ORLY

I think that is a grave mistake on Microsoft's part. It makes people think that they can still run Windows XP securely, just intercepting viruses that match the signatures, instead of patching the underlying vulnerabilities.

I also think continuing to let OEMs install Windows XP until Windows 7 was also a grave mistake. In the short term, it slowed people from fleeing to Linux, especially for the early-model netbooks. In the long term, it has delayed the end of Windows XP by years, making it more painful when people do finally upgrade.

As the evil Soviet Union rises again, they're back to their old form, rejecting stylish devices from the USA and adopting clunky copycat devices.

So you create a working configuration, and you script it.

This is not your neighborhood club's web site. This is Google. I'm sure they have the resources at hand to do configuration management on their DNS servers. So, once it's set up, you just need to renew the registrar's DS records appropriately. You need to communicate with your registrar regularly, anyway, to keep your zone from expiring. Unless you want your cloud to fall down like a Microsoft cloud.

Greater complexity is usually greater risk, but we already know that not having DNSSEC is risky. DNSSEC was invented to eliminate certain types of risks.

I didn't study technology because I wanted to be satisfied with the status quo. Right now, you cannot eat your cake and still have it, but what if you could?

I upgraded my phone because I wanted greater functionality. (Actually, I upgraded because I wanted the very cheap monthly plans on Republic Wireless.) I now have to plug my phone in every night instead of two to three times a week. The Moto X already has compromised specs to get very good battery life, and I only ran out of battery once after doing a 2-hour Google Hangout with video. I would not mind staying with this amount of power, but increasing battery life even more.

Yes, I tried it.

Actually, I tried it in extreme form. I no longer install the Flash player plugin. I'm fed up with the updater.

And what I found was that most YouTube videos don't work in HTML5. So I use Firefox for my main browsing and Google Chrome for interacting with Google web sites.

If Google ends up with a distorted view of browser use statistics, that's their fault.

What are you talking about? DNS does that, anyway.

DNSSEC records are distributed and expire just like any other record. Make a mistake deploying DNSSEC, then just fix it, and eventually the bad records will expire and the new ones will take over. The major issue I see is that the TLD registrar needs to hold DS records for your key, so now your registrar needs to do NS, DS, and glue records.

Worst case scenario, you lose the secure entry point keys. So, you use some out-of-band management interface to change the DS records in the TLD. That's slightly worse than without DNSSEC, because you could mess up your zone all you want without involving the TLD administrator. But the bad DS records expire, the new ones take over, you're back in business.

For a company the size of Google, they'll probably want the SEP keys to be held in a HSM. Maybe they'll put all their private keys in a bunch of HSMs. You can have more than 1 DS record, so they can distribute their HSMs as widely as they want. There's no good reason why Google can't do DNSSEC.

I see this attitude all the time with managers. It's like a mantra:

If it's not broke, don't fix it.

It's blocking IPv6, it's blocking DNSSEC, it's blocking RPKI, it's blocking Windows XP retirements. There are a lot of improvements that are stymied because change is considered more scary than just living with the problem.

But it is broke. Computers are hugely complex and buggy. We need the upgrade treadmill just to stay ahead of threats to our computing. Computers are incredibly malleable, and collectively we need major changes. I would be seriously depressed if our current state became the pinnacle of computing.

They can't do this unilaterally.

RPKI and DNSSEC are important, but they won't work if the resource or domain owner doesn't use them. For example, Google's public DNS service performs DNSSEC validation, but Google's own DNS zones are unsigned and do not validate using DNSSEC. Even with automation, DNSSEC increases the administrative burden of running a domain, so I see why they don't, but I don't excuse them.

If you go back all the way to the beginning of Gates's career, then it should be obvious that he is no friend to freedom, and he never has been.

In the beginning, there was no open source movement, because all software was open source. Computers were so difficult and non-standard, that software was one-off for each machine, and everybody shared everything just to get the darn things to work. Gates was born into the economic elite (his father was a lawyer and his mother was a rich civic busybody), and he brought elite paternalism into computing. The software we run is only by his permission, and we should all pay him for the privilege of improving and distributing it.

Wozniak came from a different mindset. His father was an engineer, and he learned the morality of engineers. He wrote the first BASIC for Apple, but licensed Microsoft's BASIC for later models. When somebody at Apple wrote MacBasic, Bill Gates had the gall to cancel it and not release a decent Basic for the Mac. So, Wozniak experienced Gates's ruthlessness, but he's too nice to say anything about it.

I didn't vote for her. I voted for somebody else. Yet Feinstein was just, in 2012, reelected with the most votes any senator has ever received, ever.

I think humans are defective. Democracy works fine for small governments, like a village. It's problematic for a political unit so big that you can't travel from one end to another without special arrangements, like California, the 12th largest economy in the world. Democracy is a terrible idea for a country as large as the United States. It's better than any other idea we've tried so far, but there are just too many voices demanding too much attention for it to work well.

So, humans simplify. Most people stick to the 2 parties that they hear about the most. The media talk about the 2 parties that pay them the most. The major party candidates listen to the donors who donate the most. Larry Lessig hopes that campaign finance reform will fix democracy, but humans still need simplified choices.

I think humans can't reasonably manage something as large as the United States. The federal government needs to be scaled way down, or the United States split up, so more local decisions can be made about local issues. But, again, humans are defective, and for example people in New York are personally offended at the local education decisions made in Texas, so the federal government just keeps growing.

It's not the presence or the lack of DST that kills people. It's the pointless change between "standard" and "saving" time that kills people.

For my own lifestyle, I would prefer year-round DST. Yes, it's completely irrational, and we should collectively switch to an 8-4 work day instead of a 9-5 work day, but we have to work with what we have.

There's a lot of work that goes into making your clocks run so smoothly.

Most smartphones and computers internally store and process time in UTC. Only Microsoft insists in their local time lunacy, and they also have to translate to and from UTC when interacting with other systems. These systems are only able to display local time because they receive regular updates with the latest DST rule changes. Even so, code is frequently not tested against DST, so it takes several years of mis-scheduled meeting reminders and such until all the bugs are gone.

The atomic clock services broadcast time in UTC, and most clocks have no sense of position or DST rules. Generally, the radio-controlled clocks have a switch somewhere to turn DST on and off.

I still have no idea what are the interactions between the local time from the cell phone tower and the UTC in my iOS or Android smartphone. I have to work early in the morning on Sundays, so I suffer anxiety every time I get a new device or a new DST schedule, worrying whether my alarm will wake me up on time. The time changes suck.