My research is merely actually talking to Novell themselves in depth about the issue, but hey, I don't suppose that counts for much.
And once again, Novell are not writing Microsoft patents into GPL code. They are not going to write a whole bunch of new software with MS patents in, and then distribute that as GPL. They are not (for example) going to release a parallel version of openoffice with MS code in it. I don't know how I can say it any clearer. They're not stupid.
If they did, they would be sued, by Microsoft, and the FSF.
The GPL is a distribution license. Everything that Novell distribute as GPL (OpenSUSE) will remain GPL, and Novell aren't going to put any MS patents in existing GPL software. They're not stupid. They can read. This agreement has absolutely nothing to do with GPL software.
Also, no-one has yet explained to me how a company making an agreement with Microsoft to distribute proprietary software containing MS patents without MS suing that company's customers is doing an "end-run around the GPL"? Also, please explain how GPLv3 will hope to stop a company distributing paid-for software that runs on linux? Unless GPLv3 says that all software running on linux must now be GPLv3 as well? The fact that Novell also distribute their own distro of linux has SFA to do with their ability to write their own tools that sit on top of it that allow better interoperability with different systems. There's no distribution issue, because they're not distributing their own paid-for software with the GPL. They'll sell you a cd with it on, but you can't get a cd of OpenSUSE with Novell's proprietary stuff with it.
Let me give you an example: I distribute andrewlinux, my own distro of linux. This is GPL. I also invent andrewshare, a client that lets you connect to windows shares (like samba). Andrewshare isn't GPL, I charge for it. I make a deal with MS to use their patented code in Andrewshare, in return for some money from sales. Now andrewshare is better, and faster. Crucially, I don't distribute Andrewshare as part of andrewlinux, and it's not a binary blob driver that hooks into the kernel. But I'll sell it to you. In no way am I violating the GPL, whatever version of it they invent next. Because it's my own software, which I own the license for.
This does nothing to other distributors liabilities because RedHat et al aren't purposefully writing MS patents into software they distribute, GPL or otherwise. If they are, they're being pretty dumb and deserve to be sued.
At the end of the day, Novell suddenly because very interesting to MS-only corporates. I know for a fact that one particular company which was previous MS-only is now looking very seriously at Novell, and a big part of the reason is the interoperability tools they can buy from Novell. I think Novell won far more than MS did out of this deal.
Microsoft don't necessarily want to interoperate as much as Novell do. Microsoft think their solutions are better than Linux. Novell think that Linux is better. Both recognise that their products are more attractive if they talk to each other properly, because then corporates are less likely to (a) throw away all their MS boxes in favour of Linux and (b) completely ignore linux because it doesn't interoperate with their existing Windows boxes.
Unless selling out = working with microsoft to provide non-GPL proprietory tools which allow better linux/windows interoperability and agreeing that both microsoft and linux code probably infringe on each other's patents and therefore agreeing not to sue each others' customers.
To me, that's not selling out, that's being sensible and making your product more attractive to corporates with $$$. Some would even say it was a smart business move.
The only way for Novell to actually benefit from this deal would be for them to implement Microsoft's patents in new pieces of software that they (Novell) owns outright and distributes under a license other than the GPL. This software would also have to be sufficiently untangled from other GPL software. They could not take a current project covered by the GPL and implement one of Microsoft's patents in it. Or the deal between Microsoft and Novell would have to be such that every patent implemented by Novell, and distributed as part of a software package covered by the GPL, would have to be transferable to (or at least free to use for) every person who receives a copy of said software package.
This is exactly what they're doing. Think about where Novell are coming from - they want to sell to big business. Currently, big business uses solaris, windows, AIUX, HP-UX, allsorts. If Novell want to sell these people support contracts for SLES, they need a way to make their product as attractive as possible. One of the big attractions to corporations is if your software you're trying to sell them can interact seamlessly with whatever they already have. Novell are building commercial tools that allow interoperability with platforms like windows, and their deal with microsoft allows them to build those tools. They know they may infringe on MS's patents somewhere, just as MS knows that they probably infringe on parts of Netware somewhere along the line.
Novell aren't stupid. They know what the GPL means - they know they can't roll proprietary code with GPL code and distribute it. They'll either take guidance on microsoft on how to code interoperability with windows to write GPL code that sits inside, say, openoffice, or they'll use MS ideas to write their own proprietary tools from scratch and then sell them.
The non-sue part of the Novell/MS agreement is that they won't sue their respective customers, not that they won't sue each other. This means if you obtain GPL code with a MS patent in it from Novell, MS won't sue you. Twisted, a bit, I think.
Because by using a table as a stylistic and not a semantic element, you're depriving me of the ability and the choice of viewing your page without any styling at all. For a well designed page, I should be able to switch all styling off and have the content presented to me in a logical, sensible manner. If you use tables and I switch CSS off, I've suddenly got a whole bunch of information presented in a table for absolutely no reason. People aren't saying "Don't use the table", they're saying "Don't use the table unless you're presenting tabular data". There's no such campaign for the "death of the table", that's just retarded. People who mis-use HTML are, however, annoying.
The actual nature of the content and the way it is presented on the page should be two completely separate things, usually written by two different people. That means don't change the semantics of the data just to fit your styling needs. Style the way the standards say. If using tables was ok, most people wouldn't be pissed off that no browser follows the styling standard properly yet - they'd just use tables.
I don't think I said it was different as though it were something magical that I'd stumbled across whilst looking for the fairies.
Now that you mention it, I'd say it's fundamentally different from the scores of people I see downloading toolkits and libraries to do every single thing they need, and then trying to patch it horribly together. I see this every day, and I see people trying to troubleshoot this sort of thing every day.
Also, I wouldn't say there's a "normal" development mindset either - some people like to build everything themselves, some people like to re-use other people's code as much as possible, others prefer a more middling route. The "should we build it ourself vs should we let someone else do this bit" is a huge debate that applies to many areas of both development and just general business practices. I'm a "build it yourself" person, but my point was that I can see that something like the GWT is silly to ignore, unlike, say, the hundreds of different CMS's that exist. These I can safely ignore, given that I've built something that works better for my needs, and is more maintainable by me.
It doesn't. You missed the point. I tend to think in the "build it yourself" mindset, but I don't write my own compiler, or my own XML parser plugin for Perl. Sometimes, it just doesn't make sense to build something when there's a tool out there that helps you achieve the ultimate goal. Sure, I don't learn about how to get around browser specific JS bugs with the GWT, but on the upside, I get to learn Java. Bigger benefit.
I've always been of the "build it yourself" philosophy in the past, when I first coded my website (4 years ago), I built the blog, the guestbook, the cms, everything. I don't have a CS degree, and this proved to be a valuable way to learn some programming skills.
Even today, I start new projects, I look at existing offerings, reject them and try and put it together myself. I'm currently some way through building an AJAXy online photo-management tool. It's fun stumbling across a bunch of unanticipated problems and figuring out how to fix them. At the end of the day though, with this particular project, I just want something that's asynchronous, but as reliable and cross platform as gmail.
When the people who make the application whose standards you're trying to match release a toolkit that helps you do that, I'm having me some of that.
Well, serious news agencies like AP and Reuters don't tend to report on the same stories that the tabloids would report on. "Britney flashes muff shocker" doesn't register as "news" for many agencies, so any submissions from the public along those sorts of lines would be rightly ignored as crap, which is what they are.
"Stealing", in law implies unlawfully depriving the victim of goods which are rightfully theirs. No-one is stealing anything. Stop using that word.
Also, because copyright infringement is a civil offence, I'm not personally bothered about the fact that the RIAA are filing lawsuits for damages. What I, and I think others, are bothered about is the way they're completely abusing their power, money and the US justice system to file lawsuits based on effectively zero evidence. If they bothered to take the time to come up with good evidence and then sue, I wouldn't have a problem.
I always thought it was a distance issue. If it could broadcast further than 30cm then it needed a license. Remember reading about that when looking at bike computers which broadcast a radio signal from the wheel to the handlebars....
Whilst I agree in spirit, the single problem with email now is that you have no way of knowing if a sender really is who they say they are. I can send an email to you which claims to be from Steve Ballmer and you have no way of knowing 100% if it's real or not.
I'm not sure how this would be solved with a redesign either. The only way I can think of doing it is to have a mandatory digital signature attached to the email, so you can lookup exactly who signed it and prosecute/disable signature if spam. If someone sends an email with an invalid signature, it gets rejected by the mailserver. Downside is that you need a central body to supply these signatures. Verisign perhaps? This would then mean a charge for anyone who wanted to use email, but that might be a good thing. Once you have an organisation though, you have corruption, and spammers will find a way to infiltrate this.
There's also the issue of getting serious momentum going. I could set up a company, and broker a deal with Versign or someone to supply and keep a lookup database of digital signatures. A few geeks will sign up and set their mailservers to reject all mail that doesn't come with a valid signature. Thing is, they'd have to get a lot of major e-tailors to sign up to this as well, otherwise every time I buy something from Amazon, and they want to talk to me about it, I'll have no idea.
Some offences are criminal offences and others are civil offences. In the UK at least, they are tried in completely separate courts. You cannot be arrested by the police, or prosecuted by the crown for a civil offence. Examples of civil offences are: Copyright infringement, libel, trespass. All that can happen is that the person who has the complaint can sue you in a civil court.
Not to mention that the methodology behind coming to a verdict is completely different in a criminal and civil court. In a criminal court, you have to be demonstrated to be guilty beyond reasonably doubt. In a civil court, you just have to argue that the percentage of blame that falls on yourself is 0. The judge may decide it's 35% your fault, 65% the other guy's, and award damages accordingly.
Criminal and civil offences are completely different things - I imagine that one is perceived to be a crime against society/the state, whereas the other is a crime specifically against a particular person/group, who can then choose whether to sue you about it.
The only problem with think-tanks is that they're constantly coming up with common sense and good ideas like this, but no one in actual real grown-up government will give a rats ass. They commission a study to show that they care about the issue and then ignore the results. That's politics!
Don't forget kids, all these problems will be solved when the US govt goes to ipv6. Since no-one else will be using it, it will confound and confuse anyone trying to hack in!
It's probably because these 'awards' are dreamed up and given out by 'Marketing' folk who are too stuck up their own arse to waste time talking to technical experts to find out if what they're doing makes any sense.
If it's really that easy to bribe someone on the inside and smuggle a virus in, someone should do it for real in the upcoming election. Produce an outcome for one state (say, that's fiercely Republican) which is 100% Democrat across all counties. Then someone might take notice.
I see where you're coming from - I don't think that just having one perimeter as a firewall is a good idea. I think it's an insane idea. I also think that relying on the quality of code in your applications alone for security as well is an insane idea, which was the point I was trying to make. The author was saying that you could throw away your firewalls if you have perfect code, and I was saying that throwing away anything that makes an intruder's life difficult is insane.
We'll just have to agree to disagree. The problem with applications that can't be compromised is that any user of that software has to trust the people who made it. Or do a complete code audit which is a) expensive and b) impossible. If a company could completly audit every single piece of software it used to make sure it was completely secure, it would *still* use firewalls. Why? Because you can't necessarily trust the guy who's doing the auditing.
Of course, you can't trust the people who make the firewall software/hardware either, but it's quicker/easier to do extremely thorough security testing on one class of appliance (firewall) than on every single box in the datacenter.
I'm absolutely not trying to argue that firewalls are the be-all and end-all of security. I completely agree that they can create a false sense of security. I'm trying to argue that they are essential, even if you think all of your code is secure.
It was an example. If you've got a huge DoS attack coming from a large botnet, 80% of which is AOL, you can provide a good temporary measure of just blocking AOL's entire network. Sure, people can spoof their ip, bt that's not the point. A firewall gives you more control over access to your network than the individual services on that network ever could.
I disagree. In a datacenter, you'll probably have each service you provide divided up into various 'cells'. Each one of these cells may connect to the outside world in some way, either through the internet, or some large MPLS cloud, or whatever. Each cell will probably be split up in a number of different ways, traditionally a core and a DMZ. You probably have some sort of management lan infrastructure behind the whole thing as well. You might also want to have some of the cells communicate with each other on the backend, or to talk to a common db.
Ok, so you've got firewalls between the WAN and your DMZ, firewalls between the DMZ and the core, firewalls between the core backend and any other cell, and firewalls between the management network and the cells. The situation tends to be slightly more than "You've got a datacenter behind a firewall".
The whole point of this setup is so that if one portion of the datacenter is compromised, you isolate that to the smallest possible area you can. If I want to only allow my management lan access during the hours of 10am and 4pm (silly, but bear with me), where do I configure that? On the firewall? Perhaps?
Firewalls and routers are very different things. One tells the network traffic where to go, the other tells it if it's allowed to go there. Of course, this is invisible to the client, who just sends packets off which either find their route (allowed and routable) or don't (either routable and not allowed, or just not routable). Even if all of my applications and OS's wern't fundamentally flawed, I'd be an idiot not to use firewalls, because of the amount of control they allow on the network. If I want to shut down access from one network on a specific port, I can do it quickly and easily on a firewall. This isn't even possible for the application to do a lot of the time as it's just seeing packets coming from the router, and doesn't necessarily know where they started out life.
Slashdot Mirror
My research is merely actually talking to Novell themselves in depth about the issue, but hey, I don't suppose that counts for much.
And once again, Novell are not writing Microsoft patents into GPL code. They are not going to write a whole bunch of new software with MS patents in, and then distribute that as GPL. They are not (for example) going to release a parallel version of openoffice with MS code in it. I don't know how I can say it any clearer. They're not stupid.
If they did, they would be sued, by Microsoft, and the FSF.
The GPL is a distribution license. Everything that Novell distribute as GPL (OpenSUSE) will remain GPL, and Novell aren't going to put any MS patents in existing GPL software. They're not stupid. They can read. This agreement has absolutely nothing to do with GPL software.
Also, no-one has yet explained to me how a company making an agreement with Microsoft to distribute proprietary software containing MS patents without MS suing that company's customers is doing an "end-run around the GPL"? Also, please explain how GPLv3 will hope to stop a company distributing paid-for software that runs on linux? Unless GPLv3 says that all software running on linux must now be GPLv3 as well? The fact that Novell also distribute their own distro of linux has SFA to do with their ability to write their own tools that sit on top of it that allow better interoperability with different systems. There's no distribution issue, because they're not distributing their own paid-for software with the GPL. They'll sell you a cd with it on, but you can't get a cd of OpenSUSE with Novell's proprietary stuff with it.
Let me give you an example: I distribute andrewlinux, my own distro of linux. This is GPL. I also invent andrewshare, a client that lets you connect to windows shares (like samba). Andrewshare isn't GPL, I charge for it. I make a deal with MS to use their patented code in Andrewshare, in return for some money from sales. Now andrewshare is better, and faster. Crucially, I don't distribute Andrewshare as part of andrewlinux, and it's not a binary blob driver that hooks into the kernel. But I'll sell it to you. In no way am I violating the GPL, whatever version of it they invent next. Because it's my own software, which I own the license for.
This does nothing to other distributors liabilities because RedHat et al aren't purposefully writing MS patents into software they distribute, GPL or otherwise. If they are, they're being pretty dumb and deserve to be sued.
At the end of the day, Novell suddenly because very interesting to MS-only corporates. I know for a fact that one particular company which was previous MS-only is now looking very seriously at Novell, and a big part of the reason is the interoperability tools they can buy from Novell. I think Novell won far more than MS did out of this deal.
Microsoft don't necessarily want to interoperate as much as Novell do. Microsoft think their solutions are better than Linux. Novell think that Linux is better. Both recognise that their products are more attractive if they talk to each other properly, because then corporates are less likely to (a) throw away all their MS boxes in favour of Linux and (b) completely ignore linux because it doesn't interoperate with their existing Windows boxes.
No, No they havn't.
Unless selling out = working with microsoft to provide non-GPL proprietory tools which allow better linux/windows interoperability and agreeing that both microsoft and linux code probably infringe on each other's patents and therefore agreeing not to sue each others' customers.
To me, that's not selling out, that's being sensible and making your product more attractive to corporates with $$$. Some would even say it was a smart business move.
The only way for Novell to actually benefit from this deal would be for them to implement Microsoft's patents in new pieces of software that they (Novell) owns outright and distributes under a license other than the GPL. This software would also have to be sufficiently untangled from other GPL software. They could not take a current project covered by the GPL and implement one of Microsoft's patents in it. Or the deal between Microsoft and Novell would have to be such that every patent implemented by Novell, and distributed as part of a software package covered by the GPL, would have to be transferable to (or at least free to use for) every person who receives a copy of said software package.
This is exactly what they're doing. Think about where Novell are coming from - they want to sell to big business. Currently, big business uses solaris, windows, AIUX, HP-UX, allsorts. If Novell want to sell these people support contracts for SLES, they need a way to make their product as attractive as possible. One of the big attractions to corporations is if your software you're trying to sell them can interact seamlessly with whatever they already have. Novell are building commercial tools that allow interoperability with platforms like windows, and their deal with microsoft allows them to build those tools. They know they may infringe on MS's patents somewhere, just as MS knows that they probably infringe on parts of Netware somewhere along the line. Novell aren't stupid. They know what the GPL means - they know they can't roll proprietary code with GPL code and distribute it. They'll either take guidance on microsoft on how to code interoperability with windows to write GPL code that sits inside, say, openoffice, or they'll use MS ideas to write their own proprietary tools from scratch and then sell them. The non-sue part of the Novell/MS agreement is that they won't sue their respective customers, not that they won't sue each other. This means if you obtain GPL code with a MS patent in it from Novell, MS won't sue you. Twisted, a bit, I think.Because by using a table as a stylistic and not a semantic element, you're depriving me of the ability and the choice of viewing your page without any styling at all. For a well designed page, I should be able to switch all styling off and have the content presented to me in a logical, sensible manner. If you use tables and I switch CSS off, I've suddenly got a whole bunch of information presented in a table for absolutely no reason. People aren't saying "Don't use the table", they're saying "Don't use the table unless you're presenting tabular data". There's no such campaign for the "death of the table", that's just retarded. People who mis-use HTML are, however, annoying.
The actual nature of the content and the way it is presented on the page should be two completely separate things, usually written by two different people. That means don't change the semantics of the data just to fit your styling needs. Style the way the standards say. If using tables was ok, most people wouldn't be pissed off that no browser follows the styling standard properly yet - they'd just use tables.
I don't think I said it was different as though it were something magical that I'd stumbled across whilst looking for the fairies.
Now that you mention it, I'd say it's fundamentally different from the scores of people I see downloading toolkits and libraries to do every single thing they need, and then trying to patch it horribly together. I see this every day, and I see people trying to troubleshoot this sort of thing every day.
Also, I wouldn't say there's a "normal" development mindset either - some people like to build everything themselves, some people like to re-use other people's code as much as possible, others prefer a more middling route. The "should we build it ourself vs should we let someone else do this bit" is a huge debate that applies to many areas of both development and just general business practices. I'm a "build it yourself" person, but my point was that I can see that something like the GWT is silly to ignore, unlike, say, the hundreds of different CMS's that exist. These I can safely ignore, given that I've built something that works better for my needs, and is more maintainable by me.
It doesn't. You missed the point. I tend to think in the "build it yourself" mindset, but I don't write my own compiler, or my own XML parser plugin for Perl. Sometimes, it just doesn't make sense to build something when there's a tool out there that helps you achieve the ultimate goal. Sure, I don't learn about how to get around browser specific JS bugs with the GWT, but on the upside, I get to learn Java. Bigger benefit.
I've always been of the "build it yourself" philosophy in the past, when I first coded my website (4 years ago), I built the blog, the guestbook, the cms, everything. I don't have a CS degree, and this proved to be a valuable way to learn some programming skills.
Even today, I start new projects, I look at existing offerings, reject them and try and put it together myself. I'm currently some way through building an AJAXy online photo-management tool. It's fun stumbling across a bunch of unanticipated problems and figuring out how to fix them. At the end of the day though, with this particular project, I just want something that's asynchronous, but as reliable and cross platform as gmail.
When the people who make the application whose standards you're trying to match release a toolkit that helps you do that, I'm having me some of that.
Qmail I think does this by default. Accepts all mail then fires a bounce if it can't deliver it.
Give a medal to the guy who thought of that one.
Well, serious news agencies like AP and Reuters don't tend to report on the same stories that the tabloids would report on. "Britney flashes muff shocker" doesn't register as "news" for many agencies, so any submissions from the public along those sorts of lines would be rightly ignored as crap, which is what they are.
"Stealing", in law implies unlawfully depriving the victim of goods which are rightfully theirs. No-one is stealing anything. Stop using that word.
Also, because copyright infringement is a civil offence, I'm not personally bothered about the fact that the RIAA are filing lawsuits for damages. What I, and I think others, are bothered about is the way they're completely abusing their power, money and the US justice system to file lawsuits based on effectively zero evidence. If they bothered to take the time to come up with good evidence and then sue, I wouldn't have a problem.
I always thought it was a distance issue. If it could broadcast further than 30cm then it needed a license. Remember reading about that when looking at bike computers which broadcast a radio signal from the wheel to the handlebars....
Whilst I agree in spirit, the single problem with email now is that you have no way of knowing if a sender really is who they say they are. I can send an email to you which claims to be from Steve Ballmer and you have no way of knowing 100% if it's real or not.
I'm not sure how this would be solved with a redesign either. The only way I can think of doing it is to have a mandatory digital signature attached to the email, so you can lookup exactly who signed it and prosecute/disable signature if spam. If someone sends an email with an invalid signature, it gets rejected by the mailserver. Downside is that you need a central body to supply these signatures. Verisign perhaps? This would then mean a charge for anyone who wanted to use email, but that might be a good thing. Once you have an organisation though, you have corruption, and spammers will find a way to infiltrate this.
There's also the issue of getting serious momentum going. I could set up a company, and broker a deal with Versign or someone to supply and keep a lookup database of digital signatures. A few geeks will sign up and set their mailservers to reject all mail that doesn't come with a valid signature. Thing is, they'd have to get a lot of major e-tailors to sign up to this as well, otherwise every time I buy something from Amazon, and they want to talk to me about it, I'll have no idea.
Just kicking ideas around. :)
Rubbish.
Some offences are criminal offences and others are civil offences. In the UK at least, they are tried in completely separate courts. You cannot be arrested by the police, or prosecuted by the crown for a civil offence. Examples of civil offences are: Copyright infringement, libel, trespass. All that can happen is that the person who has the complaint can sue you in a civil court.
Not to mention that the methodology behind coming to a verdict is completely different in a criminal and civil court. In a criminal court, you have to be demonstrated to be guilty beyond reasonably doubt. In a civil court, you just have to argue that the percentage of blame that falls on yourself is 0. The judge may decide it's 35% your fault, 65% the other guy's, and award damages accordingly.
Criminal and civil offences are completely different things - I imagine that one is perceived to be a crime against society/the state, whereas the other is a crime specifically against a particular person/group, who can then choose whether to sue you about it.
Assuming you want UK English - did you install the British dictionary?
The only problem with think-tanks is that they're constantly coming up with common sense and good ideas like this, but no one in actual real grown-up government will give a rats ass. They commission a study to show that they care about the issue and then ignore the results. That's politics!
Don't forget kids, all these problems will be solved when the US govt goes to ipv6. Since no-one else will be using it, it will confound and confuse anyone trying to hack in!
It's probably because these 'awards' are dreamed up and given out by 'Marketing' folk who are too stuck up their own arse to waste time talking to technical experts to find out if what they're doing makes any sense.
I, for one, welcome our new supreme laser-wielding lego overlords.
If it's really that easy to bribe someone on the inside and smuggle a virus in, someone should do it for real in the upcoming election. Produce an outcome for one state (say, that's fiercely Republican) which is 100% Democrat across all counties. Then someone might take notice.
I see where you're coming from - I don't think that just having one perimeter as a firewall is a good idea. I think it's an insane idea. I also think that relying on the quality of code in your applications alone for security as well is an insane idea, which was the point I was trying to make. The author was saying that you could throw away your firewalls if you have perfect code, and I was saying that throwing away anything that makes an intruder's life difficult is insane.
We'll just have to agree to disagree. The problem with applications that can't be compromised is that any user of that software has to trust the people who made it. Or do a complete code audit which is a) expensive and b) impossible. If a company could completly audit every single piece of software it used to make sure it was completely secure, it would *still* use firewalls. Why? Because you can't necessarily trust the guy who's doing the auditing.
Of course, you can't trust the people who make the firewall software/hardware either, but it's quicker/easier to do extremely thorough security testing on one class of appliance (firewall) than on every single box in the datacenter.
I'm absolutely not trying to argue that firewalls are the be-all and end-all of security. I completely agree that they can create a false sense of security. I'm trying to argue that they are essential, even if you think all of your code is secure.
It was an example. If you've got a huge DoS attack coming from a large botnet, 80% of which is AOL, you can provide a good temporary measure of just blocking AOL's entire network. Sure, people can spoof their ip, bt that's not the point. A firewall gives you more control over access to your network than the individual services on that network ever could.
I disagree. In a datacenter, you'll probably have each service you provide divided up into various 'cells'. Each one of these cells may connect to the outside world in some way, either through the internet, or some large MPLS cloud, or whatever. Each cell will probably be split up in a number of different ways, traditionally a core and a DMZ. You probably have some sort of management lan infrastructure behind the whole thing as well. You might also want to have some of the cells communicate with each other on the backend, or to talk to a common db.
Ok, so you've got firewalls between the WAN and your DMZ, firewalls between the DMZ and the core, firewalls between the core backend and any other cell, and firewalls between the management network and the cells. The situation tends to be slightly more than "You've got a datacenter behind a firewall".
The whole point of this setup is so that if one portion of the datacenter is compromised, you isolate that to the smallest possible area you can. If I want to only allow my management lan access during the hours of 10am and 4pm (silly, but bear with me), where do I configure that? On the firewall? Perhaps?
Firewalls and routers are very different things. One tells the network traffic where to go, the other tells it if it's allowed to go there. Of course, this is invisible to the client, who just sends packets off which either find their route (allowed and routable) or don't (either routable and not allowed, or just not routable). Even if all of my applications and OS's wern't fundamentally flawed, I'd be an idiot not to use firewalls, because of the amount of control they allow on the network. If I want to shut down access from one network on a specific port, I can do it quickly and easily on a firewall. This isn't even possible for the application to do a lot of the time as it's just seeing packets coming from the router, and doesn't necessarily know where they started out life.