Yeah, what I was thinking was essentially having a second civic's screen, or in fact one for each religion. You set the rules of each religion, along with which one get government support and whatnot.
Although it should do what I also wish they'd do with the real civic screen....let you switch over a longer period of time, with less unrest. I.e, you can transition via revolution, with two years of unrest, if you want...or you could transition via social change, over 20 years or so.
And the same with with changing parts of the religion. Slow change, over the years...or you wait until a great prophet comes along, and does whatever. (In fact, it might be interesting if you could only change civics fast that way, also.)
I hated having to rush for a religion. I find it exceptionally absurd I can end up without one. What primitive people didn't have a religion?
What I wish that you could do is essentially build your own religion.
Not the tiny details, but if you took over another nation you could, for example, incorporate their gods into your pantheon and gain some extra culture. Or do the inverse, demonize someone else's god in yours, reducing war weariness as you fight those 'evil worshipers'.
Or switch to monotheism, which would keep reduce neighboring cultural exchange, both ways.
Or if a religion was in more than one place, you could attempt to 'hijack' it and make your county the HQ. Or you could fork it.
Likewise, you could have various 'holy people' that showed up, like great prophets, but you'd tell them a bunch of different options, and they'd be remembered, and you could direct which of these 'saints' your society focused on. Like, on of them was a great warrior, one of them feed the hungry, one of them was a great mother, whatever.
And it would be interesting to allow various rules, like how you treat sex, for example. Harsh controls on it could result in a lower birthrate but more financial gain. (As children grow up in supported families and hence aren't a drain on society.) Likewise, perhaps certain foods cause sickness for people unfamiliar with them, so you can outlaw them.
And, of course, changing any of this would cause unhappiness for a bit, as people don't like change.
The problem is that Civ IV used real religions, which people don't like mucking with. (And even then only five of them...where were the Greek Gods, or the Eygption ones?) So all you could do is alter how they interacted with society, and not what they were.
Which was rather dumb...I mean, you can make societies and leaders operate totally out of how they actually were. But whatever...if people are going to complain, just name them random things.
Yes, you certainly should go with VDPAU if you're going to H.264 level and don't want to spring for more computer. (And you're using Linux, of course.)
I was just trying to make the point that people often overbuy computer hardware, which is fine in a computer that's general purpose, but rather silly in an HTPC.
I was outputting xvid avi files at 1024x786, which is essentially all SD screens can take, using a damn six year old 1.2Ghz processor and 256megs of memory, on a computer pieced together out of scrap parts I had. The video card supported VDPAU, but, hilariously, the processor didn't support the instruction set (SSE2, IIRC.) needed to run the driver that supported it. So I couldn't use it. (This is the same card I'm using now in my new HTPC, I swapped it out as my old game computer card was slightly slower.)
It worked fine. Except every couple of hours, the video card and motherboard combo would crash X, as they were hilariously mismatched, one being from the age of AGP 1x, one being from age of AGP 8x. But besides that, the damn things would show videos just fine. Turn on any of the fancy rescaling, and the CPU shot to 100% and couldn't get it out, but without them, 30% or so. Because it's drawing pictures on the screen.
Not that I recommend anything that slow but 'drawing pictures on the screen' is a trivial use of a computer. And this all important 'HD' output of 1080p is just 1920×1080, which is only about 2.5x the amount of data of frickin 1024x786.
Yet I see people with absurdly powerful computers, buying the best video cards, to output...a TV show. Um, no. Buy a moderate video card to help decode if you're deliberately buying some low-powered processor, like you did, otherwise the cheapest card imaginable can put fricking pictures on the screen. (Of course, they're often also going with Windows, which is a totally inexplicably choice on HTPC, but that only adds maybe 15% more CPU needed and 50% more memory.)
And even you could get away with a 8x00 instead of a 9x00, assuming you can find one. The card in my HTPC is actually a 7900, despite claims that VDPAU only works on 8 series and above...I don't know what's going on there. (I'd tell more, but, hilariously, I broke the boot during a Ubuntu upgrade yesterday, and I need to go in there and fix it. I broke rule #1: Don't fix things that aren't broken.)
No, it only runs when it's actually used. It turns itself off after it's been idle for 15-20 minutes and it's not downloading something.
And usually I'll turn it off manually anyway, when I'm done with it, unless I think it's downloading something.
People who leave computers running when they don't need them are weird. The only computer-ish thing in my house that stays on all the time is my NAS. (I keep trying to figure out how to install hellanzb on that and download using it, but no luck so far.)
Indeed, I think the whole 'the next day' need emphasizing.
You can actually, somehow, vaguely, come up with a scenario where this is understandable if a 3 year old accidentally got a gun during an (apparent) prowler attack. Perhaps the father unlocks the gun safe, and takes out a gun, and there's another one in there and he doesn't lock it back. Or perhaps he even sets it down in relief for a minute or two.
It's the whole 'going to bed with it laying out' that, um...
Secondly, the article headline should be: A 3 year shot himself with a gun because 3-year olds pick up everything.
The idea that he thought it was a 'Wii remote' is not supported by an actual evidence at all.
Thirdly, there's no such thing as 'accidental suicide', whatever moron wrote the headline.
My HTPC, oddly, probably costs more, but that's because it, like I said, is my old game PC that I couldn't really upgrade. (I stupidly went with AGP.)
So I threw in the old HTPC's hard drive, found a old CD writer that read DVDs, stole the DVD-R and the bigger hard drive, and tada.
Honestly, the only reason that's running Linux is that the old HTPC was, and I could just swap the drive out. It actually had an XP license, although now I'm using that under visualization on the Vista (ugh) I got on the new game box. (Thinking about upgrading to 7.)
What I keep wanting to look into is the price of things like the Acer Revo. It annoys the hell out of me that most tiny computers don't come with S-Video out. (Yes, I'm still entirely SD at my house.)
And also they come with Windows licenses, which I prefer to buy myself, and actually have a spare one or two at the moment, and wouldn't spend money on if I'm sticking XMBC on it to run full-time. (I keep hoping that someone will write a framebuffer XMBC for Linux so you don't even have to run X.)
So if you know any tiny computer, preferable fairly silent, that can run Linux, has both S-Video and HDMI out (for when I upgrade), and doesn't come with an OS, I'd be much obliged if you'd tell me.
I do, however, want a DVD drive, so that I can play DVDs via it. That isn't a deal-breaker, though.
Also, it would be awesome if it actually looked like a piece of A/V equipment instead of a computer.
For the storage, I have a old NAS I got for $200 that I put Linux on, and it has USB ports that I hook external drives into. But that's for full seasons...the HTPC itself runs hellanzb and Leech.py and downloads shows as they come out.
One of the 6xxx or 7xxx series is probably what you want. (I actually played Fallout 3, which uses a later form of Oblivion's engine, on a 6600GT, just fine. Right now I have a 9600GT and can run any damn game I want.)
The nVidia line is very confusing, though. The first number is 'generation', the second number is ranking 'within' that generation, and the end part are various weird codes.
So what happens is that, say, a 6800 will get remade with a smaller die and whatnot, and end up as a 7600 in the next generation. (That is just a hypothetical, do not actually believe those numbers.) A 'GSO' is code has literally been the older chips, in a sorta scammy move. A 2 at the end of the code indicates dual processor.
I can't possibly explain it all, as I don't understand it all either. Start here and move forward thought 7 and 8 and 9.
I try to aim for the price of $125-$150, myself. A year or two ago, that was a series 9.
I have no idea what's going on post-series 9, either.
The problem with budget desktops is you tend to end up with something that is cheap but crippled.
It always used to amaze me how people would have a perfectly functional Dell or something...except with about 1/4th the memory it needs.
I also amazed me how hard it was sometimes to inform them of this.
'Hey, David, can you go look at X's computer and see why it's slow?'
I show up at their house, spent approximately fifteen seconds at the computer, and say 'It does not have enough memory. 128 megs is not enough to run XP on. Buy a 256 meg chip, add it in.'
Non-computer people seemed incapable of understanding that slowness on (well maintained, not full of cruft) computers is almost always due to some bottle neck.
Sometimes it's hard to figure out...I couldn't tell you what it is on my game computer.(I do like the fact Vista, and presumably W7, display a little rating printout of each subsystem, which can give you a hint.) In fact, well designed computers will have different bottlenecks at different times, depending on what you are doing. Usually alternating between disk and CPU, as disk is always a bottleneck, and CPU is where people can't spend infinite money. (Anyone who bottlenecks on memory at this point is a moron, but that used to be a reasonable cost-cutting bottleneck.)
But sometimes finding the bottleneck is easy as hell.
The easy as hell ones tend to be computers that either a) were purchased, in one piece, as a 'budget desktop', like you said, or b) weirdly upgraded things, where people came along and tried to upgrade the OS, and it wanted a new video card and hard drive, so they gave it that, and everything else barely fit within the minimum requirements, or, if not, functioned anyway.
The only conclusion at that point is that the builder had no idea what they were doing.
Yes, but an HTPC doesn't need quite as much power as a game computer. (In fact, my HTPC is my old game computer, demoted.) And they can run Linux, so automatically need about 15% less CPU.
Not trying to bash here. All my actual 'sit down and use' computers are Windows, but there's no reason not to have HTPCs be Linux. Mine runs XBMC. Free license, no virus scan, half the memory usage, etc.
For an HTPC, you don't even need VDPAU or anything. My HTPC uses that, at SD, but doesn't actually need to. It is completely and utterly impossible to purchase any desktop computer that cannot decode and display video files, even at 1080p. (Erm, assuming it has 1080p output. Technically, you can still get VGA-only ones.) It would probably be impossible to purchase such a computer 3 years ago!
Heck, I used to use an even older computer, but that had some incredibly strange AGP/video card interaction that occasionally crashed out X. (Probably because I was trying to run a video card from 2005 on a motherboard from 2000.) But even it managed to decode frickin video fast enough, although admittedly not if I turned on the smoothing. It was like a 1.2 gig chip! And 256 megs of memory! (And a gig of video memory. Heh, really mismatched computer.) Worked fine at SD, except when the video card tried to do something the motherboard couldn't handle.
Maybe some very light netbooks or something, but any actual desktop can do it. Old, cobbled together computers can be an HTPC.
But the article was talking about playing games, so that doesn't really apply. But, then again, he was talking about Oblivion, which is almost four years old at this point, meaning it should also be playable on any computer that can currently be purchased...but I don't know if it's playable at 1080p resolution. (Hell, I don't even know if it can do that resolution at all.)
And then you still run everyone through a proper security checkpoint, which is easily and cheaper now that crackheads aren't wasting your resources....and you can now see who's attacking you specifically. They're the ones who spent time learning to get past the sanity check. Those people, unlike all the idiotic automated kiddies, are actually dangerous, so watch them.
Security by obscurity is stupid by itself. Security by well-formedness is stupid by itself.
I mean, let's assume I'm in charge of physical security, and everyone is required to have their badges pinned to the upper right torso. Likewise, they are required to respond to my 'Hello', with 'My name is [their name].'.
Now, I clearly should not be automatically letting in everyone with the correct badge position, or the correct response. None of those are particularly a secret, and an attacker could have easily figured them out. I need to actually check the badge and image against their face and the database.
And someone walks up with their badge pinned to the upper left. And doesn't respond correctly.
So I should...what? Just ignore that fact?
Security through obscurity, security by 'public procedure following', is an entirely valid thing to do on top of other security.
Especially, and I can't add emphasis this enough, on the internet,where you have the equivalent of 50 idiot kids getting in line to every real person, so you move the 'is their badge actually pinned to the right place' check to the start of the line, before they waste your resources. Yes, a few of them will actually have badges, in the right place...made of paper with scribbles on it, which you will detect when they try to use it. But many of them can't even cobble together a damn badge at all, and almost all of the ones that do will have it in the most common upper left, and you can automatically throw them out of line and they can go bother other security checkpoints.
And then you still run everyone through a proper security checkpoint, which is easily and cheaper now that crackheads aren't wasting your resources.
It's just incredibly annoying that a 'table designed to hold hundred or thousand of IPs, or IPs and ports, or netmasks, all with their own expiration times, that you can refer to in iptables to allow or block, and easily add and remove stuff from it', which is incredibly useful, does not actually manage to make it to end users computers.
I mean, it's not just for blocking. Want to do portknocking? Set up an ipset table, and allow new connections from that ipset table. Have the portknock detection throw an IP in it for 30 minutes. No need to expire anything, no need to change iptable rules each knock, tada, you're done, one command. You don't never need a background process running at all if you use inetd.
But that's a case of 'the perfect is the enemy of the good'. Yes, it might not stop all attacks, but it stops most of the current ones, which is, um, better than having them.
And, more to the point, the crap attacks are noise you can't see actual attacks through. Moving to another port fixes that.
If you get 5000+ attacks a day, someone can actually run a distributed attack of 3000 a day against you specifically without you noticing. If you move to another port and get 5 a day, well...
a sufficiently determined logged in user can cause the SSH daemon to crash and then replace it with one of their own which can sniff keys and passwords, contains back doors, etc.
If you're stupid enough to pick a non-restricted port, and then not restrict it.
The only reason moving to another port is the legit worry about other networks blocking access.
Reducing the grace time to 15 seconds is a good start (if your clients do not have reverse lookup PTRs on their addresses this will be bad).
Um, no. This is a flatly stupid idea to stop attackers. Attackers are using automated tools, and hence send the username and password near instantly. It's actual people who have to type.
You are assuming they are actually attacking your computer.
They are not. They're stupid bots. Poorly written stupid bots.
They do not do portscans, at least not of random ports. They do not attempt to find ssh elsewhere.
I swear, I keep having this idiotic discussion. Have it about spam too. 'But why would you block email servers that don't appear to understand the SMTP protocol? Spammers can just write better servers.'
We're not trying to block hypothetical attacks. We're not trying to stop hypothetical tools that go out and find ssh servers.
We're trying to stop the actual attacks that are actually happening from totally idiotic craptastic software criminals are currently using.
Forcing them, at the very least, to high competent amoral programmers, instead of the incompetent boobs they apparently hire currently.
fail2ban blocks ssh connections after failed attempts.
tarpitting is slowing down connections. That code slows down ssh connections after, I think, 4.
Frankly, I don't see why you couldn't slow them all down, unless you were using scp or something. How often do you make a new ssh connection to a server? If all new connections were delayed 30 seconds, you'd probably be fine, especially something would trip after you've been connected successfully. You'd need an 'anti-fail2ban' or something reading logs for that.
Incidentally, what's going on with the retarded war about fail2ban vs. other ways to block? Are either side serious? Because you're both sounding really, really stupid right about now.
fail2ban uses iptables. It is a tool that looks at logs of various services, and puts those IP addresses into iptables (Or hosts.deny) for a specific amount of time. You should use it if that's what you want to happen.
Likewise, there are iptable commands that can slow or block repeated connections from the same IP. iptables does not know when you've succeeded or failed. Use that if that's what you want to happen.
I used to use fail2ban, I now use iptables to block repeated connections, except on my mail servers, where specific bogus email addresses (spamtraps) get you, essentially, fail2banned. (Although I use ipset lists.)
Christ, it's like a bunch of idiots arguing about whether HTTP servers or a perl CGI script is better. First of all, that's inherently stupid, as one uses the other, and second, um, maybe people should use the one that actually does what they want?
Oh, and, while we're at it, the best thing to do to temporarily block IPs is actually to use ipset. It's what fail2ban should be using, and it's what it would actually let you manage current iptable timers if you wrote iptable code that dumped numbers in there. It's near perfect for 'blocking an IP for a set amount of time', as the entire point is to 'hold an IP, in a big list of IPs, for a set amount of time'.
Sadly, it's near impossible to actually get fucking working because they like to idiotic change the interface and distros seem unwilling to actually include it.
Erm, except you're assuming that this 'an attacker', which is a little silly.
These are not distributed attacks, these are just a bunch of idiotic bots that connect and try stupid shit like 'passw0rd'.
If you think otherwise, try logging the bad passwords some day. It's not some person slowly working their way through a dictionary, it's bots testing the 1000 most common passwords and usernames. As long as you don't have one of those, you're good.
Hell, something like a 1/100th of the attempts are blank passwords. I have no idea how the hell you even have a blank ssh password. (I actually think that's some router thing.)
You can stop 95% of the crap just by moving ssh to another port. They're very stupid bots.
Checking for malicious input at database time is idiotic and dangerous.
What, are these people only writing input to the database? They're not using it, I dunno, in any sort of calculations before that? They don't end up in a session or anything? They aren't used in calculations? It's all straight to DB?
Normal programming actually uses variables passed in to do things. Hence, programmers have to sanity check before they do things, on the variables they are going to do things with. Sanity checking at output to the DB is, um, rather late.
And if they are just going to pass them to a DB, they can also SQL escape them while they're sanity checking, then they don't have to worry about checking every damn query.
Has web programming really devolved to 'Writing user supplied values to databases?' (And presumably reading back?)
Yeah, all this SQL stuff always confuses me. Partially because I often am in the Joomla framework, which doesn't let you do parameterized queries, and, while I guess you could do stored procedures, I've never seen the need.
Instead, I simply take all input and make sure it is sane. Is it supposed to be a number? Put an (int) before assigning it out of $_POST. (Now there's a JRequest::getInt that I'm learning to use instead.) Am I putting a string from a user into a database? I use $db->getEscaped(). When I get it, unless I can think of some justifiable reason otherwise.
I understand the point of all this, as people often leave themselves open to SQL injections, but I suspect the people who do that don't even consider the possibility anyway, and this entire discussion is lost on them. I guess, in a large company, it might make sense to require all queries are parameterized(1) or stored, so morons are required to do things sanely, but smart programmers check things at the start, and don't run around with obvious malicious input to start with.
I mean, what if, instead of an SQL injection, it was some other vulnerability? Sanity checking on just the DB query risks the rest of your program having insane data. Your program presumably does do more than write input straight to a DB, even if it's just checking permissions to write to the DB.
What if they passed in '0+523' as their userid, and your program ended up checking that, yup, they were logged in as their passed userid, '523', and then later, yup, their passed userid was '0' and hence they're an admin? Sounds crazy, but not impossible in typeless languages.
Sanity check at the start, as you assign to other (typed, as far as you can) variables, then permission check those variables if needed, and then you're good to just use raw SQL for 99% of the stuff, and all your calculations will be good. Escape and possibly even pre-quote all strings that are going to a database. (Which is especially handy, as if the strings have quotes to start with, you can instead assign NULL without quotes to that variable, and have both magically work using WHERE `blah`=$variable.)
The only time you'll have to worry about escaping at SQL query time is input where you can legitimately have quotes and semicolons and stuff in it and you used that input elsewhere. Which a lot of people do, if only to display what the person entered...but that's silly. It's much better to write a 'display' function that pulls from the data, in one place, and on an input or update, you use that to queries the data you just saved so a) they can see it worked, and b) see if you truncated it or whatever. If they typed data that ended up in a database, and you want to show said data to user in confirmation, put it in the database and pull it back out, don't display their inputted data that supposedly made it to the database.
I'm sure there are circumstances where you might want the unescaped data, and fine, escape that tiny fraction at query time. But in general, just get the semicolon out of their 'userid' at the start, and stop fucking around making sure each and every query is safe if they've decided to do that.
1) Of course, idiots with automated tools can write insane queries, also, and DBAs get real pissy about that and demanded stored queries, but that's not really relevant to this discussion, which is talking about security, and not idiots who can't conceptualize that SQL servers are finite.
EITHER corporations should be treated as people, meaning they have the right to influence elections, but also can be charged with crimes and imprisoned. How this would work, I'm not sure, but we should certainly also charge corporate heads with 'conspiring' with them. (That's pretty much the textbook definition of 'conspiracy'.)
OR corporations are just tools that society has created, and hence we can, and should, dissolve them when they are no longer serving the best interests of society. (A business license is a privilege, not a right.)
The entire point of limited liability is to stop fiscal liability, so someone who sues a corporation can't also sue every single stockholder. In general, I think this is a good idea...people can't keep up on every action of the company they own 0.0003% of. Often the stockholders don't even know of iffy stuff until much later. No, the loss to the stockholders should be limited to the amount of stock they have.
However, this idea falls apart when it gets to the executives of a company. I'm not certain why they need any protection from liability at all.
By all means, protect them from decisions they didn't know about, and it wasn't their job to know about, but that should already happen under existing laws. And don't let people hold them fiscally liable for debts and stuff..if a company owes me $100, I shouldn't be able to sue some employee for that, even if it's the one who denied my payment. Simple contract disputes don't count. Likewise, require anyone suing them for actions done at the company to also sue the company, so people can't just attack low-hanging fruit.
But if someone sues a company for dumping waste, they should also be able to sue the person who made that decision at the company. If they don't know, they should be able to sue John Doe and force the company to turn over the name. If a company hurt others in any way beyond 'They owe me some money we agreed they'd give me', that should be enough.
In reality, they can sue people at companies, actual criminal actions can 'pierce the corporate veil', but the bar is apparently pretty high, and will never happen with a civil suit without blatant criminal wrong doing.
Half the problem here is that crimes by companies are often resolved by civil suits, thanks to our owned-by-the-corporations government that does not bother to enforce the law against corporations. If actual criminal enforcement happened against companies, they'd be charging the people who made the decision to commit the crime, too. But our only hope of justice currently is lawsuits, and suing someone in a corporation for their actions is damn hard.
Communism is a shitty way to allocate resources when you need to make any decisions at all.
In theory it's shitty because who gets what resources turns into some political idiocracy, where less efficient factories get more work, where things are shipped where they aren't needed so someone can 'win'.
In practice it's even worse, as all communist governments have been so inept they can't even manage to feed their citizens. The economy is so inefficient it manages not to actually function at all. So how bad it would be in theory is rather moot.
However, the problems, in theory and practice, are all due to allocating resources. Once you have infinite resources, all the problems with communism magically vanish.
Copyright is a place we've actually made artificial scarcity. If we removed it, we'd have an infinite amount of reproductions and no scarcity of existing works.
Without scarcity, you don't have to 'decree' communism...it just happens.(1) I have an infinite amount of air on my property, hence, I do not charge people for breathing my air. If I, and everyone else, each had a magical infinite food generator, no one would charge for it, even if you were using someone else's generator. (And, of course, on Star Trek, this has happened.)
Of course, removing scarcity from works might make new works hard to come by, as no one would get rewarded. But with OSS, people have removed the artificial scarcity we added to their stuff, and apparently don't care about their lack of reward. Without scarcity, it really does turn into communism, which isn't a dirty word.
1) Marx was right about this. He was wrong in thinking it had already happened, with mostly automated farms and whatnot, and that communism was being stopped because people were being artificially forced into capitalism, but he was right in that, when resources are infinite, or at least more than anyone could need, communism just happens.
Strictly speaking, copyright itself isn't a capitalist or communist idea.
You can have full communism with strict copyrights. The copyright owner couldn't be 'paid' per se, but even under communism, there must be some reward for doing work, or some punishment for not doing work, and producing software and movies and whatnot could certainly count as your 'work'. Likewise, while people don't 'buy' things under communism, there is some way of tracking how much they 'deserve', and they might only 'deserve' a certain amount of copyrighted stuff, with penalties for people who share their stuff.
Perfectly functional copyright, under total communism. (As functional as total communism can be, at least.) Granted, it doesn't make a lot of sense for communists to restrict the distribution of free to produce stuff, they have enough trouble with shortages of needed thing, but there's nothing stopping them.
Likewise, you can have a capitalist society with no copyright whatsoever.
Anyone arguing about copyright and the GPL based on economic systems is entirely missing the point:
Economic systems, communism, capitalism, protectionism, whatever, are about how goods and services are exchanged, under what rules those exchanges happen. It is about how assets move from one person to another, and how and why they are created in the first place.
Whereas copyright is about if something is regarded as something that is exchanged under those rules, aka, is an 'asset', or if people are just allowed to do whatever they want. (And the GPL is a way to subvert the former into, essentially, the latter.)
Oh, and let me say a word about handcuffs: we don't need them.
We have GPS trackers.
Someone gets arrested, slap a GPS tracker around a wrist, and 95% of the time you're done. You have no excuse to use no physical force, no shoving them into a cop car where they 'accidentally' hit their head, no 'fighting' with people who've been shoved onto a rocky ground. You click it on, and just tell them to get in the back of the cop car, or go stand by it.
They start running, the cop triggers the GPS to start emitting a loud warning about this person fleeing custody, and they can track where the person is.
Oh, and even more fun: It can contain an audio recorder. Hey, look, proof they were read their rights, and a recorded confession if they make one. You have the right to remain silent, but if you say anything incriminating, hey, you're on tape!
Before anyone thinks this would be expensive: Have you seen the insides of a cop car recently?
The reason we don't do this, of course, is police enjoying have the right to physically shove people around, and assert they're 'resisting', even when a vast majority of people, when they are arrested, either are silently in shock, or trying to present a legal defense for their actions. (Aka, they're arguing verbally with the cops, which is somehow 'resisting arrest', even if they let the cops handcuff them.)
Slashdot Mirror
Yeah, what I was thinking was essentially having a second civic's screen, or in fact one for each religion. You set the rules of each religion, along with which one get government support and whatnot.
Although it should do what I also wish they'd do with the real civic screen....let you switch over a longer period of time, with less unrest. I.e, you can transition via revolution, with two years of unrest, if you want...or you could transition via social change, over 20 years or so.
And the same with with changing parts of the religion. Slow change, over the years...or you wait until a great prophet comes along, and does whatever. (In fact, it might be interesting if you could only change civics fast that way, also.)
I hated having to rush for a religion. I find it exceptionally absurd I can end up without one. What primitive people didn't have a religion?
What I wish that you could do is essentially build your own religion.
Not the tiny details, but if you took over another nation you could, for example, incorporate their gods into your pantheon and gain some extra culture. Or do the inverse, demonize someone else's god in yours, reducing war weariness as you fight those 'evil worshipers'.
Or switch to monotheism, which would keep reduce neighboring cultural exchange, both ways.
Or if a religion was in more than one place, you could attempt to 'hijack' it and make your county the HQ. Or you could fork it.
Likewise, you could have various 'holy people' that showed up, like great prophets, but you'd tell them a bunch of different options, and they'd be remembered, and you could direct which of these 'saints' your society focused on. Like, on of them was a great warrior, one of them feed the hungry, one of them was a great mother, whatever.
And it would be interesting to allow various rules, like how you treat sex, for example. Harsh controls on it could result in a lower birthrate but more financial gain. (As children grow up in supported families and hence aren't a drain on society.) Likewise, perhaps certain foods cause sickness for people unfamiliar with them, so you can outlaw them.
And, of course, changing any of this would cause unhappiness for a bit, as people don't like change.
The problem is that Civ IV used real religions, which people don't like mucking with. (And even then only five of them...where were the Greek Gods, or the Eygption ones?) So all you could do is alter how they interacted with society, and not what they were.
Which was rather dumb...I mean, you can make societies and leaders operate totally out of how they actually were. But whatever...if people are going to complain, just name them random things.
Yes, you certainly should go with VDPAU if you're going to H.264 level and don't want to spring for more computer. (And you're using Linux, of course.)
I was just trying to make the point that people often overbuy computer hardware, which is fine in a computer that's general purpose, but rather silly in an HTPC.
I was outputting xvid avi files at 1024x786, which is essentially all SD screens can take, using a damn six year old 1.2Ghz processor and 256megs of memory, on a computer pieced together out of scrap parts I had. The video card supported VDPAU, but, hilariously, the processor didn't support the instruction set (SSE2, IIRC.) needed to run the driver that supported it. So I couldn't use it. (This is the same card I'm using now in my new HTPC, I swapped it out as my old game computer card was slightly slower.)
It worked fine. Except every couple of hours, the video card and motherboard combo would crash X, as they were hilariously mismatched, one being from the age of AGP 1x, one being from age of AGP 8x. But besides that, the damn things would show videos just fine. Turn on any of the fancy rescaling, and the CPU shot to 100% and couldn't get it out, but without them, 30% or so. Because it's drawing pictures on the screen.
Not that I recommend anything that slow but 'drawing pictures on the screen' is a trivial use of a computer. And this all important 'HD' output of 1080p is just 1920×1080, which is only about 2.5x the amount of data of frickin 1024x786.
Yet I see people with absurdly powerful computers, buying the best video cards, to output...a TV show. Um, no. Buy a moderate video card to help decode if you're deliberately buying some low-powered processor, like you did, otherwise the cheapest card imaginable can put fricking pictures on the screen. (Of course, they're often also going with Windows, which is a totally inexplicably choice on HTPC, but that only adds maybe 15% more CPU needed and 50% more memory.)
And even you could get away with a 8x00 instead of a 9x00, assuming you can find one. The card in my HTPC is actually a 7900, despite claims that VDPAU only works on 8 series and above...I don't know what's going on there. (I'd tell more, but, hilariously, I broke the boot during a Ubuntu upgrade yesterday, and I need to go in there and fix it. I broke rule #1: Don't fix things that aren't broken.)
No, it only runs when it's actually used. It turns itself off after it's been idle for 15-20 minutes and it's not downloading something.
And usually I'll turn it off manually anyway, when I'm done with it, unless I think it's downloading something.
People who leave computers running when they don't need them are weird. The only computer-ish thing in my house that stays on all the time is my NAS. (I keep trying to figure out how to install hellanzb on that and download using it, but no luck so far.)
Indeed, I think the whole 'the next day' need emphasizing.
You can actually, somehow, vaguely, come up with a scenario where this is understandable if a 3 year old accidentally got a gun during an (apparent) prowler attack. Perhaps the father unlocks the gun safe, and takes out a gun, and there's another one in there and he doesn't lock it back. Or perhaps he even sets it down in relief for a minute or two.
It's the whole 'going to bed with it laying out' that, um...
Secondly, the article headline should be: A 3 year shot himself with a gun because 3-year olds pick up everything.
The idea that he thought it was a 'Wii remote' is not supported by an actual evidence at all.
Thirdly, there's no such thing as 'accidental suicide', whatever moron wrote the headline.
Yeah, that's a pretty good deal.
My HTPC, oddly, probably costs more, but that's because it, like I said, is my old game PC that I couldn't really upgrade. (I stupidly went with AGP.)
So I threw in the old HTPC's hard drive, found a old CD writer that read DVDs, stole the DVD-R and the bigger hard drive, and tada.
Honestly, the only reason that's running Linux is that the old HTPC was, and I could just swap the drive out. It actually had an XP license, although now I'm using that under visualization on the Vista (ugh) I got on the new game box. (Thinking about upgrading to 7.)
What I keep wanting to look into is the price of things like the Acer Revo. It annoys the hell out of me that most tiny computers don't come with S-Video out. (Yes, I'm still entirely SD at my house.)
And also they come with Windows licenses, which I prefer to buy myself, and actually have a spare one or two at the moment, and wouldn't spend money on if I'm sticking XMBC on it to run full-time. (I keep hoping that someone will write a framebuffer XMBC for Linux so you don't even have to run X.)
So if you know any tiny computer, preferable fairly silent, that can run Linux, has both S-Video and HDMI out (for when I upgrade), and doesn't come with an OS, I'd be much obliged if you'd tell me.
I do, however, want a DVD drive, so that I can play DVDs via it. That isn't a deal-breaker, though.
Also, it would be awesome if it actually looked like a piece of A/V equipment instead of a computer.
For the storage, I have a old NAS I got for $200 that I put Linux on, and it has USB ports that I hook external drives into. But that's for full seasons...the HTPC itself runs hellanzb and Leech.py and downloads shows as they come out.
One of the 6xxx or 7xxx series is probably what you want. (I actually played Fallout 3, which uses a later form of Oblivion's engine, on a 6600GT, just fine. Right now I have a 9600GT and can run any damn game I want.)
The nVidia line is very confusing, though. The first number is 'generation', the second number is ranking 'within' that generation, and the end part are various weird codes.
So what happens is that, say, a 6800 will get remade with a smaller die and whatnot, and end up as a 7600 in the next generation. (That is just a hypothetical, do not actually believe those numbers.) A 'GSO' is code has literally been the older chips, in a sorta scammy move. A 2 at the end of the code indicates dual processor.
I can't possibly explain it all, as I don't understand it all either. Start here and move forward thought 7 and 8 and 9.
I try to aim for the price of $125-$150, myself. A year or two ago, that was a series 9.
I have no idea what's going on post-series 9, either.
Mod me -1: Uninformative.
The problem with budget desktops is you tend to end up with something that is cheap but crippled.
It always used to amaze me how people would have a perfectly functional Dell or something...except with about 1/4th the memory it needs.
I also amazed me how hard it was sometimes to inform them of this.
'Hey, David, can you go look at X's computer and see why it's slow?'
I show up at their house, spent approximately fifteen seconds at the computer, and say 'It does not have enough memory. 128 megs is not enough to run XP on. Buy a 256 meg chip, add it in.'
Non-computer people seemed incapable of understanding that slowness on (well maintained, not full of cruft) computers is almost always due to some bottle neck.
Sometimes it's hard to figure out...I couldn't tell you what it is on my game computer.(I do like the fact Vista, and presumably W7, display a little rating printout of each subsystem, which can give you a hint.) In fact, well designed computers will have different bottlenecks at different times, depending on what you are doing. Usually alternating between disk and CPU, as disk is always a bottleneck, and CPU is where people can't spend infinite money. (Anyone who bottlenecks on memory at this point is a moron, but that used to be a reasonable cost-cutting bottleneck.)
But sometimes finding the bottleneck is easy as hell.
The easy as hell ones tend to be computers that either a) were purchased, in one piece, as a 'budget desktop', like you said, or b) weirdly upgraded things, where people came along and tried to upgrade the OS, and it wanted a new video card and hard drive, so they gave it that, and everything else barely fit within the minimum requirements, or, if not, functioned anyway.
The only conclusion at that point is that the builder had no idea what they were doing.
Yes, but an HTPC doesn't need quite as much power as a game computer. (In fact, my HTPC is my old game computer, demoted.) And they can run Linux, so automatically need about 15% less CPU.
Not trying to bash here. All my actual 'sit down and use' computers are Windows, but there's no reason not to have HTPCs be Linux. Mine runs XBMC. Free license, no virus scan, half the memory usage, etc.
For an HTPC, you don't even need VDPAU or anything. My HTPC uses that, at SD, but doesn't actually need to. It is completely and utterly impossible to purchase any desktop computer that cannot decode and display video files, even at 1080p. (Erm, assuming it has 1080p output. Technically, you can still get VGA-only ones.) It would probably be impossible to purchase such a computer 3 years ago!
Heck, I used to use an even older computer, but that had some incredibly strange AGP/video card interaction that occasionally crashed out X. (Probably because I was trying to run a video card from 2005 on a motherboard from 2000.) But even it managed to decode frickin video fast enough, although admittedly not if I turned on the smoothing. It was like a 1.2 gig chip! And 256 megs of memory! (And a gig of video memory. Heh, really mismatched computer.) Worked fine at SD, except when the video card tried to do something the motherboard couldn't handle.
Maybe some very light netbooks or something, but any actual desktop can do it. Old, cobbled together computers can be an HTPC.
But the article was talking about playing games, so that doesn't really apply. But, then again, he was talking about Oblivion, which is almost four years old at this point, meaning it should also be playable on any computer that can currently be purchased...but I don't know if it's playable at 1080p resolution. (Hell, I don't even know if it can do that resolution at all.)
Let me amend that last sentence:
And then you still run everyone through a proper security checkpoint, which is easily and cheaper now that crackheads aren't wasting your resources....and you can now see who's attacking you specifically. They're the ones who spent time learning to get past the sanity check. Those people, unlike all the idiotic automated kiddies, are actually dangerous, so watch them.
It really is driving me crazy.
Security by obscurity is stupid by itself. Security by well-formedness is stupid by itself.
I mean, let's assume I'm in charge of physical security, and everyone is required to have their badges pinned to the upper right torso. Likewise, they are required to respond to my 'Hello', with 'My name is [their name].'.
Now, I clearly should not be automatically letting in everyone with the correct badge position, or the correct response. None of those are particularly a secret, and an attacker could have easily figured them out. I need to actually check the badge and image against their face and the database.
And someone walks up with their badge pinned to the upper left. And doesn't respond correctly.
So I should...what? Just ignore that fact?
Security through obscurity, security by 'public procedure following', is an entirely valid thing to do on top of other security.
Especially, and I can't add emphasis this enough, on the internet,where you have the equivalent of 50 idiot kids getting in line to every real person, so you move the 'is their badge actually pinned to the right place' check to the start of the line, before they waste your resources. Yes, a few of them will actually have badges, in the right place...made of paper with scribbles on it, which you will detect when they try to use it. But many of them can't even cobble together a damn badge at all, and almost all of the ones that do will have it in the most common upper left, and you can automatically throw them out of line and they can go bother other security checkpoints.
And then you still run everyone through a proper security checkpoint, which is easily and cheaper now that crackheads aren't wasting your resources.
Yeah, I can't really bitch at the distros.
It's just incredibly annoying that a 'table designed to hold hundred or thousand of IPs, or IPs and ports, or netmasks, all with their own expiration times, that you can refer to in iptables to allow or block, and easily add and remove stuff from it', which is incredibly useful, does not actually manage to make it to end users computers.
I mean, it's not just for blocking. Want to do portknocking? Set up an ipset table, and allow new connections from that ipset table. Have the portknock detection throw an IP in it for 30 minutes. No need to expire anything, no need to change iptable rules each knock, tada, you're done, one command. You don't never need a background process running at all if you use inetd.
But that's a case of 'the perfect is the enemy of the good'. Yes, it might not stop all attacks, but it stops most of the current ones, which is, um, better than having them.
And, more to the point, the crap attacks are noise you can't see actual attacks through. Moving to another port fixes that.
If you get 5000+ attacks a day, someone can actually run a distributed attack of 3000 a day against you specifically without you noticing. If you move to another port and get 5 a day, well...
a sufficiently determined logged in user can cause the SSH daemon to crash and then replace it with one of their own which can sniff keys and passwords, contains back doors, etc.
If you're stupid enough to pick a non-restricted port, and then not restrict it.
The only reason moving to another port is the legit worry about other networks blocking access.
Reducing the grace time to 15 seconds is a good start (if your clients do not have reverse lookup PTRs on their addresses this will be bad).
Um, no. This is a flatly stupid idea to stop attackers. Attackers are using automated tools, and hence send the username and password near instantly. It's actual people who have to type.
You are assuming they are actually attacking your computer.
They are not. They're stupid bots. Poorly written stupid bots.
They do not do portscans, at least not of random ports. They do not attempt to find ssh elsewhere.
I swear, I keep having this idiotic discussion. Have it about spam too. 'But why would you block email servers that don't appear to understand the SMTP protocol? Spammers can just write better servers.'
We're not trying to block hypothetical attacks. We're not trying to stop hypothetical tools that go out and find ssh servers.
We're trying to stop the actual attacks that are actually happening from totally idiotic craptastic software criminals are currently using.
Forcing them, at the very least, to high competent amoral programmers, instead of the incompetent boobs they apparently hire currently.
Erm, no it cannot.
fail2ban blocks ssh connections after failed attempts.
tarpitting is slowing down connections. That code slows down ssh connections after, I think, 4.
Frankly, I don't see why you couldn't slow them all down, unless you were using scp or something. How often do you make a new ssh connection to a server? If all new connections were delayed 30 seconds, you'd probably be fine, especially something would trip after you've been connected successfully. You'd need an 'anti-fail2ban' or something reading logs for that.
Incidentally, what's going on with the retarded war about fail2ban vs. other ways to block? Are either side serious? Because you're both sounding really, really stupid right about now.
fail2ban uses iptables. It is a tool that looks at logs of various services, and puts those IP addresses into iptables (Or hosts.deny) for a specific amount of time. You should use it if that's what you want to happen.
Likewise, there are iptable commands that can slow or block repeated connections from the same IP. iptables does not know when you've succeeded or failed. Use that if that's what you want to happen.
I used to use fail2ban, I now use iptables to block repeated connections, except on my mail servers, where specific bogus email addresses (spamtraps) get you, essentially, fail2banned. (Although I use ipset lists.)
Christ, it's like a bunch of idiots arguing about whether HTTP servers or a perl CGI script is better. First of all, that's inherently stupid, as one uses the other, and second, um, maybe people should use the one that actually does what they want?
Oh, and, while we're at it, the best thing to do to temporarily block IPs is actually to use ipset. It's what fail2ban should be using, and it's what it would actually let you manage current iptable timers if you wrote iptable code that dumped numbers in there. It's near perfect for 'blocking an IP for a set amount of time', as the entire point is to 'hold an IP, in a big list of IPs, for a set amount of time'.
Sadly, it's near impossible to actually get fucking working because they like to idiotic change the interface and distros seem unwilling to actually include it.
Erm, except you're assuming that this 'an attacker', which is a little silly.
These are not distributed attacks, these are just a bunch of idiotic bots that connect and try stupid shit like 'passw0rd'.
If you think otherwise, try logging the bad passwords some day. It's not some person slowly working their way through a dictionary, it's bots testing the 1000 most common passwords and usernames. As long as you don't have one of those, you're good.
Hell, something like a 1/100th of the attempts are blank passwords. I have no idea how the hell you even have a blank ssh password. (I actually think that's some router thing.)
You can stop 95% of the crap just by moving ssh to another port. They're very stupid bots.
Holy crap, I just posted exactly this same thing.
Checking for malicious input at database time is idiotic and dangerous.
What, are these people only writing input to the database? They're not using it, I dunno, in any sort of calculations before that? They don't end up in a session or anything? They aren't used in calculations? It's all straight to DB?
Normal programming actually uses variables passed in to do things. Hence, programmers have to sanity check before they do things, on the variables they are going to do things with. Sanity checking at output to the DB is, um, rather late.
And if they are just going to pass them to a DB, they can also SQL escape them while they're sanity checking, then they don't have to worry about checking every damn query.
Has web programming really devolved to 'Writing user supplied values to databases?' (And presumably reading back?)
Yeah, all this SQL stuff always confuses me. Partially because I often am in the Joomla framework, which doesn't let you do parameterized queries, and, while I guess you could do stored procedures, I've never seen the need.
Instead, I simply take all input and make sure it is sane. Is it supposed to be a number? Put an (int) before assigning it out of $_POST. (Now there's a JRequest::getInt that I'm learning to use instead.) Am I putting a string from a user into a database? I use $db->getEscaped(). When I get it, unless I can think of some justifiable reason otherwise.
I understand the point of all this, as people often leave themselves open to SQL injections, but I suspect the people who do that don't even consider the possibility anyway, and this entire discussion is lost on them. I guess, in a large company, it might make sense to require all queries are parameterized(1) or stored, so morons are required to do things sanely, but smart programmers check things at the start, and don't run around with obvious malicious input to start with.
I mean, what if, instead of an SQL injection, it was some other vulnerability? Sanity checking on just the DB query risks the rest of your program having insane data. Your program presumably does do more than write input straight to a DB, even if it's just checking permissions to write to the DB.
What if they passed in '0+523' as their userid, and your program ended up checking that, yup, they were logged in as their passed userid, '523', and then later, yup, their passed userid was '0' and hence they're an admin? Sounds crazy, but not impossible in typeless languages.
Sanity check at the start, as you assign to other (typed, as far as you can) variables, then permission check those variables if needed, and then you're good to just use raw SQL for 99% of the stuff, and all your calculations will be good. Escape and possibly even pre-quote all strings that are going to a database. (Which is especially handy, as if the strings have quotes to start with, you can instead assign NULL without quotes to that variable, and have both magically work using WHERE `blah`=$variable.)
The only time you'll have to worry about escaping at SQL query time is input where you can legitimately have quotes and semicolons and stuff in it and you used that input elsewhere. Which a lot of people do, if only to display what the person entered...but that's silly. It's much better to write a 'display' function that pulls from the data, in one place, and on an input or update, you use that to queries the data you just saved so a) they can see it worked, and b) see if you truncated it or whatever. If they typed data that ended up in a database, and you want to show said data to user in confirmation, put it in the database and pull it back out, don't display their inputted data that supposedly made it to the database.
I'm sure there are circumstances where you might want the unescaped data, and fine, escape that tiny fraction at query time. But in general, just get the semicolon out of their 'userid' at the start, and stop fucking around making sure each and every query is safe if they've decided to do that.
1) Of course, idiots with automated tools can write insane queries, also, and DBAs get real pissy about that and demanded stored queries, but that's not really relevant to this discussion, which is talking about security, and not idiots who can't conceptualize that SQL servers are finite.
I don't understand your comment. You have two sarcasm notifications in it.
Is that...double sarcasm?
Does it cancel out? Is it being 'sarcastically sarcastic'? I don't think that's even possible.
Or did you just forget to escape one of them? Or both?
We need to make a decision:
EITHER corporations should be treated as people, meaning they have the right to influence elections, but also can be charged with crimes and imprisoned. How this would work, I'm not sure, but we should certainly also charge corporate heads with 'conspiring' with them. (That's pretty much the textbook definition of 'conspiracy'.)
OR corporations are just tools that society has created, and hence we can, and should, dissolve them when they are no longer serving the best interests of society. (A business license is a privilege, not a right.)
The entire point of limited liability is to stop fiscal liability, so someone who sues a corporation can't also sue every single stockholder. In general, I think this is a good idea...people can't keep up on every action of the company they own 0.0003% of. Often the stockholders don't even know of iffy stuff until much later. No, the loss to the stockholders should be limited to the amount of stock they have.
However, this idea falls apart when it gets to the executives of a company. I'm not certain why they need any protection from liability at all.
By all means, protect them from decisions they didn't know about, and it wasn't their job to know about, but that should already happen under existing laws. And don't let people hold them fiscally liable for debts and stuff..if a company owes me $100, I shouldn't be able to sue some employee for that, even if it's the one who denied my payment. Simple contract disputes don't count. Likewise, require anyone suing them for actions done at the company to also sue the company, so people can't just attack low-hanging fruit.
But if someone sues a company for dumping waste, they should also be able to sue the person who made that decision at the company. If they don't know, they should be able to sue John Doe and force the company to turn over the name. If a company hurt others in any way beyond 'They owe me some money we agreed they'd give me', that should be enough.
In reality, they can sue people at companies, actual criminal actions can 'pierce the corporate veil', but the bar is apparently pretty high, and will never happen with a civil suit without blatant criminal wrong doing.
Half the problem here is that crimes by companies are often resolved by civil suits, thanks to our owned-by-the-corporations government that does not bother to enforce the law against corporations. If actual criminal enforcement happened against companies, they'd be charging the people who made the decision to commit the crime, too. But our only hope of justice currently is lawsuits, and suing someone in a corporation for their actions is damn hard.
The only times the free market has ever truly reigned is when it explodes and outpaces, for a short time, the long arm of political meddling.
Like the housing market!
KA-BOOM!
Indeed.
Communism is a shitty way to allocate resources when you need to make any decisions at all.
In theory it's shitty because who gets what resources turns into some political idiocracy, where less efficient factories get more work, where things are shipped where they aren't needed so someone can 'win'.
In practice it's even worse, as all communist governments have been so inept they can't even manage to feed their citizens. The economy is so inefficient it manages not to actually function at all. So how bad it would be in theory is rather moot.
However, the problems, in theory and practice, are all due to allocating resources. Once you have infinite resources, all the problems with communism magically vanish.
Copyright is a place we've actually made artificial scarcity. If we removed it, we'd have an infinite amount of reproductions and no scarcity of existing works.
Without scarcity, you don't have to 'decree' communism...it just happens.(1) I have an infinite amount of air on my property, hence, I do not charge people for breathing my air. If I, and everyone else, each had a magical infinite food generator, no one would charge for it, even if you were using someone else's generator. (And, of course, on Star Trek, this has happened.)
Of course, removing scarcity from works might make new works hard to come by, as no one would get rewarded. But with OSS, people have removed the artificial scarcity we added to their stuff, and apparently don't care about their lack of reward. Without scarcity, it really does turn into communism, which isn't a dirty word.
1) Marx was right about this. He was wrong in thinking it had already happened, with mostly automated farms and whatnot, and that communism was being stopped because people were being artificially forced into capitalism, but he was right in that, when resources are infinite, or at least more than anyone could need, communism just happens.
Strictly speaking, copyright itself isn't a capitalist or communist idea.
You can have full communism with strict copyrights. The copyright owner couldn't be 'paid' per se, but even under communism, there must be some reward for doing work, or some punishment for not doing work, and producing software and movies and whatnot could certainly count as your 'work'. Likewise, while people don't 'buy' things under communism, there is some way of tracking how much they 'deserve', and they might only 'deserve' a certain amount of copyrighted stuff, with penalties for people who share their stuff.
Perfectly functional copyright, under total communism. (As functional as total communism can be, at least.) Granted, it doesn't make a lot of sense for communists to restrict the distribution of free to produce stuff, they have enough trouble with shortages of needed thing, but there's nothing stopping them.
Likewise, you can have a capitalist society with no copyright whatsoever.
Anyone arguing about copyright and the GPL based on economic systems is entirely missing the point:
Economic systems, communism, capitalism, protectionism, whatever, are about how goods and services are exchanged, under what rules those exchanges happen. It is about how assets move from one person to another, and how and why they are created in the first place.
Whereas copyright is about if something is regarded as something that is exchanged under those rules, aka, is an 'asset', or if people are just allowed to do whatever they want. (And the GPL is a way to subvert the former into, essentially, the latter.)
Oh, and let me say a word about handcuffs: we don't need them.
We have GPS trackers.
Someone gets arrested, slap a GPS tracker around a wrist, and 95% of the time you're done. You have no excuse to use no physical force, no shoving them into a cop car where they 'accidentally' hit their head, no 'fighting' with people who've been shoved onto a rocky ground. You click it on, and just tell them to get in the back of the cop car, or go stand by it.
They start running, the cop triggers the GPS to start emitting a loud warning about this person fleeing custody, and they can track where the person is.
Oh, and even more fun: It can contain an audio recorder. Hey, look, proof they were read their rights, and a recorded confession if they make one. You have the right to remain silent, but if you say anything incriminating, hey, you're on tape!
Before anyone thinks this would be expensive: Have you seen the insides of a cop car recently?
The reason we don't do this, of course, is police enjoying have the right to physically shove people around, and assert they're 'resisting', even when a vast majority of people, when they are arrested, either are silently in shock, or trying to present a legal defense for their actions. (Aka, they're arguing verbally with the cops, which is somehow 'resisting arrest', even if they let the cops handcuff them.)