...."Zeinfeld". Pardon me for asking, but which HTTP author [ietf.org] are you?
I am not one of the Editors, I am listed as a principal contributor before the group members.
I've met most of you, and like all of you, but quite frankly, at least one of you has a conflict of interest when it comes to opining on BEEP.
Not so in my case, I was not big into HTTP-NG, I was not involved in DIME or Multiplex. I am not HFN which should be bloody obvious if you know him. However I am a friend and my company does a lot of work with his (Microsoft), but I also do a lot of work with Sun.
As for the IETF being an old boys/girls club...well, yeah. Welcome to politics. I think the IETF has generally been a reasonably equitable old boys club.
It is reasonably equitable until you actualy try to get things done. Look at DNSSEC, they have been trying to deploy the thing for ten years. In the meantime the.com zone has grown so large that the scaling bug in the design of the NXT record means that the protocol is not going to be deployed by the registrar for those zones without modification. A fix has been proposed for two years and has been agreed on the list. But the fix is currently blocked by secret discussions between the 'DNS Directorate' which is a closed and entirely unaccountable group. The not so obvious strategy being to delay OPT-IN until the DS flag day has gone through and then reject OPT-IN as requiring a flag day. Just about the only reason that strategy makes sense is if the IESG wants to delay DNSSEC for at least a year and risk a lawsuit.
On IPSEC the group is currently facing two problems that have been known for five years. First IPSEC was deliberately designed to make it impossible to use through NAT devices. I remember the comments in the WG at the time, people took it as a badge of honor to sabotage NAT - pretty lame when one of the major reasons NAT is needed is a design blunder by the IETF itself when it choose the IP address space to be smaller than the human population of the world - and on reliable authority this was done to allow an address to fit into a single register.
The other problem with IPSEC is that they ignored the problem of PKI and so we now have a wildly successful deployment of IPSEC for VPNs, a function which it is particularly ill suited for, and almost no extra-net or genuine internet deployment.
At any rate, I encourage people to do some digging themselves on this. I can't say that my experience is overly deep in this area, and I certainly haven't tried to design a protocol on top of BEEP, but based on what I know, BEEP looks like a pretty good idea.
I haven't tried to implement a protocol on top of BEEP either, and I am even less likely to do so given Marshall's outburst earlier in the thread.
My point about old boys network is that I have no confidence that BEEP is ready for prime time. I will not be confident until someone actually does build a protocol on top and demonstrates the bugs have been ironed out. HTTP looked pretty straightforward until people tried to use it.
The IETF is in severe danger of becomming irrelevant, as attendence at recent meetings is deonstrating. The much bigger problem with the IETF is that they really don't feel any responsibility to anyone but themselves. They take their role as supreme Internet standards body for granted.
The average IETFer has pretty much a slashdot mentality. They have plenty of contempt for technology have nots while curiously tollerating computing environments from the stone age. MIME is an IETF standard but send an attachment to an IETF mailing list and the old-fart faction complain that their antiquated mailer can't handle it. Send HTML mail and they will have appoplexy. (And if you think HTML is a bad idea I presume you read Slashdot in the no-graphics, plaintext mode).
The average IETFer does not think that they have an obligation to the community of Internet users or the vendors that support them. So holding up a protocol for a year while an AD who does not have a clue about security 'gets comfortable' with a security modification advocated by the Security ADs, well that is not a problem. Designing a protocol that breaks through NAT, well that is not a problem, and so on.
I am certainly not antithetical to the aims of the IETF. However there is a reason why I helped take the Web standards out of the IETF and set up W3C, there is also a reason why I am currently helping take standards from W3C to OASIS. There is a free market in standards bodies and the IETF is in dire need of a severe kick up the pants.
second, i have to praise this post for the way it seemlessly blends a
little bit of truth, a little bit of wisdom, along with a healthy amount
of ignorance and untruth. (my favorite untruth: marshall as the OSI
guy. the actual truth: marshall killed OSI in the IETF on November 4th,
1993 with the "roadkill in motion" speech.)
Ah so you are claiming that the Marshall Rose who wrote The Open Book : A Practical Perspective on Osi is a different Marshall T. Rose. No sorry, Marshall you made a major technical contribution to OSI, or at least he claimed to have done so on the jacket cover of the copy I read. You did not 'kill it' at the IETF, OSI was killed in the marketplace long before 1993. The speech had the impact it did precisely because you knew the OSI stack.
on the technical front: the beep specs use DTD not schema -- there
aren't any schema fragments in either rfc3080 or rfc3081
Well Duuuhhh read what I wrote. I checked the RFC just before posting and saw that. Schema may be 'ugly' as you put it, but none of the major XML programming platforms are based on DTDs, they are all based on schema. And BEEP is dead at Microsoft, Sun and IBM without schema, cold stone Deeeeeeaaaaadddd.
with beep, no one gets to argue those things any more (e.g., how to
frame packets), instead they get to go off and presumably argue things
specific to their application domain. (if folks want to understand the
reasoning behind this, check out rfc3117.)
No, we have a five minute argument on whether to use BEEP or not, reject it and carry on.
the sacred working group, that you're so pissed off about me cutting
into, is a perfect example. a bunch of guys focused on security issues,
trying to write an application protocol. sorry, wrong skill set.
I wrote a fair bit of HTTP, I don't think that you have the right to go arround saying who is and who is not competent to write application protocols. If you want to get into a reputaion war you are going to loose this one. I think that BEEP is very naive when it comes to the problems that arose when it came to layering application protocols on it. I suspect that like LDAP and X500, by the time BEEP has been extended enough to be useful it will look like HTTP.
if you're unhappy that i stuck my nose in your business, then all
i can suggest is you get more clueful in the application design space,
so "the management" doesn't feel they have to go out and get you
help. particularly help that you don't like, and especially help that
would rather be doing other things with other people
I only attended the one SACRED meeting and your comment on 'the management' is quite illustrative of the George W. Bush style crony-standards process the IETF is becomming notorious for.
finally, as far as web services go, well, let's just say that those guys
could learn a lot from what xerox did back in the early 80's. in a few
years, they may actually have something that works half as well as what
xerox did.../mtr
Standard old fart response 'we did it all twenty years ago sonny', 'and we did it better'. Yeah and you should have seen the anti-gravity machines we made twenty years ago.
I don't much care for the arrogance of the IETF 'management' as you call them. I certainly don't appreciate folk who think that they have the right to make the type of off-hand blanket pronouncements on other people's work that you and they make habittually without backing it up. Your Xerox comment is absolutely typical of IETF old fartism, you want to have the right to be dismissive, you don't have the technical arguments on your side. So instead of detailing a real technical issue you allude to an earlier system, the more obscure the better. The message: 'I am too important to have to justify my comments but I believe that you are not competent to work on this problem'.
Your comment on Web services only illustrates that you really don't understand what is going on, what people are trying to achieve or why previous efforts such as CORBA failled. I am not going to explain why or how Web Services are different because I am faaaar toooo important. I may not be old enough to have achieve old fart status but I can certainly play the part on the net.
Still you are right on one battle, if the IETF is to regain some relevance at the upper end of the protocol stack adopting XML as the way to author RFCs is the only way forward. However the IETF is going to have to do a lot more than produce its documents in a format that does not look like utter crap from a teletype before I am going to take any standards there. I want a genuinely open and geuinely transparent process. I want standards groups to complete in 18 months, not 10 years - and yes it is possible, the SAML group I was a member of developed the basic specs which have been adopted as the basis for liberty in 18 months.
The problem I have with Liberty is that Sun appear to be more focused on stopping Microsoft than on developing a product that is going to succeed on its own merits.
Ironically, passport started as a stop AOL Instant Messenger affair. So I don't think it is impossible that Passport and Liberty will eventually merge.
On a technical level this is certainly possible and if folk look hard at the underlying SAML spec that Liberty is based on you will notice that there is an interesting intersection between SAML and the GXA world.
I was one of the authors of the HTTP protocol and did some work on HTTP-NG so I am broadly sympathetic to BEEP. However there are a number of reasons why it is not having a huge impact, some political, some technical.
BEEP's main proponent, Marshall Rose was one of the main wheels in the OSI project. So much of the initial buzz came from his name alone. People were talking about the protocol before they read the drafts (oh yes that is normal for the IETF).
I do have a bunch of quibbles technically. First using XML is a good idea, Using the obsolete SGML DTD mechanism to describe the protocol sucks. I think Marshall started to suplement the DTD with schema fragments but that makes things worse, not better, we now have two specs in one document, the schema version which is what people will implement and the DTD version which is normative.
The other problem is that SGML is a real baaad choice for an encoding at that level. The main complaint about http is that the encoding is too verbose leading protocol exchanges to require multiple round packets instead of one. BEEP does not address that problem.
Politically BEEP has bigger problems, first being that IETF does not have as much influence as it might appear when it comes to promoting new protocols. There haven't been very many IETF protocols that started in IETF process and took off like wildfire in the past ten years. HTTP took off and was brought into IETF process, same with TLS (SSL). Most successful IETF protocols had a userbase before the working group was formed.
The problem with BEEP is that Marshall did not start with a constituency who had a problem that BEEP was the solution for. Instead he wrote the protocol and then went off looking for consumers. So we start to see Marshall popping up at random in working groups like SACRED peddling the BEEP Kool-Aid. The problem being that if you are doing a researchy protocol like SACRED the last thing you should be doing is layering it on someone else's research.
After this happened a few times Marshall started to alienate folk like myself who might be interested in BEEP as an option but certainly were not going to allow him to insert himself onto our critical path.
The other problem is the nature of the IETF these days. The problem is that they talk a good talk about being open and such, but it is really an old-boys club. The old-fart faction is strong on the IESG and IAB, they have known each other for 20 years and they don't want anyone messing with their turf.
In theory the IETF process is open. In practice there are a bunch of shadowy cliques who make the real decisions in private. BEEP got to RFC status in record time because it was proposed by an IETF insider. Problem is that the IESG does not have much influence with the people in the Web Services world which is where all the interest in XML based protocols is at the moment.
Most of the people I see at W3C and OASIS Web Services meetings have no IETF experience at all. Of those who do, none are IETF insiders and so an endorsement by the IESG does not have much force.
For BEEP to take off it really needs an endorsement by one of the heavy hitters of the Web Services world which basically means IBM. Microsoft or Sun. I don't think that is very likely because everyone knows that there is a lot of work to be done to make Web Services work and there is simply nothing to be gained by putting BEEP on the critical path. People are more interested nailing down WS-Security, SAML, XKMS, geting WSDL to work and such.
Hello CHINA:
How about getting the following the foundation for a high-tech economy?
1)-access to energy
2)-fair judicial system
3)-clean water
4)-enough food for its people
5)-uncorrupt governance
6)-educated people
7)-freedom of expression
HELLO George Bush!
How about getting the following the foundation for a high-tech economy?
1)-access to energy So stop your Enron buddies from bilking California 2)-fair judicial system So respect 'innocent until proven guilty' and drop your plans for tribunals and recognise that even alleged Taleban have the right to a lawyer. 3)-clean water So reverse your policy of letting people's water be poisoned with lead. 4)-enough food for its people Nah, can't complain about the US on this score you guys (and gals) are enormous, no wonder you need cars six times bigger than the rest of the world 5)-uncorrupt governance So sack all the people in your administration who are tainted by corrupt accounting, insider trading etc, oh and after Cheney and the rest have gone RESIGN yourself 6)-educated people So how about having people who got into Princeton on their ability rather than as a 'legacy' because pop went to the place? 7)-freedom of expression So stop trying to shut down sites like gwbush.com and stop trying to claim that criticisng his fraudulency is supporting Al Qaeda
Cheap? I don't think so. They manufacture some of the most high-end products available, such as medical scanners and high-end manufactoring equipment (equipment for making equipment
Back in the 1960s the charge was made that the Japaneese copied everything.
This lead to an oft repeated interview in which Robin Day of the BBC doorstepped the Japanese trade minister with an aleged Japanese copy of British ball bearings...
Looked like he had a case too, the ballbearings were identical!
SIX PERCENT PER YEAR!!! What country in the world, US included, is pulling a better AVERAGE? And what country has a better average growth rate in the 24 odd years since 1978???
Actually South Korea did - or closer o homw Taiwan! But the issue is from what base. It is much harder for the US to grow at a Clintonian 4% a years than it is for bingobongo land to double its domestic product by buying a second cow. China is pretty well developed these days.
The source of GOP angst is that China is large geographically and population wise and so will inevitably rival the US once its economy achieves roughly half the GNP per head of the US.
When the GOP bash Communist China their real fear is that China might actually take their advice and reform and so be placed to challenge the US economically in 2015 rather than 2020.
While the USSR economy went right into the tank after they ditched communism there is no reason to believe that China would do the same. In the first place China has been gradually adopting a market model for the past 15 years and has the basic infrastructure of capitalism in place. Secondly the USSR collapsed ecconomically before it abandoned communism and saw the economy go worse. China is not likely to fail economically. Thirdly, China is certain to learn from the USSR experience and reject the IMF advised crony capitalism model.
Get a grip. First, "all the jobs" didn't go to Mexico. You've been listening to far too much of the David Duke Radio Diatribe. During the 1990s, the United States enjoyed unprecidented prosperity, and in spite of our current recession, we're still the sole economic superpower on the planet by a tremendous margin.
Not even close, although the US has a lead in GDP it certainly isn't the sole superpower. The EU zone as a whole actually has a larger GDP.
Japan has a comparable GDP even in prolonged recession.
The US superpower status is military. The EU could match the US in military power if they were prepared to devote the same insane proportion of their budgets to military hardware. However doing that would cost the courtries their welfare state services which seems a lot to give up just to build weapons for the sake of it.
The bellyaching of the US right about China has nothing to do with human rights. The US right never gave a hang about human rights abuses by Pinochet, Marcos or the House of Saud. What they are really upset about is demographics and economics. It is a lot easier for a backward country to grow at 15% as it catches up than it is for a developed country to sustain 4% growth. The only way that China can fail to overtake the US in terms of economic power is to have a civil war and be broken into pieces. Same goes for India.
Bush and the cronies who control him could not give a damn about human rights or the Falun Gong. Their speeches about human rights and democracy are as hypocritical as their speeches on corporate responsibility - one of the chief Enron scam artist who bilked his division out of $15 million in bonuses while reporting $500 million is phony profits is still secretary for the army. If you think that fine speeches about democracy are worth anything I have a lorry load of Florida chads to sell you.
Military power follows economic power. China with a population four or five times that of the US could if it chose sustain a military the same size should it choose to do so. The militarist faction of the right can only understand prestige and power and cannot imagine that any country that has the option of building a superpower status military would give up the opportunity.
Fortunately most nations don't have the same inferiority complex that drives the US right. China, Germany, France, Britain have all done the empire bit and don't need to do it again.
I use a 1930s hollerith punch card tabulator running red hat Linux 5.4. Not only do I use it for all y computing needs, it also doubles as a workout center.
Being hand cranked it not only needs no electricity, but once you get through the boot sequence you can save the state of the machine by simply running the deck through a punch card duplicator.
I'm having a few difficulties getting the TCP/IP stack to work, I keep hitting timeouts and dropping connections.
So not only do I win the 'my computer hardware is more primitive than yours pissing contenst' I hereby demand that under rule 43 the other contestants prostrate themselves before me.
Internet protocols should be free to use - is that so difficult to understand? There would be NO INTERNET without the foundation of free protocols already in place. Evict those 3 members suggesting RAND from the W3C board.
The issue is not as simple as that.
First the real difference is not 'royalty free' vs RAND, it is between encumbered and non-encumbered. A patent license can be free but contain terms that are much more onerous to the end user than one that cost money.
The objective with the Web was to make the standards unencumbered to the greatest extent possible. That is why we made the CERN library public domain and rejected the GPL. We wanted Microsoft, IBM and other companies to be able to build on that code base.
The big proble with the original W3C patent policy was that the RF license was not the best way to ensure that standards ended up unencumbered. Most companies that contribute IP to a standard are going to want a reciprocal license to other IP that may be required. Otherwise you could have three companies contribute valuable IP to a standard and then have a fourth one come along right at the end and demand a huge payment for use of their patent while using the other parties IP free of charge. Or worse the copany might refuse cross licenses altogether and make the specification that was developed as an open standard into one that is effectively proprietary.
Under USPTO rules a patent applicant can add claims to an existing application after they read up on someone else's work. And the US courts have enforced the patents (see Lemelson, now gone to hell so we can say he was a swindler in the Arthur Andersen, Enron, WorldCom, Harken Oil, GWB league)
The other issue which is what the message was discussing was the case in which a specification can be implemented without any IP infringement problems but there are useful extensions that are encumbered.
In this case there are occasions where the use might be legitimate. For example XML Signature can be used with Eliptic Curve algorithms and some people insist that this is a good idea and they want to do it. Personally I think that ECC is a bad idea (as does Len Adelman), but being able to use the stuff is a legitimate thing to look for even though doing so is going to involve a royalty payment.
I mean, IE already does not respect the W3C standards as well as it should. And it is the dominant force on the net today.
Actually IE respected the W3C standards to a much greater extent than Netscape did. Opera is probably the most compliant browser at the moment, but that is because Hakon Lie the CTO of Opera is like myself ex W3C.
The problem at this point is that there is a gap between the specifications and the products and it is not easy to bridge it. The biggest problem with W3C has been that the standards have often taken years longer than they should to be finalized. But there have also been problems due to honest misreading of the specs, and sometimes ambiguous specs.
At the end of the day nobody is going to delay a product launch indefinitely while people debate a standard.
Microsoft believes they have patent rights relating to the ARB_vertex_program extension. They did not contribute to the extension, but are trying to be upfront about it.
In other words, OpenGL can function without the extension. This is not a blocking patent. If the group cannot get to satisfactory license terms the extension will be dropped.
This type of thing happens in all standards groups from time to time. And the right outcome is not always the same.
This is not Rambus style Patent smurfing where you patent an idea, propose it in a standards group and then at the last minute demand royalties. Nor is it patent trolling where someone looks at what a working group has done and makes a perjured patent application to grab the rights to the ideas.
The group itself is not getting up in a stew about the issue so it is unlikely that this is going to be a major problem. In cases of this sort the company with the IP works out whether they get their best return from making the IP free or trying to charge. In all but a handfull of cases the result is some sort of effectively free license.
There are cases in which people have IP that they think is valuable and they are not willing to license. But these are actually quite rare since most patents can be circumvented.
In this case it appears that Microsoft is offering an essentially free license. However making sure that things stay free means that unilateral disarmament is not the best policy. That is what the GPL is all about.
So in comon with most companies Microsoft are offering the technology on reciprocal license terms. In other words they will allow folk to use their tecnology if others provide access to theirs.
The minutes do not make it clear whether the terms are RAND and zero license fee or RAND with a charge. From the discussion it would appear to me that either the license is expected to be zero cost, or it is a group where there are lots of folk looking to profit from their patent portfolio.
So the huffing and puffing appears to me to be somewhat overdone.
International law does not allow the claim of new land during the extension of sea rights, so Sealand's sovereignty was safely "grandfathered" in
But Sealand is not land, it is a man made platform which under international law does not count for anything as far as territorial claims are concerned.
Slashdot Mirror
It is the trivial substitution of . for any of ., :: or -> that is the advantage. Instead of having to spend 30 seconds remembering whether something is a structure, a pointer or whatever each time you just hit the same key.
And yeeeessss this is not exactly rocket science, but add up the time saved from not having the compiler reject a change because of finger trouble and you have probably saved yourself 15 minutes or so over the course of the day.
More importantly for me, not having to piss arround with the C++ indirection operator guessing game means that I keep my train of thought focused on the problem I am trying to solve and not the makework introduced by the braindamage in the language.
There is probably a good deal of discussion about baseball which is more pointless. But just because most discussion in that vein is pointless does not mean that all of it is.
C++ was from the start a language with major difficulties. C had a bunch of problems that could only be fixed by taking bad ideas out of C, C++ took nothing out and added a lot more complexity in.
Java and C# both started from the premise that people wanted a good language for writing new code in and absolute backwards compatibility was not their principle concern. As a result C# has a switch statement that allows a compiler to catch the common programming error of forgetting the break statement, Java likewise avoids that problem (slightly differently). Both C# and Java eliminate buffer overrun errors which are the #1 cause of security problems and so it goes on.
But the main reason for using C# or Java is that you don't have the tortured aaa::b.c->d.e->g (x,y) syntax which is only necessary because in the dim and distant past much of the C and C++ core was coded as separate preprocessors.
As for the efficiency question, C# is certainly as fast as C++ if you use the compile on install option and for numeric stuff is quite a bit better as the compilers are optimised for the specific intel processors.
If you implement the .NET framework you can pretty quickly build the Web Services framework. Most of the Web Services support in .NET is bound up in the XML Serialization layer which uses the metadata supported in .NET to generate XML serialization and deserialization code directly from .NET classes.
OK so this is a trick that appeared in the LISP machine 15 years ago but none of the mainstream companies have supported it since - up to now.
Having tried to use the MSFT Web Services tools I decided that it would be easier to roll my own for my purposes (although since I bought the cheapo standard version of C# rather than the whole .NET studio that may just be I was doing things the hard way). However it is a heck of a lot easier to deal with XML in C# than in any other language I have used.
Can you name a single new technology that has appeared in UNIX in recent years that was not in VMS or MULTICS?
This type of argument is pure sophistry, either Microsoft are accused of stealling other peoples stuff (hard to do with open standards) or they are ignoring open standards.
Until WS-Security was proposed nobody had had any success with a transaction layer security enhancement. HTTPS failled, SHEN failled, PEM and MOSS failled. PGP and S/MIME had some success but they are limited to email.
Now nobody would claim WS-Security to be amazingly novel, however Microsoft, IBM and VeriSign have got the whole industry behind a spec in that niche which has never happened before.
As for all the 'nothing new has happened since Xerox' stuff, I suggest the people with that dellusion stop eating the mushrooms and go and use one of the things. OK so you can kinda sorta see the beginings of the ideas we use twenty years later, but they got as much wrong as they got right.
Absolutely, my company does two types of patent, defensive patents and serious ones. With defensive patents all we are trying to do is to make sure that no shit comes along and files a claim on the stuff we developed (which has happened repeatedly). We file those at the USPTO, but by the time any are granted we have usually committed to granting a royalty free license to use the stuff in a standards body.
If we have a real invention and think we may seriously demand royalty fees we also file in Europe and Japan, even if the invention is pretty US specific. The main reason we do that is for credibility. If you send someone a demand letter that cites a USPTO patent the recipient pretty much knows it is 95% certain to be extortion. If you can cite a European patent you have a heck of a lot more credibility.
If the IESG thought that it is strange that BEEP should be allowed to progress through the process at such a breakneck pace and then have ADs going round telling others they have to give reasons why they are not using it.
You are right about BEEP really being a transport layer protocol. Actually in the ISO model Marshall claims now to know nothing about it would be 'presentation'.
There are several reasons why such a layer is useful, the main one being that the old farts were not as clever as they think they were. TCP has a lot of problems and you often end up wanting a protocol layer to insulate your application from them. There are all sorts of hideous things that happen if you don't close out TCP/IP sessions correctly for instance which the Berkley sockets library won't fix for you.
The other reason people want a presentation layer is that TCP has pretty wierd performance characteristics. In the early days of the Internet you could litterally bring the system down by sending packets in faster than people could consume them. The solution to this was 'slow start' which essentially means that sessions start out at a slow speed and only ramp up the rate of packet submission as they get feedback indicating the recipient can handle it. All good stuff eh? Well yes but the parameters were set in the days of 300 baud modems and are completely inappropriate for broadband.
What this means is that once you set up a connection you really want to keep it going. That can be problematic however since simply serializing all your requests into one channel can get real ugly when you are interleaving 32 byte instant messages onto realtime video streams.
The way to fix a lot of these problems is to fix the TCP protocol. There is no technical reason why slow start could not be designed with memory so when you connect to CNN.com it remembers the speed it used last time. That would break the current RFC for the Internet standard but it is what a lot of vendors are actually doing on the quiet.
What the IESG and IAB do not get is that a lot of the Internet are regarding them as damage and routing arround them. The IETF is collectively working in interupt driven mode, people propose working groups, they do stuff in response. What I do not see is a group of people stepping back and examining the internet architecture as a whole and working out ways to improve it. We just have a bunch of incremental fixes.
In any IETF discussion the status quo is always accorded a ridiculously high status, even when it is clearly broken.
You miss the point about SGML encoding vs SGML data model. The SGML encoding of XML is simply an artifact. If you want to apply XML at that layer in the stack you should write a better encoding.
Are passwords ever sent through service providers?
Well your description of Kerberos is not quite right, a TGT is actually used to re-authenticate you to the KDC that issued it. You go to the KDC, get a TGT, then you go back to the KDC, give it the TGT and get back a ticket. The only time TGTs get flung arround is in some folks inter-realm stuff.
Assume that the Liberty people know all about security in Kerberos etc. and are not going to send passwords in the clear. The SAML group had at least eight or nine of the people who would appear on most informed peoples list of 'top 100 security protocol designers'.
Does it work for protocols other than HTTP?
SAML has an HTTP binding but the spec anticipates other bindings. We are currently working on a SOAP binding that uses WS-Security.
Who can set up providers?
I don't know, under SAML anyone can set up a server. It would be really nice to see a slashdot server for example.
Can multiple Service Providers requiring the same credentials without knowing the identity is the same?
SAML is designed to allow pseudonyms etc. In fact one of the original consumers for SAML was Shiboleth which is a single sign on system for academic libraries and such and so they have really big psuedonymity and anonymity requirements.
SAML does not provide Chaumian style cryptographic anonymity, but then again neither does Chaum for this application. I did discuss SAML with Chaum a few months ago and we conculded it was not an easy problem.
It is a very well founded observation based on many hours of contact with the people behind Liberty.
Microsoft also announced at the conference that they will be developing SAML under WS-Security, which is a group under Oasis (http://www.oasis-open.org).
I very much doubt they said that. I suspect that what they said is that they will be working with WS-Security group in OASIS so that WS-Security can carry SAML authentication assertions as WS-Security credentials, just as the SAML group has stated that they will be developing a WS-Security binding of SAML.
Microsoft has no control over the WS-Security group in OASIS and I don't believe that their people would make a public statement which implied they did. A Microsoft person is nominated to be a co-chair of the WS-Security working group but the working group decisions are taken by the TC members and the meetings run acording to Roberts rules of order. If Microsoft wanted a rubber stamp they would have done what everyone else does and taken the thing to ECMA or whatever.
However it is fairly obvious that some people wanted the SAML/WS-Security harmonization was going to happen given that the editor of the core SAML spec is also an author of the original WS-Security proposal.
That is not as usefull. What companies want is a way that people can login to a site without having to register.
The nytimes and the latimes do not really want to know all that much about individual readers, but they do want to be able to tell advertisers that 60% of readers come from zipcodes where 30% of households are in the A1 income bracket and such.
The yahoo and raging bull don't really give a monkeys about who you really are but they do need to be able to tell the SEC that they can at least tie a poster to an email address if necessary. Same at slashdot.
The identity business will work a lot better if the sites we log into do not need to maintain statistics at the level of the individual account.
OK in extremis someone might get litigious and file a lawsuit and get info from the identity broker, but that is likely to have a lot more safeguards for the individual if the identity is held by an identity broker for whom identity (and pseudonymity) is a business. It really does not take that big a threat for yahoo to rat you out. There is a lawsuit going on at the moment in Texas in which a company which has made less than $150K in revenues in any quarter for the past five years is suing visa over nasty statements one of their employees made about them on a Web site - the topic today is apparently claiming that the nasty statements cost the company over a billion dollars.
I have no idea if this is what Liberty will eventually end up doing but I know how SAML could be used to achieve that.
PS I predict that if Liberty would let up on the anti-Microsoft hecktoring for a few months we could actually broker a union of Passport/Liberty and make them at least interoperable at a certain level.
Liberty is based on SAML which is largely based on earlier research work I did.
If Liberty are to be successful they need to forget about what Microsoft is up to and just work on making their system the best it can be.
Hah, the only time Henrik talks this way is after too many blue drinks with Mario.
I am not one of the Editors, I am listed as a principal contributor before the group members.
I've met most of you, and like all of you, but quite frankly, at least one of you has a conflict of interest when it comes to opining on BEEP.
Not so in my case, I was not big into HTTP-NG, I was not involved in DIME or Multiplex. I am not HFN which should be bloody obvious if you know him. However I am a friend and my company does a lot of work with his (Microsoft), but I also do a lot of work with Sun.
As for the IETF being an old boys/girls club...well, yeah. Welcome to politics. I think the IETF has generally been a reasonably equitable old boys club.
It is reasonably equitable until you actualy try to get things done. Look at DNSSEC, they have been trying to deploy the thing for ten years. In the meantime the .com zone has grown so large that the scaling bug in the design of the NXT record means that the protocol is not going to be deployed by the registrar for those zones without modification. A fix has been proposed for two years and has been agreed on the list. But the fix is currently blocked by secret discussions between the 'DNS Directorate' which is a closed and entirely unaccountable group. The not so obvious strategy being to delay OPT-IN until the DS flag day has gone through and then reject OPT-IN as requiring a flag day. Just about the only reason that strategy makes sense is if the IESG wants to delay DNSSEC for at least a year and risk a lawsuit.
On IPSEC the group is currently facing two problems that have been known for five years. First IPSEC was deliberately designed to make it impossible to use through NAT devices. I remember the comments in the WG at the time, people took it as a badge of honor to sabotage NAT - pretty lame when one of the major reasons NAT is needed is a design blunder by the IETF itself when it choose the IP address space to be smaller than the human population of the world - and on reliable authority this was done to allow an address to fit into a single register.
The other problem with IPSEC is that they ignored the problem of PKI and so we now have a wildly successful deployment of IPSEC for VPNs, a function which it is particularly ill suited for, and almost no extra-net or genuine internet deployment.
At any rate, I encourage people to do some digging themselves on this. I can't say that my experience is overly deep in this area, and I certainly haven't tried to design a protocol on top of BEEP, but based on what I know, BEEP looks like a pretty good idea.
I haven't tried to implement a protocol on top of BEEP either, and I am even less likely to do so given Marshall's outburst earlier in the thread.
My point about old boys network is that I have no confidence that BEEP is ready for prime time. I will not be confident until someone actually does build a protocol on top and demonstrates the bugs have been ironed out. HTTP looked pretty straightforward until people tried to use it.
The IETF is in severe danger of becomming irrelevant, as attendence at recent meetings is deonstrating. The much bigger problem with the IETF is that they really don't feel any responsibility to anyone but themselves. They take their role as supreme Internet standards body for granted.
The average IETFer has pretty much a slashdot mentality. They have plenty of contempt for technology have nots while curiously tollerating computing environments from the stone age. MIME is an IETF standard but send an attachment to an IETF mailing list and the old-fart faction complain that their antiquated mailer can't handle it. Send HTML mail and they will have appoplexy. (And if you think HTML is a bad idea I presume you read Slashdot in the no-graphics, plaintext mode).
The average IETFer does not think that they have an obligation to the community of Internet users or the vendors that support them. So holding up a protocol for a year while an AD who does not have a clue about security 'gets comfortable' with a security modification advocated by the Security ADs, well that is not a problem. Designing a protocol that breaks through NAT, well that is not a problem, and so on.
I am certainly not antithetical to the aims of the IETF. However there is a reason why I helped take the Web standards out of the IETF and set up W3C, there is also a reason why I am currently helping take standards from W3C to OASIS. There is a free market in standards bodies and the IETF is in dire need of a severe kick up the pants.
Ah so you are claiming that the Marshall Rose who wrote The Open Book : A Practical Perspective on Osi is a different Marshall T. Rose. No sorry, Marshall you made a major technical contribution to OSI, or at least he claimed to have done so on the jacket cover of the copy I read. You did not 'kill it' at the IETF, OSI was killed in the marketplace long before 1993. The speech had the impact it did precisely because you knew the OSI stack.
on the technical front: the beep specs use DTD not schema -- there aren't any schema fragments in either rfc3080 or rfc3081
Well Duuuhhh read what I wrote. I checked the RFC just before posting and saw that. Schema may be 'ugly' as you put it, but none of the major XML programming platforms are based on DTDs, they are all based on schema. And BEEP is dead at Microsoft, Sun and IBM without schema, cold stone Deeeeeeaaaaadddd.
with beep, no one gets to argue those things any more (e.g., how to frame packets), instead they get to go off and presumably argue things specific to their application domain. (if folks want to understand the reasoning behind this, check out rfc3117.)
No, we have a five minute argument on whether to use BEEP or not, reject it and carry on.
the sacred working group, that you're so pissed off about me cutting into, is a perfect example. a bunch of guys focused on security issues, trying to write an application protocol. sorry, wrong skill set.
I wrote a fair bit of HTTP, I don't think that you have the right to go arround saying who is and who is not competent to write application protocols. If you want to get into a reputaion war you are going to loose this one. I think that BEEP is very naive when it comes to the problems that arose when it came to layering application protocols on it. I suspect that like LDAP and X500, by the time BEEP has been extended enough to be useful it will look like HTTP.
if you're unhappy that i stuck my nose in your business, then all i can suggest is you get more clueful in the application design space, so "the management" doesn't feel they have to go out and get you help. particularly help that you don't like, and especially help that would rather be doing other things with other people
I only attended the one SACRED meeting and your comment on 'the management' is quite illustrative of the George W. Bush style crony-standards process the IETF is becomming notorious for.
finally, as far as web services go, well, let's just say that those guys could learn a lot from what xerox did back in the early 80's. in a few years, they may actually have something that works half as well as what xerox did... /mtr
Standard old fart response 'we did it all twenty years ago sonny', 'and we did it better'. Yeah and you should have seen the anti-gravity machines we made twenty years ago.
I don't much care for the arrogance of the IETF 'management' as you call them. I certainly don't appreciate folk who think that they have the right to make the type of off-hand blanket pronouncements on other people's work that you and they make habittually without backing it up. Your Xerox comment is absolutely typical of IETF old fartism, you want to have the right to be dismissive, you don't have the technical arguments on your side. So instead of detailing a real technical issue you allude to an earlier system, the more obscure the better. The message: 'I am too important to have to justify my comments but I believe that you are not competent to work on this problem'.
Your comment on Web services only illustrates that you really don't understand what is going on, what people are trying to achieve or why previous efforts such as CORBA failled. I am not going to explain why or how Web Services are different because I am faaaar toooo important. I may not be old enough to have achieve old fart status but I can certainly play the part on the net.
Still you are right on one battle, if the IETF is to regain some relevance at the upper end of the protocol stack adopting XML as the way to author RFCs is the only way forward. However the IETF is going to have to do a lot more than produce its documents in a format that does not look like utter crap from a teletype before I am going to take any standards there. I want a genuinely open and geuinely transparent process. I want standards groups to complete in 18 months, not 10 years - and yes it is possible, the SAML group I was a member of developed the basic specs which have been adopted as the basis for liberty in 18 months.
Ironically, passport started as a stop AOL Instant Messenger affair. So I don't think it is impossible that Passport and Liberty will eventually merge.
On a technical level this is certainly possible and if folk look hard at the underlying SAML spec that Liberty is based on you will notice that there is an interesting intersection between SAML and the GXA world.
BEEP's main proponent, Marshall Rose was one of the main wheels in the OSI project. So much of the initial buzz came from his name alone. People were talking about the protocol before they read the drafts (oh yes that is normal for the IETF).
I do have a bunch of quibbles technically. First using XML is a good idea, Using the obsolete SGML DTD mechanism to describe the protocol sucks. I think Marshall started to suplement the DTD with schema fragments but that makes things worse, not better, we now have two specs in one document, the schema version which is what people will implement and the DTD version which is normative.
The other problem is that SGML is a real baaad choice for an encoding at that level. The main complaint about http is that the encoding is too verbose leading protocol exchanges to require multiple round packets instead of one. BEEP does not address that problem.
Politically BEEP has bigger problems, first being that IETF does not have as much influence as it might appear when it comes to promoting new protocols. There haven't been very many IETF protocols that started in IETF process and took off like wildfire in the past ten years. HTTP took off and was brought into IETF process, same with TLS (SSL). Most successful IETF protocols had a userbase before the working group was formed.
The problem with BEEP is that Marshall did not start with a constituency who had a problem that BEEP was the solution for. Instead he wrote the protocol and then went off looking for consumers. So we start to see Marshall popping up at random in working groups like SACRED peddling the BEEP Kool-Aid. The problem being that if you are doing a researchy protocol like SACRED the last thing you should be doing is layering it on someone else's research.
After this happened a few times Marshall started to alienate folk like myself who might be interested in BEEP as an option but certainly were not going to allow him to insert himself onto our critical path.
The other problem is the nature of the IETF these days. The problem is that they talk a good talk about being open and such, but it is really an old-boys club. The old-fart faction is strong on the IESG and IAB, they have known each other for 20 years and they don't want anyone messing with their turf.
In theory the IETF process is open. In practice there are a bunch of shadowy cliques who make the real decisions in private. BEEP got to RFC status in record time because it was proposed by an IETF insider. Problem is that the IESG does not have much influence with the people in the Web Services world which is where all the interest in XML based protocols is at the moment.
Most of the people I see at W3C and OASIS Web Services meetings have no IETF experience at all. Of those who do, none are IETF insiders and so an endorsement by the IESG does not have much force.
For BEEP to take off it really needs an endorsement by one of the heavy hitters of the Web Services world which basically means IBM. Microsoft or Sun. I don't think that is very likely because everyone knows that there is a lot of work to be done to make Web Services work and there is simply nothing to be gained by putting BEEP on the critical path. People are more interested nailing down WS-Security, SAML, XKMS, geting WSDL to work and such.
And what would WWI or WWII have to do with the Republican party? It was FDR's democrats who recognized the threat of NAZIsm.
The people who plotted the coup that installed Pinochet's murderous regime did not save civilization from the NAZIs.
HELLO George Bush!
How about getting the following the foundation for a high-tech economy?
1)-access to energy So stop your Enron buddies from bilking California
2)-fair judicial system So respect 'innocent until proven guilty' and drop your plans for tribunals and recognise that even alleged Taleban have the right to a lawyer.
3)-clean water So reverse your policy of letting people's water be poisoned with lead.
4)-enough food for its people Nah, can't complain about the US on this score you guys (and gals) are enormous, no wonder you need cars six times bigger than the rest of the world
5)-uncorrupt governance So sack all the people in your administration who are tainted by corrupt accounting, insider trading etc, oh and after Cheney and the rest have gone RESIGN yourself
6)-educated people So how about having people who got into Princeton on their ability rather than as a 'legacy' because pop went to the place?
7)-freedom of expression
So stop trying to shut down sites like gwbush.com and stop trying to claim that criticisng his fraudulency is supporting Al Qaeda
Back in the 1960s the charge was made that the Japaneese copied everything.
This lead to an oft repeated interview in which Robin Day of the BBC doorstepped the Japanese trade minister with an aleged Japanese copy of British ball bearings...
Looked like he had a case too, the ballbearings were identical!
Actually South Korea did - or closer o homw Taiwan! But the issue is from what base. It is much harder for the US to grow at a Clintonian 4% a years than it is for bingobongo land to double its domestic product by buying a second cow. China is pretty well developed these days.
The source of GOP angst is that China is large geographically and population wise and so will inevitably rival the US once its economy achieves roughly half the GNP per head of the US.
When the GOP bash Communist China their real fear is that China might actually take their advice and reform and so be placed to challenge the US economically in 2015 rather than 2020.
While the USSR economy went right into the tank after they ditched communism there is no reason to believe that China would do the same. In the first place China has been gradually adopting a market model for the past 15 years and has the basic infrastructure of capitalism in place. Secondly the USSR collapsed ecconomically before it abandoned communism and saw the economy go worse. China is not likely to fail economically. Thirdly, China is certain to learn from the USSR experience and reject the IMF advised crony capitalism model.
Not even close, although the US has a lead in GDP it certainly isn't the sole superpower. The EU zone as a whole actually has a larger GDP. Japan has a comparable GDP even in prolonged recession.
The US superpower status is military. The EU could match the US in military power if they were prepared to devote the same insane proportion of their budgets to military hardware. However doing that would cost the courtries their welfare state services which seems a lot to give up just to build weapons for the sake of it.
The bellyaching of the US right about China has nothing to do with human rights. The US right never gave a hang about human rights abuses by Pinochet, Marcos or the House of Saud. What they are really upset about is demographics and economics. It is a lot easier for a backward country to grow at 15% as it catches up than it is for a developed country to sustain 4% growth. The only way that China can fail to overtake the US in terms of economic power is to have a civil war and be broken into pieces. Same goes for India.
Bush and the cronies who control him could not give a damn about human rights or the Falun Gong. Their speeches about human rights and democracy are as hypocritical as their speeches on corporate responsibility - one of the chief Enron scam artist who bilked his division out of $15 million in bonuses while reporting $500 million is phony profits is still secretary for the army. If you think that fine speeches about democracy are worth anything I have a lorry load of Florida chads to sell you.
Military power follows economic power. China with a population four or five times that of the US could if it chose sustain a military the same size should it choose to do so. The militarist faction of the right can only understand prestige and power and cannot imagine that any country that has the option of building a superpower status military would give up the opportunity.
Fortunately most nations don't have the same inferiority complex that drives the US right. China, Germany, France, Britain have all done the empire bit and don't need to do it again.
I use a 1930s hollerith punch card tabulator running red hat Linux 5.4. Not only do I use it for all y computing needs, it also doubles as a workout center. Being hand cranked it not only needs no electricity, but once you get through the boot sequence you can save the state of the machine by simply running the deck through a punch card duplicator. I'm having a few difficulties getting the TCP/IP stack to work, I keep hitting timeouts and dropping connections. So not only do I win the 'my computer hardware is more primitive than yours pissing contenst' I hereby demand that under rule 43 the other contestants prostrate themselves before me.
The issue is not as simple as that.
First the real difference is not 'royalty free' vs RAND, it is between encumbered and non-encumbered. A patent license can be free but contain terms that are much more onerous to the end user than one that cost money.
The objective with the Web was to make the standards unencumbered to the greatest extent possible. That is why we made the CERN library public domain and rejected the GPL. We wanted Microsoft, IBM and other companies to be able to build on that code base.
The big proble with the original W3C patent policy was that the RF license was not the best way to ensure that standards ended up unencumbered. Most companies that contribute IP to a standard are going to want a reciprocal license to other IP that may be required. Otherwise you could have three companies contribute valuable IP to a standard and then have a fourth one come along right at the end and demand a huge payment for use of their patent while using the other parties IP free of charge. Or worse the copany might refuse cross licenses altogether and make the specification that was developed as an open standard into one that is effectively proprietary.
Under USPTO rules a patent applicant can add claims to an existing application after they read up on someone else's work. And the US courts have enforced the patents (see Lemelson, now gone to hell so we can say he was a swindler in the Arthur Andersen, Enron, WorldCom, Harken Oil, GWB league)
The other issue which is what the message was discussing was the case in which a specification can be implemented without any IP infringement problems but there are useful extensions that are encumbered.
In this case there are occasions where the use might be legitimate. For example XML Signature can be used with Eliptic Curve algorithms and some people insist that this is a good idea and they want to do it. Personally I think that ECC is a bad idea (as does Len Adelman), but being able to use the stuff is a legitimate thing to look for even though doing so is going to involve a royalty payment.
Actually IE respected the W3C standards to a much greater extent than Netscape did. Opera is probably the most compliant browser at the moment, but that is because Hakon Lie the CTO of Opera is like myself ex W3C.
The problem at this point is that there is a gap between the specifications and the products and it is not easy to bridge it. The biggest problem with W3C has been that the standards have often taken years longer than they should to be finalized. But there have also been problems due to honest misreading of the specs, and sometimes ambiguous specs.
At the end of the day nobody is going to delay a product launch indefinitely while people debate a standard.
In other words, OpenGL can function without the extension. This is not a blocking patent. If the group cannot get to satisfactory license terms the extension will be dropped.
This type of thing happens in all standards groups from time to time. And the right outcome is not always the same.
This is not Rambus style Patent smurfing where you patent an idea, propose it in a standards group and then at the last minute demand royalties. Nor is it patent trolling where someone looks at what a working group has done and makes a perjured patent application to grab the rights to the ideas.
The group itself is not getting up in a stew about the issue so it is unlikely that this is going to be a major problem. In cases of this sort the company with the IP works out whether they get their best return from making the IP free or trying to charge. In all but a handfull of cases the result is some sort of effectively free license.
There are cases in which people have IP that they think is valuable and they are not willing to license. But these are actually quite rare since most patents can be circumvented.
In this case it appears that Microsoft is offering an essentially free license. However making sure that things stay free means that unilateral disarmament is not the best policy. That is what the GPL is all about.
So in comon with most companies Microsoft are offering the technology on reciprocal license terms. In other words they will allow folk to use their tecnology if others provide access to theirs.
The minutes do not make it clear whether the terms are RAND and zero license fee or RAND with a charge. From the discussion it would appear to me that either the license is expected to be zero cost, or it is a group where there are lots of folk looking to profit from their patent portfolio.
So the huffing and puffing appears to me to be somewhat overdone.
But Sealand is not land, it is a man made platform which under international law does not count for anything as far as territorial claims are concerned.