While we're shamelessly advertising this guy's shit, for what it's worth he has some other stuff on sale if you can't fork out 100k (more Japanese console stuff, I imagine it's rare, not really a connoisseur though) including familiar-looking NES, Sega and Playstation units/devkits and some Pippin thing I've never heard of.
Some of the 'OMG RARE 500 PCS ON EARTH' items are kind of interesting (well, would have been before discovering girls)
It's not as farfetched as you think. This reminds me of the fiasco with DSL providers (at least in suburbs of Boston) who relied on Bell Atlantic (now Verizon) to provision their loops. For even the most basic requests (and God help you if anything went wrong) it would take Bell Atlantic 3-4 weeks to send someone out there to provision a Covad loop and fix problems. Mysteriously enough, if you wanted to buy DSL from Bell Atlantic (they were a direct competitor to Covad), they would get you up and running in a matter of days. It was fucking evil. Bell Atlantic was providing a much lower QoS to competitors, and barring a long, drawn out legal battle (which would be tough to win and would end long after they were driven out of business), there was nothing Covad or others could do since everyone had to go through Bell Atlantic since they owned all of the central offices and owned all of the loops leading to your house.
I'm not a film tech -- but besides abuse and security issues, what's proposed here is just does not seem possible under low bandwidth conditions. it's not like you can just run off to computer #2,398 and say "go render frame 1,503" -- there are textures and models and state information that probably total somewhere on the order of gigabytes (give or take a factor of ten) in order to render that frame. Joe Dialup isn't going to be able to handle that; the film studios I'm sure have crazy fiber/multi-gigabit interconnects within their rendering farms.
If they could find a way to offload some intermediate calculations (like deformations of hair or fabric or something that can be used as an intermediate result in a scene) then that might be a clever use for a distributed.net style technique.
Maybe, perhaps, they dont want to spend ridiculous amounts of money engineering and supporting a product that no one wants? The x86 thinkpads run *both* Linux and Windows just fine.
I know you were being funny, but this is a very clever (albeit very unethical) and common technique. I know that at my last company (who had, well, some additional ethical concerns, but anyway) they would post on targeted message boards hyping up their site and would pretend to be happy customers. It's highly cheap, low effort, and effective.
It sucks because unlike marketing efforts and vendors' sales messages, which everyone has learned to always take with a grain of salt, I'm inclined to believe, often instantly and completely, a slashdot posting endorsing product X, because the poster seems unaffiliated and genuine and doesn't really have anything to gain from endorsing it.
In fact, it's very dangerous, because my trust can be easily manipulated this way; I usually don't have time to bother to verify the source of a given posting (Think of how many hundreds or thousands of posts you read a year). However, if I encounter product Y sometime later having read something about it before, I usually vaguely remember whether the post said the product was any good or not and that will usually determine my first impression. In that way, libelous anonymous postings are very dangerous -- I remember hearing some people post that "Python sucked" (probably because of some BS like the whitespace indentation) and for that reason I stayed away for several years until reading some very positive articles and posts -- and now it's one of my most useful productivity tools and I could have saved ridiculous amounts of development time reinventing the wheel had I known about it before. That's kind of a trivial example, but when $ is involved, it's even worse.
Sadly, it's basically the next form of spam. Most of us used to read (mostly) every word of all our emails -- now spam and outrageous commerical claims make that means of communication virtually useless. It will be a shame to see message boards and blogs, etc, filled with this kind of crap (blogs are already targeted by spammers). However, postings by these kinds of shills are often pretty blatant and easy to spot just because of their outrageous claims and distinctive style, but they will get more and more subtle. They're also virtually impossible to track, since real people are on the other end (and you can only really ban problem users after the damage has already been done). And if a company pays a few random dialup users (a tactic my old company was about to try -- yes, I've left since) to troll the net and make these kinds of postings, good luck trying to prove that the company did it or trying to track down or prosecute them.
Really, the only way to tell is to view a given poster's karma/post history and to look for certain suspicious patterns.
If you look at some of the docs, there seem to be a bunch of Bell Labs folks contributing (perhaps even principal developers)... including a doc by Brian Kernighan and lo and behold, Dennis Ritchie, the authors of one of the canonical C books ("The C Programming Language" -- more affectionately known as "K&R".)
Could be interesting stuff, especially the Limbo "C-like, concurrent" programming language (though the syntax seems like an ugly version of Python with some bizarre odds and ends tacked on like a <- operator for "channels").
Anyone know what the latency (ping times) would be on the Connexion service? Would it be like satellite (hundreds of ms?) (I know parent was referring to the plane's LAN in which latency is negligible, but what about communications to the rest of the world?)
"One of Longhorn's most interesting technologies for developers is its new XML-based markup language, codenamed XAML (short for eXtensible Application Markup Language, and pronounced "Zammel"). User interfaces in Longhorn applications are typically built using XAML. In this article, we look at how XAML..."
Well, in those days, the players were big, bloated plugins that never worked well. In fact, nothing about it really worked well; the few sites that could get it in any kind of working state had 3d models that were often simplistic and ugly; it was not only slow and software rendered but seemed several generations of 3D tech behind. It was a cute gimmick at best.
Believe it or not, the technology probably wasn't the biggest issue. It's a classic example of a solution searching for a problem; there was no killer app. Sure there are niches where 3d might be cool, and it might yield interesting ways to visualize data, but those niches are (already) better served by standalone apps optimized for that purpose (games, for example.) And for everyday information, it's just easier to scroll down a page of text than to navigate through some awkward 3D universe.
Think from a practical perspective, too: Say you own some website and have bought into the VRML hype. Unfortunately, reality comes knocking: modeling and texturing is a rare skill and extremely time consuming (at least compared to being able to throw together a quick site in Frontpage), and I doubt there were really great tools for VRML to help in its adoption. Is it really going to be worth it, if you own some website, to pay several times more and have to go root out a bunch of talented 3D artists when a couple of web jockeys can churn out web pages quickly, reliably, and cheaply?
On the other hand, unlike in the VRML days, today pretty much all computers have some kind of 3D hardware acceleration, so a Flash-like 3D plugin could be moderately interesting. I wouldn't hold my breath, though.
This is all kind of a silly nitpick. Those issues are completely orthogonal. They are obviously citing these formats because they are ubiquitous and the prevailing format for their media type... if a kid said "I want to be a great basketball player, like Michael Jordan", saying "But damn, he was so shitty at baseball!" is kind of irrelevant. (Hope you enjoy the crackheaded analogy:P)
Plus, you have to iterate over the predicted source port range (you don't know it by default), which is 1024-65535. In the average case, you'll need ~32,250 ports and ~32,500 window guesses per port, which puts you over a *billion* guesses to trip the target connection once. Furthermore, as parent mentioned, the window changes, the connection might close gracefully on its own, etc. Granted, predictable TCP source ports might make this more feasible but the significance is still vastly overstated.
As frightening as this "vulnerability" sounds, this is nothing really new; other TCP weaknesses are syn floods (not quite the same thing, but somewhat similar -- in fact, this vulnerability might as well be called a "RST flood"), connection hijacking (by sniffing packets and sending spoofed packets with the correct sequence numbers), and so on. It's also an implementation issue that is largely caused by implementations having loose checking of TCP sequence and ack numbers, or accepting too large of a window of sequence numbers.
I wouldn't say TCP is broken or that some other solution would be much better; it would be tough to design a transport protocol that is still simple (and doesnt use CPU burning hashing/encryption techniques) that wouldn't have these sorts of vulnerabilities (especially since it's so easy to spoof IP packets); calling this vulnerability severe is like screaming that highways are fundamentally unsafe because someone could point their car the wrong way and start smashing into oncoming traffic.
1. Loopholes, loopholes, loopholes. As soon as a specific 'naughty' behavior is labeled and given a cutesy little icon, the [spy|ad]ware manufacturers will simply do something similar but that doesn't fall under that exact categorization. For example, a piece of adware might not pop up an ad but might instead intercept your web browser navigator and post an 'in between' ad of its choice within the browser window for 5 seconds or something (this kind of thing is coming.) And then after that gets labeled a few months later, they'll do something else, and something else, etc. It is unlikely that whatever committee is in charge will have either the resources, technical ability, or incentive to keep up with the 'state of the art'.
2. Who will pay to examine all the software? I seriously doubt that the gov't or whatever agency (FCC/whomever) has the resources to pay a team of talented software engineers to label every piece of software that could be conceivably downloaded. (hell, just look at our patent office's ability to competently evaluate software patents) Sure, like patents or code signing certs, you could have everyone pay a fee, but that fee might be too large for a fledgling software company to cover. And maybe you might get the 'reputable' software companies to foot the bill to some extent, but that creates a conflict of interest in itself (is Gator/Claria a 'reputable' company? Real? Apple?:P)
3. Enforcement? How will this be enforced? The punishments will need to be more than a slap on the wrist -- otherwise any fines will simply be an operating cost and will not deter anyone (witness the joke that the antitrust ruling was with Microsoft.)
I don't think icons that refer to specific behaviors of a program are going to be helpful; since 'nice' programs like Winamp and antivirus programs would themselves get the same self-update, hook (startup), and wrench (OS update) warning labels, so the average user is going to become conditioned to click "OK" on every install, just like they're conditioned to click through clickwrap agreements/EULAS. Distinctions based on technical behaviors are simply too confusing for the average computer user -- assuming the average user can make the nuanced technical judgment to tell 'nice' software from adware based on behavior is like assuming you or I could find loopholes in a 30 page legal contract.
The annoying thing about spyware is that it's unwanted advertisement from third parties. Regardless of what technical means they use to do so, the key distinction is that spyware providers get paid by third parties to advertise and non-spyware usually does not. Therefore, a simple icon and string of text that states "This software provides advertising from third parties" gets a little more at the heart of the issue, and the law doesn't have to change every 3 months with the advent of new techniques. The same principle could be applied to "phoning home", "spying" behaviors, or collecting usage data outside the context of the program as well as how such data is collected, aggregated, and/or sold.
Again, with such a simple clause spyware companies will inevitably find loopholes (e.g. play games with what constitutes "advertising" or a "third party") but at least it's better than classifying by a bunch of arbitrary technical behaviors which are employed equally by 'nice' software as well -- and it hits closer to the revenue stream. A spyware provider will have a harder time lying about its advertising behaviors if it is clearly receiving revenue from advertisers, or selling statistics/personal information.
first, any of today's off the shelf PCs will likely be too slow to handle xbox games -- largely because all of the little places where the xbox software or hardware differs from stock x86 PCs need to be emulated, which adds significant overhead. for example, the NT kernel has been chopped down on the xbox and a complicated bunch of workarounds and wrappers needs to be devised, and the directx for xbox is optimized solely for the specialized GPU, so again, more wrappers and hacks.
second, the emulator code itself will need a great deal of time to mature since duplicating the exact xbox environment is very difficult (for the same reasons). another example: the compiler for xbox actually optimizes away (read: removes) certain code that would be required for a PC target. (read the papers describing how cxbx works, and the 'progress' section.)
moral of the story: it's not JUST moving x86 software to x86 hardware; the devil is in the details (of the xbox's customized environment.)
additional notable points are that it is also missing sound and network support.
also, maybe it will be slightly since xbox is based on x86 architecture and nvidia graphics, but it took a while for ultrahle, for example, to be truly playable (the o/c'ed celeron 450s didn't exactly cut it back then -- or it would play fine 90% of the time but glitch annoyingly the other 10%.. or buttons would have no text, etc.). so the requisite hardware might be a year or two off before it's truly playable (not to mention the incredible amount of effort to fully reverse engineer the xbox architecture enough to emulate it in software such that it plays indistinguishably from a real xbox)
No pr0n words in my name, but I'm an upstanding member of the "pen fifteen" club!
God, I loved 7th grade.
-fren
Great (better?) book on influence/persuasion
on
The Power of Persuasion
·
· Score: 5, Informative
One of the canonical books on the subject which I read and greatly enjoyed is "Influence: The Psychology of Persuasion" by Dr. Robert Cialdini -- it breaks down (scientifically) six major principles of influence.
It's pretty cool -- after reading it you'll be able to read into (or see through) a lot of marketing/sales techniques that you see out in the real world (and won't be fooled by them -- or conversely, can use them for your own business or personal goals.)
Slashdot Mirror
While we're shamelessly advertising this guy's shit, for what it's worth he has some other stuff on sale if you can't fork out 100k (more Japanese console stuff, I imagine it's rare, not really a connoisseur though) including familiar-looking NES, Sega and Playstation units/devkits and some Pippin thing I've never heard of.
Some of the 'OMG RARE 500 PCS ON EARTH' items are kind of interesting (well, would have been before discovering girls)
-fren
Because it was created by a wery talented group of Russian mad scientists.
-fren
It's not as farfetched as you think. This reminds me of the fiasco with DSL providers (at least in suburbs of Boston) who relied on Bell Atlantic (now Verizon) to provision their loops. For even the most basic requests (and God help you if anything went wrong) it would take Bell Atlantic 3-4 weeks to send someone out there to provision a Covad loop and fix problems. Mysteriously enough, if you wanted to buy DSL from Bell Atlantic (they were a direct competitor to Covad), they would get you up and running in a matter of days. It was fucking evil. Bell Atlantic was providing a much lower QoS to competitors, and barring a long, drawn out legal battle (which would be tough to win and would end long after they were driven out of business), there was nothing Covad or others could do since everyone had to go through Bell Atlantic since they owned all of the central offices and owned all of the loops leading to your house.
-fren
I'm not a film tech -- but besides abuse and security issues, what's proposed here is just does not seem possible under low bandwidth conditions. it's not like you can just run off to computer #2,398 and say "go render frame 1,503" -- there are textures and models and state information that probably total somewhere on the order of gigabytes (give or take a factor of ten) in order to render that frame. Joe Dialup isn't going to be able to handle that; the film studios I'm sure have crazy fiber/multi-gigabit interconnects within their rendering farms.
If they could find a way to offload some intermediate calculations (like deformations of hair or fabric or something that can be used as an intermediate result in a scene) then that might be a clever use for a distributed.net style technique.
-fren
Maybe, perhaps, they dont want to spend ridiculous amounts of money engineering and supporting a product that no one wants? The x86 thinkpads run *both* Linux and Windows just fine.
-fren
It's also called "astroturf" (as in fake grassroots) in the offline/PR world.
-fren
I know you were being funny, but this is a very clever (albeit very unethical) and common technique. I know that at my last company (who had, well, some additional ethical concerns, but anyway) they would post on targeted message boards hyping up their site and would pretend to be happy customers. It's highly cheap, low effort, and effective.
It sucks because unlike marketing efforts and vendors' sales messages, which everyone has learned to always take with a grain of salt, I'm inclined to believe, often instantly and completely, a slashdot posting endorsing product X, because the poster seems unaffiliated and genuine and doesn't really have anything to gain from endorsing it.
In fact, it's very dangerous, because my trust can be easily manipulated this way; I usually don't have time to bother to verify the source of a given posting (Think of how many hundreds or thousands of posts you read a year). However, if I encounter product Y sometime later having read something about it before, I usually vaguely remember whether the post said the product was any good or not and that will usually determine my first impression. In that way, libelous anonymous postings are very dangerous -- I remember hearing some people post that "Python sucked" (probably because of some BS like the whitespace indentation) and for that reason I stayed away for several years until reading some very positive articles and posts -- and now it's one of my most useful productivity tools and I could have saved ridiculous amounts of development time reinventing the wheel had I known about it before. That's kind of a trivial example, but when $ is involved, it's even worse.
Sadly, it's basically the next form of spam. Most of us used to read (mostly) every word of all our emails -- now spam and outrageous commerical claims make that means of communication virtually useless. It will be a shame to see message boards and blogs, etc, filled with this kind of crap (blogs are already targeted by spammers). However, postings by these kinds of shills are often pretty blatant and easy to spot just because of their outrageous claims and distinctive style, but they will get more and more subtle. They're also virtually impossible to track, since real people are on the other end (and you can only really ban problem users after the damage has already been done). And if a company pays a few random dialup users (a tactic my old company was about to try -- yes, I've left since) to troll the net and make these kinds of postings, good luck trying to prove that the company did it or trying to track down or prosecute them.
Really, the only way to tell is to view a given poster's karma/post history and to look for certain suspicious patterns.
-fren
If you look at some of the docs, there seem to be a bunch of Bell Labs folks contributing (perhaps even principal developers)... including a doc by Brian Kernighan and lo and behold, Dennis Ritchie, the authors of one of the canonical C books ("The C Programming Language" -- more affectionately known as "K&R".)
Could be interesting stuff, especially the Limbo "C-like, concurrent" programming language (though the syntax seems like an ugly version of Python with some bizarre odds and ends tacked on like a <- operator for "channels").
-fren
There's gotta be a sick joke in there somewhere. :P
-fren
Anyone know what the latency (ping times) would be on the Connexion service? Would it be like satellite (hundreds of ms?) (I know parent was referring to the plane's LAN in which latency is negligible, but what about communications to the rest of the world?)
-fren
-fren
-fren
-fren
Well, in those days, the players were big, bloated plugins that never worked well. In fact, nothing about it really worked well; the few sites that could get it in any kind of working state had 3d models that were often simplistic and ugly; it was not only slow and software rendered but seemed several generations of 3D tech behind. It was a cute gimmick at best.
Believe it or not, the technology probably wasn't the biggest issue. It's a classic example of a solution searching for a problem; there was no killer app. Sure there are niches where 3d might be cool, and it might yield interesting ways to visualize data, but those niches are (already) better served by standalone apps optimized for that purpose (games, for example.) And for everyday information, it's just easier to scroll down a page of text than to navigate through some awkward 3D universe.
Think from a practical perspective, too: Say you own some website and have bought into the VRML hype. Unfortunately, reality comes knocking: modeling and texturing is a rare skill and extremely time consuming (at least compared to being able to throw together a quick site in Frontpage), and I doubt there were really great tools for VRML to help in its adoption. Is it really going to be worth it, if you own some website, to pay several times more and have to go root out a bunch of talented 3D artists when a couple of web jockeys can churn out web pages quickly, reliably, and cheaply?
On the other hand, unlike in the VRML days, today pretty much all computers have some kind of 3D hardware acceleration, so a Flash-like 3D plugin could be moderately interesting. I wouldn't hold my breath, though.
-fren
This is all kind of a silly nitpick. Those issues are completely orthogonal. They are obviously citing these formats because they are ubiquitous and the prevailing format for their media type... if a kid said "I want to be a great basketball player, like Michael Jordan", saying "But damn, he was so shitty at baseball!" is kind of irrelevant. (Hope you enjoy the crackheaded analogy :P)
-fren
Plus, you have to iterate over the predicted source port range (you don't know it by default), which is 1024-65535. In the average case, you'll need ~32,250 ports and ~32,500 window guesses per port, which puts you over a *billion* guesses to trip the target connection once. Furthermore, as parent mentioned, the window changes, the connection might close gracefully on its own, etc. Granted, predictable TCP source ports might make this more feasible but the significance is still vastly overstated.
-fren
As frightening as this "vulnerability" sounds, this is nothing really new; other TCP weaknesses are syn floods (not quite the same thing, but somewhat similar -- in fact, this vulnerability might as well be called a "RST flood"), connection hijacking (by sniffing packets and sending spoofed packets with the correct sequence numbers), and so on. It's also an implementation issue that is largely caused by implementations having loose checking of TCP sequence and ack numbers, or accepting too large of a window of sequence numbers.
I wouldn't say TCP is broken or that some other solution would be much better; it would be tough to design a transport protocol that is still simple (and doesnt use CPU burning hashing/encryption techniques) that wouldn't have these sorts of vulnerabilities (especially since it's so easy to spoof IP packets); calling this vulnerability severe is like screaming that highways are fundamentally unsafe because someone could point their car the wrong way and start smashing into oncoming traffic.
-fren
1. Loopholes, loopholes, loopholes.
:P)
:P
As soon as a specific 'naughty' behavior is labeled and given a cutesy little icon, the [spy|ad]ware manufacturers will simply do something similar but that doesn't fall under that exact categorization. For example, a piece of adware might not pop up an ad but might instead intercept your web browser navigator and post an 'in between' ad of its choice within the browser window for 5 seconds or something (this kind of thing is coming.) And then after that gets labeled a few months later, they'll do something else, and something else, etc. It is unlikely that whatever committee is in charge will have either the resources, technical ability, or incentive to keep up with the 'state of the art'.
2. Who will pay to examine all the software?
I seriously doubt that the gov't or whatever agency (FCC/whomever) has the resources to pay a team of talented software engineers to label every piece of software that could be conceivably downloaded. (hell, just look at our patent office's ability to competently evaluate software patents) Sure, like patents or code signing certs, you could have everyone pay a fee, but that fee might be too large for a fledgling software company to cover. And maybe you might get the 'reputable' software companies to foot the bill to some extent, but that creates a conflict of interest in itself (is Gator/Claria a 'reputable' company? Real? Apple?
3. Enforcement?
How will this be enforced? The punishments will need to be more than a slap on the wrist -- otherwise any fines will simply be an operating cost and will not deter anyone (witness the joke that the antitrust ruling was with Microsoft.)
I don't think icons that refer to specific behaviors of a program are going to be helpful; since 'nice' programs like Winamp and antivirus programs would themselves get the same self-update, hook (startup), and wrench (OS update) warning labels, so the average user is going to become conditioned to click "OK" on every install, just like they're conditioned to click through clickwrap agreements/EULAS. Distinctions based on technical behaviors are simply too confusing for the average computer user -- assuming the average user can make the nuanced technical judgment to tell 'nice' software from adware based on behavior is like assuming you or I could find loopholes in a 30 page legal contract.
The annoying thing about spyware is that it's unwanted advertisement from third parties. Regardless of what technical means they use to do so, the key distinction is that spyware providers get paid by third parties to advertise and non-spyware usually does not. Therefore, a simple icon and string of text that states "This software provides advertising from third parties" gets a little more at the heart of the issue, and the law doesn't have to change every 3 months with the advent of new techniques. The same principle could be applied to "phoning home", "spying" behaviors, or collecting usage data outside the context of the program as well as how such data is collected, aggregated, and/or sold.
Again, with such a simple clause spyware companies will inevitably find loopholes (e.g. play games with what constitutes "advertising"
or a "third party") but at least it's better than classifying by a bunch of arbitrary technical behaviors which are employed equally by 'nice' software as well -- and it hits closer to the revenue stream. A spyware provider will have a harder time lying about its advertising behaviors if it is clearly receiving revenue from advertisers, or selling statistics/personal information.
Longest Post Ever.
-fren
sorry about that.
what i meant by my post was:
first, any of today's off the shelf PCs will likely be too slow to handle xbox games -- largely because all of the little places where the xbox software or hardware differs from stock x86 PCs need to be emulated, which adds significant overhead. for example, the NT kernel has been chopped down on the xbox and a complicated bunch of workarounds and wrappers needs to be devised, and the directx for xbox is optimized solely for the specialized GPU, so again, more wrappers and hacks.
second, the emulator code itself will need a great deal of time to mature since duplicating the exact xbox environment is very difficult (for the same reasons). another example: the compiler for xbox actually optimizes away (read: removes) certain code that would be required for a PC target. (read the papers describing how cxbx works, and the 'progress' section.)
moral of the story: it's not JUST moving x86 software to x86 hardware; the devil is in the details (of the xbox's customized environment.)
-fren
additional notable points are that it is also missing sound and network support.
also, maybe it will be slightly since xbox is based on x86 architecture and nvidia graphics, but it took a while for ultrahle, for example, to be truly playable (the o/c'ed celeron 450s didn't exactly cut it back then -- or it would play fine 90% of the time but glitch annoyingly the other 10%.. or buttons would have no text, etc.). so the requisite hardware might be a year or two off before it's truly playable (not to mention the incredible amount of effort to fully reverse engineer the xbox architecture enough to emulate it in software such that it plays indistinguishably from a real xbox)
-fren
it is open source and on sf... so even if it's dmca'd to oblivion, maybe they'll take development out of the country ;)
although dmca did effectively kill the warforge bnetd project, so who knows.
-fren
while we're at it, i would imagine it's IT FAIL YOU ;)
-fren
Usenet Audio joins an esteemed coterie of previous spectacular endeavors including Usenet Porn, Usenet Warez, Usenet Fashion Magazines, and Usenet Moderated Nonviolent Underwater Images.
No pr0n words in my name, but I'm an upstanding member of the "pen fifteen" club!
God, I loved 7th grade.
-fren
One of the canonical books on the subject which I read and greatly enjoyed is "Influence: The Psychology of Persuasion" by Dr. Robert Cialdini -- it breaks down (scientifically) six major principles of influence.
It's pretty cool -- after reading it you'll be able to read into (or see through) a lot of marketing/sales techniques that you see out in the real world (and won't be fooled by them -- or conversely, can use them for your own business or personal goals.)
Amazon link (not a referrer link)
Check it out.. the book rocks.
-fren