Agreed, someone comes up with something new to solve a very specific issue, and all of a sudden someone's predicting how it will completely replace everything else in the next month.

Grow up.

Physical storage and relational databases aren't going anywhere anytime soon. in-memory this and non-relational that are all well and good for the specific problems they were designed for, but physically stored and relational data fits the needs of 90% of data storage and retrieval. I sure as HECK don't want my bank storing my financial data purely in memory.

So keep yelling to yourselves about how the sky is falling on traditional techniques. Meanwhile the rest of us have real work to do.

The originating network of the client.

Caching would not have to be turned off, but it would get a lot more complicated.

Note that the draft expired, but I expect someone will eventually resurrect it.

EDNS Client IP

No, it's not particularly elegant. But on the other hand, split-horizon DNS is nothing new or magical either. Nor would I classify it as "abuse". The capability has been there since the early days of BIND.

In the DNS trade, we refer to it under the category of "stupid DNS tricks"

That said, it does have some significant advantages over other techniques.

#1, It's protocol-independent. Sure you can do intelligent redirects with HTTP, but not everything in the world is HTTP
#2, Even with HTTP, in order for it to work, you have to now change the name of the server, and often the links to internal content. Your initial request to www.domain.com will now have to be redirected to hostx.domain.com or www.location.domain.com etc., and links on the pages to content servers will also have to be altered. This can be confusing to end-users, and may require additional SSL certs. It's also a code maintenance issue.
#2a, While the renaming seems trivial on first glance, it has HUGE implications for search engines, etc, since those "local" servers will get indexed instead of a generic name
#2b, It also means that a calculation will have to be made by the web server deciding where to redirect you to, then the actual redirect, increasing load and latency. DNS solutions are "pre-computed" and thus do not have similar issues.
#2c, If you solve 2a by checking every request at every location, you make 2b much worse
#3, It's simple.

Downsides:

#1, Third-party DNS recursive services throw it off. (There is a proposed RFC that would allow for such recursives to pass the originating network in the request)
#2, It makes DNSSEC a right royal PITA (Much more than it already is)

It doesn't. But it makes a nice straw-man, doesn't it?

For someone with control of the root, DNSSEC makes things only slightly more difficult, but definitely does not make it easier.

This is definitely theoretically possible. However, you're going to have to convince the major application developers to play along.

Though to be fair, it would only be the equivalent of the cheaper certs that only verify domain control for authority when issuing certs. The higher-level certs truly do involve a third-party verification of identity of the cert recipient.

Sure, they could pressure the parent to supply bogus records. On the other hand, they always could have pressured them to change the NS records, which they would also have to do if they published bogus DS records.

So at absolute worst, no security was gained from the "government". It cannot be made worse, because any theoretical compromise by the governing agency was already possible, and much easier before.

Actually, .net was enabled sometime around 16:00 GMT yesterday. They just didn't announce it until today.

I was doing testing of a DNSSEC system yesterday, and one of my test cases change state on me unexpectedly. (Signed zone in an unsigned parent)

You really don't know what DNSSEC is, do you?

What DNSSEC does: DNSSEC provides a means for an end-user to determine the authenticity of the DNS data they receive by proving that only someone in control of the domain could have served the record.

What DNSSEC does not do: DNSSEC does not provide for the security of data being exchanged between systems.

With DNSSEC, each domain admin holds their own private keys. Nobody else should ever see them. Chain of authenticity is provided by each parent domain signing the delegation records provided by the child domain.

So, for the "government" to "exert control" over your domain, they would have to completely spoof every parent of your domain. This would affect not just your domain, but all domains in that TLD. Pretty sure if everyone in .com all broke at the same time, someone would notice. In short, this makes it harder for someone to take control of your DNS. If the "government" wanted it to be easier, they never would have allowed the root to be signed.

And let's face it, DNSSEC was not designed for you. DNSSEC is designed for businesses, banks and other large entities who are trying to protect their customers from being spoofed. It is just another tool like SSL. And, IMO, anyone who uses SSL certs should use DNSSEC. If you don't use SSL, it's highly unlikely you need DNSSEC.

But hey, if all you want to do is spew ridiculous conspiracy theories, never mind, rant on.

Anyone want to start a pool on how long it will take someone to crack the system and start sending bogus alerts?

Ah, Battle Cattle.

Somewhere around here I have the Steve Jackson card-based version of that game. It's pretty fun when you've got a few people with a warped sense of humor and a bit of free time.

Reading "Of Mice and Men" is more important than reading "Girl with the Dragon Tattoo".

Why? Granted, I haven't read either of them.

I don't get the snobbishness that goes along with certain books/authors. Yeah, I read Gatsby, I thought it was boring as all get out. I much preferred the Táin Bó Cúailnge. Seriously, a bunch of english professors who've never lived in the real world declare some book as "important", and I'm supposed to care? Yes, I've read many of the "great works", but I read them because they interested me, not because they were important. Just as many of them, I've found to be navel-gazing, coma-inducing drivel. YMMV.

IMO, a book is only important if the person reading it got something out of it besides a headache, even if it was just a few hours of escapism.

Not uncommon for pyromaniacs to become firefighters.

In rural areas, a number of arson cases end up being traced back to volunteer firefighters. Most commonly involving abandoned structures or barns.

OK, how exactly were they "sold out by GE"?

The plant wasn't profitable currently, was going to be made obsolete by law in a couple of years, and was not even remotely profitable to refit to producing the CFLs.

So they should just pay people to work for the heck of it?

Agreed, I went through a couple of TI calcs before buying an HP. I've never had an HP break. That's not to say I haven't dropped them. My poor HP 11C is now over 25 years old, and has been dropped too many times to count. It's still my favorite calculator. My 48G has likewise seen some rough handling, it is also still running fine.

TIs are decent from a functionality point of view, but they are unable to take any kind of rough handling.

My wife used TIs in college, and went through a couple of them as well.

The question is, do your cats count you as people?