IMO this is a good thing -- it shows that the concept behind the lifetime appointment works. Once they're on the bench, even if they "owe someone" for getting there, there's nothing that can really force them to rule one way or another.
But just like with the White House "We the People" crap, they will be able to better-tailor the letter that tells you they're shoving it down your throat whether you want it or not.
FWIW, I'm a PhD student at a reasonably large institution in the US.
Very little of this stuff sees the light of day. The vast majority of software is written simply as a proof of concept for some particular method/system/algorithm in order to get published. Good conferences/journals will typically want not only a well thought out idea, but an idea that you can and have implemented it to some extent, and that it works. That having been said, most of what gets produced is complete and total garbage -- typically just enough code to be able to prove that something runs correctly and in a given amount of time.
Personally, I have written a bunch of junk code during my time here. I'd like to think I know more or less how to write good code after all these years, but writing good, well documented, well tested code takes time we don't have -- writing code is simply a means to an end (publication) -- and so most of the code I write is hasty and ugly. This even applies to code that people say is for "wide distribution".
Before you go hounding on academia however, I'd warn that writing "good code" isn't really the point of what we're doing -- the point is to produce a reasonable method of solving some particular problem or type of problem. Going into bioinformatics for example, there are a whole bunch of problems that involve performing more efficient analysis of certain types of graphs. If a researcher discovers something along these lines, he/she will likely write some junk code to prove that the bare algorithm works, perform some analysis of it, publish it and move on. This may or may not end up actually being a useful improvement -- if it is however, then some implementer whose actual job it is to code whatever medical software might be using this algorithm then has a basic blueprint of how to proceed.
As for some examples of software from academia that have made it out, let me think...
Coverity - static code analysis tool, started at Stanford then moved into being a startup and is now quite successful PostgreSQL - Originally from Berkeley Bro (Intrusion Detection System) -- written by a researcher from Berkeley/ICSI -- is still somewhat "in academia", but I have heard of several production deployments
That's all I feel like coming up with right now, but I think the general pattern here is that if/when some piece of software produced in academia is seen to have value in its own right (e.g., away from the original research/publication that spawned it), it typically gets spun off in a start-up or a more concerted effort is given to its development, at which point one can actually spend the time to write good code.
"It breaks DNS" seems like a pretty strong comment to me and I'm not following how exactly it's going to do this. If you have a local DNS installation (I assume you're talking about dns/resolvers/ here?) that local machines use, there is absolutely no need for you to implement this, as any CDN basing a server selection choice on your local DNS installation will be well-guided. Your resolver won't send the applicable EDNS option, and the authoritative DNS server won't care that it's not there -- it'll just base it's choice on the resolver's IP as has happened for years.
If you're running an authoritative DNS server, then you're not going to get the EDNS field from google/opendns because they're not going to send it to you, and if you did get it, it would only be a problem if you had a backwards DNS server that pukes on EDNS.
If you're running bind for your local net, then you don't need this as your DNS resolver is already located close to you. The problem arises when DNS resolvers are utilized that are not "close" to the clients they serve and therefore CDN's will often end up picking a CDN replica close to your resolver rather than close to you.
Obviously this problem grows as does the distance between you and your resolver -- if you're using a huge resolving service like Google DNS or OpenDNS, then you are much more likely to be far from your resolver. If you're using your ISP's resolver, then it could be just a few hops up the network path, or it could be across the country (as some ISP's will just use a "bank" or two of resolvers).
This stuff is done in DNS for a variety of reasons. If you use intelligence at the HTTP layer, you:
1. Obviously have a non-optimized initial server choice, as once you're communicating over HTTP you're already talking to a specific replica. This will likely apply for each and every new CDN-ized domain you use.
2. You require the client to add significant intelligence to their website in order to create all the internal links to point to a "good" server. Obviously, it's going to be harder to sell your services if the client has to rewrite a bunch of code and can't just repoint their main domain at your IPs.
3. And IMO most importantly, this removes the server selection choice from being under the sole control of the CDN provider. If this stuff is logic'd through the main HTTP page of the website, the CDN must expose its server selection strategy to the client, which is likely proprietary business knowledge. Furthermore, the server selection map is dynamic and rapidly changing based upon internet link congestion and server load, and obviously this data would have to be pushed to the client website as well. Also, if you're thinking you could just point the initial IP to a CDN-hosted HTTP server and issue HTTP redirects from there, then you've just eaten up two whole RTT's -- not a good way to speed up webpages.
Also, to those that say this aids censorship, I'd have to call BS. A country wishing to censor its own users can easily implement a "use our dns resolvers only" policy using a simple firewall rule and watch all the traffic/rewrite dns responses anyways.
But what exactly does this get me over SSL Client Certificates?
Frankly, I don't entirely understand why the world hasn't started using SSL Client Certificates, and I wonder what will make people use this scheme, when client certificates have lain unused for so long.
I remember once upon a time when I was first setting up my mail server I experienced this exact problem. As I recall, there was some kind of hotmail-ish website I went to that helped me get its IP allowed by their system.
Here are some great resources on sending email to hotmail:
https://postmaster.live.com/snds/ (Signing up here lets you see what hotmail thinks of a specific IP, assuming you control RDNS for it. This might have been what I did once upon a time)
Finally, if none of those help, you can ask them directly here:
I don't really curse at my computer per se, but I certainly curse those responsible for building/developing crappy hardware/software. I have probably never said "Dang you computer", but as for "Dang you Microsoft!", well...
Any kind of launch system that is on the moon will require less energy to use due to the diminished effect of gravity and lack of atmosphere. While getting any such system to the moon obviously has it's difficulties, lobbing rocks/missiles/whatevers from the moon is going to be way easier than doing the same from the Earth. Furthermore, there is simply more room than any station one could build in space to house a base, "ammunition" for any type of weapons system, etc.
Mod parent up. I've never had so large a boost in the performance of a PC as when I switched the main OS/game drive to a SSD, and magnetic drives are the clear choice for all the data that doesn't need to be uber-high-performance, which is most of it.
No matter how much the US and Russia limit their stockpiles of this and that, we'll still both be able to blow the world up a few times over, so this is really all pointless. I'd rather make sure and keep a healthy supply of nukes for when the big asteroid comes.
If you go into regedit, highlight hkey_local_machine. Then click file->Load Hive, and navigate to the user's NTUSER.DAT file in their user profile and load it. It will ask for a name; you can put in anything. I then go and find software\microsoft\windows\currentversion\run (and also there's a few in windows nt\winlogon i lock down), and simply deny them all write permissions to that reg key. As a virtue of being a regular user account, they already don't have access to the system (hkey_local_machine) versions of these keys, but this further prevents them from adding new programs to run at logon for their account. No, it's not a panacea, but a lot of nasties install here first and my family computer has been going a few years virus-free this way.
I don't know what the below is talking about with respect to "Policy Manager"; as far as I know there is no such thing. If he/she is talking about group policies manager, that actually doesn't even let you do this...
Mod parent up; this is the only way to do this. I give my family a basic user account, and then furthermore go through their registry and then deny all write permissions to the "Run" sections of the registry so nothing can install itself in their user account. If absolutely necessary, give them an admin account to be used only for installing things (I gave it to my little brother and not my mom and this arrangement worked quite well).
Once you start using a full disk encryption solution like Truecrypt or others, all the "insecure" electronic methods you discussed suddenly become secure.
Of course the jury is the last recourse for unjust laws, however many times the flip side applies -- juries tend to get more emotionally involved in a case than would a judge, and sometimes in their fervor to punish a defendant that is guilty of something, they end up completely ignoring the law and possibly setting bad precedent.
The fact that BOTH the judge AND the jury have to agree that the defendant is guilty of the crime ensures that the person is both guilty of violating the law and that the law was fair.
A jury should ALWAYS be the last word when they return a not guilty verdict (which they are), but this definitely should not be the case when the jury returns a guilty verdict.
The mere fact that jury nullification exists is a good demonstration that juries can in effect do whatever they want, so it's good to have a system that is somewhat stacked in favor of the defendant.
Thank goodness that judges have the ability to overrule the jury (only in the favor of the defendant) when there is a serious miscarriage of justice being performed...
Haven't had much occasion to do it recently, but chalk up a win for the American justice system.
Of course I don't like her, but someone should never be found guilty of completely BS charges, even if they're guilty of something else.
Slashdot Mirror
Just buy a few cases of your energy drink of choice and put Eye of the Tiger on repeat until you've got it all fixed.
I believe in you.
IMO this is a good thing -- it shows that the concept behind the lifetime appointment works. Once they're on the bench, even if they "owe someone" for getting there, there's nothing that can really force them to rule one way or another.
But just like with the White House "We the People" crap, they will be able to better-tailor the letter that tells you they're shoving it down your throat whether you want it or not.
Any projections of the casualties in megadeaths based on potential drop locations? You know, for the binder.
Can logmein allow you to watch but without touching without his knowledge?
You know he'll log in to facebook at some point...
FWIW, I'm a PhD student at a reasonably large institution in the US.
Very little of this stuff sees the light of day. The vast majority of software is written simply as a proof of concept for some particular method/system/algorithm in order to get published. Good conferences/journals will typically want not only a well thought out idea, but an idea that you can and have implemented it to some extent, and that it works. That having been said, most of what gets produced is complete and total garbage -- typically just enough code to be able to prove that something runs correctly and in a given amount of time.
Personally, I have written a bunch of junk code during my time here. I'd like to think I know more or less how to write good code after all these years, but writing good, well documented, well tested code takes time we don't have -- writing code is simply a means to an end (publication) -- and so most of the code I write is hasty and ugly. This even applies to code that people say is for "wide distribution".
Before you go hounding on academia however, I'd warn that writing "good code" isn't really the point of what we're doing -- the point is to produce a reasonable method of solving some particular problem or type of problem. Going into bioinformatics for example, there are a whole bunch of problems that involve performing more efficient analysis of certain types of graphs. If a researcher discovers something along these lines, he/she will likely write some junk code to prove that the bare algorithm works, perform some analysis of it, publish it and move on. This may or may not end up actually being a useful improvement -- if it is however, then some implementer whose actual job it is to code whatever medical software might be using this algorithm then has a basic blueprint of how to proceed.
As for some examples of software from academia that have made it out, let me think...
Coverity - static code analysis tool, started at Stanford then moved into being a startup and is now quite successful
PostgreSQL - Originally from Berkeley
Bro (Intrusion Detection System) -- written by a researcher from Berkeley/ICSI -- is still somewhat "in academia", but I have heard of several production deployments
That's all I feel like coming up with right now, but I think the general pattern here is that if/when some piece of software produced in academia is seen to have value in its own right (e.g., away from the original research/publication that spawned it), it typically gets spun off in a start-up or a more concerted effort is given to its development, at which point one can actually spend the time to write good code.
"It breaks DNS" seems like a pretty strong comment to me and I'm not following how exactly it's going to do this. If you have a local DNS installation (I assume you're talking about dns /resolvers/ here?) that local machines use, there is absolutely no need for you to implement this, as any CDN basing a server selection choice on your local DNS installation will be well-guided. Your resolver won't send the applicable EDNS option, and the authoritative DNS server won't care that it's not there -- it'll just base it's choice on the resolver's IP as has happened for years.
If you're running an authoritative DNS server, then you're not going to get the EDNS field from google/opendns because they're not going to send it to you, and if you did get it, it would only be a problem if you had a backwards DNS server that pukes on EDNS.
How is it breaking things for you?
If you're running bind for your local net, then you don't need this as your DNS resolver is already located close to you. The problem arises when DNS resolvers are utilized that are not "close" to the clients they serve and therefore CDN's will often end up picking a CDN replica close to your resolver rather than close to you.
Obviously this problem grows as does the distance between you and your resolver -- if you're using a huge resolving service like Google DNS or OpenDNS, then you are much more likely to be far from your resolver. If you're using your ISP's resolver, then it could be just a few hops up the network path, or it could be across the country (as some ISP's will just use a "bank" or two of resolvers).
This stuff is done in DNS for a variety of reasons. If you use intelligence at the HTTP layer, you:
1. Obviously have a non-optimized initial server choice, as once you're communicating over HTTP you're already talking to a specific replica. This will likely apply for each and every new CDN-ized domain you use.
2. You require the client to add significant intelligence to their website in order to create all the internal links to point to a "good" server. Obviously, it's going to be harder to sell your services if the client has to rewrite a bunch of code and can't just repoint their main domain at your IPs.
3. And IMO most importantly, this removes the server selection choice from being under the sole control of the CDN provider. If this stuff is logic'd through the main HTTP page of the website, the CDN must expose its server selection strategy to the client, which is likely proprietary business knowledge. Furthermore, the server selection map is dynamic and rapidly changing based upon internet link congestion and server load, and obviously this data would have to be pushed to the client website as well. Also, if you're thinking you could just point the initial IP to a CDN-hosted HTTP server and issue HTTP redirects from there, then you've just eaten up two whole RTT's -- not a good way to speed up webpages.
Also, to those that say this aids censorship, I'd have to call BS. A country wishing to censor its own users can easily implement a "use our dns resolvers only" policy using a simple firewall rule and watch all the traffic/rewrite dns responses anyways.
But what exactly does this get me over SSL Client Certificates?
Frankly, I don't entirely understand why the world hasn't started using SSL Client Certificates, and I wonder what will make people use this scheme, when client certificates have lain unused for so long.
I remember once upon a time when I was first setting up my mail server I experienced this exact problem. As I recall, there was some kind of hotmail-ish website I went to that helped me get its IP allowed by their system.
Here are some great resources on sending email to hotmail:
http://mail.live.com/mail/troubleshooting.aspx (generic troubleshooting page for sending to hotmail)
https://postmaster.live.com/snds/ (Signing up here lets you see what hotmail thinks of a specific IP, assuming you control RDNS for it. This might have been what I did once upon a time)
Finally, if none of those help, you can ask them directly here:
https://support.msn.com/eform.aspx?productKey=edfsmsbl&ct=eformts&st=1&wfxredirect=1
Regards,
Anom
I don't really curse at my computer per se, but I certainly curse those responsible for building/developing crappy hardware/software. I have probably never said "Dang you computer", but as for "Dang you Microsoft!", well...
Just like the government never would (has) either!
Assuming it isn't self-sufficient :)
Any kind of launch system that is on the moon will require less energy to use due to the diminished effect of gravity and lack of atmosphere. While getting any such system to the moon obviously has it's difficulties, lobbing rocks/missiles/whatevers from the moon is going to be way easier than doing the same from the Earth. Furthermore, there is simply more room than any station one could build in space to house a base, "ammunition" for any type of weapons system, etc.
That is all.
Mod parent up. I've never had so large a boost in the performance of a PC as when I switched the main OS/game drive to a SSD, and magnetic drives are the clear choice for all the data that doesn't need to be uber-high-performance, which is most of it.
This isn't the cold war anymore...
No matter how much the US and Russia limit their stockpiles of this and that, we'll still both be able to blow the world up a few times over, so this is really all pointless. I'd rather make sure and keep a healthy supply of nukes for when the big asteroid comes.
If you go into regedit, highlight hkey_local_machine. Then click file->Load Hive, and navigate to the user's NTUSER.DAT file in their user profile and load it. It will ask for a name; you can put in anything. I then go and find software\microsoft\windows\currentversion\run (and also there's a few in windows nt\winlogon i lock down), and simply deny them all write permissions to that reg key. As a virtue of being a regular user account, they already don't have access to the system (hkey_local_machine) versions of these keys, but this further prevents them from adding new programs to run at logon for their account. No, it's not a panacea, but a lot of nasties install here first and my family computer has been going a few years virus-free this way.
I don't know what the below is talking about with respect to "Policy Manager"; as far as I know there is no such thing. If he/she is talking about group policies manager, that actually doesn't even let you do this...
Mod parent up; this is the only way to do this. I give my family a basic user account, and then furthermore go through their registry and then deny all write permissions to the "Run" sections of the registry so nothing can install itself in their user account. If absolutely necessary, give them an admin account to be used only for installing things (I gave it to my little brother and not my mom and this arrangement worked quite well).
Once you start using a full disk encryption solution like Truecrypt or others, all the "insecure" electronic methods you discussed suddenly become secure.
Of course the jury is the last recourse for unjust laws, however many times the flip side applies -- juries tend to get more emotionally involved in a case than would a judge, and sometimes in their fervor to punish a defendant that is guilty of something, they end up completely ignoring the law and possibly setting bad precedent.
The fact that BOTH the judge AND the jury have to agree that the defendant is guilty of the crime ensures that the person is both guilty of violating the law and that the law was fair.
A jury should ALWAYS be the last word when they return a not guilty verdict (which they are), but this definitely should not be the case when the jury returns a guilty verdict.
The mere fact that jury nullification exists is a good demonstration that juries can in effect do whatever they want, so it's good to have a system that is somewhat stacked in favor of the defendant.
Thank goodness that judges have the ability to overrule the jury (only in the favor of the defendant) when there is a serious miscarriage of justice being performed...
Haven't had much occasion to do it recently, but chalk up a win for the American justice system.
Of course I don't like her, but someone should never be found guilty of completely BS charges, even if they're guilty of something else.
www.getfirefox.com :)
What linux distro do you use?
Try Likewise Open. I know it works for more, but for ubuntu, it's this easy: https://help.ubuntu.com/8.04/serverguide/C/likewise-open.html
It's seriously 2 commands to join it to a windows domain.