When people start using anything other than a PC to access the web, I'll start believing that the age of the PC has come to an end.
WebTV and the Palm Pilot(which doesn't even espouse to replace your computer!) do not a new PC-era make. What are the churn rates on WebTV, incidentally?
The fact that "x86 compatible" was repeated around 30 times by Transmeta's Ditzel should be noted.
Yours Truly,
Dan "My Brain Is Not Yet x86 Compatible" Kaminsky DoxPara Research http://www.doxpara.com
Using a gas to expand a solid such that surface area and pressurization meet certain criteria isn't a particularly ridiculous or childish notion. Those car tires you're driving on ain't exactly solid material!
The great thing about inflating something is that, until it's necessary, it can be almost invisible. Many materials can be inflated to many times their compressed size, and still maintain properties that a given situation requires. The fact that their expansion involves temporary forces that would be impossible to deliver under any predeployed material can be quite a blessing as well.
I always thought it'd be fascinating to have shipping material that operated is miniature airbags...whenever an excess shock was registered, the peanuts would pop and grow, absorbing the shockwave.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Apart from these, there are cultural reasons that make Linux attractive. The existing user interface paradigm of files and folders evolved because computers were essentially designed for a western audience familiar with real-life files and folders. There is no reason to assume why the same paradigm should apply to a trader in Tamil Nadu or a farmer in Madhya Pradesh.
Interesting that the author brings this up. I was recently reading about a very specific form of brain damage, caused by an operation to remove a tumor from the brain. A very small but highly focused amount of damage was done to a patient's language system:
He could name people. He could name objects. He could name cities.
He couldn't name a living animal. He would consistently mix up dog, cat, and any other term belonging to the family of "living animal".
If there's one thing linguists have found, it's that the core roots of language are not cultural--they're genetic. The base objects of communications--nouns, verbs, and so on--are by no means the only theoretical communication paradigms, but they're shared by every non-artificial human language.
You might wonder why I bring this up: In designing a method for interacting between a human and a computer, the properties of language are indeed important for establishing relationships. While there may not be literal files and literal folders in Indian culture, the concept of items existing within the branches of a tree is engrained deep within the structure of the human brain.
Now, "File" and "Folder" themselves are western analogies, to be sure. But there's a difference between recontextualizing an idiom and dismissing a natural paradigm.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
If they are dead set against allocating more funds for the NSA, stunts like these won't help them.
Who said they are dead set? The general theme as it appears to me is that the NSA is looking invincible and more powerful than any other agency in the entire US Government. Remember, we're talking about guys who used attorney-client priveledge against the senate as a stonewalling measure!
This is to make them seem weaker, less invincible, more fallible...not to anyone overseas, who still can't assume the NSA won't be able to crack something, but locally, so that the won't ever not be able to crack something.
That's the idea, at least.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The NSA is all about controlled image. Most government agencies are--I've heard some rather interesting stories of military coverups--but the NSA is particularly secretive.
You don't get referred to as No Such Agency for no reason;-)
If the NSA is making this announcement, it's because A) They're making a statement about the difficult situation that export regulations are going to put them in(remember--they're the ones who get the flack when they're given an uncrackable signal) and B) They want more money, or at least their existing funds not to go away. As long as their situation is inadequate, all those "one time upgrade" budget justifications can survive. As soon as they appear in full working order, it's cool to take a few points off the top from them.
Ah, the machinations of government...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
As I'm sure you're aware, your school sells books.
As I'm also sure you're aware, so do alot of other places on the Internet.
Now, however much students spend on average on phone service, I *promise* you it pales to the sheer amount of cash that flows through your campus bookstore. I also promise you that there are more than a few nervous staff members who are hearing the ads proclaiming lower prices, better service, and higher availability.
Guess who they're coming to, Mr. Duckenfield?
As long as you're blocking sites, you might as well eliminate bigwords.com, ecampus.com, varsitybooks.com, and (horrors!) textbooks.com. Maybe even throw Amazon into the fray--why not? It's your net to do with as you see fit, right?
Oh. I forgot. Your department doesn't sell books. Your school does, but your personal budget doesn't depend on the sale of those books. So who cares if some other department loses out...but as soon as some as of yet non-serious threat to your income opens up, that's something completely different, I suppose?
Since you're a college, you likely have a contract with Coca Cola. Your school saves alot of money by having that contract, which specifically prohibits Pepsi products on campus. I'd say a Pepsi web page is a Pepsi product, no? Poof, off they go. Wouldn't want to lose that contract.
You see, Mr. Duckenfield, there's a concept out there called Content Neutrality. As long as you don't modify or inhibit the data stream along the lines of *what*'s going over them, you're free to forward whatever is handed to you.
However, once you claim the role of gatekeeper, particularly gatekeeper to your captive fiefdom(where apparently people call collect to save money!), you claim the ability, the responsibility, and the liability to evaluate and handle any traffic which flows over those lines.
Better catalog every service your school provides, because apparently you can't handle the competition--not even a little.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
P.S. Yes, this is my second post on the topic. So sue me;-)
I wish to express my extreme gratitude for your efforts in proving why there needs to be an enforced separation between the lines that deliver internet service to the home and the actual service that is delivered over those lines.
As we watch the market for Internet access dwindle down to only a handful of viable ISPs, your intrusive behavior into the internet usage of your captive audience of students will be a model studied for years to come. Your excuses, your justifications, and your rationalizations for interfering with the free flow of information to those whose pipes you have the technological ability to control will reverberate loudly as large scale ISPs seek to find just how many of their competitor's web sites they can "devaluate" by banning them, slowing them, or just plain redirected them elsewhere...and the fact that you're suppressing a problem that has not occurred yet will be brought up many a time by those who *will* eventually bring the pain of regulation upon you.
As large ISPs make faustian pacts to achieve affordable access to DSL and Cable systems in the face of the end of AOL's Freed Access crusade(they'd rather merge than give tiny ISPs the chance to serve customers that are "rightfully theirs"), the small ISPs who lack conflicts of interest and seek more to provide internet access than restrict, track, and "captively synergize" it will be shaken out. And in their dying breaths, Mr. Duckenfield, your name will come up.
Rather than providing better service, with a flip of a firewall rule, you provided the only serice. Rather than meeting the needs of the students, you made the students meet the needs of you. Rather than trust your product, you chose to trust your monopoly powers.
You won't be alone. There will be scandals upon scandals--maybe AT&T will be found looking at the logs for *@Home to determine what online services MCI and Sprint customers use most. Perhaps we'll start to see exclusivity agreements, where companies will pay to have exclusive access to any customer's high speed networking line--wanted to go to Yahoo? Sorry, we don't serve that, but Lycos is just as good!
After all, when you don't need to worry about your customers having anywhere else to go, you can do whatever the hell you like. That's what you're doing with your students, and that's what more than a few big business, check your ethics at the door types are planning.
What saddens me, Mr. Duckenfield, is that there was supposed to be a higher standard that educational institutions were held to. Perhaps we should fear the next generation of business school students out of Clemson. A school that's working towards The Depublished Internet Regime(where content deemed dangerously competitive is instantly depublished without any feasable alternative access) is not a school whose graduates I suppose I can trust.
So! Have you started blocking 1-800-Collect yet? Oh wait, I suppose that might actually be illegal...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
It should be obvious why anyone overseals documents--say you don't want 100 documents from being released. Rather than seal those 100--and thus making obvious which ones *you* consider the most damaging, seal 2000. If you lose the case, and all the documents need to be unsealed, you haven't told the press or your enemies which 100 to look into for damaging information. You prevent leakage of information by hiding content in plain sight.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Dan, What are you doing up at 5:30 AM reading slashdot? Do you ever sleep?
Do you know me personally?
Ahahha, I *arrived* at work at 9:00PM. I've been trying desperately to keep my mind focused on this major project I've been hacking on forever. Stilllllll goin...
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Of course, you're forgetting that polls are heavily influenced simply by the way their questions are worded, and that a good pollster can make the results say virtually anything based on this fact. One must find truly impartial people to develop polls in order for them to have any worth...
Bottom line: Most of the establishment of this country wanted to see Clinton burn, but half of population of this country has divorced their spouses while the other half is either too young to screw or old enough to cheat.
It doesn't matter how you twisted the polls--the support just wasn't there. Period. Polls can be twisted, but at some level people in high levels of power actually have an accurate picture of what the populace wants and what the populace can be made--through twisting the words--to want.
I'm not saying that the effect of this has been necessarily positive, only that it is likely far more pervasively influential than anyone has really imagined.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Or more to the point, it's almost certainly what the judge is going to do.
No. It's what the judge should do, unless the judge wishes to change his mind on the entire matter and decide that the trade secret is too widely disseminated and too innocently added into the court record to be anything *but* public knowledge.
There's certainly an argument to make in that regard, but I'll be blunt: I don't think it's worth making. I'd rather beat these guys once than face stream after stream of legal harassment, only to weasel out at great expense and useless precedent.
Your Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
There is no reason to be craven about this. We don't need to argue that it might not have come from Xing, we don't need to argue that an accident in court suddenly invalidates a trade secret, we don't need to rely on cheap tricks to get our way.
It's called the Moral High Ground, folks.
Yes, the code is everywhere on the 'net. Stop for a moment and realize that this isn't a magic talisman. A horde of thieves is still composed of thieves, and that's all we're saying by saying we've all got it and you can't stop us.
But guess what, folks. We ain't thieves. Lets not fall into their trap.
(Yes, this post is conspicuously absent of my defense of DeCSS, mainly because I want to finish my main paper on the topic and release all at once. Email me if you believe in the spirit of the law, because believe me, in the end it's going to be the spirit more than the letter that will carry the day.)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
In all the analogies to the magic and the mysteries and the amazing and crazy possibilities brought by the net, I'm struck by the most obvious parallel in recent history that's conspicuously but silently been removed from the public consciousness.
Plastics.
C'mon, people. The ability to generate arbitrarily shaped substanced with (seemingly) arbitrary properties changed the shape of *everything*, from medicine to packaging to war.
The net's exciting, but imagine touching something that literally just couldn't have existed.
I find it extraordinarily interesting that nobody compares the historical excitement over plastic products has never been linked to the present Net crazes. Last I checked, of course, the Dow just had the last of the great plastic giants summarily removed in favor of some tech company(Was it Intel?). And you wonder why the Dow is raging...
That might just have something to do with it. Someone who was actually around when plastics were really huge would be really nice to reply right about now.
As for some unlikely but interesting choices...lets go beyond mass communications for a second and look at Instapolling. The effects of immediate, semi(or pseudo) unfiltered feedback has *got* to be powerful. Suddenly "the public" no longer thought whatever major newspapers reported. "The public" now thought what major newspapers asked...and what the party asked...and what the other party asked...and ya know what? Somewhere in that mass was an actual democratically representative opinion.
Representation was invented because the public was considered too unweildy to come to quick decisions. Pollsters have changed that, and it's very likely that much of their influence is utterly invisible--and would make great reading.
Something to think about.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
In what's sure to make Ye Olde Taco throw down his hands with grief(lets not even talk about Neal and Pat, whose entire faces are only moments away from contorting into paryoxysms of fear, rage, and inevitability)...
Next up is the SlashDistro.
Maybe it'll be Mandrake, maybe it'll be Redhat, maybe it'll be the next jaw dropping creation from a couple of sixteen year olds, but we're going to see something you slap onto a spare server that gives you your own personal Slashdot, preinstalled.
You *know* it's coming to ISPs. You *know* "personal slashdots" are coming, at minimum, to dedicated Colos, and soon, everything from Geocities to whatever.
There have been other works of Weblog sites and software, but nothing as feature complete as Slash. The cost of eyeballs just went up--thanks, guys!
Homestead's already done some stuff with integrating Palmpilots and personal web pages. The most interesting stuff I see is a total integration of the wireless experience with a the online log.
The diary strikes back.
Then again, there's nothing sadder than an empty comment field...look for the first major mod to the Slash code is topic-level threading instead of story level.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
There's no problems or issues with remotely using the advanced HP printer functionality embedded within their windows drivers. Their printer drivers can occasionally be...ahhh, ornery to install(to say the least), but they *do* distribute packages pretty much ready to be remotely installed via Samba.
I'm not just speaking from my own personal usage--my "mere" Pentium 120 w/ 64MB of EDO SIMMs managed to serve the print needs of between 280 and 500 students distributed among about a dozen dorms across campus using Samba and the Caldera Openlinux Novell code.
The server never even broke a sweat. I pretty much only had one chronic outage, and that was because of a rather nasty bug in Windows' TCP/IP stack. But heh, at least I got to discover it.:-)
The press release is pretty short on facts, but I'd *guess* the following functionality is being worked on:
A) Bidirectional Status Updates. As far as I know, Samba can't reflect back complex or custom status messages from the printer to the user.
B) Document Titles. Samba doesn't know how to extract from Windows the title name of a print job--a common solution is to force Postscript prints and then extract the job title from the PS header, but that's not particularly the "correct" solution, particularly for a company like HP which has quite an investment in this little language called PCL...
C) Database hooks. My print system had a rather extensive logging system, but it just output to plaintext. Samba's internal logs are all debug oriented. I wouldn't be surprised to see an "enterprise-class project" involving Samba to dump its logs straight into a SQL database.
D) Enterprise-scale configuration managers. SWAT's good for what it is, but HP's golden cow is its laser printers and what they can do for businesses. If they're going into this, corps are saying that they want to follow Cisco's(ObPlug) lead and base their printing architectures around Linux and Samba. If HP wants to remain able to sell a competitive print management solution in that kind of market, contributing to Samba is an obvious move.
E) Linux drivers. There are lots of features which don't exist on the Linux side which are standard on Windows. HP can simplify the installation and improve the feature-completeness of their printers for Linux clients, as well as allow IT staffs to implement high end filtering systems(i.e. force all prints to possess a confidentiality watermark) for their printers.
Congrats to VA Linux, btw! We owe someone there some serious thanks. HP on board should be interesting.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
... it was John Carmack's low level pipeline optimizations and hyperusage of the floating point capabilities of the Pentium architecture... I was under the impression that this was Michael Abrash's area of expertise...
*Slap* Totally forgot about Abrash. My apologies.
Nonetheless, I seem to remember Carmack being quite talkative about making sure both pipelines in the Pentium were processing *something* at any given time. I remember seeing some of Intel's tools for pipeline analysis at Software Development '97 and going "Damnit, iD did this stuff *by hand*".
Anyone remember exactly how the programmatic load was distributed at iD? Abrash deserves his due:-)
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Well, you just answered my unspoken question of "Man, I wonder how much of a pain in the ass is it when after twenty something years of learning you're still asked questions about some thing that you've had since before you were born."
Now I know:-)
QOTD: "Isn't it ironic they ask a Playmate to describe Linux? And they ask a female coder "how is it like to be a woman"?
A couple (real) questions sprung to mind, incidentally:
compiler internally generating and maintaining a virtual table of a lot of NULLs
Could you elaborate a bit more on why architectures involving derived classes create wasteful indexes of information? I'm unfamiliar with compiler design, and am curious where this generation comes from.
But then any subclassed class, which becomes someone else's base class, becomes less modifyable. Thus, in a way, a base-d class loses power.
Basically, an object in such a class is constrained by the "contractual expectations" embedded within the parent class. There are certain properties/functions which the class is expected to support, and failure will ensue if such functionality is not implemented.
But does this burden disappear at all when the coder must explicitly know to provide a predefined degree of functionality? Doesn't having a base class enforce a minimum degree of functionality on derived classes, thus preventing situations where the programmer forgets to add some property and chaos ensues?
It is more difficult to document and comprehend such a deep weaving web.
So what can be done to make deep weaving webs more understandable? I did some experimentation with the autodocumentation system Genitor a while back, but what have you seen, either implemented or theoretical, that would make deep webs feasable for human comprehension?
That, of course, leads into a more disturbing concept: Could the human ability to comprehend complex logical relationships be considered a bottleneck that needs to be progressively abstracted as time goes on? Could this pose serious problems for software and hardware design as time progresses? Does it already?
Just interested in what you think.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
And to think. With but a line in a contract, this is the kind of individual creativity that the software industry would seek to suppress.
Yes, this is hardware, so yes, this guy can do whatever he pleases with it once he owns it. I think the world's a better place because of it--the ingenious and polished nature of this design will hopefully inspire new and fascinating ideas from case designers.
Once you accept the value from such individual achievement in hardware, it is impossible to claim it disappears in software, in music, or even in a DVD video.
And once you allow the right to modify and create anew to slip to a simple stroke of seven point text, you doom everyone to nothing more than derivative boredom.
There's more to the DVD case than technicalities. The sheer beauty of this Palm Pilot is but a whisper of the possibilities.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
There's an interesting aspect of openness going on here: Education, and a slow but steady ramping up of the "coolness" of highly technical skills.
Medicine is cool because you can save lives. Acting is cool because lots of people enjoy your work. Programming, over time, will become more and more cachet as A) It remains difficult to master but simple to begin(something neither medicine nor acting can ever approach), B) Budding programmers realize the value of an audience interested in what they personally have to say, to teach, and to create, and C) The end result is frantic appreciation from either businesses(Linux developers) or the 14-30 gaming crowd(Game programmers).
Appreciation is a good thing.
About Sweeney's paper(truly excellent, incidentally), a couple things come to mind. He talks about the concept that "C=A+B" should be equivalent to C[n]=A[n]+B[n] -- in other words, take the first value of the A array, add it to the first value of the B array, and then put that in the first element of the C array. After all, that's what C=A+B obviously means, right?
I don't know about that. Perl thinks C=A+B would expand to "C is the A list with the B list tacked on at the end". The add is one dimensional, not two dimensional--the two lists are glued together, not mixed into a sum. I think that's rather logical.
And what of another perfectly logical explanation? Maybe C is meant to be a single integer. Now you take all the ints in A, and all the ints in B, add 'em all up, and put 'em in that C value.
Perhaps we need more punctuation, more symbols to describe the differences--we could have +, ++, +-+, +++ATH...that's the solution Perl found, and it's Perl's biggest albatross--too much dense punctuation.
Perl without Punctuation is like Programming Without Caffeine.
Of course, as long as you know there's something you don't understand, you can look it up. But if you think you know what C=A+B is "obviously" doing, when in reality it's doing something completely and utterly different, you're going to have a much harder time debugging your code. Not knowing what's broken is possibly the single most expensive debugging scenario possible, by any measure.
Stop for a second and ponder the power of such a concept -- with about four lines of code, you've sub-classed a 150,000 line game engine and added a new feature that will propagate to several hundred classes in that framework.
This sounds really, really cool, but...
How predictable can a system where this occurs be? Would we map destinations of modified code? Don't you usually get problems when new features are bolted onto old architectures when really the old methods need to be wholly rewritten?
Of course, these are problems that have stricken *every* advance in language design...there's always the optimization that becomes impossible as you go up the ladder.
The most desirable approach is to have language-level security, where the compiler can usually tell you "that's not allowed" rather than determining security violations at runtime--that approach allows the maximum amount of optimization compared to the brute-force kernel transitions of operating system security.
Sweeney's awesome, and I respect him highly, but this is probably the biggest error of the entire piece.
Yes, it'd be nice to be notified *as the programmer* that your code violates a security constraint--in fact, it'd be beautiful, because then you'd have line-level notification of where your code is misbehaving in ways that would compromise the security of the host machine. (The concept of "Buffer Overflow Waiting To Happen on Line 12431" just appeals to me.) But, um, that presumes that the programmer doesn't *want* their to be a buffer overflow, or a kernel backdoor, or whatnot. Put all security in the compiler, and a malicious entity will simply compile the code on their compromised OS, move the binary over to a target machine, and grab themselves a rootshell.
Clearly, this isn't an optimal scenario.
Now, you do have situations like the JIT compilers for Java Bytecodes that go to some length to verify the validity of a bytecode before compiling it, and may(I'm not sure, and this probably varies by implementation) lock off entire branches of functionality through the compiler. But that's different--the code must pass through the compiler *on the host machine* to be converted to machine language. In effect, the end binary is a combined product of the bytecode and the host-controlled compiler. If the system designer wishes to have a userspace process handle extensive security analysis before passing a binary off to be executed, that's one thing. Trusting binaries from arbitrary compilers is quite another!!
And, it remains the unfortunate truth that there are more professional Cobol programmers than C programmers, more C++ programmers than Java programmers, and for many years there will be more Java programmers than there are followers of the successor language.
I've been thinking about this, and as languages have gotten "cooler", I think there's something to be said about a loss of stability. I don't think anybody is surprised if a COBOL based billing system doesn't go down for a year; I also doubt most people are surprised if a Java applet manages to trash their web browser within a period of minutes.
Something's wrong there.
Maybe the reason there are still COBOL programmers around is that few C, C++, or Java based systems could remain acceptably reliable after 25 years?
In terms of technological progress, we game developers are way more influential than most of us realize.
I noticed. I've been saying this for years: John Carmack is damn near personally responsible for Intel's dominance. Had Quake not been so perfectly tuned for Intel's Pentium processors--and thus so amazingly unoptimized for AMD's and Cyrix's competing x86 processors--Intel would have taken severe hits in either market share or year end profits over the last five years. For all the talk about the genius of Andy Grove--and don't get me wrong, I'd probably bungee jump off the Grand Canyon for a chance to have dinner with the man--it was John Carmack's low level pipeline optimizations and hyperusage of the floating point capabilities of the Pentium architecture that directed quite literally billions of dollars of purchasing decisions away from AMD and Cyrix into the waiting arms of Intel.
3Dfx's long term dominance in the 3D market was a similar scenario--the fact that Unreal hasn't played all that well on anything *but* a 3Dfx card until rather recently played no small part in their dominance.
game developers are in a unique position, by virtue of starting projects anew every 2-3 years, to "short circuit" the process and radically accelerate the adoption of cool new technology.
The best language in the world ain't going anywhere without top notch compilers that the gaming industry isn't going to write. This, more than anything else, is the biggest problem that game developers have if they want to choose new languages. A handful of games a while back were written in Java, using Asymmetrix's Java Flash Compiler(amazingly cool tech, really. You could recompile the code of a running app, and *it wouldn't stop running*. Then you could actually compile and release x86 binaries of your code. Never made it to Java 1.1 *siiiigh*)...none of 'em did all that well.
There's another issue to consider--game developers are truly writing less and less of the low level code. This is a good thing--who wants to write Yet Another Sound Mixing routine when you can just toss another wave at the sound device--but it does create some constraints against spawning new languages. It didn't used to be that hard to change languages--you were rewriting everything, after all. Now, you're talking about every single game shipping rife with dependancies on external sound libs, 3D rendering drivers, input systems, socket code...
Yes, there's always translation layers, but that kills half the gain.
Tim, if there's one question in this entire piece that I'd like you to reply to, it'd be this:
Network effects--the fact that a given standard gets exponentially more valuable as others share in that standard--have essentially locked TCP/IP as the internetworking protocol of choice for the foreseeable future, to the point where even upstart additions such as IPv6 and IPSec are finding acceptance to be a difficult task.
Could the same fate befall any new kinds of advanced programming languages, the identities of which were notably and painfully absent from your essay?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I don't use the word much, in fact, pretty much not at all.
But then I saw this quote:
McGrath responded to this scenario: a student uses a campus Internet connection to decide which political candidates to support. That person is misusing university equipment, she said, just as if she used her legislative office phone to make long-distance personal phone calls.
On the surface, this is just plain stupidity: She doesn't live in her office, whereas students live on campus. The fact that students--not just the state, but students are actually taking money and paying for housing gives them some modicum of personal privacy that you don't really get when you have a home you can go over to after you're done with work.
But this is something more.
Any politician that would intentionally attempt to quell political discourse on the basis of inappropriate usage of government resources deserves all the wrath that an educated populace can bring to bear. Beyond the sexism and agism--which in and of itself is grotesque beyond description--is the presumption that the ability to learn and understand the policies behind the hype is not a right but a priveledge; not even a duty as a concerned American but a hindrance upon its social stability.
Many have attacked the young as a means to win over the old; any damages that generational warfare might create are quelled by the fact that one wins more blocs from the old than even exist in the young. But this is beyond that. Every American, young and old, should look towards Mrs. McGrath as a symbol of total corruption--not from outside, mind you, but from deep within. For anyone who can believe that political discourse is something which much be controlled and quelled like just another hormonally induced phase has truly lost every last shred of respectability and honor as any kind of leader, and any lemmings that would accompany her sadly deserve whatever fate they may receive.
I will donate $20 to whoever runs against her in the next election.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
First off, I want to quote what is maybe the most succinct, beautiful, imaginative, and just plain f*cking accurate quote I've heard in a while. You'll know it when you see it:
"First off, it's plain unfair to merely release a game with the exact same engine. New graphics, new level maps, and new sounds do not constitute a sequel. Such a change should be labeled an expansion pack. If you think I'm lying about trying to do this, I'd like to relate a quote I heard at E3 a few years ago, "We used to call it, 'slapping new make-up on the whore and sending her back out.'"
Beautiful.
R.I.P brings up some very interesting points. The point that there's no real indie scene in the gaming industry however belies the fact that while there are in fact small development groups who come up with games, they're very, very often pretty awful...and when they're not awful, suddenly they're plucked from the indie scene and morphed into a GT or Microsoft product.
One of the nicer things about the Shareware scene--noticably absent from R.I.P.'s paper, but it's still in progress--was that small guys actually could make a living. iD and Apogee/Epic are probably the single best examples.
But, overall, you may wonder why I think the gaming industry is broken. See Messiah and Daikatana for that one. The only bright side is that Half Life was *also* horrifically delayed, but managed to far exceed expectations. That gives some hope. But overall...the complete inability to hype with any sense of reality is just disturbing and wrong, to the point where, even with my copious amounts of net addiction, I simply refuse to read gaming news anymore.
It's Just Not Worth It.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
The DVD CCA's argument has essentially become, had MS thought in advance to include but a single sentence in a license agreement, FreeDOS could have been supressed.
How do you feel about this, and what advantages do you feel society has a whole has received from the fruits of your reverse engineered labors? Similarly, what harms would we have as a society if you could never have rewritten DOS?
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
I refuse to believe that, in all the corruption and contacts and schmooze and links and interindustry operation and amazing stunts of marketing and demographic analysis and data mining and sheer goddamn chuztpah, anybody really thinks Steve Case is about to take over.
What part of Media Figurehead don't you understand?
Case pulled off AOL. Big deal. He may be about to get his name in the papers, but so what? Suddenly, the entire industry has an excuse to merge--and what's hilarious is, since this is Steve Case and AOL and The Flagship of the Tech Industry, the government's afraid to stop it because nobody wants to be the dipshit the burst the Great Internet Bubble.
Who needs trusts when you can just go ahead and merge?
Who needs real leaders when fake, impotent ones are much less scary to the general public?
Bill Gates embodied power. Power implies those he is able to hold power over. So all the evils of Microsoft had a face, a name, someone for the KMFMS folks to revile.
Steve Case is being portrayed as the ultimate schmuck. Some guy, suddenly the head of Time Warner. Awww, ain't that cute.
Do you really think that Time Warner is actually planning to be ruled by some guy who *gasp* started up some scrappy startup truly built out of *APPLELINK*, which somehow has been erased from the records of every single history I've seen?
Gimme a break. At bare minimum, they want to prevent the non-ignorable force that was AOL from giving all those annoying little guys who give unlimited, uncensored, and unfirewalled net access access to their precious cable network. AOL's calls for free access would have suceeded. Now that just AOL gets access(and maybe a few major ISPs like Earthlink and Mindspring who will just get bought out anyway), give it a few years, and global network service bans will be as simple as a word from...someone.
I promise you, it won't be Case.
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Here we have a government organization that recognizes its present limitations and is working hard at finding new and unique ways to serve the taxpayers of this country and we complain?
Have we become that cynical?
When was the last time you heard about any government agency calling large scale attention to the fact that it needs to update itself for the times and serve its paying public better than ever, with new functionality and features?
C'mon. This is something to be proud of--an agency that doesn't deny its faults.
And, incidentally, we kinda *do* need their help.
Lets not forget for a moment that while email *is* the killer app, it's also the most insecure system in wide deployment by an immense degree. I can't easily forge your identity on websites using cookies, and your credit card transactions are reasonably secure, but all I need to know is your email address and I'm sending mails as you.
There are lots of competing standards for digital signatures--which, incidentally, will become a globally accepted technology long before encrypted email content worms its way into public acceptance--but whatever wins, I guarantee you we can expect the USPS to be involved.
And I'm happy to have them. Folks, I actually think it's kind of an interesting concept to have Email to Physical Address gateways--given the cost of a postcard, I honestly wouldn't be surprised to see advertising agencies start trading the right to gateway for the right to display advertisements to both the sender and the receiver. But I see something beyond that...digital signatures, authenticated by government agencies and valid in court, set into paper by the nearest available USPS printing center, and couriered ASAP to a final destination. Sounds cool to me.
It's not my job to think up new and cool uses for postal service technology, but I'm proud to see that someone, somewhere within the USPS, has taken up that role.
More power to him!
Yours Truly,
Dan Kaminsky DoxPara Research http://www.doxpara.com
Slashdot Mirror
When people start using anything other than a PC to access the web, I'll start believing that the age of the PC has come to an end.
WebTV and the Palm Pilot(which doesn't even espouse to replace your computer!) do not a new PC-era make. What are the churn rates on WebTV, incidentally?
The fact that "x86 compatible" was repeated around 30 times by Transmeta's Ditzel should be noted.
Yours Truly,
Dan "My Brain Is Not Yet x86 Compatible" Kaminsky
DoxPara Research
http://www.doxpara.com
The name: Linus. Linus Torvalds. Designation?
"Alien of extraordinary ability"
Call out Mulder and Scully. We've got one.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Using a gas to expand a solid such that surface area and pressurization meet certain criteria isn't a particularly ridiculous or childish notion. Those car tires you're driving on ain't exactly solid material!
The great thing about inflating something is that, until it's necessary, it can be almost invisible. Many materials can be inflated to many times their compressed size, and still maintain properties that a given situation requires. The fact that their expansion involves temporary forces that would be impossible to deliver under any predeployed material can be quite a blessing as well.
I always thought it'd be fascinating to have shipping material that operated is miniature airbags...whenever an excess shock was registered, the peanuts would pop and grow, absorbing the shockwave.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Apart from these, there are cultural reasons that make Linux attractive. The existing user interface paradigm of files and folders evolved because computers were essentially designed for a western audience familiar with real-life files and folders. There is no reason to assume why the same paradigm should apply to a trader in Tamil Nadu or a farmer in Madhya Pradesh.
Interesting that the author brings this up. I was recently reading about a very specific form of brain damage, caused by an operation to remove a tumor from the brain. A very small but highly focused amount of damage was done to a patient's language system:
He could name people.
He could name objects.
He could name cities.
He couldn't name a living animal. He would consistently mix up dog, cat, and any other term belonging to the family of "living animal".
If there's one thing linguists have found, it's that the core roots of language are not cultural--they're genetic. The base objects of communications--nouns, verbs, and so on--are by no means the only theoretical communication paradigms, but they're shared by every non-artificial human language.
You might wonder why I bring this up: In designing a method for interacting between a human and a computer, the properties of language are indeed important for establishing relationships. While there may not be literal files and literal folders in Indian culture, the concept of items existing within the branches of a tree is engrained deep within the structure of the human brain.
Now, "File" and "Folder" themselves are western analogies, to be sure. But there's a difference between recontextualizing an idiom and dismissing a natural paradigm.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
If they are dead set against allocating more funds for the NSA, stunts like these won't help them.
Who said they are dead set? The general theme as it appears to me is that the NSA is looking invincible and more powerful than any other agency in the entire US Government. Remember, we're talking about guys who used attorney-client priveledge against the senate as a stonewalling measure!
This is to make them seem weaker, less invincible, more fallible...not to anyone overseas, who still can't assume the NSA won't be able to crack something, but locally, so that the won't ever not be able to crack something.
That's the idea, at least.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
The NSA is all about controlled image. Most government agencies are--I've heard some rather interesting stories of military coverups--but the NSA is particularly secretive.
;-)
You don't get referred to as No Such Agency for no reason
If the NSA is making this announcement, it's because A) They're making a statement about the difficult situation that export regulations are going to put them in(remember--they're the ones who get the flack when they're given an uncrackable signal) and B) They want more money, or at least their existing funds not to go away. As long as their situation is inadequate, all those "one time upgrade" budget justifications can survive. As soon as they appear in full working order, it's cool to take a few points off the top from them.
Ah, the machinations of government...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
As I'm sure you're aware, your school sells books.
;-)
As I'm also sure you're aware, so do alot of other places on the Internet.
Now, however much students spend on average on phone service, I *promise* you it pales to the sheer amount of cash that flows through your campus bookstore. I also promise you that there are more than a few nervous staff members who are hearing the ads proclaiming lower prices, better service, and higher availability.
Guess who they're coming to, Mr. Duckenfield?
As long as you're blocking sites, you might as well eliminate bigwords.com, ecampus.com, varsitybooks.com, and (horrors!) textbooks.com. Maybe even throw Amazon into the fray--why not? It's your net to do with as you see fit, right?
Oh. I forgot. Your department doesn't sell books. Your school does, but your personal budget doesn't depend on the sale of those books. So who cares if some other department loses out...but as soon as some as of yet non-serious threat to your income opens up, that's something completely different, I suppose?
Since you're a college, you likely have a contract with Coca Cola. Your school saves alot of money by having that contract, which specifically prohibits Pepsi products on campus. I'd say a Pepsi web page is a Pepsi product, no? Poof, off they go. Wouldn't want to lose that contract.
You see, Mr. Duckenfield, there's a concept out there called Content Neutrality. As long as you don't modify or inhibit the data stream along the lines of *what*'s going over them, you're free to forward whatever is handed to you.
However, once you claim the role of gatekeeper, particularly gatekeeper to your captive fiefdom(where apparently people call collect to save money!), you claim the ability, the responsibility, and the liability to evaluate and handle any traffic which flows over those lines.
Better catalog every service your school provides, because apparently you can't handle the competition--not even a little.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
P.S. Yes, this is my second post on the topic. So sue me
Mr. Duckenfield:
I wish to express my extreme gratitude for your efforts in proving why there needs to be an enforced separation between the lines that deliver internet service to the home and the actual service that is delivered over those lines.
As we watch the market for Internet access dwindle down to only a handful of viable ISPs, your intrusive behavior into the internet usage of your captive audience of students will be a model studied for years to come. Your excuses, your justifications, and your rationalizations for interfering with the free flow of information to those whose pipes you have the technological ability to control will reverberate loudly as large scale ISPs seek to find just how many of their competitor's web sites they can "devaluate" by banning them, slowing them, or just plain redirected them elsewhere...and the fact that you're suppressing a problem that has not occurred yet will be brought up many a time by those who *will* eventually bring the pain of regulation upon you.
As large ISPs make faustian pacts to achieve affordable access to DSL and Cable systems in the face of the end of AOL's Freed Access crusade(they'd rather merge than give tiny ISPs the chance to serve customers that are "rightfully theirs"), the small ISPs who lack conflicts of interest and seek more to provide internet access than restrict, track, and "captively synergize" it will be shaken out. And in their dying breaths, Mr. Duckenfield, your name will come up.
Rather than providing better service, with a flip of a firewall rule, you provided the only serice. Rather than meeting the needs of the students, you made the students meet the needs of you. Rather than trust your product, you chose to trust your monopoly powers.
You won't be alone. There will be scandals upon scandals--maybe AT&T will be found looking at the logs for *@Home to determine what online services MCI and Sprint customers use most. Perhaps we'll start to see exclusivity agreements, where companies will pay to have exclusive access to any customer's high speed networking line--wanted to go to Yahoo? Sorry, we don't serve that, but Lycos is just as good!
After all, when you don't need to worry about your customers having anywhere else to go, you can do whatever the hell you like. That's what you're doing with your students, and that's what more than a few big business, check your ethics at the door types are planning.
What saddens me, Mr. Duckenfield, is that there was supposed to be a higher standard that educational institutions were held to. Perhaps we should fear the next generation of business school students out of Clemson. A school that's working towards The Depublished Internet Regime(where content deemed dangerously competitive is instantly depublished without any feasable alternative access) is not a school whose graduates I suppose I can trust.
So! Have you started blocking 1-800-Collect yet? Oh wait, I suppose that might actually be illegal...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
It should be obvious why anyone overseals documents--say you don't want 100 documents from being released. Rather than seal those 100--and thus making obvious which ones *you* consider the most damaging, seal 2000. If you lose the case, and all the documents need to be unsealed, you haven't told the press or your enemies which 100 to look into for damaging information. You prevent leakage of information by hiding content in plain sight.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Dan, What are you doing up at 5:30 AM reading slashdot? Do you ever sleep?
Do you know me personally?
Ahahha, I *arrived* at work at 9:00PM. I've been trying desperately to keep my mind focused on this major project I've been hacking on forever. Stilllllll goin...
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Of course, you're forgetting that polls are heavily influenced simply by the way their questions are worded, and that a good pollster can make the results say virtually anything based on this fact. One must find truly impartial people to develop polls in order for them to have any worth...
Bottom line: Most of the establishment of this country wanted to see Clinton burn, but half of population of this country has divorced their spouses while the other half is either too young to screw or old enough to cheat.
It doesn't matter how you twisted the polls--the support just wasn't there. Period. Polls can be twisted, but at some level people in high levels of power actually have an accurate picture of what the populace wants and what the populace can be made--through twisting the words--to want.
I'm not saying that the effect of this has been necessarily positive, only that it is likely far more pervasively influential than anyone has really imagined.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Or more to the point, it's almost certainly what the judge is going to do.
No. It's what the judge should do, unless the judge wishes to change his mind on the entire matter and decide that the trade secret is too widely disseminated and too innocently added into the court record to be anything *but* public knowledge.
There's certainly an argument to make in that regard, but I'll be blunt: I don't think it's worth making. I'd rather beat these guys once than face stream after stream of legal harassment, only to weasel out at great expense and useless precedent.
Your Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Let 'em reseal it. It's the *right* thing to do.
There is no reason to be craven about this. We don't need to argue that it might not have come from Xing, we don't need to argue that an accident in court suddenly invalidates a trade secret, we don't need to rely on cheap tricks to get our way.
It's called the Moral High Ground, folks.
Yes, the code is everywhere on the 'net. Stop for a moment and realize that this isn't a magic talisman. A horde of thieves is still composed of thieves, and that's all we're saying by saying we've all got it and you can't stop us.
But guess what, folks. We ain't thieves. Lets not fall into their trap.
(Yes, this post is conspicuously absent of my defense of DeCSS, mainly because I want to finish my main paper on the topic and release all at once. Email me if you believe in the spirit of the law, because believe me, in the end it's going to be the spirit more than the letter that will carry the day.)
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
In all the analogies to the magic and the mysteries and the amazing and crazy possibilities brought by the net, I'm struck by the most obvious parallel in recent history that's conspicuously but silently been removed from the public consciousness.
Plastics.
C'mon, people. The ability to generate arbitrarily shaped substanced with (seemingly) arbitrary properties changed the shape of *everything*, from medicine to packaging to war.
The net's exciting, but imagine touching something that literally just couldn't have existed.
I find it extraordinarily interesting that nobody compares the historical excitement over plastic products has never been linked to the present Net crazes. Last I checked, of course, the Dow just had the last of the great plastic giants summarily removed in favor of some tech company(Was it Intel?). And you wonder why the Dow is raging...
That might just have something to do with it. Someone who was actually around when plastics were really huge would be really nice to reply right about now.
As for some unlikely but interesting choices...lets go beyond mass communications for a second and look at Instapolling. The effects of immediate, semi(or pseudo) unfiltered feedback has *got* to be powerful. Suddenly "the public" no longer thought whatever major newspapers reported. "The public" now thought what major newspapers asked...and what the party asked...and what the other party asked...and ya know what? Somewhere in that mass was an actual democratically representative opinion.
Representation was invented because the public was considered too unweildy to come to quick decisions. Pollsters have changed that, and it's very likely that much of their influence is utterly invisible--and would make great reading.
Something to think about.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
In what's sure to make Ye Olde Taco throw down his hands with grief(lets not even talk about Neal and Pat, whose entire faces are only moments away from contorting into paryoxysms of fear, rage, and inevitability)...
Next up is the SlashDistro.
Maybe it'll be Mandrake, maybe it'll be Redhat, maybe it'll be the next jaw dropping creation from a couple of sixteen year olds, but we're going to see something you slap onto a spare server that gives you your own personal Slashdot, preinstalled.
You *know* it's coming to ISPs. You *know* "personal slashdots" are coming, at minimum, to dedicated Colos, and soon, everything from Geocities to whatever.
There have been other works of Weblog sites and software, but nothing as feature complete as Slash. The cost of eyeballs just went up--thanks, guys!
Homestead's already done some stuff with integrating Palmpilots and personal web pages. The most interesting stuff I see is a total integration of the wireless experience with a the online log.
The diary strikes back.
Then again, there's nothing sadder than an empty comment field...look for the first major mod to the Slash code is topic-level threading instead of story level.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
There's no problems or issues with remotely using the advanced HP printer functionality embedded within their windows drivers. Their printer drivers can occasionally be...ahhh, ornery to install(to say the least), but they *do* distribute packages pretty much ready to be remotely installed via Samba.
:-)
I'm not just speaking from my own personal usage--my "mere" Pentium 120 w/ 64MB of EDO SIMMs managed to serve the print needs of between 280 and 500 students distributed among about a dozen dorms across campus using Samba and the Caldera Openlinux Novell code.
The server never even broke a sweat. I pretty much only had one chronic outage, and that was because of a rather nasty bug in Windows' TCP/IP stack. But heh, at least I got to discover it.
The press release is pretty short on facts, but I'd *guess* the following functionality is being worked on:
A) Bidirectional Status Updates. As far as I know, Samba can't reflect back complex or custom status messages from the printer to the user.
B) Document Titles. Samba doesn't know how to extract from Windows the title name of a print job--a common solution is to force Postscript prints and then extract the job title from the PS header, but that's not particularly the "correct" solution, particularly for a company like HP which has quite an investment in this little language called PCL...
C) Database hooks. My print system had a rather extensive logging system, but it just output to plaintext. Samba's internal logs are all debug oriented. I wouldn't be surprised to see an "enterprise-class project" involving Samba to dump its logs straight into a SQL database.
D) Enterprise-scale configuration managers. SWAT's good for what it is, but HP's golden cow is its laser printers and what they can do for businesses. If they're going into this, corps are saying that they want to follow Cisco's(ObPlug) lead and base their printing architectures around Linux and Samba. If HP wants to remain able to sell a competitive print management solution in that kind of market, contributing to Samba is an obvious move.
E) Linux drivers. There are lots of features which don't exist on the Linux side which are standard on Windows. HP can simplify the installation and improve the feature-completeness of their printers for Linux clients, as well as allow IT staffs to implement high end filtering systems(i.e. force all prints to possess a confidentiality watermark) for their printers.
Congrats to VA Linux, btw! We owe someone there some serious thanks. HP on board should be interesting.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
... it was John Carmack's low level pipeline optimizations and hyperusage of the floating point capabilities of the Pentium architecture...
:-)
I was under the impression that this was Michael Abrash's area of expertise...
*Slap* Totally forgot about Abrash. My apologies.
Nonetheless, I seem to remember Carmack being quite talkative about making sure both pipelines in the Pentium were processing *something* at any given time. I remember seeing some of Intel's tools for pipeline analysis at Software Development '97 and going "Damnit, iD did this stuff *by hand*".
Anyone remember exactly how the programmatic load was distributed at iD? Abrash deserves his due
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Corrinne:
:-)
Well, you just answered my unspoken question of "Man, I wonder how much of a pain in the ass is it when after twenty something years of learning you're still asked questions about some thing that you've had since before you were born."
Now I know
QOTD: "Isn't it ironic they ask a Playmate to describe Linux? And they ask a female coder "how is it like to be a woman"?
A couple (real) questions sprung to mind, incidentally:
compiler internally generating and maintaining a virtual table of a lot of NULLs
Could you elaborate a bit more on why architectures involving derived classes create wasteful indexes of information? I'm unfamiliar with compiler design, and am curious where this generation comes from.
But then any subclassed class, which becomes someone else's base class, becomes less modifyable. Thus, in a way, a base-d class loses power.
Basically, an object in such a class is constrained by the "contractual expectations" embedded within the parent class. There are certain properties/functions which the class is expected to support, and failure will ensue if such functionality is not implemented.
But does this burden disappear at all when the coder must explicitly know to provide a predefined degree of functionality? Doesn't having a base class enforce a minimum degree of functionality on derived classes, thus preventing situations where the programmer forgets to add some property and chaos ensues?
It is more difficult to document and comprehend such a deep weaving web.
So what can be done to make deep weaving webs more understandable? I did some experimentation with the autodocumentation system Genitor a while back, but what have you seen, either implemented or theoretical, that would make deep webs feasable for human comprehension?
That, of course, leads into a more disturbing concept: Could the human ability to comprehend complex logical relationships be considered a bottleneck that needs to be progressively abstracted as time goes on? Could this pose serious problems for software and hardware design as time progresses? Does it already?
Just interested in what you think.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
And to think. With but a line in a contract, this is the kind of individual creativity that the software industry would seek to suppress.
Yes, this is hardware, so yes, this guy can do whatever he pleases with it once he owns it. I think the world's a better place because of it--the ingenious and polished nature of this design will hopefully inspire new and fascinating ideas from case designers.
Once you accept the value from such individual achievement in hardware, it is impossible to claim it disappears in software, in music, or even in a DVD video.
And once you allow the right to modify and create anew to slip to a simple stroke of seven point text, you doom everyone to nothing more than derivative boredom.
There's more to the DVD case than technicalities. The sheer beauty of this Palm Pilot is but a whisper of the possibilities.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
There's an interesting aspect of openness going on here: Education, and a slow but steady ramping up of the "coolness" of highly technical skills.
Medicine is cool because you can save lives. Acting is cool because lots of people enjoy your work. Programming, over time, will become more and more cachet as A) It remains difficult to master but simple to begin(something neither medicine nor acting can ever approach), B) Budding programmers realize the value of an audience interested in what they personally have to say, to teach, and to create, and C) The end result is frantic appreciation from either businesses(Linux developers) or the 14-30 gaming crowd(Game programmers).
Appreciation is a good thing.
About Sweeney's paper(truly excellent, incidentally), a couple things come to mind. He talks about the concept that "C=A+B" should be equivalent to C[n]=A[n]+B[n] -- in other words, take the first value of the A array, add it to the first value of the B array, and then put that in the first element of the C array. After all, that's what C=A+B obviously means, right?
I don't know about that. Perl thinks C=A+B would expand to "C is the A list with the B list tacked on at the end". The add is one dimensional, not two dimensional--the two lists are glued together, not mixed into a sum. I think that's rather logical.
And what of another perfectly logical explanation? Maybe C is meant to be a single integer. Now you take all the ints in A, and all the ints in B, add 'em all up, and put 'em in that C value.
Perhaps we need more punctuation, more symbols to describe the differences--we could have +, ++, +-+, +++ATH...that's the solution Perl found, and it's Perl's biggest albatross--too much dense punctuation.
Perl without Punctuation is like Programming Without Caffeine.
Of course, as long as you know there's something you don't understand, you can look it up. But if you think you know what C=A+B is "obviously" doing, when in reality it's doing something completely and utterly different, you're going to have a much harder time debugging your code. Not knowing what's broken is possibly the single most expensive debugging scenario possible, by any measure.
Stop for a second and ponder the power of such a concept -- with about four lines of code, you've sub-classed a 150,000 line game engine and added a new feature that will propagate to several hundred classes in that framework.
This sounds really, really cool, but...
How predictable can a system where this occurs be? Would we map destinations of modified code? Don't you usually get problems when new features are bolted onto old architectures when really the old methods need to be wholly rewritten?
Of course, these are problems that have stricken *every* advance in language design...there's always the optimization that becomes impossible as you go up the ladder.
The most desirable approach is to have language-level security, where the compiler can usually tell you "that's not allowed" rather than determining security violations at runtime--that approach allows the maximum amount of optimization compared to the brute-force kernel transitions of operating system security.
Sweeney's awesome, and I respect him highly, but this is probably the biggest error of the entire piece.
Yes, it'd be nice to be notified *as the programmer* that your code violates a security constraint--in fact, it'd be beautiful, because then you'd have line-level notification of where your code is misbehaving in ways that would compromise the security of the host machine. (The concept of "Buffer Overflow Waiting To Happen on Line 12431" just appeals to me.) But, um, that presumes that the programmer doesn't *want* their to be a buffer overflow, or a kernel backdoor, or whatnot. Put all security in the compiler, and a malicious entity will simply compile the code on their compromised OS, move the binary over to a target machine, and grab themselves a rootshell.
Clearly, this isn't an optimal scenario.
Now, you do have situations like the JIT compilers for Java Bytecodes that go to some length to verify the validity of a bytecode before compiling it, and may(I'm not sure, and this probably varies by implementation) lock off entire branches of functionality through the compiler. But that's different--the code must pass through the compiler *on the host machine* to be converted to machine language. In effect, the end binary is a combined product of the bytecode and the host-controlled compiler. If the system designer wishes to have a userspace process handle extensive security analysis before passing a binary off to be executed, that's one thing. Trusting binaries from arbitrary compilers is quite another!!
And, it remains the unfortunate truth that there are more professional Cobol programmers than C programmers, more C++ programmers than Java programmers, and for many years there will be more Java programmers than there are followers of the successor language.
I've been thinking about this, and as languages have gotten "cooler", I think there's something to be said about a loss of stability. I don't think anybody is surprised if a COBOL based billing system doesn't go down for a year; I also doubt most people are surprised if a Java applet manages to trash their web browser within a period of minutes.
Something's wrong there.
Maybe the reason there are still COBOL programmers around is that few C, C++, or Java based systems could remain acceptably reliable after 25 years?
In terms of technological progress, we game developers are way more influential than most of us realize.
I noticed. I've been saying this for years: John Carmack is damn near personally responsible for Intel's dominance. Had Quake not been so perfectly tuned for Intel's Pentium processors--and thus so amazingly unoptimized for AMD's and Cyrix's competing x86 processors--Intel would have taken severe hits in either market share or year end profits over the last five years. For all the talk about the genius of Andy Grove--and don't get me wrong, I'd probably bungee jump off the Grand Canyon for a chance to have dinner with the man--it was John Carmack's low level pipeline optimizations and hyperusage of the floating point capabilities of the Pentium architecture that directed quite literally billions of dollars of purchasing decisions away from AMD and Cyrix into the waiting arms of Intel.
3Dfx's long term dominance in the 3D market was a similar scenario--the fact that Unreal hasn't played all that well on anything *but* a 3Dfx card until rather recently played no small part in their dominance.
game developers are in a unique position, by virtue of starting projects anew every 2-3 years, to "short circuit" the process and radically accelerate the adoption of cool new technology.
The best language in the world ain't going anywhere without top notch compilers that the gaming industry isn't going to write. This, more than anything else, is the biggest problem that game developers have if they want to choose new languages. A handful of games a while back were written in Java, using Asymmetrix's Java Flash Compiler(amazingly cool tech, really. You could recompile the code of a running app, and *it wouldn't stop running*. Then you could actually compile and release x86 binaries of your code. Never made it to Java 1.1 *siiiigh*)...none of 'em did all that well.
There's another issue to consider--game developers are truly writing less and less of the low level code. This is a good thing--who wants to write Yet Another Sound Mixing routine when you can just toss another wave at the sound device--but it does create some constraints against spawning new languages. It didn't used to be that hard to change languages--you were rewriting everything, after all. Now, you're talking about every single game shipping rife with dependancies on external sound libs, 3D rendering drivers, input systems, socket code...
Yes, there's always translation layers, but that kills half the gain.
Tim, if there's one question in this entire piece that I'd like you to reply to, it'd be this:
Network effects--the fact that a given standard gets exponentially more valuable as others share in that standard--have essentially locked TCP/IP as the internetworking protocol of choice for the foreseeable future, to the point where even upstart additions such as IPv6 and IPSec are finding acceptance to be a difficult task.
Could the same fate befall any new kinds of advanced programming languages, the identities of which were notably and painfully absent from your essay?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Evil.
I don't use the word much, in fact, pretty much not at all.
But then I saw this quote:
McGrath responded to this scenario: a student uses a campus Internet connection to decide which political candidates to support. That person is misusing university equipment, she said, just as if she used her legislative office phone to make long-distance personal phone calls.
On the surface, this is just plain stupidity: She doesn't live in her office, whereas students live on campus. The fact that students--not just the state, but students are actually taking money and paying for housing gives them some modicum of personal privacy that you don't really get when you have a home you can go over to after you're done with work.
But this is something more.
Any politician that would intentionally attempt to quell political discourse on the basis of inappropriate usage of government resources deserves all the wrath that an educated populace can bring to bear. Beyond the sexism and agism--which in and of itself is grotesque beyond description--is the presumption that the ability to learn and understand the policies behind the hype is not a right but a priveledge; not even a duty as a concerned American but a hindrance upon its social stability.
Many have attacked the young as a means to win over the old; any damages that generational warfare might create are quelled by the fact that one wins more blocs from the old than even exist in the young. But this is beyond that. Every American, young and old, should look towards Mrs. McGrath as a symbol of total corruption--not from outside, mind you, but from deep within. For anyone who can believe that political discourse is something which much be controlled and quelled like just another hormonally induced phase has truly lost every last shred of respectability and honor as any kind of leader, and any lemmings that would accompany her sadly deserve whatever fate they may receive.
I will donate $20 to whoever runs against her in the next election.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
First off, I want to quote what is maybe the most succinct, beautiful, imaginative, and just plain f*cking accurate quote I've heard in a while. You'll know it when you see it:
"First off, it's plain unfair to merely release a game with the exact same engine. New graphics, new level maps, and new sounds do not constitute a sequel. Such a change should be labeled an expansion pack. If you think I'm lying about trying to do this, I'd like to relate a quote I heard at E3 a few years ago, "We used to call it, 'slapping new make-up on the whore and sending her back out.'"
Beautiful.
R.I.P brings up some very interesting points. The point that there's no real indie scene in the gaming industry however belies the fact that while there are in fact small development groups who come up with games, they're very, very often pretty awful...and when they're not awful, suddenly they're plucked from the indie scene and morphed into a GT or Microsoft product.
One of the nicer things about the Shareware scene--noticably absent from R.I.P.'s paper, but it's still in progress--was that small guys actually could make a living. iD and Apogee/Epic are probably the single best examples.
But, overall, you may wonder why I think the gaming industry is broken. See Messiah and Daikatana for that one. The only bright side is that Half Life was *also* horrifically delayed, but managed to far exceed expectations. That gives some hope. But overall...the complete inability to hype with any sense of reality is just disturbing and wrong, to the point where, even with my copious amounts of net addiction, I simply refuse to read gaming news anymore.
It's Just Not Worth It.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
The DVD CCA's argument has essentially become, had MS thought in advance to include but a single sentence in a license agreement, FreeDOS could have been supressed.
How do you feel about this, and what advantages do you feel society has a whole has received from the fruits of your reverse engineered labors? Similarly, what harms would we have as a society if you could never have rewritten DOS?
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
I refuse to believe that, in all the corruption and contacts and schmooze and links and interindustry operation and amazing stunts of marketing and demographic analysis and data mining and sheer goddamn chuztpah, anybody really thinks Steve Case is about to take over.
What part of Media Figurehead don't you understand?
Case pulled off AOL. Big deal. He may be about to get his name in the papers, but so what? Suddenly, the entire industry has an excuse to merge--and what's hilarious is, since this is Steve Case and AOL and The Flagship of the Tech Industry, the government's afraid to stop it because nobody wants to be the dipshit the burst the Great Internet Bubble.
Who needs trusts when you can just go ahead and merge?
Who needs real leaders when fake, impotent ones are much less scary to the general public?
Bill Gates embodied power. Power implies those he is able to hold power over. So all the evils of Microsoft had a face, a name, someone for the KMFMS folks to revile.
Steve Case is being portrayed as the ultimate schmuck. Some guy, suddenly the head of Time Warner. Awww, ain't that cute.
Do you really think that Time Warner is actually planning to be ruled by some guy who *gasp* started up some scrappy startup truly built out of *APPLELINK*, which somehow has been erased from the records of every single history I've seen?
Gimme a break. At bare minimum, they want to prevent the non-ignorable force that was AOL from giving all those annoying little guys who give unlimited, uncensored, and unfirewalled net access access to their precious cable network. AOL's calls for free access would have suceeded. Now that just AOL gets access(and maybe a few major ISPs like Earthlink and Mindspring who will just get bought out anyway), give it a few years, and global network service bans will be as simple as a word from...someone.
I promise you, it won't be Case.
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com
Are you kidding me?
Here we have a government organization that recognizes its present limitations and is working hard at finding new and unique ways to serve the taxpayers of this country and we complain?
Have we become that cynical?
When was the last time you heard about any government agency calling large scale attention to the fact that it needs to update itself for the times and serve its paying public better than ever, with new functionality and features?
C'mon. This is something to be proud of--an agency that doesn't deny its faults.
And, incidentally, we kinda *do* need their help.
Lets not forget for a moment that while email *is* the killer app, it's also the most insecure system in wide deployment by an immense degree. I can't easily forge your identity on websites using cookies, and your credit card transactions are reasonably secure, but all I need to know is your email address and I'm sending mails as you.
There are lots of competing standards for digital signatures--which, incidentally, will become a globally accepted technology long before encrypted email content worms its way into public acceptance--but whatever wins, I guarantee you we can expect the USPS to be involved.
And I'm happy to have them. Folks, I actually think it's kind of an interesting concept to have Email to Physical Address gateways--given the cost of a postcard, I honestly wouldn't be surprised to see advertising agencies start trading the right to gateway for the right to display advertisements to both the sender and the receiver. But I see something beyond that...digital signatures, authenticated by government agencies and valid in court, set into paper by the nearest available USPS printing center, and couriered ASAP to a final destination. Sounds cool to me.
It's not my job to think up new and cool uses for postal service technology, but I'm proud to see that someone, somewhere within the USPS, has taken up that role.
More power to him!
Yours Truly,
Dan Kaminsky
DoxPara Research
http://www.doxpara.com