Mr. Chen points out attacks on existing P2P systems. Gnutella being his main focus as it seems to be the most popular method of distribution of files. Every attack against the Gnutella system he points out seems valid, if a bit obvious.
It's a good starting point, and that alone makes the paper worth reading.
And I don't see this tap-dancing around secure hash functions that you bring up. Mr. Chen correctly points out that an attacker can easily forge the hash values it reports to the network. self-verification won't happen until the user has downloaded a good portion (if not all) of the file. At that point the attack has already been successful.
Moderation and peer reputation require some method of recording "ratings" of users on the network. Something not present in the current Gnutella network. But if implemented, it would have to be distributed as well. This means that there, at some point, must be a blind trust between clients to complete these "ratings". That blind trust will lead to poisioning of the ratings system and make it worthless.
"Ring of trust" simply does not work in a distributed environment that is truly open to anyone. Closed distributed environments, or virtually closed environments within an open environment would be the only way. However new users would not be able to enter them and that is how Gnutella keeps itself alive.
You seem to think, Mr. McCoy, that there are obvious solutions. Yet you really don't present any nor do you present any existing real-world examples.
I think Mr. Chen points out the (obvious) truth about p2p and the paper is not invalid by any means.
Keep in mind we're talking insurance replacement value when you get a piece of jewlry appraised.
Actualy, real-world price is about half of the appraisal value. This is somewhat standard in the jewlry biz. (Had a friend who managed a Zales store for several years.)
I purchased an Apex AD-703 a little over a year ago and it was the best (and most lucky) purchase I've ever made.
What puts Apex above the rest is the ability to flash update the BIOS of the player. There are many, many resources for hacking the Apex BIOS. This includes a great utility that's been developed called EZ Patch which allows users to create custom BIOS images for their APEX players. Among the many modules for EX Patch is the ability to make the player region free and the ability to bypass the "locks" on DVDs that keep a user from skipping over the previews and other such items.
It doesn't seem to be a question of consumer rights and I don't think the Directors Guild has a chance here. These companies are selling the edited films. It's up to the consumer to choose whether or not to purchase the edited film. The original, unedited movies aren't going anywhere.
If anything I think this is a decent move as parents could now watch movies they enjoy without having to worry what their kids will see or hear.
What kind of overhead would there be with such a system patch? Adding extra processing to every GETMESSAGE event would suck down a noticable amount of cpu usage, wouldn't it?
I would guess there would be a greater impact on user desktops rather than servers since there is (usually) less interaction with the server's GUI rather than a desktop's GUI.
Well since we don't have any details of the comprimise and ^Sarge^ chose to wipe the drive without any investigation first (that we know of) we prolly won't know.
But there'd be other ways besides sniffing. A rootkit with a trojaned login for instance. Maybe his pwd for that box was the same on openbsd? Maybe he did use sftp but sftp was trojaned as well.
Once the attacker rooted the box, anything became possible.
Well he's part of the OpenSSH team and it was ftp.openbsd.org that was comprimised. Chances are the attacker sniffed his password for ftp.openbsd.org after rooting the box.
I'm not sure how everyone is setup, but I do know there are a significant number of television viewers who receive their television over an antenna. What happens to them in 2006? Either no TV or pay the 40 bucks a month for digital cable?
GUIs are well-suited for simple tasks, and are good for the important-task-infrequently-used items, but for items of moderate complexity, nothing beats dropping into a shell.
My post was to put forth that there are tasks of "moderate complexity" for which a GUI is better suited than a CLI.
I didn't say get rid of the CLI, I was simply stating that the CLI is a device used back in the old days of mainframe, time-sharing systems. A CLI does not belong on a desktop computer, the uses of which are far different than what you found back in the day on a time-sharing system.
I just want to stick up for the two-column design. When you read text your eye has to move back and forth across the page/screen. From what I have read on the subject of usability, reading from one edge of a 17" monitor to the other repeatedly creates eye strain and leads the casual reader to stop reading.
By breaking things down into columns like this, there is less eye strain as there is less horzontal movement by the eye.
As for the green-on-gray text, it's a horrible choice but there is also a reasoning behind it.
Another usability study I've read discusses how users who have to select/highlight text to read it will focus more on the text and what it has to say. Using low-contrasting foreground and background colors creates a situation where the user has to do just that, highlight the text to read it.
I don't agree with that approach, but usability studies do seem to back up the idea.
Reading is good. Yes read books, expand your imagination and your culture. However if I'm a network administrator I don't want to expand my mind while I'm profiling network traffic.
Instead I want to be able to quickly ascertain what the current load is, where it's comming from, and picking out anomalies.
A GUI can present me with this information through charts and graphs which are then quickly interpreted. Through a CLI I am presented with scrolling text or, on a good application, a constantly updated table with percentages and abbreviate column headings.
But I'm still reading and having to make extra work to interpret the CLI.
I can do simple eye scanning on graphs and charts to quickly see something is not right.
On a CLI I'm spending 30 seconds to breakdown the text and finding the parts I'm looking for.
GUI's provide efficient means to receive data. By limiting yourself to just text you are removing the original purpose of your eyes, which is to scan and process information quickly and effectively.
On a desktop machine the CLI absolutely does not belong. The end user has no need (nor wants to know) the exact paths where files are stored or what documents look like in a text editor.
The end user wants simplicity. Clicking on an icon and getting the computer to respond is simplicity. Typing "play/path/to/my/mp3s/some_song.mp3" is not. It's an overcomplicated process when compared to a single mouse click.
CLIs are a throwback to the beginnings of computing when processing power, not usability, was the focus of computer use.
Today usability is the key ingredient in any good operating system and to be usable, the any OS absolutely should remove a CLI from the eyes of the average user. It's just too complicated for simple tasks.
Well if it's unrestrictive open source, it should be possible to write or reorganize the Cg language structure to something more complete. As long as it compiles compatible byte code... right?
Is this on the order of Mac vs. PC or Linux vs. *BSD? I can't tell.
Most dubs are dreadful with flat voices lacking emotion.
I've watched Cowboy Bebop in the original Japanese through the whole series. I tried watching an episode in English on Cartoon Network's adult swim and thought it was horrible and that the voices didn't embody the characters.
However I watched Ghost in the Shell as a dub first before catching the original voice track. I thought the original Japanese was horrible and that the voices didn't embody the characters.
The point being, what you become comfortable with listening to makes any other language seem "wrong".
And thus the point of dub vs. sub is moot. Has been and will be. So don't worry about it.
Visit EBay, among other places. There are several DVD copies that have English subtitles and no region-encoding. Mostly pirate copies from out of China, but what else can you do until the movie comes out on DVD officially?
From Chronic Logic comes Pontifex where the object is to construct a bridge that can support not only its own weight but that of a train which then attemps to traverse the bridge.
While this game doesn't really have the "sharing" quality descriped in the news item, it does promote development of problem-solving skills and can also become qutie addictive.
Even after you've solved a level, you wind up going back to see how much more efficient (or outrageous) your design can be. Thus promoting creativity as well.
Certainly something that helps stimulate the mind and it's enjoyable for all ages.
Now try it with 128MB of RAM. And yes the quicklaunch feature makes it load faster at the cost of extra boot time. The quicklaunch just keeps the DLLs loaded in memory. That's where that 512MB of RAM comes in handy. Take it away and the DLLs are put into swap if you don't use Mozilla often (as would be the case with a dial-up user). Suddenly it loses its usefulness and Mozilla lags on start.
I'm not trying to knock Mozilla here, it's all I use for my browsing. However I'm trying to put its use into the framework of an "average" user./. doesn't attract "average" users.
Netscape 4 is used by a lot of people who don't have the $$$ or the care to upgrade their machine. Have you seen Mozilla boot on even an 800Mhz P3? It takes forever. And on older P2 and celery based systems (or Cyrix-based for those bargin-basement shoppers) the page rendering is even slow.
Netscape 4, despite is crashing more often than not, at least functions on a P2 in a fast manner.
And if anyone actually took the time to investigate the matter (as I have) you would see that it's relatively easy to support Netscape 4 on top of a XHTML 1.1 / CSS-2 based web site. You just need to have some basic knowledge of NS4 CSS bugs.
And if you used HTML the way it was intendened such as heading tags (H1,H2,..) instead of FONT or SPAN tags, you could easily make a page render in NS4 in a clean manner. Might not keep the visual formatting you see in Mozilla, but at least the information is presented in a clean and easy-to-digest manner.
Using XHTML for simple markup and CSS for visual formatting, it's very easy to design a standards-compliant web page that renders fine in Netscape 4, without the fancy visual formatting you might see in Mozilla.
Seems like that wouldn't (or shouldn't) be the case but it's true.
Netscape, IE, Opera, ect... all have their own unique bugs or quirks that a web developer needs to be very familiar with in order to develop a page using existing standards that retains the intended visual style and formatting. There are also quirks that differ between not only major, but minor versions of browsers.
In order to comply with web standards you need to know all of these quirks ahead of time or you're going to spend far longer than you would like in development. But that is exactly how you learn about these quirks to begin with.
Rather than learning workarounds to the countless bugs and quirks of individual web browsers, developers find it much more time efficient to limit the target platform. In this case the most obvious choice is IE. Why? Because of its ubiquity. If 90%+ of Internet users are utilizing IE, then you've cut down your need for workarounds greatly while limiting the audience but only 10% (at most).
It's also a quicker development, especially if you're using FrontPage since it's designed with the IE engine.
Now all this, I think, can change. But to bring about change a few things need to happen. First web developers need to be able to drop their need to support version 4 browsers. Right now this isn't realistic but in 1 to 2 years it will be.
Next, Mozilla/Netscape 7 need to gain ground in browser usage. AOL's bundling of Netscape will certainly help this move along. Also people taking up the call themselves and introducing friends and families to the joys of Mozilla would help. Word-of-mouth works too but it all takes time.
It won't be overnight but in a couple years (I hope) the M$ domination of the browser market will dwindel. At that time you will see more and more web developers being forced to look to web standards.
So while what this article says is definitely true of the present, I think things will change as time progresses.
Lest we forget Triton and Future Crew and the rest of the demo scene? If you have you better remind yoruself.
The 4k demo contests have always been the pinacle (IMO) of art as not only did you have a visual experience but the wonderment of how much was packed into a 4k executable. It was art in design and programming.
And all done with typical PC hardware. No fancy render farms. Hell, FC's Second Reality ran on a 386!
And now look torwards all the work being done with Flash, especially with respect to animation. But I think the author of this post means to focus on realistic animation.
Stallman should have simply gone and given a speech on this very topic to the SIGLINUX people. Instead he turned down yet another opportunity to spread his own views.
I think he needs to learn that in some cases, you need to accept what is so that you can bring the change you want later.
I think Tom's mention of the "End of VGA" is more metaphorical and perhaps wishful rather than practical. 3DLabs' P10 VPU still has VGA support.
I think Tom mentions this simply because the P10's capabilities to handle multiple requests is a good solution to the requirements set forth for M$'s next-gen GUI, Longhorn.
P10 shows Longhorn is possible and that VGA is no longer needed. This is the "End of VGA". however I'd expect legacy support for VGA in video cards for a long time to come.
The only reason one would want instruction sets to be similar between GPU/VPUs would be to develop a single driver that would function across all compatible hardware.
A neat idea, but not feasible within constantly evolving graphics processor industry.
Slashdot Mirror
Mr. Chen points out attacks on existing P2P systems. Gnutella being his main focus as it seems to be the most popular method of distribution of files. Every attack against the Gnutella system he points out seems valid, if a bit obvious.
It's a good starting point, and that alone makes the paper worth reading.
And I don't see this tap-dancing around secure hash functions that you bring up. Mr. Chen correctly points out that an attacker can easily forge the hash values it reports to the network. self-verification won't happen until the user has downloaded a good portion (if not all) of the file. At that point the attack has already been successful.
Moderation and peer reputation require some method of recording "ratings" of users on the network. Something not present in the current Gnutella network. But if implemented, it would have to be distributed as well. This means that there, at some point, must be a blind trust between clients to complete these "ratings". That blind trust will lead to poisioning of the ratings system and make it worthless.
"Ring of trust" simply does not work in a distributed environment that is truly open to anyone. Closed distributed environments, or virtually closed environments within an open environment would be the only way. However new users would not be able to enter them and that is how Gnutella keeps itself alive.
You seem to think, Mr. McCoy, that there are obvious solutions. Yet you really don't present any nor do you present any existing real-world examples.
I think Mr. Chen points out the (obvious) truth about p2p and the paper is not invalid by any means.
Keep in mind we're talking insurance replacement value when you get a piece of jewlry appraised.
Actualy, real-world price is about half of the appraisal value. This is somewhat standard in the jewlry biz. (Had a friend who managed a Zales store for several years.)
I purchased an Apex AD-703 a little over a year ago and it was the best (and most lucky) purchase I've ever made.
What puts Apex above the rest is the ability to flash update the BIOS of the player. There are
many,
many resources for hacking the Apex BIOS. This includes a great utility that's been developed called
EZ Patch which allows users to create custom BIOS images for their APEX players. Among the many modules for EX Patch is the ability to make the player region free and the ability to bypass the "locks" on DVDs that keep a user from skipping over the previews and other such items.
It doesn't seem to be a question of consumer rights and I don't think the Directors Guild has a chance here. These companies are selling the edited films. It's up to the consumer to choose whether or not to purchase the edited film. The original, unedited movies aren't going anywhere.
If anything I think this is a decent move as parents could now watch movies they enjoy without having to worry what their kids will see or hear.
What kind of overhead would there be with such a system patch? Adding extra processing to every GETMESSAGE event would suck down a noticable amount of cpu usage, wouldn't it?
I would guess there would be a greater impact on user desktops rather than servers since there is (usually) less interaction with the server's GUI rather than a desktop's GUI.
It seems if you rebuilt from source and rebooted witihin an hour no time was spent on discovering how the cracker rooted the box in the first place.
If the cracker rooted openbsd.org through this box, then any evidence of the attack would have been wiped, wouldn't it?
Or is there still a chance on finding out who was behind this and how it happened? Firewall logs maybe?
... or even sftp.
Well since we don't have any details of the comprimise and ^Sarge^ chose to wipe the drive without any investigation first (that we know of) we prolly won't know.
But there'd be other ways besides sniffing. A rootkit with a trojaned login for instance. Maybe his pwd for that box was the same on openbsd? Maybe he did use sftp but sftp was trojaned as well.
Once the attacker rooted the box, anything became possible.
Well he's part of the OpenSSH team and it was ftp.openbsd.org that was comprimised. Chances are the attacker sniffed his password for ftp.openbsd.org after rooting the box.
I'm not sure how everyone is setup, but I do know there are a significant number of television viewers who receive their television over an antenna. What happens to them in 2006? Either no TV or pay the 40 bucks a month for digital cable?
now let's /. a toaster!
/. effect on!
This just opens up a whole new world of things to try the
I didn't say get rid of the CLI, I was simply stating that the CLI is a device used back in the old days of mainframe, time-sharing systems. A CLI does not belong on a desktop computer, the uses of which are far different than what you found back in the day on a time-sharing system.
Now I'll go put my CLI in the jar.
Sorry for this, but I'm going offtopic here.
I just want to stick up for the two-column design. When you read text your eye has to move back and forth across the page/screen. From what I have read on the subject of usability, reading from one edge of a 17" monitor to the other repeatedly creates eye strain and leads the casual reader to stop reading.
By breaking things down into columns like this, there is less eye strain as there is less horzontal movement by the eye.
As for the green-on-gray text, it's a horrible choice but there is also a reasoning behind it.
Another usability study I've read discusses how users who have to select/highlight text to read it will focus more on the text and what it has to say. Using low-contrasting foreground and background colors creates a situation where the user has to do just that, highlight the text to read it.
I don't agree with that approach, but usability studies do seem to back up the idea.
CLI's require too much reading.
/path/to/my/mp3s/some_song.mp3" is not. It's an overcomplicated process when compared to a single mouse click.
Reading is good. Yes read books, expand your imagination and your culture. However if I'm a network administrator I don't want to expand my mind while I'm profiling network traffic.
Instead I want to be able to quickly ascertain what the current load is, where it's comming from, and picking out anomalies.
A GUI can present me with this information through charts and graphs which are then quickly interpreted. Through a CLI I am presented with scrolling text or, on a good application, a constantly updated table with percentages and abbreviate column headings.
But I'm still reading and having to make extra work to interpret the CLI.
I can do simple eye scanning on graphs and charts to quickly see something is not right.
On a CLI I'm spending 30 seconds to breakdown the text and finding the parts I'm looking for.
GUI's provide efficient means to receive data. By limiting yourself to just text you are removing the original purpose of your eyes, which is to scan and process information quickly and effectively.
On a desktop machine the CLI absolutely does not belong. The end user has no need (nor wants to know) the exact paths where files are stored or what documents look like in a text editor.
The end user wants simplicity. Clicking on an icon and getting the computer to respond is simplicity. Typing "play
CLIs are a throwback to the beginnings of computing when processing power, not usability, was the focus of computer use.
Today usability is the key ingredient in any good operating system and to be usable, the any OS absolutely should remove a CLI from the eyes of the average user. It's just too complicated for simple tasks.
Well if it's unrestrictive open source, it should be possible to write or reorganize the Cg language structure to something more complete. As long as it compiles compatible byte code... right?
Is this on the order of Mac vs. PC or Linux vs. *BSD? I can't tell.
Most dubs are dreadful with flat voices lacking emotion.
I've watched Cowboy Bebop in the original Japanese through the whole series. I tried watching an episode in English on Cartoon Network's adult swim and thought it was horrible and that the voices didn't embody the characters.
However I watched Ghost in the Shell as a dub first before catching the original voice track. I thought the original Japanese was horrible and that the voices didn't embody the characters.
The point being, what you become comfortable with listening to makes any other language seem "wrong".
And thus the point of dub vs. sub is moot. Has been and will be. So don't worry about it.
Visit EBay, among other places. There are several DVD copies that have English subtitles and no region-encoding. Mostly pirate copies from out of China, but what else can you do until the movie comes out on DVD officially?
On autopr0n, I detect NS4 and send a blank style sheet if they have it.
For your consideration:
NS4 will not load a stylesheet with the MEDIA attribute specified.
Use of the @import directive in a CSS sheet works just as well.
IE 4+ handle it fine.
No need to detect Netscape and send it a blank sheet, let Netscape do it for you.
From Chronic Logic comes Pontifex where the object is to construct a bridge that can support not only its own weight but that of a train which then attemps to traverse the bridge.
A demo for Win32 is available.
While this game doesn't really have the "sharing" quality descriped in the news item, it does promote development of problem-solving skills and can also become qutie addictive.
Even after you've solved a level, you wind up going back to see how much more efficient (or outrageous) your design can be. Thus promoting creativity as well.
Certainly something that helps stimulate the mind and it's enjoyable for all ages.
Now try it with 128MB of RAM. And yes the quicklaunch feature makes it load faster at the cost of extra boot time. The quicklaunch just keeps the DLLs loaded in memory. That's where that 512MB of RAM comes in handy. Take it away and the DLLs are put into swap if you don't use Mozilla often (as would be the case with a dial-up user). Suddenly it loses its usefulness and Mozilla lags on start.
/. doesn't attract "average" users.
I'm not trying to knock Mozilla here, it's all I use for my browsing. However I'm trying to put its use into the framework of an "average" user.
Netscape 4 is used by a lot of people who don't have the $$$ or the care to upgrade their machine. Have you seen Mozilla boot on even an 800Mhz P3? It takes forever. And on older P2 and celery based systems (or Cyrix-based for those bargin-basement shoppers) the page rendering is even slow.
Netscape 4, despite is crashing more often than not, at least functions on a P2 in a fast manner.
And if anyone actually took the time to investigate the matter (as I have) you would see that it's relatively easy to support Netscape 4 on top of a XHTML 1.1 / CSS-2 based web site. You just need to have some basic knowledge of NS4 CSS bugs.
And if you used HTML the way it was intendened such as heading tags (H1,H2,..) instead of FONT or SPAN tags, you could easily make a page render in NS4 in a clean manner. Might not keep the visual formatting you see in Mozilla, but at least the information is presented in a clean and easy-to-digest manner.
Using XHTML for simple markup and CSS for visual formatting, it's very easy to design a standards-compliant web page that renders fine in Netscape 4, without the fancy visual formatting you might see in Mozilla.
Seems like that wouldn't (or shouldn't) be the case but it's true.
Netscape, IE, Opera, ect... all have their own unique bugs or quirks that a web developer needs to be very familiar with in order to develop a page using existing standards that retains the intended visual style and formatting. There are also quirks that differ between not only major, but minor versions of browsers.
In order to comply with web standards you need to know all of these quirks ahead of time or you're going to spend far longer than you would like in development. But that is exactly how you learn about these quirks to begin with.
Rather than learning workarounds to the countless bugs and quirks of individual web browsers, developers find it much more time efficient to limit the target platform. In this case the most obvious choice is IE. Why? Because of its ubiquity. If 90%+ of Internet users are utilizing IE, then you've cut down your need for workarounds greatly while limiting the audience but only 10% (at most).
It's also a quicker development, especially if you're using FrontPage since it's designed with the IE engine.
Now all this, I think, can change. But to bring about change a few things need to happen. First web developers need to be able to drop their need to support version 4 browsers. Right now this isn't realistic but in 1 to 2 years it will be.
Next, Mozilla/Netscape 7 need to gain ground in browser usage. AOL's bundling of Netscape will certainly help this move along. Also people taking up the call themselves and introducing friends and families to the joys of Mozilla would help. Word-of-mouth works too but it all takes time.
It won't be overnight but in a couple years (I hope) the M$ domination of the browser market will dwindel. At that time you will see more and more web developers being forced to look to web standards.
So while what this article says is definitely true of the present, I think things will change as time progresses.
Lest we forget Triton and Future Crew and the rest of the demo scene? If you have
you better remind yoruself.
The 4k demo contests have always been the pinacle (IMO) of art as not only did you have a visual experience but the wonderment of how much was packed into a 4k executable. It was art in design and programming.
And all done with typical PC hardware. No fancy render farms. Hell, FC's Second Reality ran on a 386!
And now look torwards all the work being done with Flash, especially with respect to animation. But I think the author of this post means to focus on realistic animation.
Stallman should have simply gone and given a speech on this very topic to the SIGLINUX people. Instead he turned down yet another opportunity to spread his own views.
I think he needs to learn that in some cases, you need to accept what is so that you can bring the change you want later.
I think Tom's mention of the "End of VGA" is more metaphorical and perhaps wishful rather than practical. 3DLabs' P10 VPU still has VGA support.
I think Tom mentions this simply because the P10's capabilities to handle multiple requests is a good solution to the requirements set forth for M$'s next-gen GUI, Longhorn.
P10 shows Longhorn is possible and that VGA is no longer needed. This is the "End of VGA". however I'd expect legacy support for VGA in video cards for a long time to come.
The only reason one would want instruction sets to be similar between GPU/VPUs would be to develop a single driver that would function across all compatible hardware.
A neat idea, but not feasible within constantly evolving graphics processor industry.