The problem is, although you _can_ do this, it's not a supported setting, and will cause a lot of things to break (namely the things people rely on IIS for in the first place).
SOAP is an overbloated implementation of XMLRPC. XMLRPC is nice for simple RPC, CORBA is nice for an OO architecture. SOAP is nice for document transfer but not much else.
I like XMLRPC because I can have Flash communicate with my Perl modules.
Dumping IIS because of a few security holes is really fucking stupid for a ton of reasons that I don't even have time to go into.
****
It's not the holes, it's the policy. IIS runs as LocalSystem by default. ANY breakage in IIS leads to a full system compromise. With Apache, since it runs as it's own user, usually there is very little damage from a compromise. If you fully compromise Apache with normal security settings:
* You still can't modify people's files
* You can't even modify the apache config files
The only exception is that if it is running Active Content, you can do anything that the active content can do. That's problematic, but nowhere near the problems of a full system compromise.
Now, I'm no anti-any OS, I like them all, but what about the latest Sendmail vuln?
****
Most people who complain about Microsoft being crap also complain about Sendmail and Bind being crap as well. That includes me. That's why I run Postfix and let others handle DNS for me.
"making your browser W3c compliant doesn't help much."
It helps a _lot_. Simply having a W3C compliant browser gives web developers a real reason to write compliant pages. IE isn't too far off, and you can write fully-standardized pages pretty easily in XHTML that render fine in both IE and Mozilla.
Who cares if it convinces IE users to switch? The goal is to be better, not convince people that it's better. It has a large userbase already - it doesn't need more people to justify its existence. Sure, more people would be nice, but it's unnecessary.
You're missing the point - you _can't_ protect yourself from incoming traffic. Period. Even if _you_ block it with a router or firewall, it has still come into the ISP and you are billed for it.
I think R & D will start to spread out over open-source projects. Businesses will contribute to open-source projects because it's cheaper than doing R&D themselves, yet yields similar results. Because we're all working together, this will cause a major increase in tech, I think.
Smart companies will be the ones capitalizing on open-source and repackaging OSS as solutions.
I'm offended. I certainly don't wait for things like this vulnerability to trash sendmail. I try to do it at least once daily whether I need to or not.
Here here! Someone with their head on straight. Let me also add to this that when relational technology took hold, it was NOT because it was faster. In fact, at that time, relational databases were 50 TIMES SLOWER than the current hierarchical databases. The performance gap has narrowed, but the reasons for choosing relational remain the same. The industry at that time realized that the benefits of relational technology was much more important than speed, and hopefully we'll come to the same decision again. Those reasons include:
* the separation between _logical_ and _physical_ layers of the database - the DBA controls physical record layout and indices, while the database designer and applications have access to the logical layers. This way they can do their roles independently of each other.
* the ability for the data model to change without affecting the applications. Using VIEWS - you can do quite a bit of modification to the underlying data model, but applications using the older one will still run if the DBA sets up a view.
* the ability to do arbitrary querys on the data
* The ability to set up views to handle more complex interactions. For example, in a mail system I've written, we have a table for campaigns with a sent/not-sent flag, a list of addresses, and three layers of do-not-send lists. We then have a single view which puts all of this together and gets the list of addresses which need to be sent to. This is a view on top of several views.
I'm sure I'm missing some others, too. Basically, a relational database system is a gigantic inference engine when designed appropriately.
Or, as I often have to tell Microsoft-users - it's not a feature, it's a bug. Usually referring to the fact that you can embed Flash in an email in such a way that it Outlook doesn't ask you if you're sure you want to use flash. Windows people think this is a great feature, and don't understand the security risks involved in running arbitrary OLE objects on your computer without your permission.
"Google, when it's 'reading' a page, is having a bot spider it. If google is spidering a page and comes across a link to a page it has not 'read', then it follows the link, spiders the page, and includes it in the index."
I don't think it does so for links outside the current domain.
I think the timing could be worked out, for example, either saying something like 2-3 years after patent is granted, or 2-3 years after market, with a maximum of 6 years no matter what.
15 years is waaaaay too long.
Also, do you think the time-to-market might be shortened if you knew you had a more limited time?
What I found particularly cool about their algorithm was that they can return results for pages that google has not read. If there is a link to a page google has not read on a page that google is reading, it can still return results to the unread page based on the context of the link, and the popularity of the link on other pages. Really nifty stuff.
Slashdot Mirror
The problem is, although you _can_ do this, it's not a supported setting, and will cause a lot of things to break (namely the things people rely on IIS for in the first place).
SOAP is an overbloated implementation of XMLRPC. XMLRPC is nice for simple RPC, CORBA is nice for an OO architecture. SOAP is nice for document transfer but not much else.
I like XMLRPC because I can have Flash communicate with my Perl modules.
Dumping IIS because of a few security holes is really fucking stupid for a ton of reasons that I don't even have time to go into.
****
It's not the holes, it's the policy. IIS runs as LocalSystem by default. ANY breakage in IIS leads to a full system compromise. With Apache, since it runs as it's own user, usually there is very little damage from a compromise. If you fully compromise Apache with normal security settings:
* You still can't modify people's files
* You can't even modify the apache config files
The only exception is that if it is running Active Content, you can do anything that the active content can do. That's problematic, but nowhere near the problems of a full system compromise.
Now, I'm no anti-any OS, I like them all, but what about the latest Sendmail vuln?
****
Most people who complain about Microsoft being crap also complain about Sendmail and Bind being crap as well. That includes me. That's why I run Postfix and let others handle DNS for me.
What's wrong with the layout? I went there with Mozilla and it looked fine to me, except for a slight shift to the left, but no big deal.
"making your browser W3c compliant doesn't help much."
It helps a _lot_. Simply having a W3C compliant browser gives web developers a real reason to write compliant pages. IE isn't too far off, and you can write fully-standardized pages pretty easily in XHTML that render fine in both IE and Mozilla.
"This way, all of us will win; online banking and shopping will work on all browsers."
It already does for the most part - I haven't been anywhere where Mozilla/Linux doesn't work.
you're right, they care about web pages looking good in the browser they choose to use. How do you get that? Oh yeah, standards compliance.
In addition, CSS2 and DOM standards go a long way to enabling web developers to do Very Cool Things (tm)
Who cares if it convinces IE users to switch? The goal is to be better, not convince people that it's better. It has a large userbase already - it doesn't need more people to justify its existence. Sure, more people would be nice, but it's unnecessary.
You're missing the point - you _can't_ protect yourself from incoming traffic. Period. Even if _you_ block it with a router or firewall, it has still come into the ISP and you are billed for it.
" ...and this vision will be seen only whilst wearing our rose tinted spectactles."
This vision is already being seen.
I think R & D will start to spread out over open-source projects. Businesses will contribute to open-source projects because it's cheaper than doing R&D themselves, yet yields similar results. Because we're all working together, this will cause a major increase in tech, I think.
Smart companies will be the ones capitalizing on open-source and repackaging OSS as solutions.
I'm offended. I certainly don't wait for things like this vulnerability to trash sendmail. I try to do it at least once daily whether I need to or not.
"if the ISP charges for sent email, what prevents a spammer from starting an ISP? "
The _destination_ ISP charges.
Here here! Someone with their head on straight. Let me also add to this that when relational technology took hold, it was NOT because it was faster. In fact, at that time, relational databases were 50 TIMES SLOWER than the current hierarchical databases. The performance gap has narrowed, but the reasons for choosing relational remain the same. The industry at that time realized that the benefits of relational technology was much more important than speed, and hopefully we'll come to the same decision again. Those reasons include:
* the separation between _logical_ and _physical_ layers of the database - the DBA controls physical record layout and indices, while the database designer and applications have access to the logical layers. This way they can do their roles independently of each other.
* the ability for the data model to change without affecting the applications. Using VIEWS - you can do quite a bit of modification to the underlying data model, but applications using the older one will still run if the DBA sets up a view.
* the ability to do arbitrary querys on the data
* The ability to set up views to handle more complex interactions. For example, in a mail system I've written, we have a table for campaigns with a sent/not-sent flag, a list of addresses, and three layers of do-not-send lists. We then have a single view which puts all of this together and gets the list of addresses which need to be sent to. This is a view on top of several views.
I'm sure I'm missing some others, too. Basically, a relational database system is a gigantic inference engine when designed appropriately.
Touchy aren't we?
Or, as I often have to tell Microsoft-users - it's not a feature, it's a bug. Usually referring to the fact that you can embed Flash in an email in such a way that it Outlook doesn't ask you if you're sure you want to use flash. Windows people think this is a great feature, and don't understand the security risks involved in running arbitrary OLE objects on your computer without your permission.
"Google, when it's 'reading' a page, is having a bot spider it. If google is spidering a page and comes across a link to a page it has not 'read', then it follows the link, spiders the page, and includes it in the index."
I don't think it does so for links outside the current domain.
I think the timing could be worked out, for example, either saying something like 2-3 years after patent is granted, or 2-3 years after market, with a maximum of 6 years no matter what.
15 years is waaaaay too long.
Also, do you think the time-to-market might be shortened if you knew you had a more limited time?
Unfortunately in technology the usefulness is gone long before the patent expires.
If we had 2 or 3-year patents, I think that would be much better.
What I found particularly cool about their algorithm was that they can return results for pages that google has not read. If there is a link to a page google has not read on a page that google is reading, it can still return results to the unread page based on the context of the link, and the popularity of the link on other pages. Really nifty stuff.
have you tried Maxima? I'm curious what you thought about it.
"Why not learn a language to a level of proficiency that you can use it well and adopt to the problems?"
Most languages, at least the ones worth knowing, have features simply not available elsewhere, or at least not available to as useful of a degree.
For example, if I need something which has compile-time policy classes, I'll use C++.
If I want something that is excellent at text manipulation, I will _only_ use Perl.
If I need advanced flow control semantics, I need to use a functional language like Scheme or SML that has continuation support.
Most of the time it's nice to have closures, but they don't exist in C or C++, which are often required.
For simple SQL web-based apps, PHP can't be beat.
For doing Mathematics, where you have very complicated constant quantities, you need a specialized language.
Anyway, there are a _lot_ of non-trivial differences between languages, and language choice really makes a difference in implementation time.
Have you tried Maxima? http://maxima.sourceforge.net/
I'm curious if you've ever used Maxima (maxima.sourceforge.net), and, if so, what you think it's good for.