What I fail to understand is why anyone worth a damn would keep playing a game that openly allows buying their way to the top
Because the point of a game is to have fun. It isn't a competitive sport, so why should it matter that another player you're playing with has circumvented the lower levels of the game by buying a powerful weapon that made them easier to complete? Why would you care that another player didn't start with a first level character but bought a reasonably well-developed tenth level character instead?
Keeping a game fun for all players is a tough problem. Make it too easy, and it becomes no fun for the serious gamer. Make it too hard and it becomes no fun for the casual gamer. RMT allows those willing to spend money on the problem to make the game easier for themselves, if they want to. This way, a group of people who would find the game too hard can push the difficulty back a little. It keeps the game interesting for a wider variety of players.
I mean no offense, however if one can't do it in 5 mins with with an off-the-shelf SQL database, doesn't mean no one can do it:).
When I say you can't do it, I mean [I believe] it's theoretically impossible. Unless I'm very much mistaken, there's no way of telling whether an arbitrary regexp matches a particular string without matching it, which means reading the string from the database and running it. Every string on the database.
For _some_ regexps you can accelerate this (by matching substrings that are required to be present from an index as a prefilter), and I strongly suspect this is what google are doing. But still, some requests they will have to match every string in their database against. And while the prefilter helps, the complexity is still O(n) on the number of database items to search against. They can do this for code search because their code database is relatively small (probably 1000000 documents) and the number of regexp searches they receive is probably quite small. OTOH, their web database is hundreds of thousands times larger, and probably receives millions of times more requests over any period of time.
Maybe I'm just a bit nostalgic but why isn't it mentioned that a early version of Minix* inspired Linux*?
Because, judging by the phrasing of the summary, the contributor had never heard of Minix before. Which must be some kind of sign about how far from our roots we've grown.
The reason microkernels have always been relegated to second-best is that they require more context switching than a regular monolithic kernel. The tradeoff between "fast enough" and "reliable enough" has for some time now favoured "fast enough". But that's changing -- people's computers are getting plenty fast.
Not to mention the other current hot topic in OS research, which is language-based protection (e.g. Microsoft Singularity). Such systems (almost) completely remove the context switching overhead, because they run all processes in the same address space at top processor privelege level. Thus the penalty for being a microkernel is completely removed.
(Of course the penalty for being a typesafe language, and thus requiring automatic memory management, is added. But more and more software is written in such languages now anyway, so the penalty may be mostly illusory.)
If you want to do it right, why not program it in Haskell in the first place.
Four reasons:
1. Haskell has no facilities for handling untyped blocks of memory, or for manipulating data structures with a specified memory layout. How can I do something like "*((char *)0xB8000) = 'H';"? Or check to see if the 3rd bit of the fourth byte of some data structure is set? Or read the word after the current function's return address on the stack? This kind of operation makes up the majority of what an OS kernel does, particularly microkernels (like Minix) where stuff like TCP/IP is implemented outside of the kernel.
2. Because of 1, you'll need to write a lot of glue code in C anyway. The marshalling/unmarshalling overhead probably means that you'd end up writing more C code than you would anyway.
3. Kernel code isn't the kind of code that Haskell is good at, anyway. The only algorithm of any complexity will be the scheduler, and that's not likely to be particularly problematic.
4. The runtime of Haskell (and other functional languages) is quite large, at least compared to a stripped-down C runtime. Thus you're expanding the quantity of code you need to include in the kernel, rather than decreasing it. As frequency of bugs is proportional to lines of code with relatively little difference between languages, you would expect this to increase the number of bugs in the kernel.
TCPA-like system (in the original intended way of protecting the user, not protecting from the user)
This was never the goal of TCPA. TCPA was always intended to allow anyone to tell exactly what software is running on a system and to have confidence in the result. This capability can be used for security (e.g. to check for presence of rootkits, keyloggers, etc.) or for DRM purposes (to ensure that drivers haven't been hacked to enable recording an output stream digitally), and both of these options have always been part of the plan.
Now, can a judge seal anything he/she wants? Or does something have to meet certain conditions? What sort of allegations in the plaintiff's motion might possibly result in this? Did the RIAA ask for it to be sealed?
AIUI, it has to be more important for the information to be sealed than it is that others have access. There's a presumption in favour of transparency, so there has to be a good reason. Protection of trade secrets is common, although RIAA have always been quite open about their business practices so I don't see what could qualify for that; protecting an ongoing (undercover) investigation is another possibility.
It's your use that's the issue, not the mere fact that Corbis sells a picture.
You missed my point. Linden Labs' use is analogous to Corbis's use. They're just selling the data that shows what it looks like, which is the same as selling a picture. It's their users that decide what to do with that data.
I'm still waiting on a decent search engine that supports perl regular expressions
You'll be waiting for a long time. It's impossible to index a database for matching via regex, therefore searches on such an engine would be inordinately expensive to process.
Copyrights were originally an arrangement to promote public works by letting the creators have a monoply of copy rights on their works for a period of time (20 years originally) before the works become public domain.
Not sure where you're getting your information from, but the original copyright period was 14 years, not 20. And they only applied to books.
As an aside: copyright celebrates its 300th birthday in just under a year's time. What are we going to do to mark the occasion?
Live? copyright already lasts for the author's entire lifetime, what's being discussed here is whether to continue protecting it for fifty or seventy years past that.
No it doesn't. That's only true in America.
Here in the EU, different types of copyright last different times. The current rules for sound recordings are 50 years from date of first publication, hence recordings like the original version of Cliff Richard's "Move It" have already become public domain here (although copyright still persists in the song itself, so you still need to pay Performing Rights Society if you want to perform it in public).
Trademark scope is narrowly defined and may not be recognised in a virtual world...
Forget for a moment the entire virtual world aspect of this, as its legal ramifications are (at present) totally unknown.
Ignoring that, what we have is a company (Linden Labs) selling data which when loaded into software that runs on client PCs causes that screen to display an image of something that looks like one of Taser's products. When selling this data, they are explicitly stating that it is modelled on one of Taser's products.
Frankly, I don't see the difference here to somebody selling a stock photo of one of Taser's products, for example. What Corbis are selling in that link has no significant differences that I can see from what Linden are selling. Except that Corbis's looks better, while Linden's is more useful because you can view it from any angle.
Bubbles bursting don't have to cause a wider crises, and I'd argue that they ususally don't. Markets seem to almost continuously pick some sector to overvalue, at the expense of the now-unfashionable previously-overvalued sector. The damage is usually limited to those who fell for it.
No, the problem here though is that _everything_ became overvalued and remained overvalued for a long period.
Taleb has a bit of the stopped clock quality about him. Anyone saying "bad things will happen" is bound to be right sooner or later.
Well, yes. But Taleb wasn't just saying bad things would happen. He was saying that when they did happen, people who thought they were prepared for bad things would find out that they weren't. He was saying risk analysis doesn't work, and that a lot of people were putting too much faith in it.
Our current financial problems are caused by: [...]
You missed the big one: that when something is overvalued, its price tends (in the long run) to correct back down to being undervalued before rising again to somewhere in the region of the correct price, and that these over/underestimates of correct value are cyclic and unavoidable, because they are essentially part of human nature. And that the upshot of the 1990s and early 2000s is that both the housing market and the stock market became a long way overvalued.
OK, so that's a contentious theory that many economists dismiss out-of-hand, but you have to admit it has a certain appeal in explaining the current situation.
This was before LILO, so booting off the hard drive was not supported.
You don't need LILO to boot off hard drive. Here's how you make it work: create a small partition, and dd your kernel image onto it. Use the standard tools (I forget what they were called, but you used 'em when you were making boot floppies to customize the kernel command line) to point it at your root partition. fdisk to make the kernel partition bootable. Should work identically to a boot floppy, only without needing the floppy.
My first *nix shell experience wasn't with Linux at all, but SunOS. First day at university, and I had received no instruction on how to use Unix at all, had read no books on it, had never even heard anyone _talking_ about it. All I had was a sign on the wall telling me how to sign up for a new account and log in.
So, I finally get to a shell prompt. And the only relevant experience I have is from using either CP/M and/or DOS. So there I am:
$ help help: command not found $ commands commands: command not found $ what the fuck? what: command not found
So I start peering around the room. Guy behind me is also doing this. Sneaky look... hmmm... "ls" seems to do things. Try it. It works. So there I am. Only damned command I know is "ls". I know from somewhere that this system uses forward slashes to separate directories, so "ls/". "ls/bin". Start trying random programs in there. So I find 'man' by experimentation. Things start to get easier.
This rather peculiar way of learning Unix shell probably had the bizarrest of influences on my habits. For example, for e-mail I used 'elm', despite 'pine' being way more popular at the time. Why? It was earlier in the alphabet, so I tried it first. I used 'rn' for months before I found 'trn'.
It seems to me that if you can design an algorithm to verify how humans interact with a computer, it should be relatively trivial to engineer an algorithm that mimics this interaction?
Maybe someone smarter than I could clarify?
Sometimes it's easier to write an algorithm that checks that something is correct than to generate that something in the first place. An example: if you have a public key, checking a message is signed with it is fairly easy; signing a message with it is hard, because it requires you to factor the key.
I see no evidence that "human behaviour" is such an algorithm. It might be, but we're way too far off understanding it to be able to make any sensible guesses in this field.
A simplified approach is doomed to failure; simplified human behaviour is much more likely to behave like you suggest than like public keys, I think. Also, because different people interact with their browser in different ways, how do you cope with that? I tend to navigate via keyboard, so would the script reject me because I tabbed to the form field (thus jumping directly to it) rather than scrolling circuitously to reach it? I also make far fewer typos than average and type faster than the average user, so is this going to count against me?
IANAL but, as I understand it, if Wikipedia are too free and easy about defending their trademark they won't have a leg to stand on when "Wikipedia Britannica" or "Microsoft Wikipedia" appear.
As I understand it, whether a trademark can be protected is decided on a per-market-segment basis.
Therefore, if Wikimedia don't defend their trademark in this case, then in future they run the risk that they won't be able to defend it against other art projects. I don't see how this is a particularly bad outcome for them.
What they do have to clamp down on is anyone selling encyclopediae with their name. I'd extend that to any form of reference book, web site, or other media, so that nobody can release (e.g.) the "wikipedia dictionary" and get away with it.
Yet the Wikipedia didn't bat an eyelash when Jimbo started Wikia using 'wiki' in the name. Double standard.
In case you didn't know, "wiki" is a word that wikipedia borrowed from elsewhere, i.e. "WikiWikiWeb", aka "WardsWiki", which is available at http://c2.com/cgi-bin/wiki.pl . So no, this isn't a double standard.
Besides, there are no rules against the same organisation using the same trademark in two different ways, so even if the word "wiki" was a Wikimedia invention, it wouldn't be a problem that they operated two different sites that had it in their names.
Why is this insightful? This is a problem that can be exploited through a hosted VM!
[citation needed]
It doesn't say this in the linked article. Looking at the source code for the exploit, I see no way it could work:
* First of all, it needs to be able to map virtual to real addresses; this is extremely difficult in a VM. * Secondly, it writes to MTRRs. This is a virtualized operation that is handled by the hypervisor. I see no reason to believe the hypervisor would have the same bug as Intel CPUs in this regard.
Replacing the kernel tends to trigger systems designed to catch intrusions, as it's painfully obvious
Not if your modified kernel redirects requests to a copy of the old kernel whenever an application tries to probe it. OK, this can be detected by booting from a LiveCD to run a scan, but how many people do that on a regular basis?
Come to think of it, what proportion of Linux users regularly run any kind of rootkit detection system? I'll bet it's _significantly_ lower than the proportion of Windows users who do the same, which is worrying, as we are in fact just as vulnerable.
Slashdot Mirror
What I fail to understand is why anyone worth a damn would keep playing a game that openly allows buying their way to the top
Because the point of a game is to have fun. It isn't a competitive sport, so why should it matter that another player you're playing with has circumvented the lower levels of the game by buying a powerful weapon that made them easier to complete? Why would you care that another player didn't start with a first level character but bought a reasonably well-developed tenth level character instead?
Keeping a game fun for all players is a tough problem. Make it too easy, and it becomes no fun for the serious gamer. Make it too hard and it becomes no fun for the casual gamer. RMT allows those willing to spend money on the problem to make the game easier for themselves, if they want to. This way, a group of people who would find the game too hard can push the difficulty back a little. It keeps the game interesting for a wider variety of players.
I mean no offense, however if one can't do it in 5 mins with with an off-the-shelf SQL database, doesn't mean no one can do it :).
When I say you can't do it, I mean [I believe] it's theoretically impossible. Unless I'm very much mistaken, there's no way of telling whether an arbitrary regexp matches a particular string without matching it, which means reading the string from the database and running it. Every string on the database.
For _some_ regexps you can accelerate this (by matching substrings that are required to be present from an index as a prefilter), and I strongly suspect this is what google are doing. But still, some requests they will have to match every string in their database against. And while the prefilter helps, the complexity is still O(n) on the number of database items to search against. They can do this for code search because their code database is relatively small (probably 1000000 documents) and the number of regexp searches they receive is probably quite small. OTOH, their web database is hundreds of thousands times larger, and probably receives millions of times more requests over any period of time.
Maybe I'm just a bit nostalgic but why isn't it mentioned that a early version of Minix* inspired Linux*?
Because, judging by the phrasing of the summary, the contributor had never heard of Minix before. Which must be some kind of sign about how far from our roots we've grown.
Your suggestion sounds strikingly similar to capabilities, which were implemented in a number of machines in the 1970s, e.g. Cambridge CAP.
The reason microkernels have always been relegated to second-best is that they require more context switching than a regular monolithic kernel. The tradeoff between "fast enough" and "reliable enough" has for some time now favoured "fast enough". But that's changing -- people's computers are getting plenty fast.
Not to mention the other current hot topic in OS research, which is language-based protection (e.g. Microsoft Singularity). Such systems (almost) completely remove the context switching overhead, because they run all processes in the same address space at top processor privelege level. Thus the penalty for being a microkernel is completely removed.
(Of course the penalty for being a typesafe language, and thus requiring automatic memory management, is added. But more and more software is written in such languages now anyway, so the penalty may be mostly illusory.)
If you want to do it right, why not program it in Haskell in the first place.
Four reasons:
1. Haskell has no facilities for handling untyped blocks of memory, or for manipulating data structures with a specified memory layout. How can I do something like "*((char *)0xB8000) = 'H';"? Or check to see if the 3rd bit of the fourth byte of some data structure is set? Or read the word after the current function's return address on the stack? This kind of operation makes up the majority of what an OS kernel does, particularly microkernels (like Minix) where stuff like TCP/IP is implemented outside of the kernel.
2. Because of 1, you'll need to write a lot of glue code in C anyway. The marshalling/unmarshalling overhead probably means that you'd end up writing more C code than you would anyway.
3. Kernel code isn't the kind of code that Haskell is good at, anyway. The only algorithm of any complexity will be the scheduler, and that's not likely to be particularly problematic.
4. The runtime of Haskell (and other functional languages) is quite large, at least compared to a stripped-down C runtime. Thus you're expanding the quantity of code you need to include in the kernel, rather than decreasing it. As frequency of bugs is proportional to lines of code with relatively little difference between languages, you would expect this to increase the number of bugs in the kernel.
TCPA-like system (in the original intended way of protecting the user, not protecting from the user)
This was never the goal of TCPA. TCPA was always intended to allow anyone to tell exactly what software is running on a system and to have confidence in the result. This capability can be used for security (e.g. to check for presence of rootkits, keyloggers, etc.) or for DRM purposes (to ensure that drivers haven't been hacked to enable recording an output stream digitally), and both of these options have always been part of the plan.
Now, can a judge seal anything he/she wants? Or does something have to meet certain conditions? What sort of allegations in the plaintiff's motion might possibly result in this? Did the RIAA ask for it to be sealed?
AIUI, it has to be more important for the information to be sealed than it is that others have access. There's a presumption in favour of transparency, so there has to be a good reason. Protection of trade secrets is common, although RIAA have always been quite open about their business practices so I don't see what could qualify for that; protecting an ongoing (undercover) investigation is another possibility.
It's your use that's the issue, not the mere fact that Corbis sells a picture.
You missed my point. Linden Labs' use is analogous to Corbis's use. They're just selling the data that shows what it looks like, which is the same as selling a picture. It's their users that decide what to do with that data.
I'm still waiting on a decent search engine that supports perl regular expressions
You'll be waiting for a long time. It's impossible to index a database for matching via regex, therefore searches on such an engine would be inordinately expensive to process.
Copyrights were originally an arrangement to promote public works by letting the creators have a monoply of copy rights on their works for a period of time (20 years originally) before the works become public domain.
Not sure where you're getting your information from, but the original copyright period was 14 years, not 20. And they only applied to books.
As an aside: copyright celebrates its 300th birthday in just under a year's time. What are we going to do to mark the occasion?
Live? copyright already lasts for the author's entire lifetime, what's being discussed here is whether to continue protecting it for fifty or seventy years past that.
No it doesn't. That's only true in America.
Here in the EU, different types of copyright last different times. The current rules for sound recordings are 50 years from date of first publication, hence recordings like the original version of Cliff Richard's "Move It" have already become public domain here (although copyright still persists in the song itself, so you still need to pay Performing Rights Society if you want to perform it in public).
Trademark scope is narrowly defined and may not be recognised in a virtual world...
Forget for a moment the entire virtual world aspect of this, as its legal ramifications are (at present) totally unknown.
Ignoring that, what we have is a company (Linden Labs) selling data which when loaded into software that runs on client PCs causes that screen to display an image of something that looks like one of Taser's products. When selling this data, they are explicitly stating that it is modelled on one of Taser's products.
Frankly, I don't see the difference here to somebody selling a stock photo of one of Taser's products, for example. What Corbis are selling in that link has no significant differences that I can see from what Linden are selling. Except that Corbis's looks better, while Linden's is more useful because you can view it from any angle.
Bubbles bursting don't have to cause a wider crises, and I'd argue that they ususally don't. Markets seem to almost continuously pick some sector to overvalue, at the expense of the now-unfashionable previously-overvalued sector. The damage is usually limited to those who fell for it.
No, the problem here though is that _everything_ became overvalued and remained overvalued for a long period.
Taleb has a bit of the stopped clock quality about him. Anyone saying "bad things will happen" is bound to be right sooner or later.
Well, yes. But Taleb wasn't just saying bad things would happen. He was saying that when they did happen, people who thought they were prepared for bad things would find out that they weren't. He was saying risk analysis doesn't work, and that a lot of people were putting too much faith in it.
Our current financial problems are caused by: [...]
You missed the big one: that when something is overvalued, its price tends (in the long run) to correct back down to being undervalued before rising again to somewhere in the region of the correct price, and that these over/underestimates of correct value are cyclic and unavoidable, because they are essentially part of human nature. And that the upshot of the 1990s and early 2000s is that both the housing market and the stock market became a long way overvalued.
OK, so that's a contentious theory that many economists dismiss out-of-hand, but you have to admit it has a certain appeal in explaining the current situation.
This was before LILO, so booting off the hard drive was not supported.
You don't need LILO to boot off hard drive. Here's how you make it work: create a small partition, and dd your kernel image onto it. Use the standard tools (I forget what they were called, but you used 'em when you were making boot floppies to customize the kernel command line) to point it at your root partition. fdisk to make the kernel partition bootable. Should work identically to a boot floppy, only without needing the floppy.
Of course, dual booting might be an issue...
But the first thing I typed into the shell was:
man woman
Then I giggled.
My first *nix shell experience wasn't with Linux at all, but SunOS. First day at university, and I had received no instruction on how to use Unix at all, had read no books on it, had never even heard anyone _talking_ about it. All I had was a sign on the wall telling me how to sign up for a new account and log in.
So, I finally get to a shell prompt. And the only relevant experience I have is from using either CP/M and/or DOS. So there I am:
$ help
help: command not found
$ commands
commands: command not found
$ what the fuck?
what: command not found
So I start peering around the room. Guy behind me is also doing this. Sneaky look... hmmm... "ls" seems to do things. Try it. It works. So there I am. Only damned command I know is "ls". I know from somewhere that this system uses forward slashes to separate directories, so "ls /". "ls /bin". Start trying random programs in there. So I find 'man' by experimentation. Things start to get easier.
This rather peculiar way of learning Unix shell probably had the bizarrest of influences on my habits. For example, for e-mail I used 'elm', despite 'pine' being way more popular at the time. Why? It was earlier in the alphabet, so I tried it first. I used 'rn' for months before I found 'trn'.
Sometimes it's easier to write an algorithm that checks that something is correct than to generate that something in the first place. An example: if you have a public key, checking a message is signed with it is fairly easy; signing a message with it is hard, because it requires you to factor the key.
I see no evidence that "human behaviour" is such an algorithm. It might be, but we're way too far off understanding it to be able to make any sensible guesses in this field.
A simplified approach is doomed to failure; simplified human behaviour is much more likely to behave like you suggest than like public keys, I think. Also, because different people interact with their browser in different ways, how do you cope with that? I tend to navigate via keyboard, so would the script reject me because I tabbed to the form field (thus jumping directly to it) rather than scrolling circuitously to reach it? I also make far fewer typos than average and type faster than the average user, so is this going to count against me?
IANAL but, as I understand it, if Wikipedia are too free and easy about defending their trademark they won't have a leg to stand on when "Wikipedia Britannica" or "Microsoft Wikipedia" appear.
As I understand it, whether a trademark can be protected is decided on a per-market-segment basis.
Therefore, if Wikimedia don't defend their trademark in this case, then in future they run the risk that they won't be able to defend it against other art projects. I don't see how this is a particularly bad outcome for them.
What they do have to clamp down on is anyone selling encyclopediae with their name. I'd extend that to any form of reference book, web site, or other media, so that nobody can release (e.g.) the "wikipedia dictionary" and get away with it.
Yet the Wikipedia didn't bat an eyelash when Jimbo started Wikia using 'wiki' in the name. Double standard.
In case you didn't know, "wiki" is a word that wikipedia borrowed from elsewhere, i.e. "WikiWikiWeb", aka "WardsWiki", which is available at http://c2.com/cgi-bin/wiki.pl . So no, this isn't a double standard.
Besides, there are no rules against the same organisation using the same trademark in two different ways, so even if the word "wiki" was a Wikimedia invention, it wouldn't be a problem that they operated two different sites that had it in their names.
That's the International Manufacturing Centre (not "Innovative", and doesn't have "Research" in its name), which is at the University of Warwick (not -s, which would be an abbreviation of Warwickshire).
Why is this insightful? This is a problem that can be exploited through a hosted VM!
[citation needed]
It doesn't say this in the linked article. Looking at the source code for the exploit, I see no way it could work:
* First of all, it needs to be able to map virtual to real addresses; this is extremely difficult in a VM.
* Secondly, it writes to MTRRs. This is a virtualized operation that is handled by the hypervisor. I see no reason to believe the hypervisor would have the same bug as Intel CPUs in this regard.
I wonder if this hole has implications for Amazon's EC2 servers.
IIRC, when I played with EC2 a few months ago the servers I got were Opterons. This problem seems to only affect Intel machines.
Replacing the kernel tends to trigger systems designed to catch intrusions, as it's painfully obvious
Not if your modified kernel redirects requests to a copy of the old kernel whenever an application tries to probe it. OK, this can be detected by booting from a LiveCD to run a scan, but how many people do that on a regular basis?
Come to think of it, what proportion of Linux users regularly run any kind of rootkit detection system? I'll bet it's _significantly_ lower than the proportion of Windows users who do the same, which is worrying, as we are in fact just as vulnerable.
You're 2/2. Where are my bloody mod points when I need them...
I have to say, this is the first time I've ever seen a "why don't I have mod points?" post modded +5 funny.
Why don't _I_ have mod points?
(Oh, yeah, that'd be something to do with modding an editor offtopic.)