In Denmark all connections are logged (by first and last packet or by first packet + connection statistics). You can't necessarily find out exactly what someone is browsing for, but you can get pretty close.
Email headers are logged if the email passes through ISP servers (which they all do, because of RBL's).
Ariane is also special in that the programmers thought about the error, asked the right people, got the (correct) answer about the values they could possibly get from that particular sensor. They proved that they could safely disable the error trap. Indeed, their code performed to specification (as far as I know) in every single Ariane 4 flight.
Then the code was moved to the Ariane 5, and part of the reverification process was apparently skipped... It's impossible to put them blame for this on the original programmers.
It's fine that they need to access the network, but that doesn't mean they are going to look up a random UTF-8 domain name which doesn't have anything to do with them.
I repeat myself again: if this was a problem, I could already crash the world's printers by adding a UTF-8 record to my own domain.
Well, as I said, everyone apparently has puny balls.
If the DNS software itself breaks by being fed UTF-8, then I can break it today by simply putting rødgröd.amorsen.dk into my DNS server and asking the broken host to fetch that record. So security isn't an argument. What is left is a fear that some people might not be able to access the new domains. Well guess what happened with punycode: Noone could access the new domains because browsers didn't implement punycode. And of course punycode didn't actually prevent security problems.
Why would I care whether the HP laser printer or the elevator can look up the new domain names?
If the mere existence of new UTF-8 domain names causes problems for those devices, then I can already cause problems for them today. I can add whichever names I want to my own subdomains.
But in three years, new and more efficient hardware will probably replace it anyway because it will require, let's say, 150 watts instead of 200 watts
That tends to be hard to get actually, at least if we're talking rack-mountable and if you want it from major vendors.
Rather you get something 4 times as powerful which still uses 200W. If you can then virtualize 4 of the old servers onto one of the new, you have won big. If you can't, you haven't won anything.
The problem is that the implementation sucks, and that bugs are being ignored.
I'll perhaps reconsider my stance when pulseaudio starts using less CPU than the JVM when playing Puzzle Pirates. Finally something more bloated than Java, I guess.
From my cursory reading, it appears that the technology was independently rediscovered. As far as I know, this isn't a defence in patent cases (except if you discovered it first but didn't publish), but IMHO that should be changed. If you actually gain from using a patent it makes at least some sense that you should pay, but if you independently develop something without knowing about the previous patent, you're just being punished for not being lucky.
I can see plenty of problems with changing this, but I doubt it can make patent cases all that much more complicated.
Running part of that kind of infrastructure without change control would be like trying to manage the kernel source tree without cvs (or svn or $REPOS_OF_CHOICE, analogy holds either way.)
I hate to break it to you, but until 2002 the Linux kernel was managed without automated version control. It worked quite well, actually.
I believe the Adsense agreement prohibits sharing details about your adsense earnings, but hopefully it should be ok to say that www.generals.dk with ~20000 unique visitors each month probably makes around the same amount of money as that blog.
If you optimized so you got ten times as much money per visitor, you'd likely still need ten times as many visitors.
Is the heat carrying capacity of aluminum insufficient?
Depends on how thick you make the layer. Look at the kind of heat sink high performance chips today, for chips with just one layer. Multilayer chips need comparable cooling performance per layer.
You can of course add a few low-power layers to a high-power chip, which may be worth it at some point just to shorten interconnect wires (or in order to use inductive coupling). It's a lot of complexity for what is so far a small gain though.
Well if you want to be cheap, just go for the 7200. With those platforms you're paying for the hardware forwarding, not for the ability to route the full Internet. Ok, the RSP720CXL is marginally more expensive than the RSP720C, but that really is in the noise. (And the ASR-1000 is technically a software router, it's just damn fast.)
Is there really a point in disabling it for the office lan though? Few people file share between clients these days, and pretty much everything else you could use open ports for are frowned on in a corporate environment.
Which again leads to inbound filtering in the corporate firewall being a waste.
Of course, that solution assumes that the exit routers are capable of choosing the exit route based on the source address picked by the host, which is a *big* assumption.
It isn't THAT big an assumption. It's just policy routing, and has been available for ages.
You'd have to fake DNS in the first place, to get the client to connect at all. Unless you're talking about doing it at the Google/Yahoo/whatever end, in which case there isn't much point.
In Denmark all connections are logged (by first and last packet or by first packet + connection statistics). You can't necessarily find out exactly what someone is browsing for, but you can get pretty close.
Email headers are logged if the email passes through ISP servers (which they all do, because of RBL's).
Ariane is also special in that the programmers thought about the error, asked the right people, got the (correct) answer about the values they could possibly get from that particular sensor. They proved that they could safely disable the error trap. Indeed, their code performed to specification (as far as I know) in every single Ariane 4 flight.
Then the code was moved to the Ariane 5, and part of the reverification process was apparently skipped... It's impossible to put them blame for this on the original programmers.
Electronic voting only solves the first of those problems. For the other two it turns detectable failures into (probably fewer) undetectable failures.
It's fine that they need to access the network, but that doesn't mean they are going to look up a random UTF-8 domain name which doesn't have anything to do with them.
I repeat myself again: if this was a problem, I could already crash the world's printers by adding a UTF-8 record to my own domain.
Again, I can do the exact same thing today by putting garbage into my own domain. Waving the standard at black hats won't accomplish much.
Well, as I said, everyone apparently has puny balls.
If the DNS software itself breaks by being fed UTF-8, then I can break it today by simply putting rødgröd.amorsen.dk into my DNS server and asking the broken host to fetch that record. So security isn't an argument. What is left is a fear that some people might not be able to access the new domains. Well guess what happened with punycode: Noone could access the new domains because browsers didn't implement punycode. And of course punycode didn't actually prevent security problems.
Fail.
Why would I care whether the HP laser printer or the elevator can look up the new domain names?
If the mere existence of new UTF-8 domain names causes problems for those devices, then I can already cause problems for them today. I can add whichever names I want to my own subdomains.
(ie correctly, based on the current spec)
Only hostnames are restricted. Other than that, DNS is almost 8-bit-clean (it case folds A-Z to a-z and dot is special) so UTF-8 is fine.
Punycode only exists because some people have puny ...
You wouldn't fly if you saw what the majority of airports was using for radar :)
Personally I'm a lot more worried about the new radars... Much more complexity.
However, with denser traffic there is no way around more advanced systems.
You can't depend on less working with anything in /proc. What you really want is less < /proc/cpuinfo
Have you tried simply doubling play speed of the audiobook?
But in three years, new and more efficient hardware will probably replace it anyway because it will require, let's say, 150 watts instead of 200 watts
That tends to be hard to get actually, at least if we're talking rack-mountable and if you want it from major vendors.
Rather you get something 4 times as powerful which still uses 200W. If you can then virtualize 4 of the old servers onto one of the new, you have won big. If you can't, you haven't won anything.
They were fixed a long time ago.
You can write that as many times you want. That doesn't make it true.
and because an old distribution once shipped with a CPU-eating PulseAudio
Fedora does have an aggressive release schedule, but version 11 doesn't qualify as old yet.
The problem is that the implementation sucks, and that bugs are being ignored.
I'll perhaps reconsider my stance when pulseaudio starts using less CPU than the JVM when playing Puzzle Pirates. Finally something more bloated than Java, I guess.
Why the heck not? That would make a site like generals.dk quite a bit less useful.
From my cursory reading, it appears that the technology was independently rediscovered. As far as I know, this isn't a defence in patent cases (except if you discovered it first but didn't publish), but IMHO that should be changed. If you actually gain from using a patent it makes at least some sense that you should pay, but if you independently develop something without knowing about the previous patent, you're just being punished for not being lucky.
I can see plenty of problems with changing this, but I doubt it can make patent cases all that much more complicated.
Because Larry McVoy convinced Linus that version control could be automated in a useful way. Also, it helped for legal reasons during the SCO case.
Not that version control isn't useful, especially after the switch to git which made git bisect available to the unwashed masses.
Running part of that kind of infrastructure without change control would be like trying to manage the kernel source tree without cvs (or svn or $REPOS_OF_CHOICE, analogy holds either way.)
I hate to break it to you, but until 2002 the Linux kernel was managed without automated version control. It worked quite well, actually.
I believe the Adsense agreement prohibits sharing details about your adsense earnings, but hopefully it should be ok to say that www.generals.dk with ~20000 unique visitors each month probably makes around the same amount of money as that blog.
If you optimized so you got ten times as much money per visitor, you'd likely still need ten times as many visitors.
Is the heat carrying capacity of aluminum insufficient?
Depends on how thick you make the layer. Look at the kind of heat sink high performance chips today, for chips with just one layer. Multilayer chips need comparable cooling performance per layer.
You can of course add a few low-power layers to a high-power chip, which may be worth it at some point just to shorten interconnect wires (or in order to use inductive coupling). It's a lot of complexity for what is so far a small gain though.
Well if you want to be cheap, just go for the 7200. With those platforms you're paying for the hardware forwarding, not for the ability to route the full Internet. Ok, the RSP720CXL is marginally more expensive than the RSP720C, but that really is in the noise. (And the ASR-1000 is technically a software router, it's just damn fast.)
Cisco 7600, ASR-1000, ASR-9000, and CRS-1 all have sufficient space for the next 5 years, with the 7600 being the first to hit the wall.
It really is a solved problem, as long as you can afford to replace your supervisor modules every 5 years.
Is there really a point in disabling it for the office lan though? Few people file share between clients these days, and pretty much everything else you could use open ports for are frowned on in a corporate environment.
Which again leads to inbound filtering in the corporate firewall being a waste.
Of course, that solution assumes that the exit routers are capable of choosing the exit route based on the source address picked by the host, which is a *big* assumption.
It isn't THAT big an assumption. It's just policy routing, and has been available for ages.
You'd have to fake DNS in the first place, to get the client to connect at all. Unless you're talking about doing it at the Google/Yahoo/whatever end, in which case there isn't much point.