Talk to me about IOPS -- Input/Output operations Per Second -- or don't pretend you're talking to me about performance.

Not saying this isn't actually really exciting, but that's the metric in at least 90% of use cases.

World's largest *unclassified* tunnel boring machine.

My sense is that the MEAN Stack (Mongo, Express, AngularJS, Node) is sort of winning. There's some packaging of it over at mean.io.

Personally, I'm really getting interested in Meteor (www.meteor.com). Watch the videos, and realize I saw a smart non-coder go from zero to *ridiculously* interactive site design in three months.

No really.

I took a pass at Python 3 a while back. The amount of hoops I needed to jump through, to deal with compilation errors around Unicode handling, was terrifying. It was simply a poor user experience.

Python 2.7 just works. Sure, it's a nightmare past a certain scale point. But until you get into the dregs of OO it really is executable pseudocode.

Python 3 is some other language that lost that property.

The big problem is that we don't ship languages with telemetry that reports when they fail to work. So things that are completely obvious to outsiders never make it to inner circles. Not that I can really see any way for Python 3 to mend its errors.

Seriously. Write some code, publish it on Github. Spin up a single serving web page, does one interesting thing as soon as you arrive. Remember, everyone else with resumes could be pretending, you're actually doing stuff.

For work experience, sign up on freelancing sites like odesk. Take jobs just to do them. Nobody knows how old you are, there. Even if all you can do is sysadmin -- well, admin some cloud services!

I'm not seeing any data on what portion of those keys with bad moduli were actually attached to valid certificates.

It's damn fine survey work, but the conclusions are just strange. More detail here:

<a href="http://dankaminsky.com/ronwhit">Survey is good. Thesis is strange.</a>

http://arstechnica.com/apple/news/2012/01/82-percent-of-atts-q4-2011-sales-are-smartphones-66-percent-are-iphones.ars

Yeah. 66% of AT&T's 4th quarter sales were iPhones. I was on Verizon for years, switched to AT&T only for their iPhone, and stuck with them only for their GSM capabilities worldwide. Sure, your margins are less when you offer a better service. Would you prefer no sales though?

The platform that most successfully upgraded itself was the NES. One of the degrees of freedom they had, because there were chips in each cartridge, was to deploy new memory management units inside the games themselves. Quite literally, the NES became more powerful for games released later in its dev cycle. SNES did this too, with the SuperFX chip inside of Starfox (the most popular DSP in the world, for its era) but it wasn't quite the "all games ship upgrading hardware".

I suspect if there was ever to be upgradable hardware, it'd have to work by yearly subscription, and it'd have to be no more than $50 a year for the part. However, with guaranteed sales in the millions of units (as games would hard-require it) the logistics of making some pretty crazy stuff fit into $50/yr wouldn't be unimaginable. Remember that XBox Live is already pulling, what, $60/yr?

You realize this is completely unscientific garbage, right? None of http://www.fwi.co.uk/Articles/25/01/2011/125212/Handle-with-care.htm makes sense outside of a conscious entity.

Applications will never, ever tell you anything bad about DNSSEC.

They might tell you a TLS validation failed, but that an IP was good or bad? No.

We can do this incrementally, mostly because we're just *not* securing most things right now. So the conversion cost is lower than you'd think.

DNSSEC is an infrastructure shift, and you can't use it on .com domains for another few months. Have some patience.

At Black Hat this year, I actually demonstrated the endgame. Want federated authentication in OpenSSH that actually scales? Want servers able to autogenerate TLS keys that will be recognized and secured worldwide, even against broken certificate authorities?

Want secure email, without the mess that is PGP key management?

End to end secure key management via DNSSEC makes it all actually really easy. Code is here -- BSD licensed, feel free to play:

http://dankaminsky.com/phreebird

Also, I'm putting together a set of diaries on the subject:

http://dankaminsky.com/2010/12/13/dnssec-ch1/

Enjoy!

The problem is collateral damage. Legitimate actors can't get into the DDoS game, because if they legitimize DDoS, the network will *fry*.

The "good guys" cannot flood nearly as significantly as the bad guys. Worse, the good guys are significantly more exposed -- they have corpnets, they have partner nets, etc. Today it's the website, tomorrow it's Hulu.

There are paths on which the anti-piracy people have the high ground (not moral high ground, tactical high ground). DDoS, in no uncertain terms, is not one of them.