It has been frequently updated. I visit it every few months (often showing co-workers or something) and it seems to be bigger each time.
That said, it's probably approaching near completeness right about now (there are a finite number of ways of screwing up that actually occur, after that you're just being silly/stupid), so it's a good time to post it.
And I don't know if you've noticed, but those Slashdot UIDs keep going up and up... we're in at least the mid-nine-hundred-thousands now. Presumably some significant proportion of those are true new people.
Honestly, with the way online communities band together to stuff the results of polls like this, I'd kind of prefer something small like that. Despite the smaller sample size, it's probably a more fair one than you could get if you just threw it open for extended periods of time.
Throw it out on the Internet and you're liable to "discover" that the Serenity novelization is the #1 geek book of all time.
Reality and easy math (like "normal distributions") don't meet up all that often. A smaller, but more random, sample can be much better.
(We're looking at "small but biased" vs "large but really biased", so I really do mean that "more" as a comparitive statement, not an absolute claim of validity of the original sample, so if you needed this parenthetical note, why not read more carefully? Also note the word "can".... it's not the same as "absolutely will".)
What the fuck are you talking about, and what crack was the moderator on that modded you "interesting"?
This "vortex" is a perfectly straightforward prediction of a now 100-year-old theory in physics (holding up quite well for all that), and is so freaking small it required an entirely dedicated, highly-sophisticated a fairly long time satellite to detect; it doesn't get much smaller than that.
Whatever MIS-TEER-IOUS thing it is you're thinking of, you're wrong.
The problem with this technique is that, if you ever post your code on Slashdot, you'll have to replace spaces with dots and spend fifteen minutes trying to get it to render correctly because SD doesn't support a simple PRE tag.
<ecode>
.
int something;
void *some thingElse; longobjectname theThirdThing;
But it's quirky and you always have to preview when using it. In this case, it was eating the spaces on the first line. That's what the period is for, to be the first line. (There used to be a comment on the posting page about the tag, but now I don't see one; it's just listed without explanation at the end of the "allowed HTML" list.)
Oh, and I've grown to really, really dislike that style. We use Perl, but you still get the basic equivalent when initializing vars: my $Whatever = 'initial'; I'm still not sure why I dislike it. Maybe just because it's a pain to type.
I can't believe this wanker referred to the Tragedy of Commons. Comparing anything to the ToC practically screams "I want to be an important thinker! Really I do! Please! I am serious! I have Big Thoughts!"
Actually, correctly referencing the Tragedy of the Commons is a rather good sign; I think elementary game theory should displace any number of traditional high-school courses as it is the best possible answer to "what is this math good for, anyhow?". Game theory is directly applicable to the full gamut of economics (from your personal finances to understanding the whole), politics, business, and yes, even game playing. But that's another rant.
Incorrectly referencing it certainly means what you say, though. And is it referenced correctly?
No. Tragedy of the commons, simplified, refers to a finite communal resource being overconsumed because everybody is rewarded for consuming as much as possible, and nobody is penalized. This does not match the described situation. The situation described in the article has no trite name for it that I'm aware of, but I'd liken it more to an evolutionary co-over-specialization. This is a far better framework to understand his point in. (In particular, it gives you what I think is the best way to understand the Revolution, as an attempt to out-compete the symbiotic overspecialization of Microsoft/Sony & "hard core gamers".)
(A real world example of "overspecialization" is panda bears and their well known limited diet of almost entirely bamboo. I can't come up with a real world example of symbiotic overspecialization, but I'm quite confident it's occurred; it's statistically inevitable.)
That said, strip the article down to what it is saying... "The game industry is overspecialized"... and, well, crud man, didn't you hear the top executives at Nintendo give almost this exact speech when they started talking about the Revolution, only shorter and without incorrect references to mathematical concepts? All kinds of people are saying it.
I don't think Sony stands a good chance because they have such wonderfully superior products. I think Sony stands a good chance because they have the largest group of fanboys I've ever seen, many of which write in influential gaming publications.
While a PS2 is actually the only current-gen console I own (unless you count the Dreamcast), it's because of the games, not the hardware; I think the hardware has some amazingly bad design decisions in it and is clearly the worst hardware of the current generation. (In fact, while it is capable of out-doing the Dreamcast, it takes a surprising amount of work due to the aforementioned amazingly bad design decisions; even that isn't the knockout it should have been.)
I'm extremely excited about the Revolution. I may or may not purchase a PS3 or an XBox 360, depending on the games. (Morrowind is tempting and I don't have a PC that can come even close to running it. On the other hand I just realized that I can probably run Morrowind 3 and that might just tide me over for a long time, given my work schedule.)
History pop quiz: What video game company has managed to dominate three console generations (~5 years)?
By my reckoning, nobody. (Atari: 2600 era. Nintendo: NES and to some degree SNES. Sony: PS1 & PS2.)
If anyone's going to make it, it's Sony. (I mean that beyond the obvious historically-tautological aspects of the statement; they have a better chance IMHO because this is clearly a "more of the same" generation, which I think is a first, and that makes it easier to maintain momentum. I think the best way to understand the Revolution is as an attempt to disrupt the momentum by disrupting the "more of the same"-ness of this generation.) On the other hand, flaming people for questioning it is probably excessively fanboy-ish. I wouldn't commit to that exact scenario, personally, but scenarios where Sony is not #1 are quite plausible.
Whether or not you eat your breakfast "on time" depends on the speed of the breakfast relative to you, and whose definition of "time" you are using.
As the speed of the breakfast approaches the speed of light relative to you... well, I guess that's probably the "last time" you'll eat breakfast.
Re:Promising shift in user interfaces
on
Slacker or Sick
·
· Score: 1
An interesting development, but moving in the wrong direction.
The fundamental problem with user interface isn't excessive richness of expression, it's the inability of computers to understand rich expressions. Mice are already "point & grunt", a system that would have intolerably low bandwidth for human-to-human communications. Humans have basically dumbed down their communication as far as they should be expected to; losing the ability to "grunt" isn't going to help.
(Note that this doesn't say much about what I believe will be the final end of expression to computers, merely that I think it will be more expressive. For instance, this doesn't mean I think pure voice is the ideal interface; in fact I think that's rather unlikely in the general case.)
For instance if you want to go to fuckedchicks (made up)
# whois fuckedchicks.com [Querying whois.internic.net] [Redirected to whois.moniker.com] [Querying whois.moniker.com] [whois.moniker.com] Moniker.C om Whois Server Version 2.1
The Data in Moniker.Com's WHOIS database is provided for information purposes only, and is designed to assist persons in obtaining information related to domain name registration records. Moniker.Com does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Moniker.Com (or its systems). Moniker.Com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.
Domain Name: FUCKEDCHICKS.COM
Registrant [5446]:
D H dhproducts@earthlink.net
D.J.H & Associates, Inc.
P.O. Box 34101
Granada Hills ...
Administrative Contact [5446]:
D H dhproducts@earthlink.net
D.J.H & Associates, Inc. ...
You're going to have to try harder than that to make up a porn domain name that's not taken!
(As a matter of politeness I've stripped some of the address information, but of course it's public information.)
No, we're not. We're talking about HTML, or things that end up as HTML. (For instance, Wiki formatting, UBB formatting, etc.) It's not English text that spread like a virus, it's code.
If you can't figure out how to write something that identifies good HTML, then you absolutely, positively should not be writing code for the web. If you think HTML is "free-form content", you're part of the problem.
The "badness" you are trying to prevent is distinguishable from the "goodness" only by the patterns that it occurs in.
No shit. You are aware that there are decades of work in computer science on the topic? And that the relevant work is all nicely packaged up as libraries that don't even require to really understand said decades of work?
All you have to do is hook up an HTML parser, and reject the content the instant you see anything bad; tags not in the approved list, attributes not in the approved list, etc. For extra bonus points to defend against a bad parser you might consider re-outputting the HTML from the parse tree via your own code that can be guaranteed to only produce safe, code-free HTML by construction, but that's generally unnecessary because for someone who actually knows what they're doing an HTML parser is not that hard, and the crappy/buggy ones generally stay very safely un-famous. (An HTML parser that gracefully handles the shitty HTML on the web today is quite a different story, but that doesn't apply here; you shouldn't be using such a thing for verification.)
If you truly find this hard, you need to either grow your skills until it isn't, stop programming for the web, or batten down the hatches and prepare for the day when something crappy like this happens to your site. The same extends to anytime user input may be interpreted as code that affects anyone else, too. I'm not the one presenting you with these choices; I'm just explaining the situation. It's just that this is how it works, in the real world. "But it's hard!" doesn't change anything.
And it gets through because stupid programmers persist in making two mistakes:
Defining "badness" instead of "goodness"
Trying to "clean up" invalid code
The first one means that you try to list all of the ways that the input can be bad. The Universe is evil and it hates you. You can't list all the funky things that it can do to you. Instead, list the good things and carefully verify that the input is good.
For a simple, but very very real-world example, don't write a rule that says "If the password contains/, =, or \, reject it." Write a rule that says "Passwords may contain only letters, numbers, and underscores." In the first case, especially in the brave new world of Unicode, you'll never enumerate all the bad things that can happen.
The second mistake is that once you've decided that input is bad, do not try to clean it up. The process of cleaning it up may itself make it invalid in the case of something like HTML. Just reject it with a good error message and let the user take care of it.
If that is absolutely impossible, preferably on the lines of "you'll be fired if you don't clean it up", then at the very least, you must continue to recursively run the cleanup code until the input converges (is unchanged by the cleanup code).
It's not that it's absolutely impossible to get it right if you don't follow these rules, it's just that it's really freakin' hard. Slashdot, for instance, does seem to manage, but it took them a few iterations and ultimately, it's a low-priority site even if it does get hacked a little. Is your program that unimportant?
It's way, way easier to define legit HTML (specific tags, no attributes usually though it's easy to let a few specific ones through, even with a handful of specific values) than it is to create a function to take any arbitrary string and make "safe" HTML out of it.
According to the Entertainment Software Assocation, the average game is age 30, and the average purchaser of games is 37. There are, in fact, more women > 18 who play games than there are young boys 6-17 who do so according to the ESA.
I assume you meant "the average gamer is age 30". (I say this since if you mean something else this may affect my post.)
I think you miss the point the GP brought up. The question is not "What is the average age of a person who purchases video games?" The question is, "What is the average age that video games are sold to?"
If four 40-year-olds buy a game, and one 10-year-old buys four games, the average age of a video game buyer is 34, but the average age that a video game was sold to is 25. Guess who's going to get more games made for them, if the trend holds?
I don't know what the real statistics I'm looking for are, but I'm pretty sure "average age of game buyer" is a pretty uninteresting one to game makers, who are much more interested in who is buying the most games.
you could create, design and release a new fully featured and functional product in a few weeks if you really truly put the force of your entire company behind it
Mods, parent is not insightful, parent is wrong. And it's not hard to understand why the parent has a hard time seeing how MD5 is involved when they have an incorrect idea of how it works.
As a bit of a hint to NightHwk1, extremely carefully check the first bytes of those two pages. They are indeed not identical and do indeed hash to the same MD5 value.
The rest of the "trick" of course hinges on the fact that a single bit change to a Turing Machine can completely alter the resulting output. "Trick" is put in quotes because that isn't really a "trick", it's a fundamental truth about computing and is the reason why twiddling even a few bits in an MD5-hashed block (which is all this break seems to be able to do) is such a big deal. This is how they demonstrate it constructively, since most people aren't programmers and won't understand that.
So what does TiVo get from Macrovision that they couldn't have otherwise?
(I'm pretty sure this gets closer to what Wesley Felter meant. What's the root cause of this change? Signing a license agreement with Macrovision just pushes it back one step; where's the law? Where's the business decision that says "Macrovision or [less profit/out of business]"? Who's holding the gun here?
I just joined, as I've designed something very similar in my head and it is my policy to join/buy/participate in such things when I see them.
Per the notes in my other comment, you should probably shut off feedback amoung the players before they choose a ranking. In this case, you should consider not automatically showing the current consensus of the site to a person making a prediction. Show it after the person makes one, or allow them to click through to it if they are interested with no opinion.
Much better yet, experiment with it both ways, see which works better, and tell us all about it.
Slashdot Mirror
Our aversion to risk is limiting our sensory perception of our shared experiences.
Uh, hello?
Read your email inbox lately?
Our aversion to that sort of risk is keeping us alive.
Good luck with that "open source brain" thing.
(Tone note: I'm completely serious.)
It has been frequently updated. I visit it every few months (often showing co-workers or something) and it seems to be bigger each time.
That said, it's probably approaching near completeness right about now (there are a finite number of ways of screwing up that actually occur, after that you're just being silly/stupid), so it's a good time to post it.
And I don't know if you've noticed, but those Slashdot UIDs keep going up and up... we're in at least the mid-nine-hundred-thousands now. Presumably some significant proportion of those are true new people.
Honestly, with the way online communities band together to stuff the results of polls like this, I'd kind of prefer something small like that. Despite the smaller sample size, it's probably a more fair one than you could get if you just threw it open for extended periods of time.
Throw it out on the Internet and you're liable to "discover" that the Serenity novelization is the #1 geek book of all time.
Reality and easy math (like "normal distributions") don't meet up all that often. A smaller, but more random, sample can be much better.
(We're looking at "small but biased" vs "large but really biased", so I really do mean that "more" as a comparitive statement, not an absolute claim of validity of the original sample, so if you needed this parenthetical note, why not read more carefully? Also note the word "can".... it's not the same as "absolutely will".)
What the fuck are you talking about, and what crack was the moderator on that modded you "interesting"?
This "vortex" is a perfectly straightforward prediction of a now 100-year-old theory in physics (holding up quite well for all that), and is so freaking small it required an entirely dedicated, highly-sophisticated a fairly long time satellite to detect; it doesn't get much smaller than that.
Whatever MIS-TEER-IOUS thing it is you're thinking of, you're wrong.
<ecode> But it's quirky and you always have to preview when using it. In this case, it was eating the spaces on the first line. That's what the period is for, to be the first line. (There used to be a comment on the posting page about the tag, but now I don't see one; it's just listed without explanation at the end of the "allowed HTML" list.)
Oh, and I've grown to really, really dislike that style. We use Perl, but you still get the basic equivalent when initializing vars: my $Whatever = 'initial'; I'm still not sure why I dislike it. Maybe just because it's a pain to type.
I can't believe this wanker referred to the Tragedy of Commons. Comparing anything to the ToC practically screams "I want to be an important thinker! Really I do! Please! I am serious! I have Big Thoughts!"
Actually, correctly referencing the Tragedy of the Commons is a rather good sign; I think elementary game theory should displace any number of traditional high-school courses as it is the best possible answer to "what is this math good for, anyhow?". Game theory is directly applicable to the full gamut of economics (from your personal finances to understanding the whole), politics, business, and yes, even game playing. But that's another rant.
Incorrectly referencing it certainly means what you say, though. And is it referenced correctly?
No. Tragedy of the commons, simplified, refers to a finite communal resource being overconsumed because everybody is rewarded for consuming as much as possible, and nobody is penalized. This does not match the described situation. The situation described in the article has no trite name for it that I'm aware of, but I'd liken it more to an evolutionary co-over-specialization. This is a far better framework to understand his point in. (In particular, it gives you what I think is the best way to understand the Revolution, as an attempt to out-compete the symbiotic overspecialization of Microsoft/Sony & "hard core gamers".)
(A real world example of "overspecialization" is panda bears and their well known limited diet of almost entirely bamboo. I can't come up with a real world example of symbiotic overspecialization, but I'm quite confident it's occurred; it's statistically inevitable.)
That said, strip the article down to what it is saying... "The game industry is overspecialized"... and, well, crud man, didn't you hear the top executives at Nintendo give almost this exact speech when they started talking about the Revolution, only shorter and without incorrect references to mathematical concepts? All kinds of people are saying it.
I don't think Sony stands a good chance because they have such wonderfully superior products. I think Sony stands a good chance because they have the largest group of fanboys I've ever seen, many of which write in influential gaming publications.
While a PS2 is actually the only current-gen console I own (unless you count the Dreamcast), it's because of the games, not the hardware; I think the hardware has some amazingly bad design decisions in it and is clearly the worst hardware of the current generation. (In fact, while it is capable of out-doing the Dreamcast, it takes a surprising amount of work due to the aforementioned amazingly bad design decisions; even that isn't the knockout it should have been.)
I'm extremely excited about the Revolution. I may or may not purchase a PS3 or an XBox 360, depending on the games. (Morrowind is tempting and I don't have a PC that can come even close to running it. On the other hand I just realized that I can probably run Morrowind 3 and that might just tide me over for a long time, given my work schedule.)
History pop quiz: What video game company has managed to dominate three console generations (~5 years)?
By my reckoning, nobody. (Atari: 2600 era. Nintendo: NES and to some degree SNES. Sony: PS1 & PS2.)
If anyone's going to make it, it's Sony. (I mean that beyond the obvious historically-tautological aspects of the statement; they have a better chance IMHO because this is clearly a "more of the same" generation, which I think is a first, and that makes it easier to maintain momentum. I think the best way to understand the Revolution is as an attempt to disrupt the momentum by disrupting the "more of the same"-ness of this generation.) On the other hand, flaming people for questioning it is probably excessively fanboy-ish. I wouldn't commit to that exact scenario, personally, but scenarios where Sony is not #1 are quite plausible.
I assure you, whatever you think you have is not the next big thing.
At least, I'm pretty sure the next big thing will involve neither "irc", "goatse.cx", nor "troll".
At the very least, don't expect me to put much time or money into it.
We need a new form of IP, "Privacy-sensitive information". (Full explanation at that link, too complex to put here.)
The odds of this happening any time soon are of course nearly zero.
Whether or not you eat your breakfast "on time" depends on the speed of the breakfast relative to you, and whose definition of "time" you are using.
As the speed of the breakfast approaches the speed of light relative to you... well, I guess that's probably the "last time" you'll eat breakfast.
An interesting development, but moving in the wrong direction.
The fundamental problem with user interface isn't excessive richness of expression, it's the inability of computers to understand rich expressions. Mice are already "point & grunt", a system that would have intolerably low bandwidth for human-to-human communications. Humans have basically dumbed down their communication as far as they should be expected to; losing the ability to "grunt" isn't going to help.
(Note that this doesn't say much about what I believe will be the final end of expression to computers, merely that I think it will be more expressive. For instance, this doesn't mean I think pure voice is the ideal interface; in fact I think that's rather unlikely in the general case.)
(As a matter of politeness I've stripped some of the address information, but of course it's public information.)
3. Lawsuit!
We're talking about free-form content.
No, we're not. We're talking about HTML, or things that end up as HTML. (For instance, Wiki formatting, UBB formatting, etc.) It's not English text that spread like a virus, it's code.
If you can't figure out how to write something that identifies good HTML, then you absolutely, positively should not be writing code for the web. If you think HTML is "free-form content", you're part of the problem.
The "badness" you are trying to prevent is distinguishable from the "goodness" only by the patterns that it occurs in.
No shit. You are aware that there are decades of work in computer science on the topic? And that the relevant work is all nicely packaged up as libraries that don't even require to really understand said decades of work?
All you have to do is hook up an HTML parser, and reject the content the instant you see anything bad; tags not in the approved list, attributes not in the approved list, etc. For extra bonus points to defend against a bad parser you might consider re-outputting the HTML from the parse tree via your own code that can be guaranteed to only produce safe, code-free HTML by construction, but that's generally unnecessary because for someone who actually knows what they're doing an HTML parser is not that hard, and the crappy/buggy ones generally stay very safely un-famous. (An HTML parser that gracefully handles the shitty HTML on the web today is quite a different story, but that doesn't apply here; you shouldn't be using such a thing for verification.)
If you truly find this hard, you need to either grow your skills until it isn't, stop programming for the web, or batten down the hatches and prepare for the day when something crappy like this happens to your site. The same extends to anytime user input may be interpreted as code that affects anyone else, too. I'm not the one presenting you with these choices; I'm just explaining the situation. It's just that this is how it works, in the real world. "But it's hard!" doesn't change anything.
- Defining "badness" instead of "goodness"
- Trying to "clean up" invalid code
The first one means that you try to list all of the ways that the input can be bad. The Universe is evil and it hates you. You can't list all the funky things that it can do to you. Instead, list the good things and carefully verify that the input is good.For a simple, but very very real-world example, don't write a rule that says "If the password contains
The second mistake is that once you've decided that input is bad, do not try to clean it up. The process of cleaning it up may itself make it invalid in the case of something like HTML. Just reject it with a good error message and let the user take care of it.
If that is absolutely impossible, preferably on the lines of "you'll be fired if you don't clean it up", then at the very least, you must continue to recursively run the cleanup code until the input converges (is unchanged by the cleanup code).
It's not that it's absolutely impossible to get it right if you don't follow these rules, it's just that it's really freakin' hard. Slashdot, for instance, does seem to manage, but it took them a few iterations and ultimately, it's a low-priority site even if it does get hacked a little. Is your program that unimportant?
It's way, way easier to define legit HTML (specific tags, no attributes usually though it's easy to let a few specific ones through, even with a handful of specific values) than it is to create a function to take any arbitrary string and make "safe" HTML out of it.
According to the Entertainment Software Assocation, the average game is age 30, and the average purchaser of games is 37. There are, in fact, more women > 18 who play games than there are young boys 6-17 who do so according to the ESA.
I assume you meant "the average gamer is age 30". (I say this since if you mean something else this may affect my post.)
I think you miss the point the GP brought up. The question is not "What is the average age of a person who purchases video games?" The question is, "What is the average age that video games are sold to?"
If four 40-year-olds buy a game, and one 10-year-old buys four games, the average age of a video game buyer is 34, but the average age that a video game was sold to is 25. Guess who's going to get more games made for them, if the trend holds?
I don't know what the real statistics I'm looking for are, but I'm pretty sure "average age of game buyer" is a pretty uninteresting one to game makers, who are much more interested in who is buying the most games.
Wrong browser for that joke.
So, Pirates will always beat Ninjas because... Pirates are more interesting?
Can't say I've ever been interestinged to death. On the other hand....
you could create, design and release a new fully featured and functional product in a few weeks if you really truly put the force of your entire company behind it
Suggested reading.
Mods, parent is not insightful, parent is wrong. And it's not hard to understand why the parent has a hard time seeing how MD5 is involved when they have an incorrect idea of how it works.
As a bit of a hint to NightHwk1, extremely carefully check the first bytes of those two pages. They are indeed not identical and do indeed hash to the same MD5 value.
The rest of the "trick" of course hinges on the fact that a single bit change to a Turing Machine can completely alter the resulting output. "Trick" is put in quotes because that isn't really a "trick", it's a fundamental truth about computing and is the reason why twiddling even a few bits in an MD5-hashed block (which is all this break seems to be able to do) is such a big deal. This is how they demonstrate it constructively, since most people aren't programmers and won't understand that.
So what does TiVo get from Macrovision that they couldn't have otherwise?
(I'm pretty sure this gets closer to what Wesley Felter meant. What's the root cause of this change? Signing a license agreement with Macrovision just pushes it back one step; where's the law? Where's the business decision that says "Macrovision or [less profit/out of business]"? Who's holding the gun here?
Shutting of feedback would in theory be desirable, but it's not practical because that information could filter from one person to another anyway.
True, but the rate of communication could matter.
Still, after reading the rest of the site I'm inclined to think you're correct.
Do you have a preferred communication mechanism for attack suggestions? (I think I have a successful one, although it is not easy to do.)
I just joined, as I've designed something very similar in my head and it is my policy to join/buy/participate in such things when I see them.
Per the notes in my other comment, you should probably shut off feedback amoung the players before they choose a ranking. In this case, you should consider not automatically showing the current consensus of the site to a person making a prediction. Show it after the person makes one, or allow them to click through to it if they are interested with no opinion.
Much better yet, experiment with it both ways, see which works better, and tell us all about it.