A friend of mine said to me a while back: "I've decided I'm going to skip Facebook, and then skip the thing that comes after Facebook, and join the one that comes after that."

There is much wisdom in her plan.

Whoops, I meant "nonreusable", sorry. (Though I believe they're also planning to make the Falcon recoverable and reusable eventually.)

Actually, the Falcon 9, unlike most reusable boosters, was designed in advance to carry humans. It meets all of NASA's requirements for a human-rated vehicle except for an escape system. SpaceX has stated their intention to dot that final i within a couple of years. The Dragon spacecraft they're designing for the Falcon 9 will support a crew of 7.

DNSSEC and DNSCurve solve two different (though overlapping) problems. DNSSEC is about end-to-end authentication and validation: It strives to ensure that the data you received is the data the actual owner of a name server intended to send, unaltered by anyone along the way. DNSCurve is about ensuring a trustworthy connection between the authoritative name server and the resolver (and incidentally about encrypting queries, which is nice), but it doesn't do a thing to keep the resolver from lying to you. Man in the middle is a problem with DNS, as anyone who stays in hotels frequently can attest.

As for set-it-and-forget-it, if you use BIND 9.7 (on which, full disclosure, I was the lead engineer), it comes pretty close. If you don't roll keys, it can maintain itself forever, and you can roll ZSK's with a cron job. Rolling KSK's still requires operator intervention in most cases. (But rolling keys is optional; people with higher security needs will want to do it often, but low-value targets can get away with doing it infrequently or never.)

Thank you very much for looking at the code. If you could send critiques like that to the developer list instead of posting them to slashdot, it'd have a better chance of getting attention from the other developers.

Actually the bit you're looking at is libdns, which we're trying to design in such a way that it can be used by other DNS-aware applications, not just BIND. (I happen to agree with several of your other points, though, and there are places outside libdns where the pimpl thing was used and maybe shouldn't have been.)

Try it some time! It's fun! I can even refer you to an ongoing open-source project that you can contribute to, if you like! :)

To give a rough idea of scale, BIND 9 has about half a million lines of C code, and the first release took a couple of years to write.

(BIND 10, in its current minimal and unfinished state, is about 40,000 lines of C++, and 10,000 lines of python.)

Wined and dined.

We wrote lots of tests. (How else would we know it has bugs in it?) This is a somewhat fair criticism of BIND 9, but read the link before you assume we didn't learn any lessons from the past. The unit tests are included in the tarball and coverage results are viewable online.

'Cause it's open source software, emphasis on "open". It won't be done for another couple of years, but you can look at the work in progress. You can even help write it if you want.

I sure hope not, as those are all specific design goals for the project (and they're among the failings of BIND 9 that made us want to redesign it in the first place). I meant "difficult to use" -- the user interface basically doesn't exist yet.

...is that only the one person is allowed to write sequels. The first story set in that world was written in 1940; under the copyright terms in effect at the time, it should've been in the public domain in 1996. There should be lots and lots of derivative works out there competing in the marketplace, instead of only one "authorized" one making the Asimov estate a pile of money that none of them actually earned.

He's the president of the company that's doing the work.