I know patents protect against independent invention, reverse engineering, etc.
Minor correction: Patents do not protect against reverse engineering. That's copyrights (DMCA). Patents, in theory, eliminate the need for reverse engineering because they REQUIRE the "invention" be disclosed so anyone can use it when the patent expires. (Note: the descriptions are often very well obfuscated, but the patent inspectors often don't understand the patent app well enough to realize this, an, even if they do, as long as the description is accurate, even if almost impossible to understand, it's still OK.)
Having read the new CJ story, I agree that the reports did get a bit over the top, but it was hardly "hysterical bunk". Most of the original story was correct, though the headline was misleading. And the finger pointing as to who was behind it (federal, state, school employee, teacher?) tells me that lots of ass covering is going on.
Someone did something stupid, probably for the benefit of the school's finances and they got their fingers burned for it. Hopefully this will result in such idiocy not happening again, though I doubt it. It was still the result of a petty tyrant's actions and there are always lots of those, even if the stories seriously exaggerated the nature of the petty tyrant's intervention.
First, end-to-end encryption was never required by IPv6. IPv6 did include all of the hooks required to encryption which were lacking in IPv4 but there was never any idea that all IPv6 traffic would be encrypted. In the years that have passed since IPv6 specs were written that some capability has been grafted onto IPv4. It's called IPSec and is used almost universally for VPNs. You too can use it if you feel so inclined, but the key exchange part makes it rather impractical for general, let alone universal use.
Second, IPv6 is far, far from dead. There were a number of providers who were attempting to use large scale NAT to deal with the lack of IPv4 address space but most have reached the conclusion that it is simply not practical as a general solution. Too much state that must be maintained and really, really bad things happen if it becomes inconsistent.
Comcast is now doing IPv6 to homes and businesses and I believe I've heard that Verizon is starting to roll it out, as well. I know that the Comcast roll-out is still fairly limited, but the intent is to make it a universal capability as quickly as is practical without major impact on current production services. I'm a Verizon customer, but I am less certain about their status and have no idea about Cox, Time-Warner, etc. I suspect that they are also working on it.
Discoveries are not theories, but the several theories of evolution attempt to explain how evolution happens and why. Evolution was widely accepted as a fact long before Darwin, but he presented the first fairly complete and credible theory on how it happened. Several other theories have been brought forward since which incorporate different parts of Darwin's theory along with different explanations for other parts. (Darwin was certainly wrong about some significant aspects of evolution.)
The evidence that evolution happens is really pretty incontrovertible. It's the details of how that are theories. And most people don't understand that true theory requires significant evidence to back it up. The public usually conflates theories and hypotheses.
Just to clarify this huge over-simplification, Bell Labs did not turn into Lucent and go broke. A big chunk of AT&T including its entire hardware manufacturing business, Western Electric were spun off into Lucent. Lucent got all of the pieces of the old AT&T that AT&T felt would not be useful in an deregulated business. Other than Western Electric, which had ot be spun off to make the FTC, DOJ, and probably Judge Green happy, it also got any bits AT&T owned that were not looking to provide short-term profit. Bell Labs was one of these. They also got many new office facilities with big mortgages while AT&T kept the older ones that were paid for.
The amazing part of this is that Lucent almost outlived AT&T as both failed to compete effectively in the deregulated world. But Lucent was born to fail and almost didn't. Not that Bell Labs had much to do with it one way or the other.
The "Smart" in SmartCard indeed means that they are smart. The ones we use at work are programmable, run a tiny OS, and can be logged into (after a fashion). The CPUs do real crypto using RSA. A SmartCard has flash to store data, so a one-time key (like CVV2) is not hard at all. My SmartCard can generate an SSH key-pair and does not ever release the private key. It does the RSA challenge-response operations allowing secure login to a standard SSH client.
While I don't know if the CVV stuff is true, it is certainly possible.
The problem began when some person, probably in PR, came up with the term "Intellectual property". It caught on as the RIAA and others realized the power of the term in making it seem that that information can be "owned" like a house or a car. Now the meme has taken hold, people ARE thinking of information in the same class and, instead of fostering innovation, it is strangling it.
And don't forget to let your congress critter know what you think of the "Protect IP" act which will largely codify that information is "owned" and take it further by allowing them to control what is said on the Internet. (Not that it will help unless you have the sort of money that can compete with the entertainment lobby.) "Protect IP" will be the end of the Internet as we know it.
There may be some truth to this. My high school physics teacher was in his first year teaching and clearly thought he was teaching a college class. It was brutal with about 2 hours of homework a night and every day started with a quiz on the material. The class started with about 20 students and 7 finished, only one with an 'A'. The teacher was fired due to complaints from parents (which I still feel was appropriate).
My college physics class was breeze, since I know most all of the material when I walked in the door.
While I think the teacher went way overboard, for those who could cut it (I managed a 'B"), it was an outstanding experience, though I did not feel that way 40 years ago. Probably something between that class and and a "typical" class would have been ideal, but I was ready for college classes, at least and I really appreciate it.
By the way, The teacher, Gary Mantelli, was re-hired a year later after promising not to push so hard and taught until shortly before his death about 5 years later. I wish I had gotten a chance to thank him!
Federal laws that make firing a federal employee on civil service date to well before labor unions were an issue. Not that there were none, but the very idea of allowing such "socialist" organization be involved with the government was unthinkable.
The laws that make firing civil servants nearly impossible descend from the days when administrations routinely were replacing large numbers of federal workers with friends and supporters, the "spoils system".
The "spoils system" took hold during the Andrew Jackson administration and continued for half century until the passage of the Pendleton Act in 1883 ended the practice by protecting the jobs of civil servants from political involvement. Making it very hard to fire a civil servant was an unfortunate side effect, but was not in any way tied to labor unions who had minimal political power in the 1880s.
All this discussion seem to prove is that people don't handle really big numbers well.
Allocations are, for a variety of reasons, assigned such that a subnet is almost always a/64. So the reality is that there are NOT 2**128 addresses. There are really 2**64 ne5works which will always be overwhelmingly sparsely populated. This is not waste. 2**64 is 18*10**18 or (using American terms for big numbers) 18 quintillion or 18,446,744,073,709,551,616 networks.
A/32 is in incredibly tiny bit of this space.
Yes, I'm sure that, with really, really bad allocation policy we could manage to screw things up, but it would take a major effort. And at this time only an eighth of the space is even available with the other seven eighths reserved to be handled differently if we learn that we have made mistakes to that point. 18 quintillion is a really big number...so big people can't really grasp it. After all, people worry about a 14 trillion dollar deficit and really can't conceptualize that number. 18 quintillion is in a whole category form such tiny numbers.
I have a D-Link DIR-825-B1 and have seen no problems with it. I have it because it is one of the few home routers that supports IPv6. (Yes, I know that you probably don't care.) I have run DD-WRT on it and it works fine.
The unit is actually a Cameo router that D-Link re-labels.
Also, be sure that you get a Rev. B1 unit. It is Atheros based and has DD-WRT support. The A1 uses a different chip and is will not run DD-WRT or OpenWRT. The revision is clearly marked on the box.
Whether you run the standard firmware of DD-WRT, it is a full-featured box and has been very reliable with the standard firmware. DD-WRT occasionally starts running slowly and will eventually stop routing.No sign of memory exhaustion, but that is what it acts like. Reset gets it back on-line at full speed. It fails very sporadically. This is documented on the DD-WRT wiki.
What this is is the new generation of Intel CPUs which include a built-in GPU and frame buffer, usually advertized as an "Intel 3000". They are capable of providing moderate graphics as well as support for GPU off-load of some operating system functions.
The daughter cards, as far as I know, are all "Optimus" versions of nVidia GPUs which don't have frame buffers or other basic capabilities, but share the on-board GPU for those capabilities while providing much higher powered graphics for games and other graphics intensive applications.
The down-side to this is that the card APIs are proprietary (not a big surprise for an nVidia card), so there is no open-source support and i is not likely to appear soon, although it is being worked on, but nVidia has stated that, unlike their stand-alone cards, they have no plans to provide a proprietary binary driver for Linux or FreeBSD, so these cards are useless on systems not running Windows (or, probably, MacOS).
AMD is doing something similar, but AMD (ATi) publishes APIs and programming information, so those may be available for open source systems before the Intel/nVidia ones are.
The more common case of re-directing queries to port 53 to their server which responds with the address of their internal advertizing page (such as the one Comcast uses) will be stopped and Comcast has already acknowledged that they will be forced to stop the practice. I do give them credit for agreeing to enable DNSSEC on their servers even though it does break this advertizing mechanism.
You are confused. DNSSEC (no hyphen) does not use certificates nor CAs.
DNSSEC uses an anchored chain of trust system applicable to only hierarchical systems. It is similar in may ways to PGP, but, as long as a DNS operator chooses to trust a root key (not cert), the rest of the trust is cryptographically chained to the bottom of the tree.
The system does place a great deal of responsibility on the root, but, if you read the way the keys are handled, the actual "keys to the kingdom" are spread across a number of people, all well known and not a part of ICANN. A fair percentage are academics. It is a very elegant and very carefully thought out system and is cryptographically provable.
Also, similar to SSH, only you hold the private keys for your zones. You don't give those to anyone.
An even bigger solar project based on more traditional photovoltaics is in the works for the eastern edge of Alameda County, California. An article in today's Contra Costa Times states "At 400 megawatts, the Mountain House solar complex could produce more electricity than the 370-megawatt plant that Oakland-based BrightSource Energy aims to construct in the Mojave Desert near the Ivanpah settlement."
The problem with DNSSEC are not at all "chicken & egg" in nature. It's one of the need for adoption from top to bottom and that is moving along well. It's simply a matter of critical mass. Many applications either are or can be DNSSEC aware. DNSSEC plug-ins are available for several browsers, but are pretty useless until the providers of name service enable validation. Until.com is signed AND registrars are accepting public keys for.com, DNSSEC to the end user won't happen, but that is coming, if rather slowly.
Another issue is maturing of software. DNS is critical to network operations and people are not going to be using it globally until the software available make this both reliable and easily implementable, it will often just happen. BIND V9.8 will get close and I hope BIND 10 gets us all the way.
Finally, DNSSEC is not free. It takes at least a bit of work to implement it, so I really don't think that you will see people signing DNS for the page with the family pictures. It will start with banks and such.
While there are some real issues ahead ofr DNSSEC, but its implementation seems to be going just fine for now.
As a network engineer not beholden to Comcast (except as a customer) who has spent considerable time implementing DNSSEC for a non-commercial network, DNSSEC completely removes the ability of the carrier to mess with DNS responses. You can be certain that, if a systems DNS data is signed and the public key has been passed to the delegating zone, the DNS response is correct and authoritative. If it is not signed and the public key supplied, DNSEC has NO effect at all.
In computer security circles Comcast is being congratulated for making this step and I certainly add my congratulations.
Oh, this will also be the end the odious Comcast DNS redirection scheme as DNSSEC will make it impossible once the top level domains (com, net, org, edu, gov etc) are signed. Comcast cannot become involved in any domain other than those they own. (E.g. comcast.com, comcast.net)
FWIW, I have seen it over the past two weeks in Oakland (OAK), San Francisco (SFO), Atlanta (ATL), and Denver (DEN). I've also seen it in several public areas outside of airports.
TFA is bad enough, but the comments to the thread are simply stunning in the level people will go to to avoid dealing with something new. Every old obsolete or never valid saw about IPv6 is getting re-hashed. None will make any difference.
To be very, very clear, IPv6 will happen. There is no way around it. There is almost no IPv4 address space left. The folks who are at the top of the structure that assigns addresses will run out in the middle of next year. The next tier, call Regional Internet Registries may have addresses available for another year. By the end of 2012, there will be no address space available to assign. For the gory details, see the IPv4 Countdown Page. Especially, look at Figure 35. That is reality.
As an end users, you may not care. Comcast is already beta testing IPv6 to its customers. I assume others are or soon will be doing so soon, but this should be mostly transparent to users as their system will only require IPv4 and that will be NATed behind an IPv6 address. But it must happen or people will not be able to get new addresses. That is the bottom line. IPv4 will remain in use for many years, but the net will start getting smaller and smaller for those who don't implement IPv6.
I have learned several languages by starting with the "Learning..." book. Perl, Python, PHP, Java are all covered and written to learnthe languages, not as references. (They publish references, too, but those are for after you have learned the language.)
Also, don't sell Fortran and COBOL skills short. There is a real demand for people who can program these...especially COBOL. (Lots more folks are still writing Fortran than COBOL, but lots of businesses are running COBOL and need people who can update and modify the codes written a couple of decades ago.
I think you have spent little time working in image processing (quality would need to be 2.6Mp, not 2) and little time working on biometrics.
The problem you describe has been there for a long time and is re-learned regularly. This is why iris scans are better then retinal scans. Irises move.
For a decent biometric system, you MUST include the bio part as a fundamental requirement. An obvious one is to process multiple captures and look for eye movement. (Eyes in living humans ALWAYS move over very short time spans.)
As long as the implementers of the system really understand this, there are probably several ways to tell a photo from a live face.
Folks, the claim that the issue is the inability to hear the flight attendants is a red herring.
If you read the rules (at least on Southwest), noise suppression headphones (e.g. Bose Quiet Comfort) may be powered on at all times including take-off and landing.
As one of the primary sources for this article, I'm rather distressed that the author really missed much of the point of a talk I made several months ago. When I spoke with Mr. Beckman, he was not clear on how the Internet numbering system works and, while he was was close in this article, he still does not appear to quite get it.
One thing he got exactly right is that "If people have legitimate rules that permit address transfers, they'll use them instead of a black market." There is now a formal ARIN transfer policy which will allow transfers of address space for payment. This is the critical bit that will probably prevent any significant black market from developing and, more importantly, having any real impact on the Internet at large.
The other thing that is absolutely right was his calling me an "pseudo economist". I am an engineer, not an economist, even if I do play one from time to time.
the one things I must say is that the IPv4 address space is near exhaustion and things will change. The adoption of IPv6, it undertaken soon and in a competent manner, looks to be far the most likely way to the future. Not the only way, but the only way I see to continue the growth of the Internet as we know it today. It does not mean that massive NAT implementation, which will eventually re-shape the Internet into a very different thing, won't be what happens.
Then again, I am only a "pseudo Economist" and even the real economists don't agree very often.
Slashdot Mirror
I know patents protect against independent invention, reverse engineering, etc.
Minor correction: Patents do not protect against reverse engineering. That's copyrights (DMCA). Patents, in theory, eliminate the need for reverse engineering because they REQUIRE the "invention" be disclosed so anyone can use it when the patent expires. (Note: the descriptions are often very well obfuscated, but the patent inspectors often don't understand the patent app well enough to realize this, an, even if they do, as long as the description is accurate, even if almost impossible to understand, it's still OK.)
Having read the new CJ story, I agree that the reports did get a bit over the top, but it was hardly "hysterical bunk". Most of the original story was correct, though the headline was misleading. And the finger pointing as to who was behind it (federal, state, school employee, teacher?) tells me that lots of ass covering is going on.
Someone did something stupid, probably for the benefit of the school's finances and they got their fingers burned for it. Hopefully this will result in such idiocy not happening again, though I doubt it. It was still the result of a petty tyrant's actions and there are always lots of those, even if the stories seriously exaggerated the nature of the petty tyrant's intervention.
Ahh...No. and no.
First, end-to-end encryption was never required by IPv6. IPv6 did include all of the hooks required to encryption which were lacking in IPv4 but there was never any idea that all IPv6 traffic would be encrypted. In the years that have passed since IPv6 specs were written that some capability has been grafted onto IPv4. It's called IPSec and is used almost universally for VPNs. You too can use it if you feel so inclined, but the key exchange part makes it rather impractical for general, let alone universal use.
Second, IPv6 is far, far from dead. There were a number of providers who were attempting to use large scale NAT to deal with the lack of IPv4 address space but most have reached the conclusion that it is simply not practical as a general solution. Too much state that must be maintained and really, really bad things happen if it becomes inconsistent.
Comcast is now doing IPv6 to homes and businesses and I believe I've heard that Verizon is starting to roll it out, as well. I know that the Comcast roll-out is still fairly limited, but the intent is to make it a universal capability as quickly as is practical without major impact on current production services. I'm a Verizon customer, but I am less certain about their status and have no idea about Cox, Time-Warner, etc. I suspect that they are also working on it.
Discoveries are not theories, but the several theories of evolution attempt to explain how evolution happens and why. Evolution was widely accepted as a fact long before Darwin, but he presented the first fairly complete and credible theory on how it happened. Several other theories have been brought forward since which incorporate different parts of Darwin's theory along with different explanations for other parts. (Darwin was certainly wrong about some significant aspects of evolution.)
The evidence that evolution happens is really pretty incontrovertible. It's the details of how that are theories. And most people don't understand that true theory requires significant evidence to back it up. The public usually conflates theories and hypotheses.
Just to clarify this huge over-simplification, Bell Labs did not turn into Lucent and go broke. A big chunk of AT&T including its entire hardware manufacturing business, Western Electric were spun off into Lucent. Lucent got all of the pieces of the old AT&T that AT&T felt would not be useful in an deregulated business. Other than Western Electric, which had ot be spun off to make the FTC, DOJ, and probably Judge Green happy, it also got any bits AT&T owned that were not looking to provide short-term profit. Bell Labs was one of these. They also got many new office facilities with big mortgages while AT&T kept the older ones that were paid for.
The amazing part of this is that Lucent almost outlived AT&T as both failed to compete effectively in the deregulated world. But Lucent was born to fail and almost didn't. Not that Bell Labs had much to do with it one way or the other.
The "Smart" in SmartCard indeed means that they are smart. The ones we use at work are programmable, run a tiny OS, and can be logged into (after a fashion). The CPUs do real crypto using RSA. A SmartCard has flash to store data, so a one-time key (like CVV2) is not hard at all. My SmartCard can generate an SSH key-pair and does not ever release the private key. It does the RSA challenge-response operations allowing secure login to a standard SSH client.
While I don't know if the CVV stuff is true, it is certainly possible.
The problem began when some person, probably in PR, came up with the term "Intellectual property". It caught on as the RIAA and others realized the power of the term in making it seem that that information can be "owned" like a house or a car. Now the meme has taken hold, people ARE thinking of information in the same class and, instead of fostering innovation, it is strangling it.
And don't forget to let your congress critter know what you think of the "Protect IP" act which will largely codify that information is "owned" and take it further by allowing them to control what is said on the Internet. (Not that it will help unless you have the sort of money that can compete with the entertainment lobby.) "Protect IP" will be the end of the Internet as we know it.
There may be some truth to this. My high school physics teacher was in his first year teaching and clearly thought he was teaching a college class. It was brutal with about 2 hours of homework a night and every day started with a quiz on the material. The class started with about 20 students and 7 finished, only one with an 'A'. The teacher was fired due to complaints from parents (which I still feel was appropriate).
My college physics class was breeze, since I know most all of the material when I walked in the door.
While I think the teacher went way overboard, for those who could cut it (I managed a 'B"), it was an outstanding experience, though I did not feel that way 40 years ago. Probably something between that class and and a "typical" class would have been ideal, but I was ready for college classes, at least and I really appreciate it.
By the way, The teacher, Gary Mantelli, was re-hired a year later after promising not to push so hard and taught until shortly before his death about 5 years later. I wish I had gotten a chance to thank him!
Federal laws that make firing a federal employee on civil service date to well before labor unions were an issue. Not that there were none, but the very idea of allowing such "socialist" organization be involved with the government was unthinkable. The laws that make firing civil servants nearly impossible descend from the days when administrations routinely were replacing large numbers of federal workers with friends and supporters, the "spoils system".
The "spoils system" took hold during the Andrew Jackson administration and continued for half century until the passage of the Pendleton Act in 1883 ended the practice by protecting the jobs of civil servants from political involvement. Making it very hard to fire a civil servant was an unfortunate side effect, but was not in any way tied to labor unions who had minimal political power in the 1880s.
All this discussion seem to prove is that people don't handle really big numbers well.
Allocations are, for a variety of reasons, assigned such that a subnet is almost always a /64. So the reality is that there are NOT 2**128 addresses. There are really 2**64 ne5works which will always be overwhelmingly sparsely populated. This is not waste. 2**64 is 18*10**18 or (using American terms for big numbers) 18 quintillion or 18,446,744,073,709,551,616 networks.
A /32 is in incredibly tiny bit of this space.
Yes, I'm sure that, with really, really bad allocation policy we could manage to screw things up, but it would take a major effort. And at this time only an eighth of the space is even available with the other seven eighths reserved to be handled differently if we learn that we have made mistakes to that point. 18 quintillion is a really big number...so big people can't really grasp it. After all, people worry about a 14 trillion dollar deficit and really can't conceptualize that number. 18 quintillion is in a whole category form such tiny numbers.
I have a D-Link DIR-825-B1 and have seen no problems with it. I have it because it is one of the few home routers that supports IPv6. (Yes, I know that you probably don't care.) I have run DD-WRT on it and it works fine.
The unit is actually a Cameo router that D-Link re-labels.
Also, be sure that you get a Rev. B1 unit. It is Atheros based and has DD-WRT support. The A1 uses a different chip and is will not run DD-WRT or OpenWRT. The revision is clearly marked on the box.
Whether you run the standard firmware of DD-WRT, it is a full-featured box and has been very reliable with the standard firmware. DD-WRT occasionally starts running slowly and will eventually stop routing.No sign of memory exhaustion, but that is what it acts like. Reset gets it back on-line at full speed. It fails very sporadically. This is documented on the DD-WRT wiki.
What this is is the new generation of Intel CPUs which include a built-in GPU and frame buffer, usually advertized as an "Intel 3000". They are capable of providing moderate graphics as well as support for GPU off-load of some operating system functions.
The daughter cards, as far as I know, are all "Optimus" versions of nVidia GPUs which don't have frame buffers or other basic capabilities, but share the on-board GPU for those capabilities while providing much higher powered graphics for games and other graphics intensive applications.
The down-side to this is that the card APIs are proprietary (not a big surprise for an nVidia card), so there is no open-source support and i is not likely to appear soon, although it is being worked on, but nVidia has stated that, unlike their stand-alone cards, they have no plans to provide a proprietary binary driver for Linux or FreeBSD, so these cards are useless on systems not running Windows (or, probably, MacOS).
AMD is doing something similar, but AMD (ATi) publishes APIs and programming information, so those may be available for open source systems before the Intel/nVidia ones are.
Probably would have gotten an even stronger response if it had played "On Wisconsin".
The literal case of a 404 will not be affected.
The more common case of re-directing queries to port 53 to their server which responds with the address of their internal advertizing page (such as the one Comcast uses) will be stopped and Comcast has already acknowledged that they will be forced to stop the practice. I do give them credit for agreeing to enable DNSSEC on their servers even though it does break this advertizing mechanism.
You are confused. DNSSEC (no hyphen) does not use certificates nor CAs.
DNSSEC uses an anchored chain of trust system applicable to only hierarchical systems. It is similar in may ways to PGP, but, as long as a DNS operator chooses to trust a root key (not cert), the rest of the trust is cryptographically chained to the bottom of the tree.
The system does place a great deal of responsibility on the root, but, if you read the way the keys are handled, the actual "keys to the kingdom" are spread across a number of people, all well known and not a part of ICANN. A fair percentage are academics. It is a very elegant and very carefully thought out system and is cryptographically provable.
Also, similar to SSH, only you hold the private keys for your zones. You don't give those to anyone.
An even bigger solar project based on more traditional photovoltaics is in the works for the eastern edge of Alameda County, California. An article in today's Contra Costa Times states "At 400 megawatts, the Mountain House solar complex could produce more electricity than the 370-megawatt plant that Oakland-based BrightSource Energy aims to construct in the Mojave Desert near the Ivanpah settlement."
Another issue is maturing of software. DNS is critical to network operations and people are not going to be using it globally until the software available make this both reliable and easily implementable, it will often just happen. BIND V9.8 will get close and I hope BIND 10 gets us all the way.
Finally, DNSSEC is not free. It takes at least a bit of work to implement it, so I really don't think that you will see people signing DNS for the page with the family pictures. It will start with banks and such.
While there are some real issues ahead ofr DNSSEC, but its implementation seems to be going just fine for now.
In computer security circles Comcast is being congratulated for making this step and I certainly add my congratulations.
Oh, this will also be the end the odious Comcast DNS redirection scheme as DNSSEC will make it impossible once the top level domains (com, net, org, edu, gov etc) are signed. Comcast cannot become involved in any domain other than those they own. (E.g. comcast.com, comcast.net)
FWIW, I have seen it over the past two weeks in Oakland (OAK), San Francisco (SFO), Atlanta (ATL), and Denver (DEN). I've also seen it in several public areas outside of airports.
GNU easily pre-dates Linux, but Linus' contribution was still very significant, if nothing else in that it provided a second "Unix" kernel.
Cross-pollination between BSD based kernels and Linux continue to the present. Both BSD and Linux are better kernels as a result.
To be very, very clear, IPv6 will happen. There is no way around it. There is almost no IPv4 address space left. The folks who are at the top of the structure that assigns addresses will run out in the middle of next year. The next tier, call Regional Internet Registries may have addresses available for another year. By the end of 2012, there will be no address space available to assign. For the gory details, see the IPv4 Countdown Page. Especially, look at Figure 35. That is reality.
As an end users, you may not care. Comcast is already beta testing IPv6 to its customers. I assume others are or soon will be doing so soon, but this should be mostly transparent to users as their system will only require IPv4 and that will be NATed behind an IPv6 address. But it must happen or people will not be able to get new addresses. That is the bottom line. IPv4 will remain in use for many years, but the net will start getting smaller and smaller for those who don't implement IPv6.
Also, don't sell Fortran and COBOL skills short. There is a real demand for people who can program these...especially COBOL. (Lots more folks are still writing Fortran than COBOL, but lots of businesses are running COBOL and need people who can update and modify the codes written a couple of decades ago.
For a decent biometric system, you MUST include the bio part as a fundamental requirement. An obvious one is to process multiple captures and look for eye movement. (Eyes in living humans ALWAYS move over very short time spans.) As long as the implementers of the system really understand this, there are probably several ways to tell a photo from a live face.
If you read the rules (at least on Southwest), noise suppression headphones (e.g. Bose Quiet Comfort) may be powered on at all times including take-off and landing.
One thing he got exactly right is that "If people have legitimate rules that permit address transfers, they'll use them instead of a black market." There is now a formal ARIN transfer policy which will allow transfers of address space for payment. This is the critical bit that will probably prevent any significant black market from developing and, more importantly, having any real impact on the Internet at large.
The other thing that is absolutely right was his calling me an "pseudo economist". I am an engineer, not an economist, even if I do play one from time to time.
the one things I must say is that the IPv4 address space is near exhaustion and things will change. The adoption of IPv6, it undertaken soon and in a competent manner, looks to be far the most likely way to the future. Not the only way, but the only way I see to continue the growth of the Internet as we know it today. It does not mean that massive NAT implementation, which will eventually re-shape the Internet into a very different thing, won't be what happens.
Then again, I am only a "pseudo Economist" and even the real economists don't agree very often.