Any safe language prevents against buffer overflow attacks, printf-style bugs, heap corruption and double-free bugs. Java or O'Caml or SML would be good choices. SML also protects against integer overflows. SML and O'Caml, for their parts, are only about 20% slower than C and a whole lot more fun to program in.
I wrote an FTP server in SML (http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/to m7misc/net/mlftpd/) so I wouldn't need to worry about buffer overflows any more. It was really easy. It blows my mind that all of the security-obsessed unix people are still manually putting in their buffer length (etc.) checks in tortured legacy C code, when they could so easily have a set of daemons that are totally immune to that sort of attack.
Of course, any language that lets you write interesting programs (ie, "telnetd") will also let you write programs with security holes. (In a sense, telnetd is itself a security hole, provided you have the password!) But having the compiler automatically ensure that the largest class is impossible gives you a lot more time to work on other, more subtle security problems.
Actually, I find apple hardware and software to be a whole lot slower than comparable Intel/AMD stuff. Yes, I have used the same applications on both platforms. There are some nice things about Apple machines, but they are not universally better!
Yes, well, those proofs work in an abstraction of a machine where memory errors don't occur. The proof is always true, but if the abstraction doesn't model the real world then the proof is meaningless. (Most of the time, though, an attacker doesn't get to cause memory errors in your hardware -- this really only applies to the case where the attacker has physical access to the machine.) It wouldn't be too hard to design a system where memory can instantly change value, and then make another (probabilistic) claim about the security of the program.
A friend of mine has a necklace marked as a Golomb ruler. This is not really "useful" (except in the sense that if you were stuck somewhere and really needed a ruler, this is the optimally short piece of equipment to use), but it is a neat mathematical curiosity.
First of all, this is not a continuing "insistance" (sic). My last post was the first time I called them competition.
Now, pirates are certainly competition for game publishers if we take an economic viewpoint. The point is not to justify or legitimize piracy, but to characterize it in a rational way so that we can analyze how game publishers can react. It's easy to just talk about this in terms of costs. Pirates are able to produce the product at very low cost; they pay only their own opportunity cost (usually low for high school kids) and the potential cost of going to jail or losing their internet connection (typically very small). On the other hand, their product is not worth quite as much -- it's not "legitimate" (this may mean a lot to folks like yourself) and isn't benefiting the creators of the game, carries increased risk of viruses, might be hard to find, and also carries a small potential cost of paying a fine or losing the buyer's internet connection. Game publishers are also able to produce the product for low (marginal) cost, but can provide something of higher value, since it is legitimate, virus free, comes with support, and can be found in a reliable place. This gives them an advantage that they can use to charge more than pirates can.
The question is: how do you quantify these costs, and then determine a dollar price that maximizes their profits? I'm not in a good position to actually measure this stuff, but I'd be willing to bet that their profits are best when the price is quite low, and I think I've argued in previous posts why I think this.
Why is this "rediculous" (sic)? This is perfectly rational economics. What is your proposal, to just wish away piracy?
What are you talking about? I am not trying to justify piracy (that's a different argument), I'm trying to answer your question of what companies can do to make money off their games.
What I'm saying is, if companies want to make more money off games today, and piracy is a reality (it is), they might try charging less money for the games. Marginal cost is extremely low, demand is high (as you say), so prices should be low -- especially when the "competitors" (warez kids) offer a similar product for a low price. This is capitalism.
If you can make a good economic argument that says that a profit-maximising company in a world with piracy should be charging $60 for a new game, I'd love to hear it. Right now, your post is just as emotionally irrational as you imagine mine to be.
I'm talking about the difference between selling 10,000 copies and 1,000,000 copies -- the reproduction costs that separate the two are almost insignificant. Given that, and supposing that all of the people who downloaded illegal copies would be willing to pay a small amount for a legit and clean version, they might stand to make more money by lowering the cost of their product.
> So I'm Asking Slashdot : What should companies be doing to prevent the loss of income from pirating while > leaving inviolate the right of the consumer to make copies of materials to which we own legal license?
They should sell their stuff for less. The cost to actually produce a single copy of Thief 2 is practically nothing (that's why people will give it out for free on the net); if everyone you knew was willing to download a copy from a shady IRC bot, wouldn't they perhaps also be willing to pay $5 to download the whole thing, legitimately, from a reliable server?
Acclaimed mapper my ass. I made better Doom maps than that when I was 14. The entire thing is one texture!!
It is a fun idea, though. It would be a bit better in Quake since it wouldn't have Doom's technical limitations (every point on the map has a single Z value that you can occupy) and could use Quake C to do things like the ladders raising and the castle wall exploding. Just fire up 'GOD' mode and let the carnage begin...;)
> And despite popular opinion, the magic can be implemented without significant loss of efficiency. Imagine that. It's like > free money.
Indeed, the checks that compilers for such languages (say, O'Caml) insert automatically are precisely the ones that these master C programmers say you must insert yourself -- array bounds checks, overflow checks, etc.
Of course, I second your sarcasm; programmers who can write large-scale buffer-overflow-free source code are indeed few in number. If anyone disagrees, can he explain why so much popular software written by our most heralded programmers has contained known buffer overflows in the past (and probably still to this day?) (ie, Linux kernel, OpenSSH, Quake I, II, III, Half-Life, Perl,...)
Do you really want to work for a place with management that would say, "This applicant did not format his resume properly. He has included accomplishments that defy our traditional categorizations!"? Go ahead and put them on there, either in some "other" category or wherever you think they best belong. However, don't pad with trivial accomplishments; just put your best ones.
Really? What was inaccurate about wargames? The plot was fantastical, of course, but the things they did with computers were pretty much realistic (ie, randomly dialing numbers to look for interesting systems) for the 80s. I haven't seen it in a long time, but in my mind it takes the prize for the most plausible mainstream computer movie.
Transfer all your domains away from network solutions. Not only are they the most expensive, but they are susceptible to forged transfers (see sex.com scandal), and have some bizarre conditions (like you describe) for changing domain info. NS has sucked for years, and there have been good alternatives, so you should have known better!
Bad code arises during compilation of good code
on
Inside the Intel Compiler
·
· Score: 2, Insightful
In fact,
a[x] = b[x] + c[x];
probably compiles into something like (in the C equivalent):
(Set aside the fact that C automatically scales pointers arithmetic for you. Also ignore for the moment the fact that x86 allows you to do a scalar multiply by 4 in the load instruction -- pretend we are accessing structures of some large or non-power-of-two size.)
Here the computation of x * 4 is redundant, even though we never wrote x * 4 in the original program.
The point is, dumb code doesn't just arise because of dumb programmers, but because of the compilation process. (Also imagine you are calling a macro that computes offsets for you, etc.) Anway, every compiler implements this level of common sub-expression elimination, even gcc, so don't worry!
If the spammer is bypassing spamassassin in order to download your mail then there might be some trouble with copyright or even the DMCA. Unfortunately, spamassassin doesn't protect your inbox from other people downloading your mail, it protects from the delievery of spam. The only work being copied is the spammer's mail, and the software in question doesn't control access to that or any other copyrighted work.
In any case, these kinds of twisted arguments would fall apart in court. Judges don't think like hackers! Their job is to interpret the meaning of a law (of which a large part is the actual intent of the law), which means that you need a clear argument, not one based on stretches of the imagination and technicalities.
"There are three kinds of people in the world. Those who believe in the excluded middle, those who don't believe in the excluded middle, and those who don't not believe in the excluded middle."
I don't recall seeing anything in the DMCA that exempts the copyright holder from the ban against circumventing the technology.
Well then read the damn law! (http://www4.law.cornell.edu/uscode/17/1201.html) Even in the crazy interpretation you describe, circumvention only occurs when it is done without the authority of the copyright holder. The spammer obviously has authority of the copyright holder (himself!).
It's true that the DMCA is a vague and crappy law, but it is not as vague as slashdot readers seem to think it is.
Are you crazy? You can't consult Webster's dictionary for legal definitions. Copyright, the scope of copyright, and technological measures are defined in the US code (title 17), so that's where you should look.
The DMCA does not ban anyone circumventing technology in a way that you don't like. It only applies to the specific case of circumventing access controls for copyrighted works, and there are clearly no copyrighted works involved here.
Strong typing catches many bugs, but it also makes you focus too much on getting the types right and not enough on getting the rest of the program correct.
(Does anyone else find it a little scary that Guido confuses "strong" and "static" typing?)
There's not much substance in this article to actually refute, but I would like to share my experience on this. I have had a lot of experience with static and dynamic, strong and weakly-typed languages, though not much with Python.
I'm a fan of statically-typed functional languages, especially SML and O'Caml. I agree that static typing catches many bugs; ones that would not be caught at compile-time in a dynamic language. However, in my experience, spending time getting the types right is not a distraction but actually a guide in the design of the program. Static typing encourages . Even if I considered all of that time (which amounts to very little once you become good at the languages) a burden, I think static typing would still be worth it. The reason is that compile-time errors are much, much easier to track down and fix than ones that occur only dynamically (or only once you've shipped your program!).
By the way, "strong" typing does not mean writing down a lot of types. (ML and Haskell have type-inference systems where you end up writing less than you would in C or Java, and maybe even less than in Python!) By the time you become an expert in a language like ML, you are hardly encountering type errors (except when you make a typo or actual mistake), and hardly writing down anything having to do with types -- the best of both worlds!
Slashdot Mirror
Any safe language prevents against buffer overflow attacks, printf-style bugs, heap corruption and double-free bugs. Java or O'Caml or SML would be good choices. SML also protects against integer overflows. SML and O'Caml, for their parts, are only about 20% slower than C and a whole lot more fun to program in.
o m7misc/net/mlftpd/) so I wouldn't need to worry about buffer overflows any more. It was really easy. It blows my mind that all of the security-obsessed unix people are still manually putting in their buffer length (etc.) checks in tortured legacy C code, when they could so easily have a set of daemons that are totally immune to that sort of attack.
I wrote an FTP server in SML (http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/t
Of course, any language that lets you write interesting programs (ie, "telnetd") will also let you write programs with security holes. (In a sense, telnetd is itself a security hole, provided you have the password!) But having the compiler automatically ensure that the largest class is impossible gives you a lot more time to work on other, more subtle security problems.
Actually, I find apple hardware and software to be a whole lot slower than comparable Intel/AMD stuff. Yes, I have used the same applications on both platforms. There are some nice things about Apple machines, but they are not universally better!
Yes, well, those proofs work in an abstraction of a machine where memory errors don't occur. The proof is always true, but if the abstraction doesn't model the real world then the proof is meaningless. (Most of the time, though, an attacker doesn't get to cause memory errors in your hardware -- this really only applies to the case where the attacker has physical access to the machine.) It wouldn't be too hard to design a system where memory can instantly change value, and then make another (probabilistic) claim about the security of the program.
A friend of mine has a necklace marked as a Golomb ruler. This is not really "useful" (except in the sense that if you were stuck somewhere and really needed a ruler, this is the optimally short piece of equipment to use), but it is a neat mathematical curiosity.
http://www.distributed.net/ogr/
I don't understand your point. Do you have one?
First of all, this is not a continuing "insistance" (sic). My last post was the first time I called them competition.
Now, pirates are certainly competition for game publishers if we take an economic viewpoint. The point is not to justify or legitimize piracy, but to characterize it in a rational way so that we can analyze how game publishers can react. It's easy to just talk about this in terms of costs. Pirates are able to produce the product at very low cost; they pay only their own opportunity cost (usually low for high school kids) and the potential cost of going to jail or losing their internet connection (typically very small). On the other hand, their product is not worth quite as much -- it's not "legitimate" (this may mean a lot to folks like yourself) and isn't benefiting the creators of the game, carries increased risk of viruses, might be hard to find, and also carries a small potential cost of paying a fine or losing the buyer's internet connection.
Game publishers are also able to produce the product for low (marginal) cost, but can provide something of higher value, since it is legitimate, virus free, comes with support, and can be found in a reliable place. This gives them an advantage that they can use to charge more than pirates can.
The question is: how do you quantify these costs, and then determine a dollar price that maximizes their profits? I'm not in a good position to actually measure this stuff, but I'd be willing to bet that their profits are best when the price is quite low, and I think I've argued in previous posts why I think this.
Why is this "rediculous" (sic)? This is perfectly rational economics. What is your proposal, to just wish away piracy?
What are you talking about? I am not trying to justify piracy (that's a different argument), I'm trying to answer your question of what companies can do to make money off their games.
What I'm saying is, if companies want to make more money off games today, and piracy is a reality (it is), they might try charging less money for the games. Marginal cost is extremely low, demand is high (as you say), so prices should be low -- especially when the "competitors" (warez kids) offer a similar product for a low price. This is capitalism.
If you can make a good economic argument that says that a profit-maximising company in a world with piracy should be charging $60 for a new game, I'd love to hear it. Right now, your post is just as emotionally irrational as you imagine mine to be.
I'm talking about the difference between selling 10,000 copies and 1,000,000 copies -- the reproduction costs that separate the two are almost insignificant. Given that, and supposing that all of the people who downloaded illegal copies would be willing to pay a small amount for a legit and clean version, they might stand to make more money by lowering the cost of their product.
> So I'm Asking Slashdot : What should companies be doing to prevent the loss of income from pirating while
> leaving inviolate the right of the consumer to make copies of materials to which we own legal license?
They should sell their stuff for less. The cost to actually produce a single copy of Thief 2 is practically nothing (that's why people will give it out for free on the net); if everyone you knew was willing to download a copy from a shady IRC bot, wouldn't they perhaps also be willing to pay $5 to download the whole thing, legitimately, from a reliable server?
Acclaimed mapper my ass. I made better Doom maps than that when I was 14. The entire thing is one texture!!
;)
It is a fun idea, though. It would be a bit better in Quake since it wouldn't have Doom's technical limitations (every point on the map has a single Z value that you can occupy) and could use Quake C to do things like the ladders raising and the castle wall exploding. Just fire up 'GOD' mode and let the carnage begin...
> And despite popular opinion, the magic can be implemented without significant loss of efficiency. Imagine that. It's like
> free money.
Indeed, the checks that compilers for such languages (say, O'Caml) insert automatically are precisely the ones that these master C programmers say you must insert yourself -- array bounds checks, overflow checks, etc.
Of course, I second your sarcasm; programmers who can write large-scale buffer-overflow-free source code are indeed few in number. If anyone disagrees, can he explain why so much popular software written by our most heralded programmers has contained known buffer overflows in the past (and probably still to this day?) (ie, Linux kernel, OpenSSH, Quake I, II, III, Half-Life, Perl,
The DMCA does not require any manufacturer to include copy protection schemes except for Macrovision.
I'm sure you're being sarcastic, but I don't think that spreading misconceptions about the DMCA helps our cause any.
Do you really want to work for a place with management that would say, "This applicant did not format his resume properly. He has included accomplishments that defy our traditional categorizations!"? Go ahead and put them on there, either in some "other" category or wherever you think they best belong. However, don't pad with trivial accomplishments; just put your best ones.
Really? What was inaccurate about wargames? The plot was fantastical, of course, but the things they did with computers were pretty much realistic (ie, randomly dialing numbers to look for interesting systems) for the 80s. I haven't seen it in a long time, but in my mind it takes the prize for the most plausible mainstream computer movie.
Transfer all your domains away from network solutions. Not only are they the most expensive, but they are susceptible to forged transfers (see sex.com scandal), and have some bizarre conditions (like you describe) for changing domain info. NS has sucked for years, and there have been good alternatives, so you should have known better!
In fact,
a[x] = b[x] + c[x];
probably compiles into something like (in the C equivalent):
offset_b = x * 4 +
val_b = *offset_b;
offset_c = x * 4 +
val_c = *offset_c;
offset_a = x * 4 +
val_a = val_c + val_b;
*offset_a = val_a;
(Set aside the fact that C automatically scales pointers arithmetic for you. Also ignore for the moment the fact that x86 allows you to do a scalar multiply by 4 in the load instruction -- pretend we are accessing structures of some large or non-power-of-two size.)
Here the computation of x * 4 is redundant, even though we never wrote x * 4 in the original program.
The point is, dumb code doesn't just arise because of dumb programmers, but because of the compilation process. (Also imagine you are calling a macro that computes offsets for you, etc.) Anway, every compiler implements this level of common sub-expression elimination, even gcc, so don't worry!
There is a section for perl! This doesn't belong "programming"!
If the spammer is bypassing spamassassin in order to download your mail then there might be some trouble with copyright or even the DMCA. Unfortunately, spamassassin doesn't protect your inbox from other people downloading your mail, it protects from the delievery of spam. The only work being copied is the spammer's mail, and the software in question doesn't control access to that or any other copyrighted work.
In any case, these kinds of twisted arguments would fall apart in court. Judges don't think like hackers! Their job is to interpret the meaning of a law (of which a large part is the actual intent of the law), which means that you need a clear argument, not one based on stretches of the imagination and technicalities.
A function that cannot call itself cannot call itself a function.
Some of these, like "Made good judgments.." are Dan Qualye quotes, not GW.
"There are three kinds of people in the world. Those who believe in the excluded middle, those who don't believe in the excluded middle, and those who don't not believe in the excluded middle."
(Needs knowledge of constructive logic
I don't recall seeing anything in the DMCA that exempts the copyright holder from the ban against circumventing the technology.
Well then read the damn law! (http://www4.law.cornell.edu/uscode/17/1201.html) Even in the crazy interpretation you describe, circumvention only occurs when it is done without the authority of the copyright holder. The spammer obviously has authority of the copyright holder (himself!).
It's true that the DMCA is a vague and crappy law, but it is not as vague as slashdot readers seem to think it is.
Are you crazy? You can't consult Webster's dictionary for legal definitions. Copyright, the scope of copyright, and technological measures are defined in the US code (title 17), so that's where you should look.
The DMCA does not ban anyone circumventing technology in a way that you don't like. It only applies to the specific case of circumventing access controls for copyrighted works, and there are clearly no copyrighted works involved here.
Strong typing catches many bugs, but it also makes you focus too much on getting the types right and not enough on getting the rest of the program correct.
(Does anyone else find it a little scary that Guido confuses "strong" and "static" typing?)
There's not much substance in this article to actually refute, but I would like to share my experience on this. I have had a lot of experience with static and dynamic, strong and weakly-typed languages, though not much with Python.
I'm a fan of statically-typed functional languages, especially SML and O'Caml. I agree that static typing catches many bugs; ones that would not be caught at compile-time in a dynamic language. However, in my experience, spending time getting the types right is not a distraction but actually a guide in the design of the program. Static typing encourages . Even if I considered all of that time (which amounts to very little once you become good at the languages) a burden, I think static typing would still be worth it. The reason is that compile-time errors are much, much easier to track down and fix than ones that occur only dynamically (or only once you've shipped your program!).
By the way, "strong" typing does not mean writing down a lot of types. (ML and Haskell have type-inference systems where you end up writing less than you would in C or Java, and maybe even less than in Python!) By the time you become an expert in a language like ML, you are hardly encountering type errors (except when you make a typo or actual mistake), and hardly writing down anything having to do with types -- the best of both worlds!
when you're runnin' into cancer
and you want another answer
diarrhea,
diarrhea