...the N900 is an amazing platform. I know it from a computational photography class at my university: http://graphics.stanford.edu/courses/cs448a-10/
It runs a full Linux distro, has a 5MP camera, and now with FF 1.0 I consider it the first phone with a real browser. (IPhone/ITouch/IPad doesn't count because there's no flash and they don't support any browser extensions. Once I can run Flash, Firebug, and Adblock, then it's real.)
I think it deserves a shoutout especially because
*) Nokia is truly awful at promoting their products
*) a certain company that's great at marketing is making all sorts of splash with the antithesis of this phone. it's called the iPad; it runs a Unix derivative, but is an affront to the Unix philosophy. it somehow manages to be three times the size of an N900 with a tenth the functionality.
I think that N900 + FF Mobile is a real tool in an ocean of toys.
If China really wanted to be hardcore about internet censorship, however, they could run their own gov't CA.
This would mean asserting control over computer manufacturers/OEMs as well as over websites, because they'd have to ensure that all computers sold in China had their CA on the list of trusted root CAs.
(Aside on how CAs work: the way your computer knows to trust 'https://wellsfargo.com' is because Wells Fargo has a X.509 certificate specific to their domain and public key. That certificate, in turn, is signed by a certificate authority, whose certificate is signed by another CA, up to one of a small list of "root CAs". I can make a certificate for wellsfargo.com + any key I want. The reason I can't do a MITM attack is because I could never get such a certificate signed by any real certificate authority. So what are the root CAs, and how does your computer know what _their_ certificates are? That comes pre-installed. Every major OS ships with a (very similar) list of trusted root CAs.)
Whenever they wanted to censor a particular SSL-enabled site, they'd reverse proxy it--the client requests the site, the Chinese-controlled DNS sends them to some Great Firewall proxy server, which forwards the request to the real server. It can spy on or even modify any data sent between the client and the real server. Any responses from the real server are decoded using the real key and re-encrypted with a key signed by the Chinese-controlled CA.
The users browser would never know the difference. The only way the user could tell is if they actually clicked on the green lock icon in the address bar (or its equivalent in non-FF/IE browsers). That would give them info on the SSL connection, and show them which chain of CAs the server's public key is signed by. Even that info could be obfuscated if the Chinese gov't misidentified their own CA (for example, as 'Verisign, Inc.', a major America root CA).
True, Western hardware manufacturers would be loathe to ship machines to the Chinese with a censorious gov't CA on the trusted list. Many might refuse to continue selling computers in China rather than capitulate. However, I don't think this would be a particularly strong deterrent, since computers are a commodity item by now and since many models and many parts, all the way down to the individual chips, are already manufactured in China.
If Dell won't sell computers to China anymore, the Chinese gov't won't care--the factory next to Dell's will just start cranking out machines (possibly even machines with a big fat 'Dell' logo on them) using the same tech, but with the gov'ts rouge CA vouched for out of the box.
Incidentally, the gov't wouldn't have to worry too much about people finding away around this scheme. Power-users installing a different OS (one they didn't buy in China--for example, any popular Linux distro) or illicitly importing computers would just get the browser warnings that parent talks about. They wouldn't get around any censorship. And the new censorship capabilities would be powerful. For example, if they proxied https://mail.google.com/ then they'd be able to read _everyone's_ GMail accounts at will, rather than hacking specific accounts as discussed in TFA.
"It's important to realize that making a first-person game almost necessarily means making a game for the dedicated gamer."...emphasis on the "almost."
I think Portal is a great example of a FPS that's interesting to serious gamers while still accessible to casual ones.
One of the main reasons I don't play more FPS titles nowadays is their length: a lot of games, like Half-Life and GTA, build these epic saga storylines and take many days to play thoroughly. In high school, I thought both of those were awesome (especially HL2 and Vice City, respectively) but now, in college, I just don't have time.
Portal is so short, I played it in one sitting. It's also simple: you have exactly one kind of gun throughout the game, and only a handful of opponents. It's the antithesis of a game like WoW, (which I realize is not FPS), and which requires a lot of in-depth game-specific knowledge and deep time commitment to become good at.
Portal goes to great lengths to teach players how to play as they go along. The developer commentary is fascinating... each of the first few levels has a specific concept that it's designed to convey. If you understand quickly, these levels go by fast. If you've never touched a controller in your life, I'd bet money that you could still do them. It's all part of the challenge.
I bet Bruce Schneier will post on how bad an idea this is any hour now.
Some classic Schneier: "Why Technology Won't Prevent Identity Theft"
http://www.schneier.com/essay-255.html...and what about the old-fashioned Law of Large Numbers? If you give 390,000 people access to something, the chance that some of them are criminals is: 100%! (Rounded to the nearest six decimals or so.) Simply because there are 390,000 of them.
Slashdot Mirror
...the N900 is an amazing platform. I know it from a computational photography class at my university: http://graphics.stanford.edu/courses/cs448a-10/ It runs a full Linux distro, has a 5MP camera, and now with FF 1.0 I consider it the first phone with a real browser. (IPhone/ITouch/IPad doesn't count because there's no flash and they don't support any browser extensions. Once I can run Flash, Firebug, and Adblock, then it's real.)
I think it deserves a shoutout especially because
*) Nokia is truly awful at promoting their products
*) a certain company that's great at marketing is making all sorts of splash with the antithesis of this phone. it's called the iPad; it runs a Unix derivative, but is an affront to the Unix philosophy. it somehow manages to be three times the size of an N900 with a tenth the functionality.
I think that N900 + FF Mobile is a real tool in an ocean of toys.
If China really wanted to be hardcore about internet censorship, however, they could run their own gov't CA.
This would mean asserting control over computer manufacturers/OEMs as well as over websites, because they'd have to ensure that all computers sold in China had their CA on the list of trusted root CAs.
(Aside on how CAs work: the way your computer knows to trust 'https://wellsfargo.com' is because Wells Fargo has a X.509 certificate specific to their domain and public key. That certificate, in turn, is signed by a certificate authority, whose certificate is signed by another CA, up to one of a small list of "root CAs". I can make a certificate for wellsfargo.com + any key I want. The reason I can't do a MITM attack is because I could never get such a certificate signed by any real certificate authority. So what are the root CAs, and how does your computer know what _their_ certificates are? That comes pre-installed. Every major OS ships with a (very similar) list of trusted root CAs.)
Whenever they wanted to censor a particular SSL-enabled site, they'd reverse proxy it--the client requests the site, the Chinese-controlled DNS sends them to some Great Firewall proxy server, which forwards the request to the real server. It can spy on or even modify any data sent between the client and the real server. Any responses from the real server are decoded using the real key and re-encrypted with a key signed by the Chinese-controlled CA.
The users browser would never know the difference. The only way the user could tell is if they actually clicked on the green lock icon in the address bar (or its equivalent in non-FF/IE browsers). That would give them info on the SSL connection, and show them which chain of CAs the server's public key is signed by. Even that info could be obfuscated if the Chinese gov't misidentified their own CA (for example, as 'Verisign, Inc.', a major America root CA).
True, Western hardware manufacturers would be loathe to ship machines to the Chinese with a censorious gov't CA on the trusted list. Many might refuse to continue selling computers in China rather than capitulate. However, I don't think this would be a particularly strong deterrent, since computers are a commodity item by now and since many models and many parts, all the way down to the individual chips, are already manufactured in China.
If Dell won't sell computers to China anymore, the Chinese gov't won't care--the factory next to Dell's will just start cranking out machines (possibly even machines with a big fat 'Dell' logo on them) using the same tech, but with the gov'ts rouge CA vouched for out of the box.
Incidentally, the gov't wouldn't have to worry too much about people finding away around this scheme. Power-users installing a different OS (one they didn't buy in China--for example, any popular Linux distro) or illicitly importing computers would just get the browser warnings that parent talks about. They wouldn't get around any censorship. And the new censorship capabilities would be powerful. For example, if they proxied https://mail.google.com/ then they'd be able to read _everyone's_ GMail accounts at will, rather than hacking specific accounts as discussed in TFA.
"It's important to realize that making a first-person game almost necessarily means making a game for the dedicated gamer." ...emphasis on the "almost."
I think Portal is a great example of a FPS that's interesting to serious gamers while still accessible to casual ones.
One of the main reasons I don't play more FPS titles nowadays is their length: a lot of games, like Half-Life and GTA, build these epic saga storylines and take many days to play thoroughly. In high school, I thought both of those were awesome (especially HL2 and Vice City, respectively) but now, in college, I just don't have time.
Portal is so short, I played it in one sitting. It's also simple: you have exactly one kind of gun throughout the game, and only a handful of opponents. It's the antithesis of a game like WoW, (which I realize is not FPS), and which requires a lot of in-depth game-specific knowledge and deep time commitment to become good at.
Portal goes to great lengths to teach players how to play as they go along. The developer commentary is fascinating... each of the first few levels has a specific concept that it's designed to convey. If you understand quickly, these levels go by fast. If you've never touched a controller in your life, I'd bet money that you could still do them. It's all part of the challenge.
I bet Bruce Schneier will post on how bad an idea this is any hour now. Some classic Schneier: "Why Technology Won't Prevent Identity Theft" http://www.schneier.com/essay-255.html ...and what about the old-fashioned Law of Large Numbers? If you give 390,000 people access to something, the chance that some of them are criminals is: 100%! (Rounded to the nearest six decimals or so.) Simply because there are 390,000 of them.