Give a person the right to speak, and they'll do it if you like it or not. I agree that not much is being done, but besides giving every person a personality profile before being allowed to play, there's nothing we can do in order to curb the abusers.
If you think these people in games are any different then what they are in reality then you've probably been playing the games too long. There are always people bitching about what they don't have, don't like, don't stand. Why do you think they escaped the real world to begin with?
One of my buddies loves linear final-fantasy type games because the storyline is highly linear. He hates open ended games. I know he's not the only one. Millions of people don't buy final fantasy, sports games, puzzlers, etc.. in order to experience unlimited control over their environments.
Mind you, there are several genre's that do open the boundaries of control. Games come to mind: GTA-types, PC role players, MMO's.
Others that stand in the middle are games that are emotionally expressive but lack any expansive imagination. FPS's, RTS's, and some adventure-type games fit into this mold. I find the mass-player base resides here simply because it fits in to the comnfortable medium between highly linear and tightly controlled advancement conditions.
I dunno Blizzard's beta schedule, but if they don't release high level content at all, how the hell can they tell how people play that content. For all we know, there could be serious balance, gameplay, etc.. issues that fall apart at this point.
That said, I SERIOUSLY doubt that they won't allow players to play high-level content in beta. The anticipation is great and all, but not allowing anything would hurt their bottom line soon enough.
"firewalls create problems while performing daily business tasks on the server from home"
Depending on your level of knowledge and the type of traffic you're seding to-from work, any linux based solution should be able to facilitate your needs. Mind you, mroe complex problems may require more complex solutions.
Linux can handle this with little problems these days. Its a little technical, but you can basically do it with a combination of:
iproute2
iptables & Patch-o-matic
netfilter CONNMARK extension You have the matching power of iptables to implement any sort of policy routing that you could ever dream of!
I stopped playing Quake 3 for the reason that everything looked so incredibly fake! They took reflection and threw it on everything! I couldn't stand looking at the game after a week, so I quit and played other games like Tribes 2, which had Matte look, but still had some gloss when needed, for effect.
I don't know about you all, but if you have an open node in the net you WILL be owned on 56K or broadband. The virus might -spread- faster, but it won't destabilize the long term growth of the net.
You'll be surprised at how fast ISP's implement manditory transparent virus/worm filering if the problem ever reaches the levels that you're implying. 2/4 ISP's that I've dealt with filtered back orifice without notifying customers.
Question: Would anyone mind spending $2/month extra for an ISP to implement manditory WORM/Virus filters? If you want to play with them, use your LAN! This would solve all the worlds hunger problems!!!
If you're just powering a T3 and 6 10/100 subnets, you could get by on
P4 2.xxGhz (assuming moderate VPN usage) 512MB-1GB RAM depending on how many simultaious connections you're working with. The more connections the more memory eaten up Hard drives: minimal config. Motherboard & NIC's: Depending on how much you're 10/100's saturate, you may want to get some 66Mhz 64bit PCI cards instead of regular 33/32's. Eg: http://www.cisco.com/en/US/products/hw/vpndev c/ps2 030/products_data_sheet09186a0080189f0a.html It all depends on how much simultanious traffic you're looking at. You can use the analogy that the PCI bus is a network switch's backplain. 66/64's can transmit a theoretical maximum of 4gbits/sec. so it should be enough for anything you throw at it. 33/32's maximum theoretical is 1gbits/sec. but in reality expect for much less.
Not that i'm arguing here, but a Cisco equiv. Is hella-bucks for what this guys is trying to do, and its only a Passive failover anyways. If you want a solution that is truly expensive, try any ACTIVE failover provider.
Anyways, I have been using netfilter/iptables for on my 30 user, >100mbs network, 6 active NIC's and I've never had a crash that I didn't cause!
iptables -A INPUT -p tcp -s $any_addr -d $ext_if_addr -dport $tcp_services -m state --state NEW -j ACCEPT iptables -A INPUT -m state ESTABLISHED,RELATED -j ACCEPT
What I am saying is that both systems look intimidating to those who don't know about firewalls, and those that know about firewalls shouldn't care about syntax anyways.
IMHO iptables lower level interfaces are terse because its modular.
"pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state"
How is this syntax -more- readable? Unless you know what your doing, both will look like absolute garbage! If you know what you're doing, you shouldn't be worrying about syntax. Choose the product that performs what you need, whatever it is.
I personally like netfilter/iptables because of its excellent extensions. They make Linux a very powerful network device.
I really hate buying hardware and then guys like LinuxAnt being the only ones selling drivers for it. I know these guys gotta eat, but I'd hate to pay $20 on drivers for a $50 piece of hardware!!
"Who wants to bet that that the use-confiscated-drugs-for-short-term-benefit gameplay of Midway's upcoming NARC will make the cut in future articles about video game controversy?"
Can anyone say:
Fallout 2
Any game with 'stim pack' such devices
Mind you, having the cool jitters can actually add depth and understanding to the drug usage, and hopefully become so sick and tired of the jittering controller or the blured screen that they actually get steared away from drugs. But that's not news so the first time someone gets high and blames NARC, you'll see headlines from here to Baghdad!
I don't know how many virus signatures it detects, but I can say that our company of only 30 ppl has yet to receive a virus through Clam.
We did have Norton AV/Exchange running when we used exchange as a front line server. It was also pretty good about viruses except for the first day of CodeRed I believe where it was 1/2 after the first emails showed up. We only paid once and the updates never seemed to discontinue after the year, so maybe its just support/assurance that you're paying for. Consult the contract if in doubt.
Yes, It is called PSD for iptables. Once an IP address has reached a certain port scanning threshold, the match rule is evoked, and you can reject/drop or any other iptables jump target.
Where I believe you're argument falls over is the assumption that Enterprises think from bottom up when it comes to security.
All the admins I know aren't worried about making sure that these machines have secure BIOS. They're concerned about the software that IS allowed to run on their machines. If a program is hacked into mid-stream, then POW! Does bottom up security measures fix their security? No. They can't tell the difference.
As for network security, I see the following benefits:
- Fast encryption like what some addon cards do today would help standardize the ability for EVERY session in being encrypted. (good)
- A non-contaminated server can white-wash the code being loaded into the system before it causes havoc. This would be handy against those Gator-like programs, but alas those programs shouldn't be a problem to begin with if Microsoft did their jobs. I have to give Mozilla credit in never needing for me to manually set my security prefrences and wory about this problem.
That gets me back to my original point, security is only good if you RELY on EVERY SINGLE PIECE of software from the bottom up. They have enough problems plugging the the Windows OS to start worrying about architectures that are neigh to ever a cause for security problems.
But hell, for enterprises, just have aggressive salesmen jump in and sell the crap out of it spewing out the most vulger marking trash out of their asses and voila! You have a sale! Just think, you'd be STUPID not to buy a PC that is SECURE, TRUSTWORTHY, HACKER PROOF,...
Man! Is that the reason I love the UN so much! I always though my worshiping the UN was due to my brain hemorage. Looks like I can leave the hospital now!
If for instance the code was somehow embedded inside the CPU core, then the following holds:
- The Signature that allows the boot loader to run is stored inside the CPU, but it can only run a boot loader that has been signed by microsoft beforehand. Since the key can't be changed, all it guarantees is that the boot loader is secure. Now, you have the kernel, which one would assume to be upgradable. If the kernel is not upgradable, a major bug / exploit found in the kernel could be exploited and never get fixed until Xbox 3.
If the kernel isn't upgradable, you need to start hackimng the userspace apps to kill the lock-out.
If they make the kernel upgradable, they have to be able to sign the kernel from the boot loader. So, you either use the embedded CPU ID to sign the kernel, or they will have the key somewhere else that normal users won't be able to reach. Of course having the decode key only gives you half the prize. You need to find the encoding key in order to encrypt software that actually runs on the Xbox. Once software has been signed, there is no stopping anyone from running anything as long as that piece of software has kernel-level access to the hardware. If you rely on a userspace exploit, you can only perform a limited set of operations, like running arbitrary commands. Get the kernel, and you could burn in a new kernel in its place tricking everything on the higher levels as to who you are.
So, how do we hack the Xbox 2 if we can't run arbitrary code on the xbox to begin with? Any external access to the system is exploitable through its IO subssytems. The kernel could have a buffer overrun, the game running could leak precious data, who knows. The more functionality left open, the more potential expoits there are to take advantage of.
I haven't bridged the topic of hardware mods which does get more sticky if the encryption is processes in the CPU. I'd have to see when and how the CPU decrypts a signed working set and how the decoded code is run after the decrypt.
Lets not even begin to talk about CE, which could run on literally a dozen different architectures!
It isn't that fcking hard. There IS a reason that Linux runs on so many different arch's. Its the effort of supporting each user space and chip maker politics that keeps Windows from being released to Architecture XYZ.
When.NET's CLR rules the earth, instantly every Chip maker will become comodity to microsoft. MS can then vice grip any chip manufacturer to their will since MS now has the keys to switch architectures without affecting existing code bases.
Slashdot Mirror
Give a person the right to speak, and they'll do it if you like it or not. I agree that not much is being done, but besides giving every person a personality profile before being allowed to play, there's nothing we can do in order to curb the abusers.
If you think these people in games are any different then what they are in reality then you've probably been playing the games too long. There are always people bitching about what they don't have, don't like, don't stand. Why do you think they escaped the real world to begin with?
One of my buddies loves linear final-fantasy type games because the storyline is highly linear. He hates open ended games. I know he's not the only one. Millions of people don't buy final fantasy, sports games, puzzlers, etc.. in order to experience unlimited control over their environments.
Mind you, there are several genre's that do open the boundaries of control. Games come to mind: GTA-types, PC role players, MMO's.
Others that stand in the middle are games that are emotionally expressive but lack any expansive imagination. FPS's, RTS's, and some adventure-type games fit into this mold. I find the mass-player base resides here simply because it fits in to the comnfortable medium between highly linear and tightly controlled advancement conditions.
I dunno Blizzard's beta schedule, but if they don't release high level content at all, how the hell can they tell how people play that content. For all we know, there could be serious balance, gameplay, etc.. issues that fall apart at this point.
That said, I SERIOUSLY doubt that they won't allow players to play high-level content in beta. The anticipation is great and all, but not allowing anything would hurt their bottom line soon enough.
"firewalls create problems while performing daily business tasks on the server from home"
Depending on your level of knowledge and the type of traffic you're seding to-from work, any linux based solution should be able to facilitate your needs. Mind you, mroe complex problems may require more complex solutions.
PS: if you need help on actually how to implement this, see the archives from either LARTC &| Netfilter
Linux can handle this with little problems these days. Its a little technical, but you can basically do it with a combination of:
iproute2
iptables & Patch-o-matic
netfilter CONNMARK extension
You have the matching power of iptables to implement any sort of policy routing that you could ever dream of!
I stopped playing Quake 3 for the reason that everything looked so incredibly fake! They took reflection and threw it on everything! I couldn't stand looking at the game after a week, so I quit and played other games like Tribes 2, which had Matte look, but still had some gloss when needed, for effect.
I don't know about you all, but if you have an open node in the net you WILL be owned on 56K or broadband. The virus might -spread- faster, but it won't destabilize the long term growth of the net.
You'll be surprised at how fast ISP's implement manditory transparent virus/worm filering if the problem ever reaches the levels that you're implying. 2/4 ISP's that I've dealt with filtered back orifice without notifying customers.
Question:
Would anyone mind spending $2/month extra for an ISP to implement manditory WORM/Virus filters? If you want to play with them, use your LAN! This would solve all the worlds hunger problems!!!
If you concider Mozilla forms a word processor, then YES!
If you're just powering a T3 and 6 10/100 subnets, you could get by on
v c/ps2 030/products_data_sheet09186a0080189f0a.html
P4 2.xxGhz (assuming moderate VPN usage)
512MB-1GB RAM depending on how many simultaious connections you're working with. The more connections the more memory eaten up
Hard drives: minimal config.
Motherboard & NIC's: Depending on how much you're 10/100's saturate, you may want to get some 66Mhz 64bit PCI cards instead of regular 33/32's. Eg:
http://www.cisco.com/en/US/products/hw/vpnde
It all depends on how much simultanious traffic you're looking at. You can use the analogy that the PCI bus is a network switch's backplain. 66/64's can transmit a theoretical maximum of 4gbits/sec. so it should be enough for anything you throw at it. 33/32's maximum theoretical is 1gbits/sec. but in reality expect for much less.
Not that i'm arguing here, but a Cisco equiv. Is hella-bucks for what this guys is trying to do, and its only a Passive failover anyways. If you want a solution that is truly expensive, try any ACTIVE failover provider.
Anyways, I have been using netfilter/iptables for on my 30 user, >100mbs network, 6 active NIC's and I've never had a crash that I didn't cause!
The word is trademark, not copyright:e nsing.html
http://www.mozilla.org/foundation/lic
Redhat does the same thing with their distribution, but its spread out thoughout the entire distro.
you mean:
iptables -A INPUT -p tcp -s $any_addr -d $ext_if_addr -dport $tcp_services -m state --state NEW -j ACCEPT
iptables -A INPUT -m state ESTABLISHED,RELATED -j ACCEPT
What I am saying is that both systems look intimidating to those who don't know about firewalls, and those that know about firewalls shouldn't care about syntax anyways.
IMHO iptables lower level interfaces are terse because its modular.
"pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state"
How is this syntax -more- readable? Unless you know what your doing, both will look like absolute garbage! If you know what you're doing, you shouldn't be worrying about syntax. Choose the product that performs what you need, whatever it is.
I personally like netfilter/iptables because of its excellent extensions. They make Linux a very powerful network device.
I think of myself as a decent iptables admin, and I've always heard decent repute from checkpoint (besides the price).
Can someone fill me in to why checkpoint is technically inferior to the likes of iptables?
OT, but that reminds me of another rant.
I really hate buying hardware and then guys like LinuxAnt being the only ones selling drivers for it. I know these guys gotta eat, but I'd hate to pay $20 on drivers for a $50 piece of hardware!!
The reviewer said Day to day operations, not implementation.
I don't believe that the reviewer ment that the scripts were being used for a web site, but as a tool for automating web site administration.
"Who wants to bet that that the use-confiscated-drugs-for-short-term-benefit gameplay of Midway's upcoming NARC will make the cut in future articles about video game controversy?"
Can anyone say:
Fallout 2
Any game with 'stim pack' such devices
Mind you, having the cool jitters can actually add depth and understanding to the drug usage, and hopefully become so sick and tired of the jittering controller or the blured screen that they actually get steared away from drugs. But that's not news so the first time someone gets high and blames NARC, you'll see headlines from here to Baghdad!
I don't think any car company release their onboard computer protocols. They could be running RS232 or 10baseT for all we know.
Best chance for you is to wire into the analog sensors that they are using!
I don't know how many virus signatures it detects, but I can say that our company of only 30 ppl has yet to receive a virus through Clam.
We did have Norton AV/Exchange running when we used exchange as a front line server. It was also pretty good about viruses except for the first day of CodeRed I believe where it was 1/2 after the first emails showed up. We only paid once and the updates never seemed to discontinue after the year, so maybe its just support/assurance that you're paying for. Consult the contract if in doubt.
Yes, It is called PSD for iptables. Once an IP address has reached a certain port scanning threshold, the match rule is evoked, and you can reject/drop or any other iptables jump target.
Where I believe you're argument falls over is the assumption that Enterprises think from bottom up when it comes to security.
...
All the admins I know aren't worried about making sure that these machines have secure BIOS. They're concerned about the software that IS allowed to run on their machines. If a program is hacked into mid-stream, then POW! Does bottom up security measures fix their security? No. They can't tell the difference.
As for network security, I see the following benefits:
- Fast encryption like what some addon cards do today would help standardize the ability for EVERY session in being encrypted. (good)
- A non-contaminated server can white-wash the code being loaded into the system before it causes havoc. This would be handy against those Gator-like programs, but alas those programs shouldn't be a problem to begin with if Microsoft did their jobs. I have to give Mozilla credit in never needing for me to manually set my security prefrences and wory about this problem.
That gets me back to my original point, security is only good if you RELY on EVERY SINGLE PIECE of software from the bottom up. They have enough problems plugging the the Windows OS to start worrying about architectures that are neigh to ever a cause for security problems.
But hell, for enterprises, just have aggressive salesmen jump in and sell the crap out of it spewing out the most vulger marking trash out of their asses and voila! You have a sale! Just think, you'd be STUPID not to buy a PC that is SECURE, TRUSTWORTHY, HACKER PROOF,
Man! Is that the reason I love the UN so much! I always though my worshiping the UN was due to my brain hemorage. Looks like I can leave the hospital now!
If for instance the code was somehow embedded inside the CPU core, then the following holds:
- The Signature that allows the boot loader to run is stored inside the CPU, but it can only run a boot loader that has been signed by microsoft beforehand. Since the key can't be changed, all it guarantees is that the boot loader is secure. Now, you have the kernel, which one would assume to be upgradable. If the kernel is not upgradable, a major bug / exploit found in the kernel could be exploited and never get fixed until Xbox 3.
If the kernel isn't upgradable, you need to start hackimng the userspace apps to kill the lock-out.
If they make the kernel upgradable, they have to be able to sign the kernel from the boot loader. So, you either use the embedded CPU ID to sign the kernel, or they will have the key somewhere else that normal users won't be able to reach. Of course having the decode key only gives you half the prize. You need to find the encoding key in order to encrypt software that actually runs on the Xbox. Once software has been signed, there is no stopping anyone from running anything as long as that piece of software has kernel-level access to the hardware. If you rely on a userspace exploit, you can only perform a limited set of operations, like running arbitrary commands. Get the kernel, and you could burn in a new kernel in its place tricking everything on the higher levels as to who you are.
So, how do we hack the Xbox 2 if we can't run arbitrary code on the xbox to begin with?
Any external access to the system is exploitable through its IO subssytems. The kernel could have a buffer overrun, the game running could leak precious data, who knows. The more functionality left open, the more potential expoits there are to take advantage of.
I haven't bridged the topic of hardware mods which does get more sticky if the encryption is processes in the CPU. I'd have to see when and how the CPU decrypts a signed working set and how the decoded code is run after the decrypt.
Lets not even begin to talk about CE, which could run on literally a dozen different architectures!
.NET's CLR rules the earth, instantly every Chip maker will become comodity to microsoft. MS can then vice grip any chip manufacturer to their will since MS now has the keys to switch architectures without affecting existing code bases.
It isn't that fcking hard. There IS a reason that Linux runs on so many different arch's. Its the effort of supporting each user space and chip maker politics that keeps Windows from being released to Architecture XYZ.
When