> The main downside if when roaming to another machine if you don't have your key, you don't have access.
USB flash drives are becoming really popular. Some standard location on a flash drive to place a private/public key pair, would mean you could provide credentials just by sitting down at a PC and plugging in your flash drive. Having said that, then means losing the drive is... really, really bad. Also means a virus infected system could grab your keys, but then that's more or less a risk with passwords anyway.
I suppose, ideally, what we want is a stand alone device that plugs into USB, a PIN is entered into the device to enable it, and it handles all signing requests, with the keys never leaving the device itself. That's getting fairly fiendishly complex, though...
Yes! I'd love to see Firefox adapted to make client side certificates trivial (keep in mind that there's no need for the server to know that the client certificate is who it says it's from, only that the same certificate is always the same person), and more sites move to using SSL certificate authentication. For, y'know, useful things like never actually providing re-usable credentials to the server...
> The entropy is not very high, especially because the fields are not random.
The entropy is a joke. Expiration date - what's the lifespan of a UK passport (don't have mine to hand, or I'd check)? That's your window for expiration date. Most people will replace passports before they expire, so you can even shorten that window. Not to mention, it's a date, which severely limits the number of valid values. Date of birth? A little harder; if you can see the person, you can get an idea of likely birth years though, and birthdays are not exactly evenly distributed throughout the year. Only passport number is going to hard to figure out, and if they're numbered sequentually (probably are) it's not that hard.
Sure, it's not going to be possible to get it on the first attempt, but it's also not what you'd call secure.
What do you call easy? You're probably looking at a few thousand dollars to retrieve the data on a drive, if you have to have it done professionally (in a sending it to the lab sense), assuming the owner has at least done a decent job of blanking it (zeroing all the bits or similar). Sure, it's feasible, but it's generally much easier to buy random drives on eBay, as you're almost guaranteed one that someone forgot to wipe before selling...
Fine. Then I've had a lot of defective products over the last few years. TBH, could probably have sat down and tried to figure out why my PCs didn't wake from sleep, but as someone who shuts down their PCs when not using them, didn't really seem like an issue...
Err, I hate to mention this, but for the poor people stuck using Windows as a server platform, wouldn't this mean their entire server room would quietly go to sleep each night, and then require someone to be in to power up every system and ensure they come back from sleep okay? Which is not what I'd call a trivial task...
And following the house analogy, you're quite welcome to any packets I broadcast in the use of my network connection. However, this is not the same as requesting my equipment to take action (sending requests over to the Internet, for example).
If you were walking down the street, and saw a house with the door open, you wouldn't assume you were welcome to wander in and use it as your own, you'd assume someone left the door open accidentally. Equally, access points should not be assumed to be intended open unless explicitly labeled as such (either by naming, or signs put up, or something else)... most of the time no-one will notice, but that doesn't mean it's the intention.
Still, wish wireless routers would come locked down as default. Okay, makes setup trickier, but give it something like the ability to write the key out to a USB flash drive in a well understand file format (something you can double click on and the OS will figure out the details). Well, still dreaming...
> risk long term sales and release for the current most popular system close to compatible with your game idea?
I'm confused... did you just argue that selling lots of your game now might somehow upset your customers, as opposed to releasing it for a platform no-one can buy?
How many HD-DVD players do you think will be out there in a few years time? The PS3 initial launch quantities are pitiful. While Sony's ramping up PS3 sales, HD-DVD is out there, looking cheaper, and if not better, at least as good (going on what I've read here - never could understand why Blu-Ray would not look every bit as good as HD-DVD, but nevermind).
This also ignores the very real possibility that both formats will flop, because DVD was just too successful, and people don't want to start replacing media they invested a small fortune in over the last few years.
History does repeat itself. However, you can not (as the article appears to do) take random similarities between two events and claim a pattern. Unless there's evidence that the Dreamcast failed because it launched a year before the PS2 (would 18 months have saved it? 6 months?), for example, this is just random stabbing in the dark. It also ignores things like the fact that online game play is now a much bigger thing than when the Dreamcast was released (in no small part due to the original XBox), and a hell of a lot easier (with broadband being far more common)...
I believe Square Soft (Final Fantasy people) have publically said they don't want any one platform to succeed, which is why they're not making all their games PS3 exclusive (anyone got a URL?), but that's as strong a comment as I can remember from any major games company, at least publically.
I'm not in a country where the PS3 launches this year, so I'm going to have to use Amazon.com as a guide of PS3 launch titles (anyone got a list). From it's PS3 page ( http://www.amazon.com/PlayStation-3-Games/b/ref=am b_link_822552_2/103-0758594-8567865?ie=UTF8&node=1 4210751 ) we have Full Auto 2 (sequel to a fairly bad XBox 360 game), Call of Duty 3 (out on everything else too), F.E.A.R. (ditto), Madden NFL 07 (and again), Sonic the Hedgehog (noticing a pattern?), Resistance: Fall Of Man (what? I believe we may have found a good new game!) and Need for Speed Carbon (also out for everything else under the sun). Even ignoring the fact these are mostly multi-platform, most aren't even that good...
Don't get me wrong, I'm not saying the XBox 360 launch lineup was good (I got most of my entertainment from PGR3, and wanted to kill everyone who recommended PDZ and Kameo), I'm just saying the PS3 lineup isn't exactly brilliant either. Now, sure, the PS3 has MGS4 and FF13 (is that right? I lose count...), but then the XBox 360 has Dead Rising and Gears of War (whether not being sequels is good or bad is left as an excercise for the reader).
Development... if the XBox 360 was difficult to code for, PS3 developers are attempting the impossible. 7 asymmetric special purpose cores with a single generic CPU core, with some really interesting CPU cache setup! It's less a hardware architecture, more a excercise is developer pain.
Online service... did XBox Live do something to offend? Sure, it's expensive/overpriced, but it's really easy to use.
Depends what you're doing with it. Sure, out of the box as a desktop system, you're fairly screwed, but as a headless system, or with some work to use less CPU/memory intensive window managers (WindowMaker, for example), and you should be fine....
Poking through the further reading, I think it's worth pointing out that SPF explicitely allows domains to say that there are approved servers (from which mail should be trusted), but mail may come from other servers (from which mail should neither be trusted or untrusted)?
No... SPF is not the silver bullet a lot of people are selling it as. However...
"You do see perfectly genuine mail from my domain, from machines other than mine."
Entirely true. However, this doesn't make SPF worthless. It means that, for domains where mail should only be coming from specific mail servers, SPF still helps. We're in the process of setting this up at work; we now have SMTP servers that support authentication over TLS. For e-mail from my work address, I can connect to those servers, authenticate, and send as normal.
I know what you're going to say. It doesn't help unless everyone does it. Well, again, not true. For example, if I can tell my spam filters to accept anything from the.ac.uk domain (which is where 90+% of genuine e-mail to my address originates), it helps cut down on false positives. However, I can't do that at the moment because it's is trivial to take origin addresses (I get a lot of spam from faked addresses at my company, for example).
"How good are your spam filters? By rewriting the address of mail you're forwarding so that it appears to come from your own domain, you put your own reputation on the line. You could be blacklisted for mail which you claimed even though you didn't send it and you have no real knowledge of the original sender. "
Bloody hell. If you're forwarding e-mail you aren't sure about through your servers, you deserve everything you get. Okay, that's a little harsh, but servers should only be forwarding e-mail from people they can verify the identity of. Being on an IP that the server knows to trust, will do, but ideally they should have to authenticate. This means that if people are sending spam through your servers, you can identify and ban the person responsible.
On top of which, while the improvements in speed are marginal, cost and power consumption are both way up compared to Intel 975 based motherboards. Now, sure, if you want SLI, you're going to want one of these, but personally I've never figured out why people like SLI (although I suppose if you're using a just massive monitor to play games on...)
> Overpriced? Nope, it's a better value than the XBox 360 when it comes to technology and cost of manufacturing.
Yes, except, fundamentally, it's a games console. There's over a decade's evidence that the $300 price point works well for a console at release. Personally, I'm not willing to spend $599 on a games console. It could be hand crafted, and cost twice as much to make as they're selling it for, for all I care, there's still the fact that it's games console priced outside what I'm willing to spend on a games console.
Heard a lot of similar arguments about the Mac Pro, while trying to argue that it would be great if Apple released an upgradable iMac equivalent. It's brilliant value for money, if you want a quad core Xeon workstation, but fundamentally if you don't need that much processing power it's just not worth it.
> Overheating? Nope, it's cooler than the XBox 360.
Source?
> Shortage? Doesn't take away from the console, just my ability to buy one.
Agree. The late launch may be an issue, but frankly a launch shortage is going to have minimal impact 6 months down the line.
> Free online service Yup
> Better form factor Err... no, I'd call both equally ugly. But hey, each to their own
> Linux capability Good point for the/. crowd, but it's not exactly going to make or break the console.
> Blu-ray Which is great, if you want HD movies. I'm unconvinced this is going to be a major selling point, especially as so far HD-DVD seems to be doing a lot better than Blu-Ray. It could be an issue for games, but personally I'm not seeing two-DVD releases being a major issue.
> Motion control I thought general opinion is this wasn't very good, or was it just not quite as good as Nintendos?
The PS3 is one hell of a powerful console, released at a decent price point for the cost to make... I just personally don't think people are going to be willing to pay the extra, and that the XBox 360 and Wii will both gain serious ground before Sony gets around to price cuts...
Just so you know, it's PS3 not PS/3. PS/2, is either a computer or connector depending on context ( http://en.wikipedia.org/wiki/PS/2 ), PS2 was the PlayStation 2.
Yes! Someone who understands; a lot of people go "But it was $40 on the PSP!". Here's the thing; I wouldn't have paid $40 for it. I also wouldn't have paid 1,200 Microsoft points for what I got. 800, sure, puts it in line with similar puzzle games, and you can get extras for it later. 1,600 for everything, probably. But 1,200 and then 600 points for each of the extra 3 packs? You've got to be kidding me.
Also, when I buy something labelled "Full game", I don't expect it to tell me I have to pay extra to play game modes for which all necessary detail is given (puzzle and mission modes both list the content in each level, but don't let you play them). The 1 level of vs. CPU play is beyond a joke, it's practically an insult (yeah, you paid us for this, and we didn't tell you that this mode only had 5 minutes of gameplay, but hey, sucks to be you).
If the game had been clearly labelled as a "core" game, to which 3-4 expansions could be added later, I'd have simply not bought it, and not be standing here ranting. However, it didn't. It said full game. I did notice the advance pack, but assumed it was actually an advanced pack, as in something I'd get to in a few weeks/month of playing, if I really fancied pushing myself.
As it stands, it's the last time I'll buy anything from the arcade until I've seen a review, and I'll be avoiding anything Q! put out at all...
In particular, now he's got his traffic encrypted all the way to the HotspotVPN people... who then send it out as cleartext on the Internet. Sure, it's less risky than broadcasting it over Wi-Fi in plaintext, but it's not a solution.
Gyah. Reminds me of a website I used briefly. Their custom security solution turned out to be server side crypto (of some unproven variety), through to the back office server.
Think about that a second.
The traffic went as clear text through the Internet, arrived at their server, magic runes were waved over it to make it hard enough to read that the developer couldn't think how to break the crypto, then sent off to the back office server.
Too many people know just enough computer security to be dangerous...
Anyone know what they're looking for in an answer, 'cos I'm curious now? Best I can think of would be texting my friends to tell them to bring an ingredient each (possibly specifying ingredients, possibly not), and gamble that I can do something with what turns up.
You're right though, I'd have told my friends I just got back from work, and am going to bed, and to get back to me in the morning if they want to meet up.
Heaven help those of us who need to test our websites with new browsers (worked perfectly first time, for reference, probably on account of having read, understood and used the HTML, XHTML and CSS standards).
Slashdot Mirror
> The main downside if when roaming to another machine if you don't have your key, you don't have access.
USB flash drives are becoming really popular. Some standard location on a flash drive to place a private/public key pair, would mean you could provide credentials just by sitting down at a PC and plugging in your flash drive. Having said that, then means losing the drive is... really, really bad. Also means a virus infected system could grab your keys, but then that's more or less a risk with passwords anyway.
I suppose, ideally, what we want is a stand alone device that plugs into USB, a PIN is entered into the device to enable it, and it handles all signing requests, with the keys never leaving the device itself. That's getting fairly fiendishly complex, though...
Yes! I'd love to see Firefox adapted to make client side certificates trivial (keep in mind that there's no need for the server to know that the client certificate is who it says it's from, only that the same certificate is always the same person), and more sites move to using SSL certificate authentication. For, y'know, useful things like never actually providing re-usable credentials to the server...
> The entropy is not very high, especially because the fields are not random.
The entropy is a joke. Expiration date - what's the lifespan of a UK passport (don't have mine to hand, or I'd check)? That's your window for expiration date. Most people will replace passports before they expire, so you can even shorten that window. Not to mention, it's a date, which severely limits the number of valid values. Date of birth? A little harder; if you can see the person, you can get an idea of likely birth years though, and birthdays are not exactly evenly distributed throughout the year. Only passport number is going to hard to figure out, and if they're numbered sequentually (probably are) it's not that hard.
Sure, it's not going to be possible to get it on the first attempt, but it's also not what you'd call secure.
What do you call easy? You're probably looking at a few thousand dollars to retrieve the data on a drive, if you have to have it done professionally (in a sending it to the lab sense), assuming the owner has at least done a decent job of blanking it (zeroing all the bits or similar). Sure, it's feasible, but it's generally much easier to buy random drives on eBay, as you're almost guaranteed one that someone forgot to wipe before selling...
Fine. Then I've had a lot of defective products over the last few years. TBH, could probably have sat down and tried to figure out why my PCs didn't wake from sleep, but as someone who shuts down their PCs when not using them, didn't really seem like an issue...
Err, I hate to mention this, but for the poor people stuck using Windows as a server platform, wouldn't this mean their entire server room would quietly go to sleep each night, and then require someone to be in to power up every system and ensure they come back from sleep okay? Which is not what I'd call a trivial task...
And following the house analogy, you're quite welcome to any packets I broadcast in the use of my network connection. However, this is not the same as requesting my equipment to take action (sending requests over to the Internet, for example).
If you were walking down the street, and saw a house with the door open, you wouldn't assume you were welcome to wander in and use it as your own, you'd assume someone left the door open accidentally. Equally, access points should not be assumed to be intended open unless explicitly labeled as such (either by naming, or signs put up, or something else)... most of the time no-one will notice, but that doesn't mean it's the intention.
Still, wish wireless routers would come locked down as default. Okay, makes setup trickier, but give it something like the ability to write the key out to a USB flash drive in a well understand file format (something you can double click on and the OS will figure out the details). Well, still dreaming...
I believe they were making 80/20 high/low units, and given they sold out, I'm willing to bet there was an 80/20 split in sold units. Sorry.
> risk long term sales and release for the current most popular system close to compatible with your game idea?
I'm confused... did you just argue that selling lots of your game now might somehow upset your customers, as opposed to releasing it for a platform no-one can buy?
How many HD-DVD players do you think will be out there in a few years time? The PS3 initial launch quantities are pitiful. While Sony's ramping up PS3 sales, HD-DVD is out there, looking cheaper, and if not better, at least as good (going on what I've read here - never could understand why Blu-Ray would not look every bit as good as HD-DVD, but nevermind).
This also ignores the very real possibility that both formats will flop, because DVD was just too successful, and people don't want to start replacing media they invested a small fortune in over the last few years.
Oh great, I write all that, then realise you were thinking about the PS3. Someone give me a delete button please!
History does repeat itself. However, you can not (as the article appears to do) take random similarities between two events and claim a pattern. Unless there's evidence that the Dreamcast failed because it launched a year before the PS2 (would 18 months have saved it? 6 months?), for example, this is just random stabbing in the dark. It also ignores things like the fact that online game play is now a much bigger thing than when the Dreamcast was released (in no small part due to the original XBox), and a hell of a lot easier (with broadband being far more common)...
I believe Square Soft (Final Fantasy people) have publically said they don't want any one platform to succeed, which is why they're not making all their games PS3 exclusive (anyone got a URL?), but that's as strong a comment as I can remember from any major games company, at least publically.
I'm not in a country where the PS3 launches this year, so I'm going to have to use Amazon.com as a guide of PS3 launch titles (anyone got a list). From it's PS3 page ( http://www.amazon.com/PlayStation-3-Games/b/ref=am b_link_822552_2/103-0758594-8567865?ie=UTF8&node=1 4210751 ) we have Full Auto 2 (sequel to a fairly bad XBox 360 game), Call of Duty 3 (out on everything else too), F.E.A.R. (ditto), Madden NFL 07 (and again), Sonic the Hedgehog (noticing a pattern?), Resistance: Fall Of Man (what? I believe we may have found a good new game!) and Need for Speed Carbon (also out for everything else under the sun). Even ignoring the fact these are mostly multi-platform, most aren't even that good...
Don't get me wrong, I'm not saying the XBox 360 launch lineup was good (I got most of my entertainment from PGR3, and wanted to kill everyone who recommended PDZ and Kameo), I'm just saying the PS3 lineup isn't exactly brilliant either. Now, sure, the PS3 has MGS4 and FF13 (is that right? I lose count...), but then the XBox 360 has Dead Rising and Gears of War (whether not being sequels is good or bad is left as an excercise for the reader).
Development... if the XBox 360 was difficult to code for, PS3 developers are attempting the impossible. 7 asymmetric special purpose cores with a single generic CPU core, with some really interesting CPU cache setup! It's less a hardware architecture, more a excercise is developer pain.
Online service... did XBox Live do something to offend? Sure, it's expensive/overpriced, but it's really easy to use.
Depends what you're doing with it. Sure, out of the box as a desktop system, you're fairly screwed, but as a headless system, or with some work to use less CPU/memory intensive window managers (WindowMaker, for example), and you should be fine....
Poking through the further reading, I think it's worth pointing out that SPF explicitely allows domains to say that there are approved servers (from which mail should be trusted), but mail may come from other servers (from which mail should neither be trusted or untrusted)?
No... SPF is not the silver bullet a lot of people are selling it as. However...
.ac.uk domain (which is where 90+% of genuine e-mail to my address originates), it helps cut down on false positives. However, I can't do that at the moment because it's is trivial to take origin addresses (I get a lot of spam from faked addresses at my company, for example).
"You do see perfectly genuine mail from my domain, from machines other than mine."
Entirely true. However, this doesn't make SPF worthless. It means that, for domains where mail should only be coming from specific mail servers, SPF still helps. We're in the process of setting this up at work; we now have SMTP servers that support authentication over TLS. For e-mail from my work address, I can connect to those servers, authenticate, and send as normal.
I know what you're going to say. It doesn't help unless everyone does it. Well, again, not true. For example, if I can tell my spam filters to accept anything from the
"How good are your spam filters? By rewriting the address of mail you're forwarding so that it appears to come from your own domain, you put your own reputation on the line. You could be blacklisted for mail which you claimed even though you didn't send it and you have no real knowledge of the original sender. "
Bloody hell. If you're forwarding e-mail you aren't sure about through your servers, you deserve everything you get. Okay, that's a little harsh, but servers should only be forwarding e-mail from people they can verify the identity of. Being on an IP that the server knows to trust, will do, but ideally they should have to authenticate. This means that if people are sending spam through your servers, you can identify and ban the person responsible.
On top of which, while the improvements in speed are marginal, cost and power consumption are both way up compared to Intel 975 based motherboards. Now, sure, if you want SLI, you're going to want one of these, but personally I've never figured out why people like SLI (although I suppose if you're using a just massive monitor to play games on...)
> Overpriced? Nope, it's a better value than the XBox 360 when it comes to technology and cost of manufacturing.
/. crowd, but it's not exactly going to make or break the console.
Yes, except, fundamentally, it's a games console. There's over a decade's evidence that the $300 price point works well for a console at release. Personally, I'm not willing to spend $599 on a games console. It could be hand crafted, and cost twice as much to make as they're selling it for, for all I care, there's still the fact that it's games console priced outside what I'm willing to spend on a games console.
Heard a lot of similar arguments about the Mac Pro, while trying to argue that it would be great if Apple released an upgradable iMac equivalent. It's brilliant value for money, if you want a quad core Xeon workstation, but fundamentally if you don't need that much processing power it's just not worth it.
> Overheating? Nope, it's cooler than the XBox 360.
Source?
> Shortage? Doesn't take away from the console, just my ability to buy one.
Agree. The late launch may be an issue, but frankly a launch shortage is going to have minimal impact 6 months down the line.
> Free online service
Yup
> Better form factor
Err... no, I'd call both equally ugly. But hey, each to their own
> Linux capability
Good point for the
> Blu-ray
Which is great, if you want HD movies. I'm unconvinced this is going to be a major selling point, especially as so far HD-DVD seems to be doing a lot better than Blu-Ray. It could be an issue for games, but personally I'm not seeing two-DVD releases being a major issue.
> Motion control
I thought general opinion is this wasn't very good, or was it just not quite as good as Nintendos?
The PS3 is one hell of a powerful console, released at a decent price point for the cost to make... I just personally don't think people are going to be willing to pay the extra, and that the XBox 360 and Wii will both gain serious ground before Sony gets around to price cuts...
Just so you know, it's PS3 not PS/3. PS/2, is either a computer or connector depending on context ( http://en.wikipedia.org/wiki/PS/2 ), PS2 was the PlayStation 2.
Yes! Someone who understands; a lot of people go "But it was $40 on the PSP!". Here's the thing; I wouldn't have paid $40 for it. I also wouldn't have paid 1,200 Microsoft points for what I got. 800, sure, puts it in line with similar puzzle games, and you can get extras for it later. 1,600 for everything, probably. But 1,200 and then 600 points for each of the extra 3 packs? You've got to be kidding me.
Also, when I buy something labelled "Full game", I don't expect it to tell me I have to pay extra to play game modes for which all necessary detail is given (puzzle and mission modes both list the content in each level, but don't let you play them). The 1 level of vs. CPU play is beyond a joke, it's practically an insult (yeah, you paid us for this, and we didn't tell you that this mode only had 5 minutes of gameplay, but hey, sucks to be you).
If the game had been clearly labelled as a "core" game, to which 3-4 expansions could be added later, I'd have simply not bought it, and not be standing here ranting. However, it didn't. It said full game. I did notice the advance pack, but assumed it was actually an advanced pack, as in something I'd get to in a few weeks/month of playing, if I really fancied pushing myself.
As it stands, it's the last time I'll buy anything from the arcade until I've seen a review, and I'll be avoiding anything Q! put out at all...
In particular, now he's got his traffic encrypted all the way to the HotspotVPN people... who then send it out as cleartext on the Internet. Sure, it's less risky than broadcasting it over Wi-Fi in plaintext, but it's not a solution.
Gyah. Reminds me of a website I used briefly. Their custom security solution turned out to be server side crypto (of some unproven variety), through to the back office server.
Think about that a second.
The traffic went as clear text through the Internet, arrived at their server, magic runes were waved over it to make it hard enough to read that the developer couldn't think how to break the crypto, then sent off to the back office server.
Too many people know just enough computer security to be dangerous...
Anyone know what they're looking for in an answer, 'cos I'm curious now? Best I can think of would be texting my friends to tell them to bring an ingredient each (possibly specifying ingredients, possibly not), and gamble that I can do something with what turns up.
You're right though, I'd have told my friends I just got back from work, and am going to bed, and to get back to me in the morning if they want to meet up.
Do you get royalties based on viewing figures, normally, then?
Heaven help those of us who need to test our websites with new browsers (worked perfectly first time, for reference, probably on account of having read, understood and used the HTML, XHTML and CSS standards).