Well, not sure about your local laws, but in Australia (where this story is) you would have police called on you and have the shops silent alarm triggered very quickly if you showed a hidden handgun without a police badge in plain view.
Civs don't get either the right to carry a handgun concealed nor the right to flash such a hidden weapon at a store clerk to prove how big a man you are.
1. A massive amount of hardware has been required to filter all the content from the SKA to the data-centre, just in case it has any "NC" information in it.
2. All pictures of "Uranus" will be blocked.
3. Attempting to focus in on a picture of a "Black Hole" will have the whole thing disabled for upto a year.
PC has supported multiple types of stereo vision for quite a while now (from the old days of taping a piece of cardboard to the middle of your screen and resting your head against it, to colour glasses to the newer shutter glasses systems).
As for your "fake simulation on a 2D image" is like calling video a "fake simulation of moving pictures using still frames", technically its correct, but if its enough to fool the eyes, its very much the real deal:)
Heres a funny one, customer gets smitfraud on their pc, brings it to me, I tell them "cheapest fix is backup and reinstall, they agree, we do the job, they take it home Friday night, its back first thing Monday with smitfraud on it again, they swear black and blue they have not even used it, we check browser cache, only one site hit, isohunt, turns out their daughter loves her tv shows to the tune of nearly $300AU in total, parent is not amused:)
Self replying, but to hell with it, I am home from work now and more time to type:)
The best method I could think of to accomplish a secured walled garden would be to have a permission set for each application, which is added to the OS on install (would require a full SUDO to add an app). This would outline to the OS just what an app can and can't do, and combined with the users own set of permissions we could take the lowest of the two and run with that as the default. Lets have a web browser (because its a reasonably complicated yet simple at heart app):
User has read/write on their whole home directory and all registry settings associated with it. They have read access on any parts of the OS that they need to have the core parts of it run.
User says "install firefox", a window comes up, saying "firefox.msi" (yeah, windows as an example, if it can work for windows it will be a piece of piss to implement for other OSes) is attempting to install "Firefox", you have a drop-down (like the current time remaining drop down in windows) to show all what directories it wants read and write access to, and you want a big read message if it wants write access to its app directory or read access to any OTHER apps directory.
You of course read all that info (being at least a halfway smart user) and decide to trust the app and click allow (throw a captcha on this, its not like you will be doing it every day).
Your app is now installed, it wanted read access to the c:\program files (x86) directory, it wanted a secured temp folder (read/write), it wanted some of its own registry space for read/write (settings, layout, etc) and it wants read/write access to your bookmarks. You allowed all this, it may not get it all though:)
You run firefox, yay, you get a cookie for choosing a non IE browser, it starts up and is happy, you start browsing, first on the menu is youtube, it wants FLASH! (pre-html5 fight of course) so a popup comes up saying "flash.msi" wants to install, it will want read privs on its own directory (will be installed within the firefox directory, so will have a red warning here, which you will read because it is red) and decide its ok.
Guess what, if something nasty like smitfraud tears your browser a new arsehole, it can't infect your PC at large or even your user account because it is just plain not allowed (assuming the security system is perfect, knowing Microsoft implementations of security, I doubt it), and could easily be removed by telling your system "reset write areas for this app to new", and then start looking around your backups (a smart backup system could really just go "highest permission within users" and just backup anything writeable regularly, everything else is just code).
The beauty of this is the user could (if you wanted to set it up) add extra restrictions to this during the app install, so say your like me and add a new plugin once a century and a new bookmark about twice as often, you might want to limit access to the bookmarks folder (this would add an extra user accounts permissions for that app only, effectively a 3rd permission, not the global apps ones or the users full ones, remember, lowest permission takes precedence) to read only, thereby requiring a minor permission elevation (not a full SUDO, just to change from "lowest precedence" to "highest precedence" but still limited by user permissions.
Suddenly we can do a lot more as a user without tipping alarms off, but allow a lot less as a virus/exploit. Just downloaded something and want to know what it is? RUN IT. Any executable run from outside an installed apps directory will be able to have a temp directory as read/write and read on itself. If you get an "install app" dialogue, you can evaluate if it is the latest game demo or if it wants to rape your computer with big red read/write requests all over the file system.
Yes it would likely need further refining to have work for all apps, but maybe its time some apps were changed as to how they deal with directories.
The first thing we need to do is get rid of these damn drive letters though.
As the other replier points out, this isn't a major problem, chrome manages effective sand-boxing of a browser instance without locking the user out.
What the browser SHOULD NOT be able to do is access any part of the OS file-system in "read/write" mode... ever, it should be able to access a users browser settings and a temp folder (its own temp folder, not the WHOLE temp folder, for that matter) and of course its own executables and run-times in read only. Need to install a plugin? That should be handled by a separate process, or ask for permission, aka "SUDO" (hello? UAC? this is your job).
As windows is, too many programs have access to too much of the user data and OS in general, hell Microsoft pussied out on UAC because their program writers suck so much they can't get the hang of what little sand-boxing that accomplished (try installing an XP authored program under vista).
Sandboxed so far as user limits (as in linux) or even browser windows (like in chrome browser), yes it does have overheads, but really, isn't security worth a little extra CPU time since without all those anti-virus and anti-spyware apps running we can free up a whole lot of resources?
Damn you, now i sprayed my tea all over my keyboard with the image of Steve doing a ventriloquist act with a puppet of clippy:) (since bill doesn't work there any more)
This is the total point, it shouldn't matter if your apps have holes in them or not (although "not" would be best), they should never have the kind of privileges that allow things to take over (do a little search for "smitfraud" and you will understand what I mean).
They seemed to be going top-down for a long time, when only now are they starting to realise that sandboxing (UAC) the user from the OS is a good idea, not the best, not 100%, but they are almost on the cusp of "getting it" at last:)
Most of the patents they are suing over are the core signal filtering tech used by 802.11N wireless. Basically if you make anything that is compatible with 802.11N, you should be sending these guys a few $$$ (as prior settlements have shown).
Pretty much the whole industry said "cor struth, that's a nifty signal filter you have shown implemented in hardware, we will make that a part of the standard and pay you a small amount to use it", however when it came time to write the cheques the bits "pay you a small amount to" were completely forgotten. Now they are left with a large infrastructure they helped make based off technology that is supposed to be licensed.
So far a little aussie research company who gets paid about $80M a year by the government to help prop them up has recieved $250M in "back royalties", looks like its payday again soon:)
TeamFortress 2 is a good one for this, at the moment they are taking fan submitted items and models and putting them in the full game.
Get them started on small stuff, then let them work up to that mechwarrior total conversion for unreal-tournament 4, THEN the world will be a better place for all of us:)
Slashdot Mirror
I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...
I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...
I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...
I will not fear, fear is the mind killer, fear is the little death that brings total oblivion...
Zero-day as in how many days it has been since a security patch for the flaw, until the flaw is patched, its considered "Zero-day".
Well, not sure about your local laws, but in Australia (where this story is) you would have police called on you and have the shops silent alarm triggered very quickly if you showed a hidden handgun without a police badge in plain view.
Civs don't get either the right to carry a handgun concealed nor the right to flash such a hidden weapon at a store clerk to prove how big a man you are.
That would be this...
http://www.youtube.com/watch?v=p5ZwNw258sQ
The unfortunate side effects:
1. A massive amount of hardware has been required to filter all the content from the SKA to the data-centre, just in case it has any "NC" information in it.
2. All pictures of "Uranus" will be blocked.
3. Attempting to focus in on a picture of a "Black Hole" will have the whole thing disabled for upto a year.
Thirdly a sanely designed OS shouldn't be crippled and burn because one user ran something they shouldn't have in their own user space...
*watched you roll a 1*
Looks like you have to go Emo now, thats -4int and -8cha
Cardboard... I was playing a modified version of mechwarrior 1 on my 286 with cardboard down the middle of the screen ;)
PC has supported multiple types of stereo vision for quite a while now (from the old days of taping a piece of cardboard to the middle of your screen and resting your head against it, to colour glasses to the newer shutter glasses systems).
As for your "fake simulation on a 2D image" is like calling video a "fake simulation of moving pictures using still frames", technically its correct, but if its enough to fool the eyes, its very much the real deal :)
Bleh, I will wait till 4.5D when they are bringing out more classes and such, I bet they will have a whole new set of books to buy too.
Wait, what were we talking about again?
You were lucky to have arithmetic!
Back in my day all we had was a sort of rounded rock. Numbers? LUXURY!
People don't "know" petabytes yet, in the same way we don't "know" terabytes of ram yet.
They are still beyond the "oh look I have a 2 petabyte drive" stage, thankfully :)
Heres a funny one, customer gets smitfraud on their pc, brings it to me, I tell them "cheapest fix is backup and reinstall, they agree, we do the job, they take it home Friday night, its back first thing Monday with smitfraud on it again, they swear black and blue they have not even used it, we check browser cache, only one site hit, isohunt, turns out their daughter loves her tv shows to the tune of nearly $300AU in total, parent is not amused :)
If a user does that, then they pay me $149AU to fix the fuckin thing :)
WALL OF TEXT INC, WARNING
Self replying, but to hell with it, I am home from work now and more time to type :)
The best method I could think of to accomplish a secured walled garden would be to have a permission set for each application, which is added to the OS on install (would require a full SUDO to add an app). This would outline to the OS just what an app can and can't do, and combined with the users own set of permissions we could take the lowest of the two and run with that as the default. Lets have a web browser (because its a reasonably complicated yet simple at heart app):
User has read/write on their whole home directory and all registry settings associated with it. They have read access on any parts of the OS that they need to have the core parts of it run.
User says "install firefox", a window comes up, saying "firefox.msi" (yeah, windows as an example, if it can work for windows it will be a piece of piss to implement for other OSes) is attempting to install "Firefox", you have a drop-down (like the current time remaining drop down in windows) to show all what directories it wants read and write access to, and you want a big read message if it wants write access to its app directory or read access to any OTHER apps directory.
You of course read all that info (being at least a halfway smart user) and decide to trust the app and click allow (throw a captcha on this, its not like you will be doing it every day).
Your app is now installed, it wanted read access to the c:\program files (x86) directory, it wanted a secured temp folder (read/write), it wanted some of its own registry space for read/write (settings, layout, etc) and it wants read/write access to your bookmarks. You allowed all this, it may not get it all though :)
You run firefox, yay, you get a cookie for choosing a non IE browser, it starts up and is happy, you start browsing, first on the menu is youtube, it wants FLASH! (pre-html5 fight of course) so a popup comes up saying "flash.msi" wants to install, it will want read privs on its own directory (will be installed within the firefox directory, so will have a red warning here, which you will read because it is red) and decide its ok.
Guess what, if something nasty like smitfraud tears your browser a new arsehole, it can't infect your PC at large or even your user account because it is just plain not allowed (assuming the security system is perfect, knowing Microsoft implementations of security, I doubt it), and could easily be removed by telling your system "reset write areas for this app to new", and then start looking around your backups (a smart backup system could really just go "highest permission within users" and just backup anything writeable regularly, everything else is just code).
The beauty of this is the user could (if you wanted to set it up) add extra restrictions to this during the app install, so say your like me and add a new plugin once a century and a new bookmark about twice as often, you might want to limit access to the bookmarks folder (this would add an extra user accounts permissions for that app only, effectively a 3rd permission, not the global apps ones or the users full ones, remember, lowest permission takes precedence) to read only, thereby requiring a minor permission elevation (not a full SUDO, just to change from "lowest precedence" to "highest precedence" but still limited by user permissions.
Suddenly we can do a lot more as a user without tipping alarms off, but allow a lot less as a virus/exploit. Just downloaded something and want to know what it is? RUN IT. Any executable run from outside an installed apps directory will be able to have a temp directory as read/write and read on itself. If you get an "install app" dialogue, you can evaluate if it is the latest game demo or if it wants to rape your computer with big red read/write requests all over the file system.
Yes it would likely need further refining to have work for all apps, but maybe its time some apps were changed as to how they deal with directories.
The first thing we need to do is get rid of these damn drive letters though.
Ok, wall of text is over, back to regular /.
As the other replier points out, this isn't a major problem, chrome manages effective sand-boxing of a browser instance without locking the user out.
What the browser SHOULD NOT be able to do is access any part of the OS file-system in "read/write" mode... ever, it should be able to access a users browser settings and a temp folder (its own temp folder, not the WHOLE temp folder, for that matter) and of course its own executables and run-times in read only. Need to install a plugin? That should be handled by a separate process, or ask for permission, aka "SUDO" (hello? UAC? this is your job).
As windows is, too many programs have access to too much of the user data and OS in general, hell Microsoft pussied out on UAC because their program writers suck so much they can't get the hang of what little sand-boxing that accomplished (try installing an XP authored program under vista).
Sandboxed so far as user limits (as in linux) or even browser windows (like in chrome browser), yes it does have overheads, but really, isn't security worth a little extra CPU time since without all those anti-virus and anti-spyware apps running we can free up a whole lot of resources?
Damn you, now i sprayed my tea all over my keyboard with the image of Steve doing a ventriloquist act with a puppet of clippy :) (since bill doesn't work there any more)
This is the total point, it shouldn't matter if your apps have holes in them or not (although "not" would be best), they should never have the kind of privileges that allow things to take over (do a little search for "smitfraud" and you will understand what I mean).
They seemed to be going top-down for a long time, when only now are they starting to realise that sandboxing (UAC) the user from the OS is a good idea, not the best, not 100%, but they are almost on the cusp of "getting it" at last :)
Most of the patents they are suing over are the core signal filtering tech used by 802.11N wireless. Basically if you make anything that is compatible with 802.11N, you should be sending these guys a few $$$ (as prior settlements have shown).
Pretty much the whole industry said "cor struth, that's a nifty signal filter you have shown implemented in hardware, we will make that a part of the standard and pay you a small amount to use it", however when it came time to write the cheques the bits "pay you a small amount to" were completely forgotten. Now they are left with a large infrastructure they helped make based off technology that is supposed to be licensed.
So far a little aussie research company who gets paid about $80M a year by the government to help prop them up has recieved $250M in "back royalties", looks like its payday again soon :)
You are aware retail salespeople have been doing the same thing for a long time?
You have not heard of the phrase "chrome plated turd"? :)
Yeah, now it generally means to zero-wipe a drive.
I remember having to do low level formats on my first XT computer, damn MFM controller took about 3 hrs to do a 20MB seagate drive ;(
TeamFortress 2 is a good one for this, at the moment they are taking fan submitted items and models and putting them in the full game.
Get them started on small stuff, then let them work up to that mechwarrior total conversion for unreal-tournament 4, THEN the world will be a better place for all of us :)
Wizard? Pfft!
He needs to re-implement Clippy!
Think of how helpful this would be :)