Apache admins who read the watchfire paper felt fairly safe as its technique only resulted in limited effects to Apache. The technique described simply used multiple Content-Length headers, which Apache effectively handled. This modified technique incorporates the use of chunked encoding to open Apache up to the wider effects that other servers experienced with the simpler exploit. After reading this, Apache admins should plot their upgrades in short order.
Unlike roads and street lights, internet access has significant free-speech issues. Can I offer products for sale? Can I use it to browse pr0n? Can I use muni-wireless to host an evangelical church website? Can the government roll out VoIP and compete with the local phone companies?
I'm a Fundie. A "young-earth" Fundie, even. Here's the thing - the/. crowd quickly criticizes the Creationists / Creation Scientists / Intelligent Design folks for ignoring or wishing away a raft of science. Here's my reasoning why I don't feel this is a Big Deal.
I believe that a while ago a guy died, stayed dead for three days, came back to life, hung out for a month, and then ascended off the planet. All of our best science says that people don't spontaneously resurrect from the dead. Science also says people can't fly - especially while wearing a biblical era tunic.
I value science, as most or all of my Fundie buddies do. We just challenge some basic assumptions. One assumption we challenge is that God must operate within the bounds of science - in other words, that God cannot perform "miracles".
I believe the resurrection story. Why? Because I've become convinced that God can and did do something special - different that what we normally observe in science.
So here's my question back to the non-creationists. If it's socially acceptable (at least for now) to believe that Jesus died and was resurrected, against the logic of all available science, why is it so socially unacceptable to be convinced that God did something special at the beginning of time? Given that I already believe God exists and that he performed a miracle with Jesus, what's the big difference in believing that God performed a miracle a few thousand years ago?
I believe the answer to this question is that many who would seek to discredit the creation story in the bible hold a position predicated on the belief that God doesn't exist - a position that the same modern science rightly does not take.
Call me flaimbait, but I'd prefer a subscription model for all my OS's and major software. Factoring in security updates and feature enhancement, I'd rather see a continuous model of updates, and get out of the packaged version model (RH7, RHEL 3, Win2K, XP Home). Such incremental updates should occur at all levels - BIOS to kernel to OS services to userspace. This way, updating would become a standard course of events, rather than a somewhat rare occurance. In doing so, the act of updating would lose some of its risk, which is Good for Grandma (tm).
For an OS (commercial or Free), I'd pay $5 per month per machine for this. I already spend about $120 every other year for my Windows boxen anyway.
That's because you shouldn't put your entire "frame" into a buffer in the first place.
Declaring the size of a frame (i.e. Content-Length) doesn't force you to consume the frame as a whole. You still have the choice to stream in the data. However, it does allow you to consume the frame as a whole if it makes sense for your application.
By not including a Content-Length equivalent (and a Content-Type equivalent for that matter), XMPP cannot become a de facto standard protocol for message oriented applications. These two features are exactly why people use HTTP in all sorts of bass-akward ways that it wasn't designed for (::cough:: SOAP::cough::). Content-Length allows for efficient message delineation no matter the message body format, and Content-Type allows the IO layer to delegate the handling of a message body to an appropriate parser (SAX, DOM, JPEG,.doc, whatever).
I've looked into BEEP, which suffers from feature overload and lack of uptake; XMPP which is XML only and not useful for passing mixed media messages (e.g. JPEGs); HTTP which imposes a strict client/server mapping to request/response; and SCTP which is attractive but also suffers from a lack of uptake.
I need a protocol stack with these features:
Connection oriented
Message oriented
Encrypted and authenticated (SSL is easy, and therefore TCP)
Easily extensible into multiple "application messages suites"
Allows for a peer-to-peer relationship at the application level (either side can initiate message exchanges over the connection).
Out of order responses to requests.
What I want can be described as HTTP syntax, on a long term connection with both sides able to submit a request; the responses to multiple requests can be sent in any order; and the body of a message can by any binary data.
Some of the biggest personal income in the development realm comes from custom applications. Just look at all the e-commerce startups that are out there making buckets on small custom apps for specific projects. This is the type of application that makes Delphi shine.
Sure, it's not *great* for huge projects, and it's pretty poor for the typical Open Source app, but for throwing together rapid apps for minor database access and such, it's perfect.
Slashdot Mirror
Apache admins who read the watchfire paper felt fairly safe as its technique only resulted in limited effects to Apache. The technique described simply used multiple Content-Length headers, which Apache effectively handled. This modified technique incorporates the use of chunked encoding to open Apache up to the wider effects that other servers experienced with the simpler exploit. After reading this, Apache admins should plot their upgrades in short order.
I'm a Fundie. A "young-earth" Fundie, even. Here's the thing - the /. crowd quickly criticizes the Creationists / Creation Scientists / Intelligent Design folks for ignoring or wishing away a raft of science. Here's my reasoning why I don't feel this is a Big Deal.
I believe that a while ago a guy died, stayed dead for three days, came back to life, hung out for a month, and then ascended off the planet. All of our best science says that people don't spontaneously resurrect from the dead. Science also says people can't fly - especially while wearing a biblical era tunic.
I value science, as most or all of my Fundie buddies do. We just challenge some basic assumptions. One assumption we challenge is that God must operate within the bounds of science - in other words, that God cannot perform "miracles".
I believe the resurrection story. Why? Because I've become convinced that God can and did do something special - different that what we normally observe in science.
So here's my question back to the non-creationists. If it's socially acceptable (at least for now) to believe that Jesus died and was resurrected, against the logic of all available science, why is it so socially unacceptable to be convinced that God did something special at the beginning of time? Given that I already believe God exists and that he performed a miracle with Jesus, what's the big difference in believing that God performed a miracle a few thousand years ago?
I believe the answer to this question is that many who would seek to discredit the creation story in the bible hold a position predicated on the belief that God doesn't exist - a position that the same modern science rightly does not take.
Call me flaimbait, but I'd prefer a subscription model for all my OS's and major software. Factoring in security updates and feature enhancement, I'd rather see a continuous model of updates, and get out of the packaged version model (RH7, RHEL 3, Win2K, XP Home). Such incremental updates should occur at all levels - BIOS to kernel to OS services to userspace. This way, updating would become a standard course of events, rather than a somewhat rare occurance. In doing so, the act of updating would lose some of its risk, which is Good for Grandma (tm).
For an OS (commercial or Free), I'd pay $5 per month per machine for this. I already spend about $120 every other year for my Windows boxen anyway.
Declaring the size of a frame (i.e. Content-Length) doesn't force you to consume the frame as a whole. You still have the choice to stream in the data. However, it does allow you to consume the frame as a whole if it makes sense for your application.
By not including a Content-Length equivalent (and a Content-Type equivalent for that matter), XMPP cannot become a de facto standard protocol for message oriented applications. These two features are exactly why people use HTTP in all sorts of bass-akward ways that it wasn't designed for (::cough:: SOAP ::cough::). Content-Length allows for efficient message delineation no matter the message body format, and Content-Type allows the IO layer to delegate the handling of a message body to an appropriate parser (SAX, DOM, JPEG, .doc, whatever).
I've looked into BEEP, which suffers from feature overload and lack of uptake; XMPP which is XML only and not useful for passing mixed media messages (e.g. JPEGs); HTTP which imposes a strict client/server mapping to request/response; and SCTP which is attractive but also suffers from a lack of uptake.
I need a protocol stack with these features:
What I want can be described as HTTP syntax, on a long term connection with both sides able to submit a request; the responses to multiple requests can be sent in any order; and the body of a message can by any binary data.
"... like a doughnut"
Some of the biggest personal income in the development realm comes from custom applications. Just look at all the e-commerce startups that are out there making buckets on small custom apps for specific projects. This is the type of application that makes Delphi shine.
:)
Sure, it's not *great* for huge projects, and it's pretty poor for the typical Open Source app, but for throwing together rapid apps for minor database access and such, it's perfect.
I can't wait.