I'm writing a one-man game at the moment. I don't imagine it will be anything more than an obscure indie game at best, but it's nice to pull out of the game programming and give thought to "what might happen" if it's popular and sells millions, and write some code for things not directly related to the game itself. I actually ENJOY planning things like that and at what point I'd have to pull in cloud servers and this and that, and how I'd get one proper "retail" boxed copy made of it, just for me, even though boxed copies are basically dead nowadays.
As such, I've thought through things like scalable storefronts, download capacity, selling it on Steam, etc. and even things like DRM and how I'd sell it by myself.
To be honest, it was only a side-distraction but as someone who has 500 Steam titles on their account and myriad other indie bundle games and GOG.com games, I have to say that - pretty much - my buying tastes affect my programming tastes. As I got to the point where I thought "I wouldn't tolerate that on a game I bought, especially an indie game", I stopped and did something else. Hell, I ended up recreating a Steam-like achievement system rather than code on the DRM once I thought it had gone "too far" (the fact that I made it so I can drop-in a real Steam library system with minimal changes just reflects my insane optimism!)
My game has code for DRM. I have a single define in the code that removes all the DRM, throughout every file, check and build process, so it's literally a single switch to compile a version without any DRM or with. I honestly expect to never have to turn it on if I ever finish the game and the DRM code I have put in will languish in my SVN repos forever. But it was a fun intellectual exercise to code.
My DRM works by embedding an X509 public key certificate into the game, and giving an X509 certificate to each user, signed by the corresponding private key (which, obviously, I keep secret and do not distribute anywhere). Users can download the game from anywhere but need their "key file" to activate it properly (which works nicely for "demo" versions too - anyone can download the same game but the key turns it into the full game). It should, thus, be impossible to fake a valid, signed key without actually changing the code of the game itself. No "keygen", as such.
The code itself does various checks to make sure people aren't fiddling the certificates (the ones embedded into the game, or supplied to paid users), and the details on the certificates can contain things like their address or even credit card number quite easily. This, I hope, would deter the casual user from sharing their key with other users and/or present enough of an intellectual barrier that they think "Oh, I won't try to fiddle this, then". There's also a quick DNS check where I query a remote DNS server under my control which returns some custom-formatted records that tell me whether or not the underlying game key matches the one that the DNS is providing (so a primitive revocation / demand a certificate update facility).
I don't FOR A SECOND think that any of this will stop a determined pirate. I think it will deter kids from sharing their copy of the game with their mates, or running 20 copies at home, and amateurs poking around seeing if there's a way around it. Anyone smart enough to look into the code with a debugger, or run Wireshark is going to defeat anything I do, I'm under no illusions, and the worst I can do is make it tricky for them. It's the balance of that trickiness versus the likelihood of affecting genuine users negatively that's the ultimate question.
When I was younger, I did a bit of all levels of "hacking" programs. I pulled Desert Strike through MS-DOS's debug command and - with a copy of Ralf Brown's Interrupt List and a knowledge of x86 assembler - defeated the "must have the CD in the drive" protection. I never distributed my crack (hell, there were better ones out there already, I just didn't have an Internet connection to know about t
For a start, a home DNS server isn't suitable. And if I deploy a nameserver, as I said, you should be deploying two on separate networks. And it's STILL a pain in the arse to sign it all properly. It's just not worth the effort for a small home user, and those who run nameservers now can run DNSSEC now. The point is that few people run nameservers of their own, for good reason.
And not once have Google ever forced anyone to use 8.8.8.8 or 8.8.4.4 as their DNS server.
But I can find you a lot of things that Microsoft has done to force such things on their customers. Even convicted in a court for it.
Fact is, if you are that paranoid about Google, just stop using them or sites that support them. And if those sites were that worried, they'd stopped using them too.
The point is that LOTS of companies do lots of things with your data and have to abide by the law in doing so. Google isn't even the worst in terms of that. That doesn't give them licence to follow suit, but the fact is that nobody is forcing you to use Google, or breaking your fingers when you try to put their IP's into a host file blocklist.
Get over it. If you cared so much there wouldn't be a single piece of software on your computer that could listen in to your traffic, you wouldn't be using anything but your own DNS direct to the root servers (or are they just collecting your data too?!), and Google IP ranges would be blocked from your network. I'm willing to bet that actually you're probably, voluntarily, running some browser / security suite that does even more than Google does and don't complain about it.
Show me an ISP or host who supports IPv6 and DNSSEC for a reasonable price and I'll switch.
Fact is, usually your hosting provider runs your DNS for you, and until they change there's nothing I can do. Setting up a nameserver is within my realm of possibility but it's something that I pass off to third-parties for a reason (for a start, you need two and ideally they should be on different IP spaces and connections). Also, configuring and updating DNSSEC is, from what I've seen, a bitch and even the initial signing can be a pain in the arse. Sod all that hassle just for the convenience of a minority of visitors.
Combine that with the fact that for almost EVERYONE who owns a domain, someone else other than them actually hosts it (and the big guys who DO host their own domain nameservers? Well, they can and are enabling DNSSEC where they need it, but it's no small task) and you have a problem.
You can bitch at me as much as you like but that ain't going to DNSSEC-enable my domains that I don't host any more than bitching that my IPv6-ready setup isn't actually on an IPv6-compatible / supported connection / ISP-supplied router will get me online.
Talk to my ISP and domain host. Get a few of them moving, then we can talk. Until then, it's all just another technology that I can do nothing about without a lot of expense for virtually zero gain.
P.S. The domains I do have on VPS / external servers on hosts which offer DNSv4 control publish AAAA records which work. In the same way they publish SPF records that work, and DKIM records that work, and reverse DNS records that are valid. And they ALL get used. But not really enough to justify even the small effort it took to do all that.
I've done my bit. Call me when my ISP host gets off their arse and does theirs. In fact, call me when Slashdot does the same. 10 years on and they're still publishing articles about the doom of IPv4 without a single AAAA record to their name.
Please explain how you know that, for example, Microsoft doesn't already do a lot of similar things?
For a start, every new connection you check in with Microsoft by connecting to a Microsoft server and downloading a text file (look up NCSI - and, yes, you can change the registry entries to your own server if you wish, but so can you NOT use Google's DNS servers. I actually use it as a primitive "call home" device should someone be stupid enough to steal my laptop - as soon as it's turned on on an unknown Internet connection, it will try to talk to my server as a connection test, which would give me their IP).
Or time.microsoft.com. Same sort of thing. Hell, a lot of security suites "call home" with details of what pages you're going to in order to see if they are malware, etc. Opera Mini/Mobile "calls home" to a server that could even cache your SSL connections in theory, etc. Just what precisely distinguishes Google from anything else that you have voluntarily installed on your computer?
You mean the same idea I've been asking for for about 15 years, otherwise known as bottling, process separation and lots of other fancy terms?
Your browser doesn't need access to the hard disk, except a single, solitary folder for downloads. That's it. It shouldn't even KNOW where that folder is, nor if it's in memory or a disk, or a network share. Hell, it shouldn't even be allowed to have the capability to look, let alone actually find out.
For uploads, the browser requests that YOU supply the information to the browser process bottle, and it takes it once supplied and does what's necessary. It has no need to have arbitrary access to every file visible on your system, only those it creates itself inside its bottle, or those you explicitly provide it with through some system mechanism. Similarly, it has no need to do anything more than put out a HTTP request and get a response.
Something else, somewhere, will handle, authorise and sanitise that request and response and do NOTHING else. Yes or NO. The program should have NO way to detect what that process is (so if the user wants to run in a zero-privilege environment, the browser just has to cope with that rather than say "I can't run without admin").
Now replace "browser" with "word processor", "spreadsheet", "hardware utility" or anything else that you use on your system.
The problem we have is that we've come from general purpose OS that were designed to let all processes have access to anything that wasn't explicitly locked away from them. The fix is to give processes the absolute bare minimum they require to do their work, make them ASK for everything, and refuse any request that you don't like. And make every process work (for the correct definition of work) even when tested inside a bottle that ALWAYS gets No to every request.
We've sort of tacked on such security features to today's OS (Unix-likes are certainly closer than, say, Windows), which historically always said "Yes", and now we have to start with one that says "No" all the time, for everything, and gives nothing to a process that isn't 100% necessary.
Replace all "file open dialog" actions with a system component that does NOTHING but let the user choose a file (Windows started out with the right idea here, but fails terribly in implementation). Hell, theming is then permanent and to the user's preference (and the program needs know NOTHING of the theme chosen or anything else) and nobody has to (or can) run around recreating an official file-open dialog. You can even "green-bar" official file-open dialogs (like we do with padlocks on SSL sites) so that they are distinguishable from rogue processes trying to create fake file-open dialogs (even though those would not be able to escape the bottle to read files anyway!). Make it so that NO other process can green-bar a file-open window except the file-open process.
Hell, why should a process even be able to know or change whether it's full-screen, windowed, the window size, etc.? Instantly you take ten options out of every game that has "recreated" those options and decisions for you and leave it to the user to decide. Game X will ALWAYS load fullscreen. Any process marked as a "Game" will only be fullscreen when I press this button. Or even "No process can EVER go fullscreen because I always like to see my Start Bar". And the process will have no way to know, and no way to override the decision of the user. All it knows is that it has a bitmap area it can draw to which is copied to the screen when it asks. It can't tell if that copy is a copy-and-scale into a window bitmap, or direct copy to video memory, or even just copy to a screenshot / VNC program.
Assuming a program wants to open a file, the program calls the function to open said dialog and is blocked until it returns. It can't do anything else but request it. The dialog is run in a process all of its own and has access to read file names in user-allowed folders, display things in a file-open dialog on-screen (again, subj
There's enough food on the planet to feed everyone, every day.
The problem is not one of science, but of politics. How do you get some tiny African state, or Middle-Eastern country, with a hatred of the country offering help because of past wars etc. to let you wander across their country with thousands of people, vehicles, planes and cargo, fixing all their starvation and asking for "nothing" in return? You don't. They are (rightly) very suspicious if you try.
The logistics issues (getting the food there), the personnel issues (finding someone willing to wander into a warzone holding nothing but rice), the farming issues - they are all pretty much solvable already. It's the politics. When a warmonger in charge of a state says "No", you risk war to carry on doing it anyway, which will kill a lot more people than basic starvation.
And the politics aren't something that are going to be resolved any time soon (if ever). Ironically, world hunger will be solved when world peace comes about, and not before - short of some fantastical technological miracle that can fabricate any substance out of thin air while running off a battery. And then that device will be used to create guns and fatten troops, not feed the starving.
Yeah, this is a "first world problem", but we're pretty stalled on solving most of the third-world problems not because of a lack of science, technology, industry, funding, power or anything else. Purely because of a lack of acceptable foreign policy. We are happier to sell these countries guns than give them food for free and most of the time do both as if it makes up for it.
Think of this next time your country wishes to invade another, next time you hear reports of prisoner abuse, torture, kidnapping, imprisonment without trial, bombing (with "collateral damage") or particular groups / religions / nationalities being the target (did the US go after Bin Laden or did it bomb the crap out of some foreign countries that were nothing to do with him?).
There's nothing stopping us feeding the starving, except people in charge hating other people in charge (usually somewhat justifiably: if you consider what would happen if, say, those countries told the US - for example - how to run their own country, you sort of begin to see the problem from their side).
However, that's not really a factor in the ongoing advance of science. If we really waited until we cured world hunger / world peace before we actually moved on to more complex things, we'd still be in the stone age right now.
I don't consider myself a "professional" programmer, though I've certainly programmed things that are used in my workplace, saved quite a lot of money for employers by doing so, and programmed things since I was a child on any number of languages. If I see a program and can't work out how it does what it does, I'm quite happy to tear it apart just to see how they did it, and even - when source isn't available and reverse-engineering isn't practical - re-create my own version to see if my hunches were right.
C++, to me, is just gibberish. I sat and read any number of books on how great OOP was and how C++ use these things and I have to admit, for many years, I was convinced. It was only when I got out of contrived examples and tried to understand another programmer's code that I realised that - actually - C++ just gets in the way. Boost even more so. I'm sure there is a way to make it lovely and I'm sure if you do it day in, day out and nothing else, that you get used to it and begin to see it - like reading music or anything else.
But a programming language is a LANGUAGE - something that facilitates communication. That's not *always* just between the computer and a human, but between two humans using computers, for instance. And there, C++ really falls down. I've seen projects that were created in C, built up in C, got famous in C and then converted to C++. I followed everything in them, even sending patches and hacking my own code into them, right up until they converted. And then they became a mess that I didn't like to touch, and certainly couldn't contribute patches to any more.
I get a lot of flak for that opinion, but I can write C99 code that does just about anything I ever want. I haven't yet thought "What this really needs is C++". I've even re-created object-oriented concepts in C99 and been perfectly happy with how they work and how to understand them.
And the fact is that a random bit of C99 code posted by a decent programmer - you can normally get the grasp of it quite quickly. A random bit of C++ code? You could be there forever checking overloaded operators and class declarations to see what the hell it actually does. Sure, you can obscure code in either language, but C++ seems to go out of its way to make even simple concepts obscure when expressed within it (don't even get me starting on templates).
I'm just not sure that the effort of "learning" C++ inside-out to the point where all that gibberish just becomes second-nature is actually worth it for the return, compared to just working a little harder on some basic C99 code to do the same things.
Should be fixed, yes. Critical to your network security? Not really.
It requires someone to convince a local user to click a link which not only executes an HTTP request against the router but also somehow starts up a TFTP service on the machine that executes that request, with some crafted files served from it to compromise the router when it asks for them.
It's a home router (and "routers" in the headline is accurate but misleading - precisely two are listed as vulnerable), so to be honest, I'm not at all surprised that this is possible. Hell, UPnP is more a security threat than this backdoor and that's enabled by default in a lot of places.
However, if TP-Link (whose products I quite like, especially their wireless repeaters) had just issued an update that stopped this happening, I'd not have even cared about it one jot and it would disappear into the void of things that have been patched already. It's the non-response that gets me. Someone at TP-Link couldn't even be bothered to say "We're looking into it"?
A good screening test is one that provides a definitive answer. You DEFINITELY have AIDS / rabies / smallpox, for example. Whether you can treat/cure AIDS/rabies/smallpox? Well, that's something else entirely.
But if you can't screen to provide a diagnosis, then you can't isolate symptoms, spot OTHER symptoms which may be masked by similar diseases that someone DOESN'T have (and only a screen will tell you that), or work out how to manage the condition, even if you can't treat it. Management might refer to, for example, being told not to share your blood with AIDS, or getting benefits and home-help for Alzheimer's, or even just "don't do this particular exercise / take this particular drug".
We can't "treat" most allergic reactions. It doesn't mean that you shouldn't be screened for them, or that you can't manage the condition if it's diagnosed.
And, actually, Alzheimer's is a condition that you can actually change the severity of if you know it's coming. Not by much, and not for ever, but that's enough to justify getting a working screen for it.
From these guys though? When they publish something, and they let their methodologies and results get ripped apart in public, then I'll believe them.
Claim of 100% accuracy. A Twitter full of "launch" and "pitch" announcements and not much else. A website that is nothing more than a placeholder.
Yeah, they're going straight into the history books, they are.
You want me to believe you, publish, and let people rip it apart. If the public-facing part of your whole organisation is talking of nothing more than startup awards and pitches, I don't see how you can be doing proper research, or how you can be selling it to medical establishments. And without bothering to provide evidence of either, I can only assume it's snake-oil.
Heard the same for Whax (Let's base on Slax because it's easier to..... blah blah blah), Whoppix (let's base on Knoppix because it's easier to.... blah blah blah) and Backtrack (let's start again with LFS this time [I think, correct me if I'm wrong]... blah blah blah). And now they've gone around again. I've never seen one distro go through so many base distros in all the time I've been using Linux. It's just ridiculous.
You know what? I just want to run the damn tools, whether from LiveCD or install. I couldn't care less what packaging they use because the point of the distro was to be a pen-testing distro, so it should all come pre-installed and I just update (in whatever manner) when necessary. What damn distro it's based on, I couldn't care less.
But I *do* care about being able to find the damn thing or point over people to it when they need it and it changing name every year is just unnecessary hassle and hindrance. Why not just stick with a name, and change the underlying distro? Who would care? Who would even notice on a pre-packaged, single-purpose distro? It's not like you're going to be running your desktop apps on it, or using it on servers.
Every year they basically wipe themselves off Google and it's not the sort of thing you download every day to keep up with it. And, to be honest, I have had no idea if they ARE the same people each time - and for a pen-testing distro that's not reassuring, and I shouldn't have to go verifying it.
Pick a name, stick with it. What you do to the internals, I don't really care so long as I can use the tools you advertise to have pre-installed (and this latest distro? Doesn't tell you the list of tools it's got but the old BackTrack website does!). But if you jump around websites, change name, and change everything underneath all the time, then I question what exactly you're doing that for and - also - whether I can trust you to fix more important issues than might be lingering on a pen-testing machine than which command I use to update or what your package format is.
Or, the cost of the occasional replacement keyboard is nothing compared to the 5 minutes of time it makes that person out-of-action while they arrange a replacement, or even that the cost of replacing it is NOTHING compared to the lost time, effort and money spent telling people - who earn a relative fortune - not to drink coffee over the keyboard.
Sometimes you just have to accept the trade-off. I'm run the IT for schools. I have a large cup of cold water next to my laptop here. The cost of any potential mishap (that hasn't happened in all the time I've worked her) is less than that of having to carefully place a cup somewhere "safe" each time (Where? My office is full of computers, cables and plugs) I want to sip from it.
The kids? If they do it, I will not be happy as there's a rule against it. But it happens, still, and other things are more important than faffing about over a keyboard. It's just not worth the lost lesson time to even lecture them about it more than the teacher already has. It's not worth the cost of the keyboard to make the computer unavailable for that amount of time. It's not even worth the time for me to walk to the room when I can just pass the keyboard to a passing child and tell them to take it for the teacher to install themselves.
Some things just aren't worth worrying about, and as a company grows to have larger and larger budgets - you know what? Who cares if the $100,000 a year programmer likes to drink coffee to keep him alert through his overtime, even if he might spill it and cost the IT department - what? A few dollars? Once a year if that?
Hell, it's hardly worth the "vending" hassle, which is why they have a machine that just holds the stock of keyboards they already kept - it's cheaper to buy a machine and let the IT guys do some real IT instead of having to chase broken keyboards and damaged mice around the whole campus.
"except for miners who lost their reward for mined blocks on the abandoned (v 0.8) chain."
Which currently amounts to about $25,000 of BitCoins, last I heard. That's $25,000 of BitCoins that might have been spent, sent, transferred, etc. but never existed in the chosen chain and the knock-on effects on your own wallet if you're dealt with someone who dealt with someone who dealt with someone.... (ad infinitum)... who dealt with one of those mined blocks.
Sure, it'll "catch up", but saying nobody lost out is plainly false. And isn't the point of BitCoin that everyone is a miner in some small way?
I'm not an advocate for BitCoin. I don't even use it myself.
But, yes, eventually every user ends up having to store every transaction in some way (there's shortcuts but pretty much that's true). A BitCoin client I just installed is synching 225,000 blocks of transaction history (more than one transaction in each block), the earliest generated a few years ago. It'll take about an hour to catch up from an empty wallet.
Once it's synched, you keep it running whenever is convenient and - after X amount of other BitCoin users have your transaction recorded - it's taken as verified that your transaction was successful. If you get out of sync, you have to wait for it to sync before you use it but - as I said - syncing from a new client only takes an hour to get all the BitCoin chain "history" from the first block created years ago.
Sure, that scales up if BitCoin becomes more popular but that's no different to anything else, and not EVERYONE has to sync to make the transactions verifiable. The current forum posts say that 11 confirmations from other clients is enough to ensure that a transaction was genuine and occurred, for example. That's 11 confirmations from ANYONE running BitCoin. Everyone else can catch up as time allows.
It's even better than, say, a worldwide torrent - the more people running it, the easier to pick up new transactions and confirm them. And torrents don't seem to suffer scalability issues. If anything, they are pushing hard on the ISP's to increase their capacities because they work so damn well.
The value of the currency is in the people who use it and most major exchanges have already reverted to 0.7, hence 0.7 blockchains are the de-facto standard at the moment. There was a bit of back-and-forth when the problem was discovered but all the large exchanges have settled on 0.7 as the standard for now.
It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar". The new dollar ends up valueless and everyone just stays on the old one.
The client fix is to accept large transactions but not create them - there's already code in a lot of BitCoin software to do that, but not all clients are running it - someone now has to force them to upgrade to a good version in order to stay compatible, and a lot of people might be generating coins that will later fail without knowing it.
Bitcoin is a virtual currency that works by "doing work" (a complicated mathematical "puzzle") on your computer. It becomes a currency by the difficulty of the puzzle, and that when you have solved it you tell other BitCoin users about your success and it goes into a "chain".
That chain is the history of EVERY transaction performed on the BitCoin network and the integrity of the system is given by every user relying on the same chain - so trying to create some extra BitCoins or a fake transaction requires compromising a lot of machines around the globe to believe it happened.
Because of a stupid bug that nobody knew about related to the size of a transaction in this chain, a transaction that's too big for older clients to handle was (legitimately) created. Older clients can't handle it, so they have no idea what to do when it comes into their chain updates. Newer clients can handle it, but can't synchronise their chains with older clients because of it (they can accept the transaction whereas older clients don't).
Because the chain is now effectively split into two chains, and that all the integrity of the system comes from the fact that everyone is using, verifying and updating the same chain, BitCoin is now in an "emergency" (quoted from the forum post in the summary) situation. New clients are generating coins that old clients can't see and vice-versa, so BitCoins are being generated and lost or transacted and forgotten about.
The fix is to go back to the old code, ignore the over-size transaction, and hope to fix the code in a more backward-compatible way. Unfortunately, that requires some people on newer clients to lose coins, revert transactions, and for exchanges to shut down (temporarily) until the issue is resolved.
Basically, someone really messed up by not checking that the database could handle transactions that could pop up in the real-world.
I think imaging is the LEAST important part of any space mission. Especially live imaging of moving images. Sure, a couple of science missions give us things like close-up of the moons of Jupiter, etc. but that's really science and doesn't need HD or 60fps (in fact, the visible spectrum is barely worth looking at compared to other wavelengths).
Pretty pictures don't give NASA money. They go into the gift-shop and a few online licensing rights and that's it. But a decent spectroscopy of something, beamed back at a handful of bits a second, is worth infinitely more for science. They're not making missions for you, they're making them for science and throw you a bone occasionally so you don't complain about what's happening with your tax dollars.
Now consider - there's a long delay in transmission times. Acknowledging a transmission is successful would actually take longer than the storage available on many of the older missions.
If something goes offline, and the intermediate satellites (e.g. those orbiting Mars, for example) have a problem talking home, then all that data is slowly building up. Data storage in a data-hostile environment like space is not cheap, so there's not much of it (and if there was, the more chance you'd experience a failure of some kind due to radiation, etc.).
So now your billion-dollar project on Mars is full of data, stops collecting, waits for the network to pick up so it can offload it to the satellite, that's full of data, waiting for the satellite network on Earth to talk back so it can clear its own buffers. Everything's just sitting there waiting and no science is happening and - most importantly - science data is being lost because you can't store it once you've collected it. Experiments have to be abandoned, re-run, vital timings are missed, etc.
Nothing happens "live" in space. The distances involved are too stupendous to worry about beaming things home live. The commands sent are batched, received and checked and sometimes retransmitted before ANYTHING is told to happen. That's why it takes days for the Mars Rovers to do anything like move forward a metre and drill a hole - you have to transmit a plan that covers every possible action because you CAN'T act live and the rover has to decide what to do if it feels a wheel slip mid-way etc.
What you get back are videos and photo-series uploaded over the course of weeks or months in-between the proper science data when there's some idle time. What's needed is a better DESIGN of network with more resiliency and better capacity (hard to do - you can't just whack a bigger hard drive in) and alternate routes and the capability to cope with solar flares and whatever else might happen.
Keep your damn HD at 60fps. It adds NOTHING except to make you feel good. Make it so that we can collect and use more science data to actually do things with. A planetary geologist isn't making their water/soil sample analysis on an HD video, they're using sensors and data collected more accurately, more in-depth and given to data archives that you will never even see. When they tell you there's water/life/politicians on Mars, they aren't looking at the imagery you see on the JPL website, they're looking at the real data that contributed to that (mostly manually re-coloured) imagery, that tells them what's actually there (and not just recolouring a grey pixel to blue because that's what they *think* it would look like if you were there).
Seems like we have indeed come full-circle, except now the audio just encodes a link (presumably with no lengthy initial communication phase) and the rest of the content is actually on the Internet.
Also seems less secure - now anyone can play one of those sounds and try to get you to go to it, or intercept the communication to work out what you're doing.
But still has interesting implications for, say, radiation-hardened hardware like space-travel. Of course, it's nothing they don't already have in terms of the overall process, but having it on-chip is yet-another factor that has to experience corruption before you need to replace the hardware.
There are international support groups - once you know what to look for - but the condition itself is a bit disheartening.
- It's genetic, so you'd need gene therapy to stop it.
- Because there's nothing "wrong" with the body that can be fixed (the collagen is just more stretchy than it should be, the usual analogy is chewing gum instead of glue), about the only solution is painkillers.
- There is no single, known genetic marker, even with thousands of identified patients - you can't do a blood test and say "Your daughter has this, and it will be crippling/painful/minor" despite all three being possible outcomes. As such, there's nothing to stop people propagating it (we know it runs in families, and two sufferers will tend to have a worse child, but that's it).
- Nobody knows what it is.
You can get disability support for the more serious forms, in most countries. That's about it. Otherwise you're on your own trying to convince your doctor to give you painkillers for a condition they know nothing about.
How will it stop spammers who aren't even sending the messages from their own computers anyway? All it will do is add $50 to the bill of anyone who gets infected (which is not, of itself, a bad thing, but it adds a whole new level of complexity, collection and appeal problems) and the original spammers will not pay a penny.
And all that will happens is that email will move offshore. Will you tax per email received or sent? Sent from US only? Sent through non-US servers from a US computer with a VPN? Sent from original accounts or relayed through webmail (e.g. will GMail have to pay for me to send email even though I'm not in the US?)?
To be a tax, it has to be collectable. That means people paying it (instead of avoiding it) and a way to determine who needs to pay it with some level of accuracy.
If you want to push tech companies off-shore, it's a good way to do it, I grant you. Even then, it's uncollectable.
With my ex-wife, we only managed to get a (now-multiply-confirrmed) diagnosis of her inherent genetic condition after 30 years of misdiagnosis by dozens of doctors. With the help of Google. Yes, I'm sure lots of people waste their time and it's a haven for hypochondriacs but it's also an invaluable resource when doctors are as overworked/lazy as they are.
Her condition is JHS - joint hypermobility syndrome (also called HMS) that can come from over-extending joints (e.g. ballet dancers, gymnasts) or - in her case - from a genetic predisposition to a collagen deficiency. It was almost unheard of until a decade of so ago (and I've since seen another diagnosis of it in the school I work for) and there is little research on it - it's one UK doctor's pet research project, but by all accounts he's a bit of an arsehole.
It's misdiagnosed by most doctors as arthritis because the chronic joint pain associated with it is easier to write off as that than anything else (even in 20-30 year olds). In fact, it's the exact opposite - sufferers can do the splits and bend over backwards to rival the best contortionists but have chronic pain, whereas arthritis LIMITS joints movement and have chronic pain.
There's a simple ten-point test that's taken as official diagnosis, one point if you can place your hands flat on the floor without bending your knees, for example. Everyone in the world scores about 2-3. Flexible people can score 3-5. JHS sufferers score 8-10. My ex- scored 10 and always will, even when she's 80. It's the prime diagnostic for it, as they don't even have isolated genetic tests for it yet.
The process to find out what the condition was (from just 30 years of constant arthritis diagnoses and treatments to help loosen joints, etc.) was:
a) I had to explain to her that normal people AREN'T in pain 24 hours a day (when you live with it all day, every day, you just assume everyone else does but keeps quiet and soldiers on) and that your shoulder/hip shouldn't just "fall out of the socket" once a week or so (I became expert at putting them back in).
b) I collected her symptoms, went on Google, found this (rare, genetic) condition that matched. There was precisely one doctor actively researching it, but it was in all the medical textbooks. Arthritis wasn't even close to matching the symptoms, but it was listed under the arthritis departments and diagnoses every time because it's SO often mis-diagnosed (which makes you wonder how 20+ doctors missed it).
For instance, one of the symptoms is a reduced effectiveness of anaesthetics, and my ex- had a chronic fear of dentists because - even when anaesthetised - it hurt her too much. That's too simple to be a diagnostic on its own, but after 20+ such odd foibles of her health explained within 10 minutes of reading, things started to click (and not just her joints!).
c) We took it to our doctor. He was overjoyed and keen. He had a diagnosis that he'd never seen before, it fitted the symptoms he had recorded in her notes perfectly, it was commonly mistaken for the arthritis that doctors before him had diagnosed. He was able to say that 20+ doctors before him were wrong, that "he'd" spotted the problem, and prove it. He ran off, researched it himself, and said he thought we were right.
d) He sent us to a specialist (ironically, an arthritis consultant). They confirmed the diagnosis in seconds, and said they would have been able to in seconds for the previous few decades as it was well-known to them even if there was little they (or anyone else) could do to treat it.
e) She received treatment (physio, painkillers, etc.), an official diagnosis, found support groups, was made aware of the chances of passing it on to our daughter (who has a much milder form, that isn't pain-associated, which probably means she'll be good at ballet and gymnastics and not suffer like her mother, but she'll still carry the gene and needs to know that when she gets older), got on with her life, and hasn't been back to a doctor for anyth
Slashdot Mirror
I'm writing a one-man game at the moment. I don't imagine it will be anything more than an obscure indie game at best, but it's nice to pull out of the game programming and give thought to "what might happen" if it's popular and sells millions, and write some code for things not directly related to the game itself. I actually ENJOY planning things like that and at what point I'd have to pull in cloud servers and this and that, and how I'd get one proper "retail" boxed copy made of it, just for me, even though boxed copies are basically dead nowadays.
As such, I've thought through things like scalable storefronts, download capacity, selling it on Steam, etc. and even things like DRM and how I'd sell it by myself.
To be honest, it was only a side-distraction but as someone who has 500 Steam titles on their account and myriad other indie bundle games and GOG.com games, I have to say that - pretty much - my buying tastes affect my programming tastes. As I got to the point where I thought "I wouldn't tolerate that on a game I bought, especially an indie game", I stopped and did something else. Hell, I ended up recreating a Steam-like achievement system rather than code on the DRM once I thought it had gone "too far" (the fact that I made it so I can drop-in a real Steam library system with minimal changes just reflects my insane optimism!)
My game has code for DRM. I have a single define in the code that removes all the DRM, throughout every file, check and build process, so it's literally a single switch to compile a version without any DRM or with. I honestly expect to never have to turn it on if I ever finish the game and the DRM code I have put in will languish in my SVN repos forever. But it was a fun intellectual exercise to code.
My DRM works by embedding an X509 public key certificate into the game, and giving an X509 certificate to each user, signed by the corresponding private key (which, obviously, I keep secret and do not distribute anywhere). Users can download the game from anywhere but need their "key file" to activate it properly (which works nicely for "demo" versions too - anyone can download the same game but the key turns it into the full game). It should, thus, be impossible to fake a valid, signed key without actually changing the code of the game itself. No "keygen", as such.
The code itself does various checks to make sure people aren't fiddling the certificates (the ones embedded into the game, or supplied to paid users), and the details on the certificates can contain things like their address or even credit card number quite easily. This, I hope, would deter the casual user from sharing their key with other users and/or present enough of an intellectual barrier that they think "Oh, I won't try to fiddle this, then". There's also a quick DNS check where I query a remote DNS server under my control which returns some custom-formatted records that tell me whether or not the underlying game key matches the one that the DNS is providing (so a primitive revocation / demand a certificate update facility).
I don't FOR A SECOND think that any of this will stop a determined pirate. I think it will deter kids from sharing their copy of the game with their mates, or running 20 copies at home, and amateurs poking around seeing if there's a way around it. Anyone smart enough to look into the code with a debugger, or run Wireshark is going to defeat anything I do, I'm under no illusions, and the worst I can do is make it tricky for them. It's the balance of that trickiness versus the likelihood of affecting genuine users negatively that's the ultimate question.
When I was younger, I did a bit of all levels of "hacking" programs. I pulled Desert Strike through MS-DOS's debug command and - with a copy of Ralf Brown's Interrupt List and a knowledge of x86 assembler - defeated the "must have the CD in the drive" protection. I never distributed my crack (hell, there were better ones out there already, I just didn't have an Internet connection to know about t
Quote from their webpage (which doesn't mention DNSSEC anywhere where a potential buyer would ever find it):
"You need to be able to manage and administer your own DNS, because our hosted DNS does not allow you to manage DNSSEC directly."
Could.
Won't.
For a start, a home DNS server isn't suitable. And if I deploy a nameserver, as I said, you should be deploying two on separate networks. And it's STILL a pain in the arse to sign it all properly. It's just not worth the effort for a small home user, and those who run nameservers now can run DNSSEC now. The point is that few people run nameservers of their own, for good reason.
And not once have Google ever forced anyone to use 8.8.8.8 or 8.8.4.4 as their DNS server.
But I can find you a lot of things that Microsoft has done to force such things on their customers. Even convicted in a court for it.
Fact is, if you are that paranoid about Google, just stop using them or sites that support them. And if those sites were that worried, they'd stopped using them too.
The point is that LOTS of companies do lots of things with your data and have to abide by the law in doing so. Google isn't even the worst in terms of that. That doesn't give them licence to follow suit, but the fact is that nobody is forcing you to use Google, or breaking your fingers when you try to put their IP's into a host file blocklist.
Get over it. If you cared so much there wouldn't be a single piece of software on your computer that could listen in to your traffic, you wouldn't be using anything but your own DNS direct to the root servers (or are they just collecting your data too?!), and Google IP ranges would be blocked from your network. I'm willing to bet that actually you're probably, voluntarily, running some browser / security suite that does even more than Google does and don't complain about it.
Show me an ISP or host who supports IPv6 and DNSSEC for a reasonable price and I'll switch.
Fact is, usually your hosting provider runs your DNS for you, and until they change there's nothing I can do. Setting up a nameserver is within my realm of possibility but it's something that I pass off to third-parties for a reason (for a start, you need two and ideally they should be on different IP spaces and connections). Also, configuring and updating DNSSEC is, from what I've seen, a bitch and even the initial signing can be a pain in the arse. Sod all that hassle just for the convenience of a minority of visitors.
Combine that with the fact that for almost EVERYONE who owns a domain, someone else other than them actually hosts it (and the big guys who DO host their own domain nameservers? Well, they can and are enabling DNSSEC where they need it, but it's no small task) and you have a problem.
You can bitch at me as much as you like but that ain't going to DNSSEC-enable my domains that I don't host any more than bitching that my IPv6-ready setup isn't actually on an IPv6-compatible / supported connection / ISP-supplied router will get me online.
Talk to my ISP and domain host. Get a few of them moving, then we can talk. Until then, it's all just another technology that I can do nothing about without a lot of expense for virtually zero gain.
P.S. The domains I do have on VPS / external servers on hosts which offer DNSv4 control publish AAAA records which work. In the same way they publish SPF records that work, and DKIM records that work, and reverse DNS records that are valid. And they ALL get used. But not really enough to justify even the small effort it took to do all that.
I've done my bit. Call me when my ISP host gets off their arse and does theirs. In fact, call me when Slashdot does the same. 10 years on and they're still publishing articles about the doom of IPv4 without a single AAAA record to their name.
Please explain how you know that, for example, Microsoft doesn't already do a lot of similar things?
For a start, every new connection you check in with Microsoft by connecting to a Microsoft server and downloading a text file (look up NCSI - and, yes, you can change the registry entries to your own server if you wish, but so can you NOT use Google's DNS servers. I actually use it as a primitive "call home" device should someone be stupid enough to steal my laptop - as soon as it's turned on on an unknown Internet connection, it will try to talk to my server as a connection test, which would give me their IP).
Or time.microsoft.com. Same sort of thing. Hell, a lot of security suites "call home" with details of what pages you're going to in order to see if they are malware, etc. Opera Mini/Mobile "calls home" to a server that could even cache your SSL connections in theory, etc. Just what precisely distinguishes Google from anything else that you have voluntarily installed on your computer?
You mean the same idea I've been asking for for about 15 years, otherwise known as bottling, process separation and lots of other fancy terms?
Your browser doesn't need access to the hard disk, except a single, solitary folder for downloads. That's it. It shouldn't even KNOW where that folder is, nor if it's in memory or a disk, or a network share. Hell, it shouldn't even be allowed to have the capability to look, let alone actually find out.
For uploads, the browser requests that YOU supply the information to the browser process bottle, and it takes it once supplied and does what's necessary. It has no need to have arbitrary access to every file visible on your system, only those it creates itself inside its bottle, or those you explicitly provide it with through some system mechanism. Similarly, it has no need to do anything more than put out a HTTP request and get a response.
Something else, somewhere, will handle, authorise and sanitise that request and response and do NOTHING else. Yes or NO. The program should have NO way to detect what that process is (so if the user wants to run in a zero-privilege environment, the browser just has to cope with that rather than say "I can't run without admin").
Now replace "browser" with "word processor", "spreadsheet", "hardware utility" or anything else that you use on your system.
The problem we have is that we've come from general purpose OS that were designed to let all processes have access to anything that wasn't explicitly locked away from them. The fix is to give processes the absolute bare minimum they require to do their work, make them ASK for everything, and refuse any request that you don't like. And make every process work (for the correct definition of work) even when tested inside a bottle that ALWAYS gets No to every request.
We've sort of tacked on such security features to today's OS (Unix-likes are certainly closer than, say, Windows), which historically always said "Yes", and now we have to start with one that says "No" all the time, for everything, and gives nothing to a process that isn't 100% necessary.
Replace all "file open dialog" actions with a system component that does NOTHING but let the user choose a file (Windows started out with the right idea here, but fails terribly in implementation). Hell, theming is then permanent and to the user's preference (and the program needs know NOTHING of the theme chosen or anything else) and nobody has to (or can) run around recreating an official file-open dialog. You can even "green-bar" official file-open dialogs (like we do with padlocks on SSL sites) so that they are distinguishable from rogue processes trying to create fake file-open dialogs (even though those would not be able to escape the bottle to read files anyway!). Make it so that NO other process can green-bar a file-open window except the file-open process.
Hell, why should a process even be able to know or change whether it's full-screen, windowed, the window size, etc.? Instantly you take ten options out of every game that has "recreated" those options and decisions for you and leave it to the user to decide. Game X will ALWAYS load fullscreen. Any process marked as a "Game" will only be fullscreen when I press this button. Or even "No process can EVER go fullscreen because I always like to see my Start Bar". And the process will have no way to know, and no way to override the decision of the user. All it knows is that it has a bitmap area it can draw to which is copied to the screen when it asks. It can't tell if that copy is a copy-and-scale into a window bitmap, or direct copy to video memory, or even just copy to a screenshot / VNC program.
Assuming a program wants to open a file, the program calls the function to open said dialog and is blocked until it returns. It can't do anything else but request it. The dialog is run in a process all of its own and has access to read file names in user-allowed folders, display things in a file-open dialog on-screen (again, subj
There's enough food on the planet to feed everyone, every day.
The problem is not one of science, but of politics. How do you get some tiny African state, or Middle-Eastern country, with a hatred of the country offering help because of past wars etc. to let you wander across their country with thousands of people, vehicles, planes and cargo, fixing all their starvation and asking for "nothing" in return? You don't. They are (rightly) very suspicious if you try.
The logistics issues (getting the food there), the personnel issues (finding someone willing to wander into a warzone holding nothing but rice), the farming issues - they are all pretty much solvable already. It's the politics. When a warmonger in charge of a state says "No", you risk war to carry on doing it anyway, which will kill a lot more people than basic starvation.
And the politics aren't something that are going to be resolved any time soon (if ever). Ironically, world hunger will be solved when world peace comes about, and not before - short of some fantastical technological miracle that can fabricate any substance out of thin air while running off a battery. And then that device will be used to create guns and fatten troops, not feed the starving.
Yeah, this is a "first world problem", but we're pretty stalled on solving most of the third-world problems not because of a lack of science, technology, industry, funding, power or anything else. Purely because of a lack of acceptable foreign policy. We are happier to sell these countries guns than give them food for free and most of the time do both as if it makes up for it.
Think of this next time your country wishes to invade another, next time you hear reports of prisoner abuse, torture, kidnapping, imprisonment without trial, bombing (with "collateral damage") or particular groups / religions / nationalities being the target (did the US go after Bin Laden or did it bomb the crap out of some foreign countries that were nothing to do with him?).
There's nothing stopping us feeding the starving, except people in charge hating other people in charge (usually somewhat justifiably: if you consider what would happen if, say, those countries told the US - for example - how to run their own country, you sort of begin to see the problem from their side).
However, that's not really a factor in the ongoing advance of science. If we really waited until we cured world hunger / world peace before we actually moved on to more complex things, we'd still be in the stone age right now.
I don't consider myself a "professional" programmer, though I've certainly programmed things that are used in my workplace, saved quite a lot of money for employers by doing so, and programmed things since I was a child on any number of languages. If I see a program and can't work out how it does what it does, I'm quite happy to tear it apart just to see how they did it, and even - when source isn't available and reverse-engineering isn't practical - re-create my own version to see if my hunches were right.
C++, to me, is just gibberish. I sat and read any number of books on how great OOP was and how C++ use these things and I have to admit, for many years, I was convinced. It was only when I got out of contrived examples and tried to understand another programmer's code that I realised that - actually - C++ just gets in the way. Boost even more so. I'm sure there is a way to make it lovely and I'm sure if you do it day in, day out and nothing else, that you get used to it and begin to see it - like reading music or anything else.
But a programming language is a LANGUAGE - something that facilitates communication. That's not *always* just between the computer and a human, but between two humans using computers, for instance. And there, C++ really falls down. I've seen projects that were created in C, built up in C, got famous in C and then converted to C++. I followed everything in them, even sending patches and hacking my own code into them, right up until they converted. And then they became a mess that I didn't like to touch, and certainly couldn't contribute patches to any more.
I get a lot of flak for that opinion, but I can write C99 code that does just about anything I ever want. I haven't yet thought "What this really needs is C++". I've even re-created object-oriented concepts in C99 and been perfectly happy with how they work and how to understand them.
And the fact is that a random bit of C99 code posted by a decent programmer - you can normally get the grasp of it quite quickly. A random bit of C++ code? You could be there forever checking overloaded operators and class declarations to see what the hell it actually does. Sure, you can obscure code in either language, but C++ seems to go out of its way to make even simple concepts obscure when expressed within it (don't even get me starting on templates).
I'm just not sure that the effort of "learning" C++ inside-out to the point where all that gibberish just becomes second-nature is actually worth it for the return, compared to just working a little harder on some basic C99 code to do the same things.
Should be fixed, yes. Critical to your network security? Not really.
It requires someone to convince a local user to click a link which not only executes an HTTP request against the router but also somehow starts up a TFTP service on the machine that executes that request, with some crafted files served from it to compromise the router when it asks for them.
It's a home router (and "routers" in the headline is accurate but misleading - precisely two are listed as vulnerable), so to be honest, I'm not at all surprised that this is possible. Hell, UPnP is more a security threat than this backdoor and that's enabled by default in a lot of places.
However, if TP-Link (whose products I quite like, especially their wireless repeaters) had just issued an update that stopped this happening, I'd not have even cared about it one jot and it would disappear into the void of things that have been patched already. It's the non-response that gets me. Someone at TP-Link couldn't even be bothered to say "We're looking into it"?
Don't be stupid.
A good screening test is one that provides a definitive answer. You DEFINITELY have AIDS / rabies / smallpox, for example. Whether you can treat/cure AIDS/rabies/smallpox? Well, that's something else entirely.
But if you can't screen to provide a diagnosis, then you can't isolate symptoms, spot OTHER symptoms which may be masked by similar diseases that someone DOESN'T have (and only a screen will tell you that), or work out how to manage the condition, even if you can't treat it. Management might refer to, for example, being told not to share your blood with AIDS, or getting benefits and home-help for Alzheimer's, or even just "don't do this particular exercise / take this particular drug".
We can't "treat" most allergic reactions. It doesn't mean that you shouldn't be screened for them, or that you can't manage the condition if it's diagnosed.
And, actually, Alzheimer's is a condition that you can actually change the severity of if you know it's coming. Not by much, and not for ever, but that's enough to justify getting a working screen for it.
From these guys though? When they publish something, and they let their methodologies and results get ripped apart in public, then I'll believe them.
Claim of 100% accuracy.
A Twitter full of "launch" and "pitch" announcements and not much else.
A website that is nothing more than a placeholder.
Yeah, they're going straight into the history books, they are.
You want me to believe you, publish, and let people rip it apart. If the public-facing part of your whole organisation is talking of nothing more than startup awards and pitches, I don't see how you can be doing proper research, or how you can be selling it to medical establishments. And without bothering to provide evidence of either, I can only assume it's snake-oil.
Heard the same for Whax (Let's base on Slax because it's easier to..... blah blah blah), Whoppix (let's base on Knoppix because it's easier to.... blah blah blah) and Backtrack (let's start again with LFS this time [I think, correct me if I'm wrong]... blah blah blah). And now they've gone around again. I've never seen one distro go through so many base distros in all the time I've been using Linux. It's just ridiculous.
You know what? I just want to run the damn tools, whether from LiveCD or install. I couldn't care less what packaging they use because the point of the distro was to be a pen-testing distro, so it should all come pre-installed and I just update (in whatever manner) when necessary. What damn distro it's based on, I couldn't care less.
But I *do* care about being able to find the damn thing or point over people to it when they need it and it changing name every year is just unnecessary hassle and hindrance. Why not just stick with a name, and change the underlying distro? Who would care? Who would even notice on a pre-packaged, single-purpose distro? It's not like you're going to be running your desktop apps on it, or using it on servers.
Every year they basically wipe themselves off Google and it's not the sort of thing you download every day to keep up with it. And, to be honest, I have had no idea if they ARE the same people each time - and for a pen-testing distro that's not reassuring, and I shouldn't have to go verifying it.
Pick a name, stick with it. What you do to the internals, I don't really care so long as I can use the tools you advertise to have pre-installed (and this latest distro? Doesn't tell you the list of tools it's got but the old BackTrack website does!). But if you jump around websites, change name, and change everything underneath all the time, then I question what exactly you're doing that for and - also - whether I can trust you to fix more important issues than might be lingering on a pen-testing machine than which command I use to update or what your package format is.
FFS stick with one name.
Isn't this the distro that went through WHAX, Whoppix, etc. before becoming BackTrack?
Pick one damn name and stick with it.
Or, the cost of the occasional replacement keyboard is nothing compared to the 5 minutes of time it makes that person out-of-action while they arrange a replacement, or even that the cost of replacing it is NOTHING compared to the lost time, effort and money spent telling people - who earn a relative fortune - not to drink coffee over the keyboard.
Sometimes you just have to accept the trade-off. I'm run the IT for schools. I have a large cup of cold water next to my laptop here. The cost of any potential mishap (that hasn't happened in all the time I've worked her) is less than that of having to carefully place a cup somewhere "safe" each time (Where? My office is full of computers, cables and plugs) I want to sip from it.
The kids? If they do it, I will not be happy as there's a rule against it. But it happens, still, and other things are more important than faffing about over a keyboard. It's just not worth the lost lesson time to even lecture them about it more than the teacher already has. It's not worth the cost of the keyboard to make the computer unavailable for that amount of time. It's not even worth the time for me to walk to the room when I can just pass the keyboard to a passing child and tell them to take it for the teacher to install themselves.
Some things just aren't worth worrying about, and as a company grows to have larger and larger budgets - you know what? Who cares if the $100,000 a year programmer likes to drink coffee to keep him alert through his overtime, even if he might spill it and cost the IT department - what? A few dollars? Once a year if that?
Hell, it's hardly worth the "vending" hassle, which is why they have a machine that just holds the stock of keyboards they already kept - it's cheaper to buy a machine and let the IT guys do some real IT instead of having to chase broken keyboards and damaged mice around the whole campus.
"except for miners who lost their reward for mined blocks on the abandoned (v 0.8) chain."
Which currently amounts to about $25,000 of BitCoins, last I heard. That's $25,000 of BitCoins that might have been spent, sent, transferred, etc. but never existed in the chosen chain and the knock-on effects on your own wallet if you're dealt with someone who dealt with someone who dealt with someone.... (ad infinitum) ... who dealt with one of those mined blocks.
Sure, it'll "catch up", but saying nobody lost out is plainly false. And isn't the point of BitCoin that everyone is a miner in some small way?
I'm not an advocate for BitCoin. I don't even use it myself.
But, yes, eventually every user ends up having to store every transaction in some way (there's shortcuts but pretty much that's true). A BitCoin client I just installed is synching 225,000 blocks of transaction history (more than one transaction in each block), the earliest generated a few years ago. It'll take about an hour to catch up from an empty wallet.
Once it's synched, you keep it running whenever is convenient and - after X amount of other BitCoin users have your transaction recorded - it's taken as verified that your transaction was successful. If you get out of sync, you have to wait for it to sync before you use it but - as I said - syncing from a new client only takes an hour to get all the BitCoin chain "history" from the first block created years ago.
Sure, that scales up if BitCoin becomes more popular but that's no different to anything else, and not EVERYONE has to sync to make the transactions verifiable. The current forum posts say that 11 confirmations from other clients is enough to ensure that a transaction was genuine and occurred, for example. That's 11 confirmations from ANYONE running BitCoin. Everyone else can catch up as time allows.
It's even better than, say, a worldwide torrent - the more people running it, the easier to pick up new transactions and confirm them. And torrents don't seem to suffer scalability issues. If anything, they are pushing hard on the ISP's to increase their capacities because they work so damn well.
It's not the preferred solution.
The value of the currency is in the people who use it and most major exchanges have already reverted to 0.7, hence 0.7 blockchains are the de-facto standard at the moment. There was a bit of back-and-forth when the problem was discovered but all the large exchanges have settled on 0.7 as the standard for now.
It's like saying we're going to upgrade the dollar, and yet nobody moves to the "new dollar". The new dollar ends up valueless and everyone just stays on the old one.
The client fix is to accept large transactions but not create them - there's already code in a lot of BitCoin software to do that, but not all clients are running it - someone now has to force them to upgrade to a good version in order to stay compatible, and a lot of people might be generating coins that will later fail without knowing it.
Bitcoin is a virtual currency that works by "doing work" (a complicated mathematical "puzzle") on your computer. It becomes a currency by the difficulty of the puzzle, and that when you have solved it you tell other BitCoin users about your success and it goes into a "chain".
That chain is the history of EVERY transaction performed on the BitCoin network and the integrity of the system is given by every user relying on the same chain - so trying to create some extra BitCoins or a fake transaction requires compromising a lot of machines around the globe to believe it happened.
Because of a stupid bug that nobody knew about related to the size of a transaction in this chain, a transaction that's too big for older clients to handle was (legitimately) created. Older clients can't handle it, so they have no idea what to do when it comes into their chain updates. Newer clients can handle it, but can't synchronise their chains with older clients because of it (they can accept the transaction whereas older clients don't).
Because the chain is now effectively split into two chains, and that all the integrity of the system comes from the fact that everyone is using, verifying and updating the same chain, BitCoin is now in an "emergency" (quoted from the forum post in the summary) situation. New clients are generating coins that old clients can't see and vice-versa, so BitCoins are being generated and lost or transacted and forgotten about.
The fix is to go back to the old code, ignore the over-size transaction, and hope to fix the code in a more backward-compatible way. Unfortunately, that requires some people on newer clients to lose coins, revert transactions, and for exchanges to shut down (temporarily) until the issue is resolved.
Basically, someone really messed up by not checking that the database could handle transactions that could pop up in the real-world.
I think imaging is the LEAST important part of any space mission. Especially live imaging of moving images. Sure, a couple of science missions give us things like close-up of the moons of Jupiter, etc. but that's really science and doesn't need HD or 60fps (in fact, the visible spectrum is barely worth looking at compared to other wavelengths).
Pretty pictures don't give NASA money. They go into the gift-shop and a few online licensing rights and that's it. But a decent spectroscopy of something, beamed back at a handful of bits a second, is worth infinitely more for science. They're not making missions for you, they're making them for science and throw you a bone occasionally so you don't complain about what's happening with your tax dollars.
Now consider - there's a long delay in transmission times. Acknowledging a transmission is successful would actually take longer than the storage available on many of the older missions.
If something goes offline, and the intermediate satellites (e.g. those orbiting Mars, for example) have a problem talking home, then all that data is slowly building up. Data storage in a data-hostile environment like space is not cheap, so there's not much of it (and if there was, the more chance you'd experience a failure of some kind due to radiation, etc.).
So now your billion-dollar project on Mars is full of data, stops collecting, waits for the network to pick up so it can offload it to the satellite, that's full of data, waiting for the satellite network on Earth to talk back so it can clear its own buffers. Everything's just sitting there waiting and no science is happening and - most importantly - science data is being lost because you can't store it once you've collected it. Experiments have to be abandoned, re-run, vital timings are missed, etc.
Nothing happens "live" in space. The distances involved are too stupendous to worry about beaming things home live. The commands sent are batched, received and checked and sometimes retransmitted before ANYTHING is told to happen. That's why it takes days for the Mars Rovers to do anything like move forward a metre and drill a hole - you have to transmit a plan that covers every possible action because you CAN'T act live and the rover has to decide what to do if it feels a wheel slip mid-way etc.
What you get back are videos and photo-series uploaded over the course of weeks or months in-between the proper science data when there's some idle time. What's needed is a better DESIGN of network with more resiliency and better capacity (hard to do - you can't just whack a bigger hard drive in) and alternate routes and the capability to cope with solar flares and whatever else might happen.
Keep your damn HD at 60fps. It adds NOTHING except to make you feel good. Make it so that we can collect and use more science data to actually do things with. A planetary geologist isn't making their water/soil sample analysis on an HD video, they're using sensors and data collected more accurately, more in-depth and given to data archives that you will never even see. When they tell you there's water/life/politicians on Mars, they aren't looking at the imagery you see on the JPL website, they're looking at the real data that contributed to that (mostly manually re-coloured) imagery, that tells them what's actually there (and not just recolouring a grey pixel to blue because that's what they *think* it would look like if you were there).
Seems like we have indeed come full-circle, except now the audio just encodes a link (presumably with no lengthy initial communication phase) and the rest of the content is actually on the Internet.
Also seems less secure - now anyone can play one of those sounds and try to get you to go to it, or intercept the communication to work out what you're doing.
Agreed.
But still has interesting implications for, say, radiation-hardened hardware like space-travel. Of course, it's nothing they don't already have in terms of the overall process, but having it on-chip is yet-another factor that has to experience corruption before you need to replace the hardware.
Another nice step, but nothing miraculous.
There are international support groups - once you know what to look for - but the condition itself is a bit disheartening.
- It's genetic, so you'd need gene therapy to stop it.
- Because there's nothing "wrong" with the body that can be fixed (the collagen is just more stretchy than it should be, the usual analogy is chewing gum instead of glue), about the only solution is painkillers.
- There is no single, known genetic marker, even with thousands of identified patients - you can't do a blood test and say "Your daughter has this, and it will be crippling/painful/minor" despite all three being possible outcomes. As such, there's nothing to stop people propagating it (we know it runs in families, and two sufferers will tend to have a worse child, but that's it).
- Nobody knows what it is.
You can get disability support for the more serious forms, in most countries. That's about it. Otherwise you're on your own trying to convince your doctor to give you painkillers for a condition they know nothing about.
Or botnets.
How will it stop spammers who aren't even sending the messages from their own computers anyway? All it will do is add $50 to the bill of anyone who gets infected (which is not, of itself, a bad thing, but it adds a whole new level of complexity, collection and appeal problems) and the original spammers will not pay a penny.
And all that will happens is that email will move offshore. Will you tax per email received or sent? Sent from US only? Sent through non-US servers from a US computer with a VPN? Sent from original accounts or relayed through webmail (e.g. will GMail have to pay for me to send email even though I'm not in the US?)?
To be a tax, it has to be collectable. That means people paying it (instead of avoiding it) and a way to determine who needs to pay it with some level of accuracy.
If you want to push tech companies off-shore, it's a good way to do it, I grant you. Even then, it's uncollectable.
With my ex-wife, we only managed to get a (now-multiply-confirrmed) diagnosis of her inherent genetic condition after 30 years of misdiagnosis by dozens of doctors. With the help of Google. Yes, I'm sure lots of people waste their time and it's a haven for hypochondriacs but it's also an invaluable resource when doctors are as overworked/lazy as they are.
Her condition is JHS - joint hypermobility syndrome (also called HMS) that can come from over-extending joints (e.g. ballet dancers, gymnasts) or - in her case - from a genetic predisposition to a collagen deficiency. It was almost unheard of until a decade of so ago (and I've since seen another diagnosis of it in the school I work for) and there is little research on it - it's one UK doctor's pet research project, but by all accounts he's a bit of an arsehole.
It's misdiagnosed by most doctors as arthritis because the chronic joint pain associated with it is easier to write off as that than anything else (even in 20-30 year olds). In fact, it's the exact opposite - sufferers can do the splits and bend over backwards to rival the best contortionists but have chronic pain, whereas arthritis LIMITS joints movement and have chronic pain.
There's a simple ten-point test that's taken as official diagnosis, one point if you can place your hands flat on the floor without bending your knees, for example. Everyone in the world scores about 2-3. Flexible people can score 3-5. JHS sufferers score 8-10. My ex- scored 10 and always will, even when she's 80. It's the prime diagnostic for it, as they don't even have isolated genetic tests for it yet.
The process to find out what the condition was (from just 30 years of constant arthritis diagnoses and treatments to help loosen joints, etc.) was:
a) I had to explain to her that normal people AREN'T in pain 24 hours a day (when you live with it all day, every day, you just assume everyone else does but keeps quiet and soldiers on) and that your shoulder/hip shouldn't just "fall out of the socket" once a week or so (I became expert at putting them back in).
b) I collected her symptoms, went on Google, found this (rare, genetic) condition that matched. There was precisely one doctor actively researching it, but it was in all the medical textbooks. Arthritis wasn't even close to matching the symptoms, but it was listed under the arthritis departments and diagnoses every time because it's SO often mis-diagnosed (which makes you wonder how 20+ doctors missed it).
For instance, one of the symptoms is a reduced effectiveness of anaesthetics, and my ex- had a chronic fear of dentists because - even when anaesthetised - it hurt her too much. That's too simple to be a diagnostic on its own, but after 20+ such odd foibles of her health explained within 10 minutes of reading, things started to click (and not just her joints!).
c) We took it to our doctor. He was overjoyed and keen. He had a diagnosis that he'd never seen before, it fitted the symptoms he had recorded in her notes perfectly, it was commonly mistaken for the arthritis that doctors before him had diagnosed. He was able to say that 20+ doctors before him were wrong, that "he'd" spotted the problem, and prove it. He ran off, researched it himself, and said he thought we were right.
d) He sent us to a specialist (ironically, an arthritis consultant). They confirmed the diagnosis in seconds, and said they would have been able to in seconds for the previous few decades as it was well-known to them even if there was little they (or anyone else) could do to treat it.
e) She received treatment (physio, painkillers, etc.), an official diagnosis, found support groups, was made aware of the chances of passing it on to our daughter (who has a much milder form, that isn't pain-associated, which probably means she'll be good at ballet and gymnastics and not suffer like her mother, but she'll still carry the gene and needs to know that when she gets older), got on with her life, and hasn't been back to a doctor for anyth