The section on open relays I find rather odd. An 'open' relay is a relay that accepts mail from anyone to anyone, something which is an extremely bad habit. This guy starts arguing it's necessary to have open relays to deliver mail for some unspecified reason. It's not. You relay mail to legitimate adresses behind your mail relay, and you relay mail from legitimate adresses behind your mail relay and you dont relay to anyone else. Then you dont have an open relay. There is no way there's any technical reason to relay from anyone on the outside to anyone else on the outside, ever.
Has he completely missed that point?
Oh, well. If I'm to replace RBL type filtering with another anti-spam mechanism, there's only one I'd consider. That one is going complete pre-mail opt-in, in which case he's far more screwed than he is today. Live with the trouble of RBL's and get your ISP to do the right thing, or get a far, far more draconian solution.
1. Sure they do. Diskspace and bandwidth. I know several people who've gotten their DSL turned off because they were suddenly, unbeknownst to them, running piracy sites (and they should be thanking some higher power they werent suddenly running a kiddie pr0n site or something and getting thrown in jail as well).
Saying you dont need security because there's nothing to steal is naive. Getting private documents stolen is the least damaging thing you can get done to you if you get hacked. Getting indicted for copyright violations or kiddie pr0n is far more likely and far far worse.
Sounds like you've gotten so 0wn3zd your're not even getting the logs anymore. Probably fairly soon after those first portscans you saw. Or maybe your ISP is running a firewall for you? But if I was suddenly seeing less than a dozen attacks per day, frankly, I'd be pretty sure I wasnt seeing the real picture.
Why? By what criteria? Help a cancer victim and they'll die eventually anyway, help a famine victim and they might last until the next famine... but help get free code created and it has the capacity to last and help unlimited numbers of people for a long time. Help develop software that can spare the governments in the third world from spending money on proprietary software and they'll have more money over to spend on fighting famine. Help develop an equal playing field in the IT industry and developing countries will have a chance to create an indigenous industry without paying IP taxes to the rich world.
Worthwhile depends on your point of view. You may get a warm fuzzy feeling from helping someone more directly. If you do, I suggest you work at a homeless shelter or some similar charity, where you can see and touch the people you help.
Me, I prefer being charitable for more longrange goals. In the long run I regard it as more worthwhile.
Indeed. And if Sun and company feel fine with retreating up the scale until they eventually sell a few hundred systems per year that's ok.
If, on the other hand, they're interested in remaing competetive in the low to midrange server end they'd do well to make sure that GCC has the best code generation possible for their platform because GCC is quite often the defacto compiler installed, despite it not being the best for the platform (even if the platform specific compilers were free gcc would remain immensly popular and probably remain the most common compiler on those systems merely because it works close to the same between platforms).
Indeed. Those vendors would do well to improve gcc on their platforms for their own sake.
Installing a commercial compiler takes several months in large corporations, assuming you get permission for the expense at all, and often that is not an acceptable option. So gcc is what you get (which has the added advantage of not needing to deal with a PITA license server).
If that means the performance will suck on Solaris, Tru64, HP-UX or IRIX that just means we are more likely to migrate applications to x86 linux machines instead, not that we buy the compiler...
Re:Price of your (A)DSL connection?
on
DSL Rising
·
· Score: 2
About 40 EUR, 2.5M/768Kbit unlimited traffic, static IP.
And if OSX for x86 is ever released, MS will 'cut off their air supply' (entirely apart from the fact that OSX for x86 will never be OSX for x86, but rather OSX for MacIntoshes which happen to have an x86 CPU). No single commercial competitor will ever stand a chance against MS.
Linux isnt successfully competing against MS due to quality or features. It's competing on freedom, price and by levelling the playing field, something which can harness the interest of every vendor in the buisness. They all gain (well, except MS). How would Apple gain the interest and cooperation of IBM, Dell, HP, Oracle, Sun etc?
The TCO studies are also complete bullshit; make a quick comparison between mass hosting providers and see what price difference they have between Windows and Linux machines.
The Linux machines save you 30% or more. Somehow I doubt they're calculating with a loss on the price.
I would like to see the exact methodology used; you'd have to have a very inventive way of calculating TCO to get that result.
...except of course, the other execution units data is probably not in the L1 cache either. And that you now effectively have half the cache size since you're sharing it between two execution units.
There is some performance to be gained with hyperthreading but mainly when you have some math intensive code running on one unit and other stuff running on the other. The main gain will be in running things like seti@home in the background...
I already have an upscale PC. My old utility servers, however, are starting to fail with frightening regularity. I need utility servers that can work as NFS servers, DNS server, external web server, print/backup server, etc. I dont want to pay 350 dollars for power I dont need. If I can use a $199 machine for the same job, I will get the $199 machine. In fact, if I can get 4 of them for $800, even better. That's less than I paid for my upscale machine for my infrastructure needs.
There's a place for $350 machines. There's a place for $1500 machines too. But there's definitely a place for $199 machines, and there's starting to be quite a large number of things you can do with those machines.
Um, if you're still running I class machines you have a problem. If you're running Oracle 7 you also have a problem. Do you actually have any support at all? If you do, the cost of those maintenance contracts must be boggling. Boggling as in you could probably replace the entire machine with a brand new one and save money in the first few months.
We junked our last I class machines in 98-99 I think...
Um, games like EverQuest already touch the 1GB memory requirement for the game to run optimally. 3GB is the current max memory per process in a 32bit architecture. That's just a factor 3 off from the hardware being unable to support the game well. How long did it take to go from 256MB being plenty to 768MB being recommended?
Of course, it's to a large extent due to sucky programming, but it's not far off.
It still wont stop cheating. They are probably not able to detect it, especially not passive cheats that just use the info sent to the client. Most of the active cheats are also hard to detect, and it can be hard to tell them apart from natural actions from the players.
Further, the cost to society to manage such a thing in courts would be huge. It's like having a video monitor in your house and leaving the front door wide open. You might maybe perhaps be able to catch the burglars if you can identify them but you're still going to end up having been robbed.
For something that could be solved in a week or two of competent engineering it sounds like an extremely costly and inefficient way to attempt to deal with the problem.
No, not even the judicial branch of the real-world or game-world government. They can punish the players if the are able to detect it, but that still does not prevent them from doing it.
Sony is not trying to prevent cheating. You encrypt the data to prevent others from listening in on what a player does. That's the purpose of encryption. Since the player has to have the encryption key you'd have to be rather 'logically challanged' to use encryption as a way to prevent cheating.
If Sony were trying to prevent cheating they'd stop sending any data the player shouldnt see. That would be an effective way to prevent cheating.
Now, if you want Sony and/or other game companies to prevent cheaters you should contact them and tell them to hire someone who actually has a clue about how to prevent cheating or you'll refuse to play their games.
This isnt rocket science. Writing (close to, as in the cheater wont get any significant advantage) uncheatable client-server games is possible and it isnt even that hard. It's been done since the beginning of online gaming in opensource online games (kinda hard to implement security in the client when the player has the source). Place one of the system architects in front of a screen and tell him to read through project development mailing list archives and actually learn something about software design for once in his life and you've solved the problem.
The blame lies squarely with the companies who spend maybe 10 minutes total considering the issue during the design phase. The failure to implement a secure design is just as bad as if inventory suddenly disappeared or characters just went poof. Complain about it and maybe they'll actually do something about it. But _they_ are the ones who decide wether to make cheating possible or not, and encryption is not one of the ways to prevent cheating.
Exactly, Sony makes the rules. They made the rule that says 'anyone who wants to can cheat' simply by sending data to the client that doesnt have to be sent. They intend the game to be played by using ShowEQ. They've written the entire support for it into the architecture. If they didnt want ShowEQ they could easily remove the extra data (and lessen the load on peoples internet connections at the same time). Since they dont, they obviously support and endores the use of ShowEQ.
So, can you tell me why Sony has to send that data to a player not logged in with a tracker? Can you tell my why Sony has to send that data to a ranger who does not have his tracking window up? Can you tell me why Sony has to send the exact xyz position of the mob rather than the con level and the direction _which is what the ranger sees_?
It's not called "Tracking". It's called "laziness" (if you're kind) or "incompetence" (if you're less kind).
No. Aimbot developers are entirely within their rights to create whatever they want and shoot the crap out of the other poor players. The q3, UT or CS developers are just as umm... 'security challenged' in designing 'hack safe' games as the EverQuest team is. I dont play such games online for just that reason. If it turns other players off the game too, then _good_. Maybe anti-cheating security will actually reach the agenda for implementing a game if nobody wants to play CheaterStrike anymore.
The blame for cheating should be assigned to exactly the one place where it belongs: To the designers who lacked the skills to do the job right, or to the management who decided to do things the wrong way.
There is one way, and _only_ one way to prevent cheating and that is _do not ever trust the client_.
The game map is not sent. The game map is the zone files which are already local to the client (and which can be looked over using several means). The nearby creatures _and_ every other creature in the zone were sent last time I checked. To filter out which mobs position info to send to the client does not require communications with the client. It's trivial to fix that.
Creatures behind a hill or not in the players cone of view? Umm... maybe press the camera button to switch views could help you? This is already visible in the game.
LOS code is already in the game. As in 'you cannot see your target' - darn.
If a mob is around the corner you start sending info on that mob to the client when it gets into such a range that it is concievable that the player will see it in a second or five. Not as soon as they zone into the same area.
Thin clients ARE THE ONLY THING THAT WORKS or YOU WILL HAVE CHEATERS. Period. The client tells the player anything you send it. Period. The client tells your server any bullshit the player wants it to. Period.
The client is the enemys foothold in your fortress, not your foothold in the enemys fortress.
A moderately competent programming team and a reasonably smart architecture designer can code around the disadvantages of thin clients with things like path prediction and server-side components of player response time. But nobody, can _ever_ stop the players from reading anything you send them or sending you whatever they want.
You mistake 'security for the user' with 'security from the user'. Palladium is about protecting Microsoft, software on the users computer and media on the users computer from the user.
A secure OS in that context is impossible to write; control over the hardware equals control of the contents on the computer, so they shouldnt really be criticised for being unable to implement that without hardware support. It will never be entirely successful but they can push the barrier for copying to such levels that you need to be able to buy your own CPU manufacturing run to be able to backup any data you want on your computer.
A secure OS in the context of preventing access for intruders is far more possible of course. That they cant do that has been obvious for decades.
See how easy it is to fall for that? You're _still_ not stealing. If you steal an orange it's theft. You are denying the store the due profits they would get for that property which they had purchased. If you steal a CD, same thing. You are denying the store the ability to sell that CD to someone else.
If you copy, you _may_ be denying them income attributed to their government granted temporary monopoly, if you had planned on purchasing that item rather than copying it. Since the very income they are counting on from _you_ depends entirely on _your_ intent, it becomes an impossible construct. They are not prevented from selling it to someone else just because you committed a copyright violation (they may be if you mass-distribute it, which is why, while still not theft, that is even more frowned upon in law tho).
It is technically a copyright violation. A copyright violation and nothing else. Not theft, not murder, not piracy, nor arson. It may have factors in common with any and all of them, but it is _not_ any of them.
It is a violation of a government granted exclusive monopoly, granted for a limited time to promote creativity, it is not depriving someone of property, not even property they would otherwise have obtained.
If you steal something then someone else is deprived of the use of that object.
Calling copyright violations theft _is_ a wordgame. Illegally copying a movie or music is not theft. It is a copyright violation. A copyright violation is a violation of an exclusive right of a state granted temporary monopoly. It is not depriving someone of their property.
The ??AA's want you to think it's theft. They want you to think it's their real property. They want these terms for two things; to scare people away from illegally copying of copyrighted materials and (which is far worse) to indoctrinate the public and new generations into believing that IP is real property on equal footing with physical property. Because if people think it's real physical property then it's much easier to garner support against any proposals to reduce the length of copyright. After all, it's easier to argue against a government seizing their property than to argue against the government reducing their monopoly.
Dont call it theft. Dont call it property. Copyright violations are copy right violations, not theft.
(I certainly agree that there is no moral highground in copy right violations either, but there is a moral highground in arguing for the reduction of state granted monopoly time as opposed to arguing for seizing property after a certain time.)
Slashdot Mirror
The section on open relays I find rather odd. An 'open' relay is a relay that accepts mail from anyone to anyone, something which is an extremely bad habit. This guy starts arguing it's necessary to have open relays to deliver mail for some unspecified reason. It's not. You relay mail to legitimate adresses behind your mail relay, and you relay mail from legitimate adresses behind your mail relay and you dont relay to anyone else. Then you dont have an open relay. There is no way there's any technical reason to relay from anyone on the outside to anyone else on the outside, ever.
Has he completely missed that point?
Oh, well. If I'm to replace RBL type filtering with another anti-spam mechanism, there's only one I'd consider. That one is going complete pre-mail opt-in, in which case he's far more screwed than he is today. Live with the trouble of RBL's and get your ISP to do the right thing, or get a far, far more draconian solution.
1. Sure they do. Diskspace and bandwidth. I know several people who've gotten their DSL turned off because they were suddenly, unbeknownst to them, running piracy sites (and they should be thanking some higher power they werent suddenly running a kiddie pr0n site or something and getting thrown in jail as well).
Saying you dont need security because there's nothing to steal is naive. Getting private documents stolen is the least damaging thing you can get done to you if you get hacked. Getting indicted for copyright violations or kiddie pr0n is far more likely and far far worse.
Sounds like you've gotten so 0wn3zd your're not even getting the logs anymore. Probably fairly soon after those first portscans you saw. Or maybe your ISP is running a firewall for you? But if I was suddenly seeing less than a dozen attacks per day, frankly, I'd be pretty sure I wasnt seeing the real picture.
You should note that the author of the article has no connection to any open source project, and claims not even to be a user of open source software.
Microsoft is not going to change. The solution to this guys problems is to quit whining and switch to Linux.
Why? By what criteria? Help a cancer victim and they'll die eventually anyway, help a famine victim and they might last until the next famine... but help get free code created and it has the capacity to last and help unlimited numbers of people for a long time. Help develop software that can spare the governments in the third world from spending money on proprietary software and they'll have more money over to spend on fighting famine. Help develop an equal playing field in the IT industry and developing countries will have a chance to create an indigenous industry without paying IP taxes to the rich world.
Worthwhile depends on your point of view. You may get a warm fuzzy feeling from helping someone more directly. If you do, I suggest you work at a homeless shelter or some similar charity, where you can see and touch the people you help.
Me, I prefer being charitable for more longrange goals. In the long run I regard it as more worthwhile.
Indeed. And if Sun and company feel fine with retreating up the scale until they eventually sell a few hundred systems per year that's ok.
If, on the other hand, they're interested in remaing competetive in the low to midrange server end they'd do well to make sure that GCC has the best code generation possible for their platform because GCC is quite often the defacto compiler installed, despite it not being the best for the platform (even if the platform specific compilers were free gcc would remain immensly popular and probably remain the most common compiler on those systems merely because it works close to the same between platforms).
Indeed. Those vendors would do well to improve gcc on their platforms for their own sake.
Installing a commercial compiler takes several months in large corporations, assuming you get permission for the expense at all, and often that is not an acceptable option. So gcc is what you get (which has the added advantage of not needing to deal with a PITA license server).
If that means the performance will suck on Solaris, Tru64, HP-UX or IRIX that just means we are more likely to migrate applications to x86 linux machines instead, not that we buy the compiler...
About 40 EUR, 2.5M/768Kbit unlimited traffic, static IP.
I love my DSL provider.
And if OSX for x86 is ever released, MS will 'cut off their air supply' (entirely apart from the fact that OSX for x86 will never be OSX for x86, but rather OSX for MacIntoshes which happen to have an x86 CPU). No single commercial competitor will ever stand a chance against MS.
Linux isnt successfully competing against MS due to quality or features. It's competing on freedom, price and by levelling the playing field, something which can harness the interest of every vendor in the buisness. They all gain (well, except MS). How would Apple gain the interest and cooperation of IBM, Dell, HP, Oracle, Sun etc?
They cant, of course.
The TCO studies are also complete bullshit; make a quick comparison between mass hosting providers and see what price difference they have between Windows and Linux machines.
The Linux machines save you 30% or more. Somehow I doubt they're calculating with a loss on the price.
I would like to see the exact methodology used; you'd have to have a very inventive way of calculating TCO to get that result.
...except of course, the other execution units data is probably not in the L1 cache either. And that you now effectively have half the cache size since you're sharing it between two execution units.
There is some performance to be gained with hyperthreading but mainly when you have some math intensive code running on one unit and other stuff running on the other. The main gain will be in running things like seti@home in the background...
I already have an upscale PC. My old utility servers, however, are starting to fail with frightening regularity. I need utility servers that can work as NFS servers, DNS server, external web server, print/backup server, etc. I dont want to pay 350 dollars for power I dont need. If I can use a $199 machine for the same job, I will get the $199 machine. In fact, if I can get 4 of them for $800, even better. That's less than I paid for my upscale machine for my infrastructure needs.
There's a place for $350 machines. There's a place for $1500 machines too. But there's definitely a place for $199 machines, and there's starting to be quite a large number of things you can do with those machines.
Um, if you're still running I class machines you have a problem. If you're running Oracle 7 you also have a problem. Do you actually have any support at all? If you do, the cost of those maintenance contracts must be boggling. Boggling as in you could probably replace the entire machine with a brand new one and save money in the first few months.
We junked our last I class machines in 98-99 I think...
Um, games like EverQuest already touch the 1GB memory requirement for the game to run optimally. 3GB is the current max memory per process in a 32bit architecture. That's just a factor 3 off from the hardware being unable to support the game well. How long did it take to go from 256MB being plenty to 768MB being recommended?
Of course, it's to a large extent due to sucky programming, but it's not far off.
It still wont stop cheating. They are probably not able to detect it, especially not passive cheats that just use the info sent to the client. Most of the active cheats are also hard to detect, and it can be hard to tell them apart from natural actions from the players.
Further, the cost to society to manage such a thing in courts would be huge. It's like having a video monitor in your house and leaving the front door wide open. You might maybe perhaps be able to catch the burglars if you can identify them but you're still going to end up having been robbed.
For something that could be solved in a week or two of competent engineering it sounds like an extremely costly and inefficient way to attempt to deal with the problem.
No, not even the judicial branch of the real-world or game-world government. They can punish the players if the are able to detect it, but that still does not prevent them from doing it.
Sony is not trying to prevent cheating. You encrypt the data to prevent others from listening in on what a player does. That's the purpose of encryption. Since the player has to have the encryption key you'd have to be rather 'logically challanged' to use encryption as a way to prevent cheating.
If Sony were trying to prevent cheating they'd stop sending any data the player shouldnt see. That would be an effective way to prevent cheating.
Now, if you want Sony and/or other game companies to prevent cheaters you should contact them and tell them to hire someone who actually has a clue about how to prevent cheating or you'll refuse to play their games.
This isnt rocket science. Writing (close to, as in the cheater wont get any significant advantage) uncheatable client-server games is possible and it isnt even that hard. It's been done since the beginning of online gaming in opensource online games (kinda hard to implement security in the client when the player has the source). Place one of the system architects in front of a screen and tell him to read through project development mailing list archives and actually learn something about software design for once in his life and you've solved the problem.
The blame lies squarely with the companies who spend maybe 10 minutes total considering the issue during the design phase. The failure to implement a secure design is just as bad as if inventory suddenly disappeared or characters just went poof. Complain about it and maybe they'll actually do something about it. But _they_ are the ones who decide wether to make cheating possible or not, and encryption is not one of the ways to prevent cheating.
Exactly, Sony makes the rules. They made the rule that says 'anyone who wants to can cheat' simply by sending data to the client that doesnt have to be sent. They intend the game to be played by using ShowEQ. They've written the entire support for it into the architecture. If they didnt want ShowEQ they could easily remove the extra data (and lessen the load on peoples internet connections at the same time). Since they dont, they obviously support and endores the use of ShowEQ.
So, can you tell me why Sony has to send that data to a player not logged in with a tracker? Can you tell my why Sony has to send that data to a ranger who does not have his tracking window up? Can you tell me why Sony has to send the exact xyz position of the mob rather than the con level and the direction _which is what the ranger sees_?
It's not called "Tracking". It's called "laziness" (if you're kind) or "incompetence" (if you're less kind).
No. Aimbot developers are entirely within their rights to create whatever they want and shoot the crap out of the other poor players. The q3, UT or CS developers are just as umm... 'security challenged' in designing 'hack safe' games as the EverQuest team is. I dont play such games online for just that reason. If it turns other players off the game too, then _good_. Maybe anti-cheating security will actually reach the agenda for implementing a game if nobody wants to play CheaterStrike anymore.
The blame for cheating should be assigned to exactly the one place where it belongs: To the designers who lacked the skills to do the job right, or to the management who decided to do things the wrong way.
There is one way, and _only_ one way to prevent cheating and that is _do not ever trust the client_.
The game map is not sent. The game map is the zone files which are already local to the client (and which can be looked over using several means). The nearby creatures _and_ every other creature in the zone were sent last time I checked. To filter out which mobs position info to send to the client does not require communications with the client. It's trivial to fix that.
Creatures behind a hill or not in the players cone of view? Umm... maybe press the camera button to switch views could help you? This is already visible in the game.
LOS code is already in the game. As in 'you cannot see your target' - darn.
If a mob is around the corner you start sending info on that mob to the client when it gets into such a range that it is concievable that the player will see it in a second or five. Not as soon as they zone into the same area.
Thin clients ARE THE ONLY THING THAT WORKS or YOU WILL HAVE CHEATERS. Period. The client tells the player anything you send it. Period. The client tells your server any bullshit the player wants it to. Period.
The client is the enemys foothold in your fortress, not your foothold in the enemys fortress.
A moderately competent programming team and a reasonably smart architecture designer can code around the disadvantages of thin clients with things like path prediction and server-side components of player response time. But nobody, can _ever_ stop the players from reading anything you send them or sending you whatever they want.
You mistake 'security for the user' with 'security from the user'. Palladium is about protecting Microsoft, software on the users computer and media on the users computer from the user.
A secure OS in that context is impossible to write; control over the hardware equals control of the contents on the computer, so they shouldnt really be criticised for being unable to implement that without hardware support. It will never be entirely successful but they can push the barrier for copying to such levels that you need to be able to buy your own CPU manufacturing run to be able to backup any data you want on your computer.
A secure OS in the context of preventing access for intruders is far more possible of course. That they cant do that has been obvious for decades.
See how easy it is to fall for that? You're _still_ not stealing. If you steal an orange it's theft. You are denying the store the due profits they would get for that property which they had purchased. If you steal a CD, same thing. You are denying the store the ability to sell that CD to someone else.
If you copy, you _may_ be denying them income attributed to their government granted temporary monopoly, if you had planned on purchasing that item rather than copying it. Since the very income they are counting on from _you_ depends entirely on _your_ intent, it becomes an impossible construct. They are not prevented from selling it to someone else just because you committed a copyright violation (they may be if you mass-distribute it, which is why, while still not theft, that is even more frowned upon in law tho).
It is technically a copyright violation. A copyright violation and nothing else. Not theft, not murder, not piracy, nor arson. It may have factors in common with any and all of them, but it is _not_ any of them.
It is a violation of a government granted exclusive monopoly, granted for a limited time to promote creativity, it is not depriving someone of property, not even property they would otherwise have obtained.
A violation is a copyright violation, period.
If you steal something then someone else is deprived of the use of that object.
Calling copyright violations theft _is_ a wordgame. Illegally copying a movie or music is not theft. It is a copyright violation. A copyright violation is a violation of an exclusive right of a state granted temporary monopoly. It is not depriving someone of their property.
The ??AA's want you to think it's theft. They want you to think it's their real property. They want these terms for two things; to scare people away from illegally copying of copyrighted materials and (which is far worse) to indoctrinate the public and new generations into believing that IP is real property on equal footing with physical property. Because if people think it's real physical property then it's much easier to garner support against any proposals to reduce the length of copyright. After all, it's easier to argue against a government seizing their property than to argue against the government reducing their monopoly.
Dont call it theft. Dont call it property. Copyright violations are copy right violations, not theft.
(I certainly agree that there is no moral highground in copy right violations either, but there is a moral highground in arguing for the reduction of state granted monopoly time as opposed to arguing for seizing property after a certain time.)
The heirs? Maybe I should take that up to my boss; the company I work for should definitely pay my relatives if I happen to die while employed...
Or not...