I'd like to point out an astonishing amount of hostility recently. In the last few weeks I have noticed it especially, when someone chooses to make a statement they don't just make the statement, they litter it with insults, formulating an angry comment dripping with either sarcasm or invective, for no reasonable purpose that I can see. Just the 18 or so comments in this article so far alone contain more hostility than I see in an entire week in any other medium.
This in itself is a concern, it displays a marked lack of respect towards the others the comment is aimed at. On this very same page you can find a comment querying the lack of information on the recent problems with slashdot. Was the use of the word "Pathetic" really necessary? Was the implied accusation that Slashdot is no longer "open" included for any other purpose than vitrol? A single feather does not a bird make, and a single action by the editors should not be held up, against an astounding amount of evidence to the contrary, as an example of how it has become "closed" or "less responsive".
I single out this post only because, being in the same article, it is easy to point to, make no mistake it is merely the tip of the iceberg as far as posts containing unnecessary attacks go.
Please keep in mind that the editors of slashdot, the users who make comments here, the employees of the organisations that are referred to (yes, even those of Microsoft), and all the other people who are somehow brought to our attention in this forum are, in fact, just that. People. And too often I see them judged, instantly, upon such a scrap of information as wouldn't feed a shrimp. Indeed all too often one reads an article only to discover that people are being abused on the basis of nothing more than rumour.
They are people, they deserve respect by default, the respect given to those who are human, who may make mistakes, but who have lived years of their lives, making hard decisions and taking responsibility for their actions.
Some calm yes? some thought before writing, and perhaps a little dose of old saying.
"If you don't have anything good to say, keep your mouth shut."
Flames will be read, considered, and appreciated. Thankyou for your time.
In my opinion, no solid statistics, all statements extrapolated from personal experience.
This is silly. Lets face it, banner ads exist now not because they're actually worthwhile, getting linked in a single article on/. will drag in far more hits in one day than the banners on the top of the page will get in a month, they exist because they're the only form of currency the web has.
Most of the advertising "revenue" made these days is not in fact revenue at all, invariably its part of a banner-swapping deal, I'll run banners for you if you run banners for me. Even in the cases where there is money paid, in plainly doesn't make sense:
Site A gets money for ad views Therefore Site A is more profitable if it gets more hits Therefore Site A pays other sites to advertise, to increase its hits, so that those hits translate into ad views...for other sites...
The only places that are actually playing this game effectively are sites with valuable content, which are populated by word of mouth more than anything else (/. being a prime example), and sites that are making real sales on their website (Amazon etc).
These are a small fraction of the web, the rest is populated by mediocre content attempting to increase its hit rate by getting banners everywhere it can, a pointless exercise as users have now almost entirely done the job Mozilla would only complete, they've tuned out.
Even if they do read the banner ad, they've been stung so many times by clicking on an ad to find a boring, pointless or overly complex page that they no longer bother. The ads are intrusive but we appear to be mentally well equiped from years of TV to filter them out without even realising it.
How many of you even notice ads on/. anymore?
The massive popularity of banner ads is a simple result of human need for a solid number. We can't estimate our websites effectiveness in terms of brand awareness, we can't develop a solid business plan for a website based on word of mouth, we need numbers. We got n hits, we sold n ads, we bought n ads, next month we will sell n ads and buy m ads and get n hits. Pretty graphs, but utterly useless when you realise that the revenue is actually n-m, often a negative number.
Doubleclick and co know this, they've seen it coming, and they're desperately trying to increase the effectiveness of their trade. Targetted ads, profiling etc, but it isn't really working because its too late, they overdid it at the start and now we're filtering out anything that looks vaguely like an ad.
I don't however expect a recognition of this from either ad companies or businesses that buy and sell ads. Why? its like every other currency that we have, a vast portion of it is illusory, its a convinience that gives us a justifiable excuse to do something. Does anybody ever believe the US will pay off its national debt? no. Does that stop them trading with the US in US$? no, its the currency itself that has become important, not the backing behind it.
But if you want to create a successful website, as opposed to a website with pretty graphs, you need to listen not to the accountants, but to the users. The Cluetrain (http://www.cluetrain.org/) has it all there for you in nice bullet points.
I say putting advertising blocks in Mozilla is merely acknowleging the truth of the situation, its being honest and it may well have the effect of having website operators start building their websites with a view to how the web really works, instead of the current communal delusion.
I've got to say, Peter Molyneux is, in the gaming realm, pretty much my idol. I'm not one for hero worship, and I don't follow his every move or copy the way he dresses or anything, but I firmly believe in every game he has written, and in every game he will ever write/direct, and he has never done me wrong. From Power Monger to Populous to Syndicate to Dungeon Keeper, he has been innovative, created a solid piece of software and I have always enjoyed the game, often for many months. I still crave Power Monger.
Of course he's not entirely responsible for it himself, but it seems to follow him around, through Bullfrog and now Lionhead it seems, so I choose to hold him responsible:)
I still remember learning 68000 assembler from an article Bullfrog did for Amiga Format years ago.
As an example to the gaming industry as a whole, I would have great difficulty picking anyone better. There are others who are better technically (John Carmack for example) and sometimes strategically (Sid Mier perhaps? I don't know) but for the sheer combination of gameplay, interface, innovation, and unadulterated joy, Peters games have caught me every single time.
I look forward very much to the debut of Black&White, and even more so to whatever he comes up with in the future.
The problem with writing your own games these days is artwork. Its damn hard to get good artwork if you're not an artist yourself, and I'm not that kind of artist.
In some cases, such as with tdt (http://richard.iguana.co.nz/tdt/) I have managed to create something that looks ok without needing to have nicely drawn textures and buttons as stuff.
But in most cases, like every tile-map based game I ever wrote, the lack of artwork meant that no matter how good the game mechanics, it just looked crap.
This doesn't mean that I didn't believe people might like it, we've all gone on about how graphics aren't the most important thing in a game, but many times I have reached a stage in the development where I've looked at my game, and at another game which is similar, and suddenly seen that gulf in looks and polish and just given in, it just didn't seem worth the effort.
Yeesh, check out the requirements on that page for programmers:
1. Must have a CS degree. 2. 5 years experience in games programming 3. AI, 3D on consoles and PC, Distributed network stuff.
Well, I don't have a CS degree and have never programmed a game professionally. AI, 3d graphics on the PC and distributed networking I know pretty well, but I guess I wouldn't even get a look in, I imagine they junk anyone without a CS degree in the first pass.
Sad really. Ahh well, hopefully they'll make some good stuff.
I have rarely had any difficulty ascertaining the skills of a fellow hacker. Its like a painter judging the technical skill of another painter, its easy, you can see why they do what they do and how. A few examples and a fairly short chat will do it. On the other hand, when I try and figure out whether a painter is a good painter, or whether a banker knows what the hell he's talking about, I'm in the dark, and pretty much no amount of evidence that they can provide will enlighten me beyond "gee thats a lot of stuff".
My personal urging towards employers at least is ensure that when you go to speak to your prospective hacker, bring along another one, one you trust, because they will see right through them (assuming a reasonable social ability:) if they're trying to pull something. Simply find a friend or employee who is a Good Hacker (tm), explain carefully what you want in a new employee, then let them sit in on the interview, and if they want ask questions.
As far as going for a job, I'd be concerned if I was merely interviewed by management, unless said management is particularly technical. Kirrily may not see this from where she is, she is surrounded by the tech world and more importantly, a good judge herself, but if the interviewing group doesn't consist of at least one person fairly familiar with the stuff that you do, you simply aren't going to get a good show. The job will go to the person with the best social skills and the ability to sell themselves, which is all fine and dandy unless the person concerned can't actually do the job.
They say interview technique is important, but more so these days is Who you have at the interview, than what you do there.
My hat off to you and the other winners, just reading the summarised list of achievements with your project information on that article indicates not only that you are very gifted, but that you have the determination to utilise those gifts, a rarer thing than it might appear. I look forward to seeing what you all do in the future, and I hope it still manages to balance well enough that you all have fun too:)
Have you used the most recent release, it has an extremely interesting GUI feature which would solve your access problem straight away. Open your image, right client on the image, go down to the filters menu, and hit the line "----" at the top of the menu for filters.
The filters menu will promptly detach and become a single seperate window, accessible instantly. You can do this with any menu you feel is appropriate. Several steps ahead of Photoshop:)
Obviously a joke, or at least close, but the same argument (Electric cars are not better for the environment) has been pulled out of many hats, not just for cars but buses and trains and all sorts of things. The simple fact is that the argument doesn't hold water.
1. The current state of the art in low-pollution petrol powered cars has almost nowhere to go. Further research is giving fewer and fewer returns in methods of making mobile petrol-based propulsion systems cleaner. On the other hand, factory scale plants using both petrol and other forms of raw material such as coal have been making large advances, with many by-products of the electricity production going into creating other useful products.
2. Research on electricity based transport is advancing rapidly, greater efficiencies in all areas are constantly being achieved, with new software able to micro-manage power consumption, newer battery methods and flywheel technology offering better storage per gram, and longer life for all components.
These alone are excellent reasons why electric cars, although they may _possibly_ be less environmentally friendly right now taking into account the entire supply chain, are the future.
Their primary attractiveness as far as the environment goes is the shifting of by-products to large generation plants where the benefits of scale and space can be used to filter and reuse pollutants. They are also demonstrably quieter, and in many cases can take advantage of their electrical nature to make driving as we know it today more fuel efficient (brakes tied into flywheels mean that stop-go traffic would cost far less in energy terms, and wear out your brake-pads less).
I came up with that as a solution to our load balancing issues over a year ago, unfortunately our network architecture didn't really support the concept.
However on this basis I note that it must be "obvious", certainly it never occured to me that others might not have thought of it. Unfortunately this isn't enough I guess, and I never implemented anything to test the idea, so..no prior art from me. Sorry:/
How many would you like? It all depends on your definition of rapid really. Open Source software doesn't reach user-level release as fast as commercial software, but it becomes feature-comparable much earlier and useable by those willing to get their hands dirty _far_ faster.
In terms of quality products, it is hard to deny software such as PHP, Apache, The linux kernel, perl, yadda yadda, all the usual stuff. However none of these can really be considered "rapid" from start, they all started quite some time ago.
Most really rapid initial Open Source development can never be quoted, since it usually consists of a large number of developers abandoning a previous implementation and starting again from scratch. Much of the good Open Source software you see now has gone through at least one phase of being heavily re-written, almost or sometimes literally from the ground up, in an astounding amount of time, but because nobody clocked it, or changed the name, it just turns up as the latest release.
However I think there are some, smaller, cases of applications that appears almost from nowhere. The various linux napster clients for instance. One moment I had just heard of napster, the next their protocol was reverse engineered and two or three Open Source versions of the client appeared.
Similarly with email software. Sendmail, king of the hill for so long now, was looking pretty much invincible, then qmail came out, and suddenly what had looked like something that was good enough seemed somehow tarnished. No dust on Sendmail, I use it, and love it, but many don't, and a slew of new email servers have appeared recently, qmail and exim being two of the notable mentions.
I am unwilling to stand up and say "Look, under any circumstances, Open Source software will develop a complete application faster than a Commercial method would", for a start there are different levels of interest in various types of applications, and for second, theres a mindhsare capture thing. Commercial places just hire their employees, Open Source projects have to attract their developers, and that takes a bit of time, especially as you have to get exponentially more than those of a commercial project in order to make up for the (at least inital) fact that nobody is working on it full time.
However I think that Apache, PHP, Linux and many others are undeniable proof that once that mindshare of developers is attained, development is unbelievably fast. Just watching the kernel mailing list for a week is enough to make one dizzy, and you don't see a 10th of what is going on.
When I was doing one of my own projects, I really noticed that speed-up effect after the initial block was over. TDT took two weeks to get to something vaguely working, another one to get to something that looked fairly ok and had the major engine working, and then within a week enormous improvements were made, contributions even by the few people who were interested in it made a huge difference, lighting, explosions, tuning of coloring, models, rewrites of parts of the engine to support effects like waves and menus, I was making releases less than hourly on the evenings I was working on it.
I don't think we have yet seen the true power of the Open Source development method, but places like Source Forge and tools like CVS and autoconf are slowly pushing their way into the fore, making things go quicker and quicker and quicker. I look forward to the future.
Its unacceptable. I don't care how he attempts to justify it, even if he finds a loophole of some kind, or the law ends up supporting him, it is just plain wrong.
There is a reason for the GPL, people don't GPL code because they love TLAs, or because they like making other people miserable, they do it because they believe, and I believe, that Open Source software is the answer to the problem that software solves.
Yes Quake is having problems with cheats due to the source release, No close sourcing the code is not the answer. There have already been numerous articles explaining this is depth, some by very influential people, and it is annoying to see them so disregarded in this manner.
It has long been known in security circles that security through obscurity is the worst method available. Yes it is useful, but only in concert with other, heavier forms of protection. Nobody argues that giving away login names is ok, just because hiding those names is security through obscurity, but on the same token, nobody believes their system safe if the only thing between an attacker and the system is that they don't know the login names.
In this case, John has already, in a previous.plan, outlined a way of creating a pre-compiled security system by use of an external proxy. However I suspect this gentleman has realised what is obvious to anyone who has done reverse engineering before, the smaller the code you're trying to reverse, the easier it gets. Just finding the relevant procedures can be tough, especially if they've encrypted it somehow, and attempting to figure out the protocols used from the original quake binaries was difficult in the extreme, because it was a large binary with a lot going on in a very short space of time.
Creating a closed-source patch or external server would have far less effect, it is dedicated to its purpose, and no matter how many layers of self-encryption it used, unwinding those using a debugger would be far easier when the levels that communicate with the closed-source section themselves were already know and the unknown code was known to be dedicated to its task.
There is only one real solution to this problem, and it has already been stated. Information is on a need-to-know basis. The security point is at the server, not at the client.
Unfortunately, this leads to a performance hit as the server has to take much greater account of what is visible/doable and what is not. However there have been many fine open-source-compatible suggestions that would help with the problem, including:
Conflict resolution by scoring: Doing things that are suspect, like hitting invisible targets, moving places you shouldn't, or hitting with remarkable accuracy constantly, would lose you points, other actions such as losing a game, or being on for some time would gain you trust-points. These points would then be used in conflict resolution. One client says you died, the other says you didn't, the one with the highest trust-score gets decided for.
Baiting: In concert with the above, a variety of non-visible targets etc are left lying around, shooting one loses you trust points and is indicative of a cheat, many other concepts along these lines are possible. its an arms race, but one that does not need to progress far before there are so many limitations to cheating that it hardly becomes worth it.
Logins: Utilising logins, the scoring method could be enhanced, allowing the trust of a given player to build up over time. Anonymous players would have extremely low trust, thus be pretty much unable to cheat, as if a logged-in client disagrees with any of their movements, they would be overruled.
These are just some of the ideas I have heard about automated cheat damping, there were lots and lots, many ingenious and clever, on the previous discussion of this on slashdot. I suggest that if you're really concerned, solve the problem right, don't rely on a method that will be almost as easily broken as the plain source itself.
Not at all. I was only talking about 30 people, with a more napster-like level of hundreds or thousands of people, a vast number of CDs would be available at any given time, making discerning the usage from the noise much more difficult.
Even in 20 or 30 people, having 20 or 30 cds constantly swapping in or out, with various members' music tastes being different and many of them missing swaps or already having a given CD from the last time, it would be difficult to pinpoint a particular group in a membership as large as Beam-It as CD sharing.
I did not say that people are doing it, only that people other than myself have surely seen the possibilities. It is not in the least more combersome than napster. It utilises all the benefits of Beam-It (No local HD storage required, good quality encodes) without any of the negatives (Having to own or borrow the CD)
Writing an application that could make this kind of exchange possible is trivial, and should the numbers of users on the network rise enough, users could even operate the registration application without a CD, taking advantage of the large number of offered CDs by others.
I'd like to make the point that it actually isn't at all secure. A napster style configuration of people interested in listening to a wide variety of music could, by distribution, make the security method pretty much redundant.
As noted, in order to sign up a CD, you need to be able to verify a particular random track. If the client machine, rather than checking its own CD drive, made a request out to a collaborative network for a given CD before attempting authentication, it could, apon reception of the request for a particular random block, forward this request to another machine who claimed to have the relevant CD, and get the data from that machine, then forwarding it on. once this has happened, its in your account, you don't have to repeat this, so a system where CDs are in drives only on occasion is perfectly acceptable.
Take 20 or 30 people, and an application that requires that they have a CD, any CD, in their drive on load, and they can Beam register any of the 20 or 30 CDs online at the time, and as time goes by, they would rapidly build up a massive collection without a huge number of resources being tied up.
The Beam It method is perhaps, because of this, even less secure, and more convenient than Napster, no long download times, no scratched, damaged or badly made recordings, all available for free on the condition that you have at least on CD you can share with everyone else.
I have no doubt this concept has been picked up already by others. Game over mp3.com:/
I sincerely hope they are not asking this. System and Network security is far to big and vital a topic to be covered in forums such as this.
There are many, well publicised portals and locations for such information, both system specific and universal. www.securityfocus.org, bugtraq, and many other environments provide up to the minute information on security for a wide range of systems, and any systems administrator should follow these closely, as well as system specific sources.
Those on a lesser scale, DSL and modem, should also pay attention. If you feel unwilling to take the time to secure your system, you should invest in an operating system that is Secure By Default. OpenBSD is the most publicised of these, but there are several hardened variants of linux, and hardeners for popular operating systems like RedHat (check out http://bastille-linux.org/).
For linux guys, I recommend reading the Linux Admin Security Guide (http://metalab.unc.edu/lasg/) and learning about IPChains, or for the bleeding edge people, Netfilter (Which is proving to be very powerful)
Unfortunately I have no pointers for Windows, but perhaps other users can contribute URLs where information like that can be located. A quick search in a search engine may help too.
There are no defenses. Trust me, as someone who is deeply concerned about it and has spent a considerable amount of time investigating.
The attack doesn't attack your firewall, it doesn't attack your boxes, it very simply attacks your bandwidth, it fills it up, completely, leaving no room for other traffic.
It doesn't matter if your firewall drops every single packet it sees, for that matter it doesn't matter if you unplug your box, it isn't going to help at all.
The vast number of machines that have been compromised, especially on university campuses where attention to security is limited on many boxes, and a crack can go unnoticed for months or years, give these flood networks more bandwidth than a medium-large sized ISP. If they are willing to take the risk that someone tracks them down, they can knock out most companies and for that matter, often their upstream.
So, as an administrator, there is little you can do. Some things can help slightly, (see following) but if you get one of the larger networks pointed at you, you call your provider, get them to call their provider, and hope that they can implement some kind of filtering on their router as a temporary solution. You probably won't get far with that however.
Things to do:
1. log log log log log. Strange packets coming in should be logged. If you can do this, theres a chance the guy can be traced back to source if one of the IPs is on a network with a competent admin and the source of the network control packets can be found.
2. Alert whoever you have to. If you're getting hammered, its a crime, tell the police, look on the CERT site for more details about who you can contact if you're in this situation.
3. close up all ports that aren't critical, from any replies. These guys function best when they can hit a wide range of ports and get replies from your box, effectively doubling the load generated by each packet. If you drop 98% of the ports on your box, that leaves most of the packet hits out in the cold, making them have to work harder. Don't be scared to start dropping whole class A/B networks if a large number of hits are coming through from them.
4. For those using unix based firewall solutions, have a couple of scripts handy which you can use to turn off all ICMP (you should already be filtering bad ICMP, this just goes the next step), and all non-essential ports.
5. Have syncookies on your system if available, this will help keep you working during small TCP floods
6. Make sure that you, as admin, have on your firewall the necessary rules to deny spoofed IPs from within your own network. If you don't, you are irresponsible and quite possibly a contributing cause to this whole mess. An internet connected network needs monitoring, no matter how well set up. Take the time to do it.
The final verdict is there is no individual solution to this problem. If everyone implemented #6, we'd be in a lot better shape, still not brilliant but certainly a vast improvement. On the positive side, there are many brilliant minds who have observed this problem and are working on infrastructure solutions (see BOF recently etc).
No matter how good your firewall software, script kids these days have the capability to flood your entire link. Proactive and constant vigilance is the only thing that could possibly minimise the damage.
Personally I think this guy has got it right, not for the content, he could have raved about Natalie Portman or ranted about M$ (well, he did) or whatever, what he has done, perhaps in not the nicest way but certainly one of the most convincing, is assure me that people at Andover are human, they're people, they rant, they act like kids, just like me sometimes (possibly right now:/
The point is, they're not out to rule the world any more than I am. Actually, thats a scary thought. They're probably out to rule the world less than I am. They're young, probably idealistic, certainly in this case, and therefore not likely to swing for the "whatever it takes to get money" etc garbage that the world-weary find all too easy.
The most confidence a company can give me is that they're just like me. I know what to expect then.
The Cave is the big room style VR thing, linking two together may be new, but I doubt it. Whats cool is that the military are using that kind of thing for simulation:)
Honestly, I am begining to suspect that the net has very few options in defending itself against what is becoming increasingly obvious: Let the world communicate, and a small percentage of them communicate nothing but garbage particularly loudly.
Slashdot has escaped the worst of those consequences utilising the cooperative moderation system, condeming most of the spam and junk to their own little world that people using 1/2 moderation levels rarely see. Various IRC channels have managed by either being particularly unknown, or in the case of one channel I'm a member of, simply having a very low kick threshold.
Usenet similarly, has adapted in several ways, some groups are small and targetted so specifically that they rarely recieve spam or don't attract people who are liable to argue a point well beyond having lost it. Others are moderated, the IRC kick equivalent, and some users have killfiles, the Slashdot moderation equivalent.
Unfortunately, the sheer freedom of usenet is working against it. Killfiles are the responsibility of the user, and most users are not willing to put much effort into filtering. Cancelbots do a good job against the worst offenders, but even cutting the spam down by 25% still leaves way too much.
But the very worst thing in terms of junk is the timespan. On slashdot, a story lasts a day. Shit flies for a day, then its gone, consigned to the archives for people doing searches. On IRC, the conversations are too rapid and too realtime to last long, but on usenet a political or value argument can last weeks, with people reading daily, replying, branching out into huge unweildy threads of disinformation and mistakes. Worse, their persistence means that if a user who hasn't read for a week or two fires up their client, they'll see all the articles in a discussion dead days, they post, and boom it starts all over again, constant non-ending argument. it hops threads, it hops newsgroups via common users, and pretty soon your signal to noise ratio has gone to hell and you flinch every time you see a new post just in case it starts up another diatribe.
I don't have solutions, but the problem is all too clear, and for those websites implementing discussion forums, beware, such a fate is not limited to usenet.
Far more information is required for such a question. Are you running it on a 486? or a Quad Xeon? Are you utilising clustering capabilities? do you have SCSI or IDE disk drives? how much RAM do you have? what is the nature of your application? is your SQL designed well to fit in with a MySQL style structure? (Ie: are you attempting to do heavy relational work, not MySQLs strong point, or do you have it well designed for the shallow style at which MySQL excels?) is your SQL efficient? do you have MySQL set up properly (Do you have all those performance-hitting log functions turned off?) what software are you using for your front end? PHP? Perl? C? do you use persistant database connections? do you have the database on the same machine as the web server?
I could go on for hours. The simple fact is that this question requires 1. Far more information, and 2. should be posted to the MySQL list rather than to/.
http://richard.iguana.co.nz/nlp/ is my most recent IRC bot. Written in Perl, uses a fairly complex regex tree data file to enable conversation. Not a lot of data in the datafile at the moment, but enough to see how it works. Its GPL'd and I don't have any intention of entering this competition (I don't have enough time) but people who are interested are welcome to add to the code. Patch me:)
Well, I think its mostly about personal taste, which is one reason why GTK wins out, themes make it possible to adjust stuff to how you like it.
But as far as your two exhibits, well I looked at the first one and winced. The buttons are chunky for a start, and the huge arrow buttons look butt ugly (to me).
The title bar as well, big chunky square thing with far too much indentation (Those of you who have used old RiscOS applications know what I mean there..)
The GTK one however just makes me sigh happily. Arrow buttons are still slightly too large, and I dislike that odd orange thing around one of them, but the text buttons are niiiccee, small indentation, smooth gradient, mmm. And the titlebar too, much nicer look.
I could definitely improve on that theme, but overall, in my eyes it beats the motif look by leaps and bounds.
Get yourself a big radio transmitter, and just beam the stuff into space with lots of error correction. When you wanna retrieve it, you just have to hope for a faster-than-light drive. No media decay problems, and with technology advances your ability to retrieve the data properly increases every year, depending on the rate, this could mean thousands of years of archiving. Even better is if some alien races pick it up and store it as well.
Slashdot Mirror
I'd like to point out an astonishing amount of hostility recently. In the last few weeks I have noticed it especially, when someone chooses to make a statement they don't just make the statement, they litter it with insults, formulating an angry comment dripping with either sarcasm or invective, for no reasonable purpose that I can see. Just the 18 or so comments in this article so far alone contain more hostility than I see in an entire week in any other medium.
This in itself is a concern, it displays a marked lack of respect towards the others the comment is aimed at. On this very same page you can find a comment querying the lack of information on the recent problems with slashdot. Was the use of the word "Pathetic" really necessary? Was the implied accusation that Slashdot is no longer "open" included for any other purpose than vitrol? A single feather does not a bird make, and a single action by the editors should not be held up, against an astounding amount of evidence to the contrary, as an example of how it has become "closed" or "less responsive".
I single out this post only because, being in the same article, it is easy to point to, make no mistake it is merely the tip of the iceberg as far as posts containing unnecessary attacks go.
Please keep in mind that the editors of slashdot, the users who make comments here, the employees of the organisations that are referred to (yes, even those of Microsoft), and all the other people who are somehow brought to our attention in this forum are, in fact, just that. People. And too often I see them judged, instantly, upon such a scrap of information as wouldn't feed a shrimp. Indeed all too often one reads an article only to discover that people are being abused on the basis of nothing more than rumour.
They are people, they deserve respect by default, the respect given to those who are human, who may make mistakes, but who have lived years of their lives, making hard decisions and taking responsibility for their actions.
Some calm yes? some thought before writing, and perhaps a little dose of old saying.
"If you don't have anything good to say, keep your mouth shut."
Flames will be read, considered, and appreciated. Thankyou for your time.
In my opinion, no solid statistics, all statements extrapolated from personal experience.
/. will drag in far more hits in one day than the banners on the top of the page will get in a month, they exist because they're the only form of currency the web has.
/. anymore?
:)
This is silly. Lets face it, banner ads exist now not because they're actually worthwhile, getting linked in a single article on
Most of the advertising "revenue" made these days is not in fact revenue at all, invariably its part of a banner-swapping deal, I'll run banners for you if you run banners for me. Even in the cases where there is money paid, in plainly doesn't make sense:
Site A gets money for ad views
Therefore Site A is more profitable if it gets more hits
Therefore Site A pays other sites to advertise, to increase its hits, so that those hits translate into ad views...for other sites...
The only places that are actually playing this game effectively are sites with valuable content, which are populated by word of mouth more than anything else (/. being a prime example), and sites that are making real sales on their website (Amazon etc).
These are a small fraction of the web, the rest is populated by mediocre content attempting to increase its hit rate by getting banners everywhere it can, a pointless exercise as users have now almost entirely done the job Mozilla would only complete, they've tuned out.
Even if they do read the banner ad, they've been stung so many times by clicking on an ad to find a boring, pointless or overly complex page that they no longer bother. The ads are intrusive but we appear to be mentally well equiped from years of TV to filter them out without even realising it.
How many of you even notice ads on
The massive popularity of banner ads is a simple result of human need for a solid number. We can't estimate our websites effectiveness in terms of brand awareness, we can't develop a solid business plan for a website based on word of mouth, we need numbers. We got n hits, we sold n ads, we bought n ads, next month we will sell n ads and buy m ads and get n hits. Pretty graphs, but utterly useless when you realise that the revenue is actually n-m, often a negative number.
Doubleclick and co know this, they've seen it coming, and they're desperately trying to increase the effectiveness of their trade. Targetted ads, profiling etc, but it isn't really working because its too late, they overdid it at the start and now we're filtering out anything that looks vaguely like an ad.
I don't however expect a recognition of this from either ad companies or businesses that buy and sell ads. Why? its like every other currency that we have, a vast portion of it is illusory, its a convinience that gives us a justifiable excuse to do something. Does anybody ever believe the US will pay off its national debt? no. Does that stop them trading with the US in US$? no, its the currency itself that has become important, not the backing behind it.
But if you want to create a successful website, as opposed to a website with pretty graphs, you need to listen not to the accountants, but to the users. The Cluetrain (http://www.cluetrain.org/) has it all there for you in nice bullet points.
I say putting advertising blocks in Mozilla is merely acknowleging the truth of the situation, its being honest and it may well have the effect of having website operators start building their websites with a view to how the web really works, instead of the current communal delusion.
My 2c
I've got to say, Peter Molyneux is, in the gaming realm, pretty much my idol. I'm not one for hero worship, and I don't follow his every move or copy the way he dresses or anything, but I firmly believe in every game he has written, and in every game he will ever write/direct, and he has never done me wrong. From Power Monger to Populous to Syndicate to Dungeon Keeper, he has been innovative, created a solid piece of software and I have always enjoyed the game, often for many months. I still crave Power Monger.
:)
Of course he's not entirely responsible for it himself, but it seems to follow him around, through Bullfrog and now Lionhead it seems, so I choose to hold him responsible
I still remember learning 68000 assembler from an article Bullfrog did for Amiga Format years ago.
As an example to the gaming industry as a whole, I would have great difficulty picking anyone better. There are others who are better technically (John Carmack for example) and sometimes strategically (Sid Mier perhaps? I don't know) but for the sheer combination of gameplay, interface, innovation, and unadulterated joy, Peters games have caught me every single time.
I look forward very much to the debut of Black&White, and even more so to whatever he comes up with in the future.
The problem with writing your own games these days is artwork. Its damn hard to get good artwork if you're not an artist yourself, and I'm not that kind of artist.
In some cases, such as with tdt (http://richard.iguana.co.nz/tdt/) I have managed to create something that looks ok without needing to have nicely drawn textures and buttons as stuff.
But in most cases, like every tile-map based game I ever wrote, the lack of artwork meant that no matter how good the game mechanics, it just looked crap.
This doesn't mean that I didn't believe people might like it, we've all gone on about how graphics aren't the most important thing in a game, but many times I have reached a stage in the development where I've looked at my game, and at another game which is similar, and suddenly seen that gulf in looks and polish and just given in, it just didn't seem worth the effort.
Ahh well.
Yeesh, check out the requirements on that page for programmers:
1. Must have a CS degree.
2. 5 years experience in games programming
3. AI, 3D on consoles and PC, Distributed network stuff.
Well, I don't have a CS degree and have never programmed a game professionally. AI, 3d graphics on the PC and distributed networking I know pretty well, but I guess I wouldn't even get a look in, I imagine they junk anyone without a CS degree in the first pass.
Sad really. Ahh well, hopefully they'll make some good stuff.
Pfft. Come over here and say that :)
I have rarely had any difficulty ascertaining the skills of a fellow hacker. Its like a painter judging the technical skill of another painter, its easy, you can see why they do what they do and how. A few examples and a fairly short chat will do it. On the other hand, when I try and figure out whether a painter is a good painter, or whether a banker knows what the hell he's talking about, I'm in the dark, and pretty much no amount of evidence that they can provide will enlighten me beyond "gee thats a lot of stuff".
:) if they're trying to pull something. Simply find a friend or employee who is a Good Hacker (tm), explain carefully what you want in a new employee, then let them sit in on the interview, and if they want ask questions.
My personal urging towards employers at least is ensure that when you go to speak to your prospective hacker, bring along another one, one you trust, because they will see right through them (assuming a reasonable social ability
As far as going for a job, I'd be concerned if I was merely interviewed by management, unless said management is particularly technical. Kirrily may not see this from where she is, she is surrounded by the tech world and more importantly, a good judge herself, but if the interviewing group doesn't consist of at least one person fairly familiar with the stuff that you do, you simply aren't going to get a good show. The job will go to the person with the best social skills and the ability to sell themselves, which is all fine and dandy unless the person concerned can't actually do the job.
They say interview technique is important, but more so these days is Who you have at the interview, than what you do there.
My hat off to you and the other winners, just reading the summarised list of achievements with your project information on that article indicates not only that you are very gifted, but that you have the determination to utilise those gifts, a rarer thing than it might appear. I look forward to seeing what you all do in the future, and I hope it still manages to balance well enough that you all have fun too :)
Have you used the most recent release, it has an extremely interesting GUI feature which would solve your access problem straight away. Open your image, right client on the image, go down to the filters menu, and hit the line "----" at the top of the menu for filters.
:)
The filters menu will promptly detach and become a single seperate window, accessible instantly. You can do this with any menu you feel is appropriate. Several steps ahead of Photoshop
Obviously a joke, or at least close, but the same argument (Electric cars are not better for the environment) has been pulled out of many hats, not just for cars but buses and trains and all sorts of things. The simple fact is that the argument doesn't hold water.
:)
1. The current state of the art in low-pollution petrol powered cars has almost nowhere to go. Further research is giving fewer and fewer returns in methods of making mobile petrol-based propulsion systems cleaner. On the other hand, factory scale plants using both petrol and other forms of raw material such as coal have been making large advances, with many by-products of the electricity production going into creating other useful products.
2. Research on electricity based transport is advancing rapidly, greater efficiencies in all areas are constantly being achieved, with new software able to micro-manage power consumption, newer battery methods and flywheel technology offering better storage per gram, and longer life for all components.
These alone are excellent reasons why electric cars, although they may _possibly_ be less environmentally friendly right now taking into account the entire supply chain, are the future.
Their primary attractiveness as far as the environment goes is the shifting of by-products to large generation plants where the benefits of scale and space can be used to filter and reuse pollutants. They are also demonstrably quieter, and in many cases can take advantage of their electrical nature to make driving as we know it today more fuel efficient (brakes tied into flywheels mean that stop-go traffic would cost far less in energy terms, and wear out your brake-pads less).
I'm looking forward to it
I came up with that as a solution to our load balancing issues over a year ago, unfortunately our network architecture didn't really support the concept.
:/
However on this basis I note that it must be "obvious", certainly it never occured to me that others might not have thought of it. Unfortunately this isn't enough I guess, and I never implemented anything to test the idea, so..no prior art from me. Sorry
How many would you like? It all depends on your definition of rapid really. Open Source software doesn't reach user-level release as fast as commercial software, but it becomes feature-comparable much earlier and useable by those willing to get their hands dirty _far_ faster.
In terms of quality products, it is hard to deny software such as PHP, Apache, The linux kernel, perl, yadda yadda, all the usual stuff. However none of these can really be considered "rapid" from start, they all started quite some time ago.
Most really rapid initial Open Source development can never be quoted, since it usually consists of a large number of developers abandoning a previous implementation and starting again from scratch. Much of the good Open Source software you see now has gone through at least one phase of being heavily re-written, almost or sometimes literally from the ground up, in an astounding amount of time, but because nobody clocked it, or changed the name, it just turns up as the latest release.
However I think there are some, smaller, cases of applications that appears almost from nowhere. The various linux napster clients for instance. One moment I had just heard of napster, the next their protocol was reverse engineered and two or three Open Source versions of the client appeared.
Similarly with email software. Sendmail, king of the hill for so long now, was looking pretty much invincible, then qmail came out, and suddenly what had looked like something that was good enough seemed somehow tarnished. No dust on Sendmail, I use it, and love it, but many don't, and a slew of new email servers have appeared recently, qmail and exim being two of the notable mentions.
I am unwilling to stand up and say "Look, under any circumstances, Open Source software will develop a complete application faster than a Commercial method would", for a start there are different levels of interest in various types of applications, and for second, theres a mindhsare capture thing. Commercial places just hire their employees, Open Source projects have to attract their developers, and that takes a bit of time, especially as you have to get exponentially more than those of a commercial project in order to make up for the (at least inital) fact that nobody is working on it full time.
However I think that Apache, PHP, Linux and many others are undeniable proof that once that mindshare of developers is attained, development is unbelievably fast. Just watching the kernel mailing list for a week is enough to make one dizzy, and you don't see a 10th of what is going on.
When I was doing one of my own projects, I really noticed that speed-up effect after the initial block was over. TDT took two weeks to get to something vaguely working, another one to get to something that looked fairly ok and had the major engine working, and then within a week enormous improvements were made, contributions even by the few people who were interested in it made a huge difference, lighting, explosions, tuning of coloring, models, rewrites of parts of the engine to support effects like waves and menus, I was making releases less than hourly on the evenings I was working on it.
I don't think we have yet seen the true power of the Open Source development method, but places like Source Forge and tools like CVS and autoconf are slowly pushing their way into the fore, making things go quicker and quicker and quicker. I look forward to the future.
Its unacceptable. I don't care how he attempts to justify it, even if he finds a loophole of some kind, or the law ends up supporting him, it is just plain wrong.
.plan, outlined a way of creating a pre-compiled security system by use of an external proxy. However I suspect this gentleman has realised what is obvious to anyone who has done reverse engineering before, the smaller the code you're trying to reverse, the easier it gets. Just finding the relevant procedures can be tough, especially if they've encrypted it somehow, and attempting to figure out the protocols used from the original quake binaries was difficult in the extreme, because it was a large binary with a lot going on in a very short space of time.
There is a reason for the GPL, people don't GPL code because they love TLAs, or because they like making other people miserable, they do it because they believe, and I believe, that Open Source software is the answer to the problem that software solves.
Yes Quake is having problems with cheats due to the source release, No close sourcing the code is not the answer. There have already been numerous articles explaining this is depth, some by very influential people, and it is annoying to see them so disregarded in this manner.
It has long been known in security circles that security through obscurity is the worst method available. Yes it is useful, but only in concert with other, heavier forms of protection. Nobody argues that giving away login names is ok, just because hiding those names is security through obscurity, but on the same token, nobody believes their system safe if the only thing between an attacker and the system is that they don't know the login names.
In this case, John has already, in a previous
Creating a closed-source patch or external server would have far less effect, it is dedicated to its purpose, and no matter how many layers of self-encryption it used, unwinding those using a debugger would be far easier when the levels that communicate with the closed-source section themselves were already know and the unknown code was known to be dedicated to its task.
There is only one real solution to this problem, and it has already been stated. Information is on a need-to-know basis. The security point is at the server, not at the client.
Unfortunately, this leads to a performance hit as the server has to take much greater account of what is visible/doable and what is not. However there have been many fine open-source-compatible suggestions that would help with the problem, including:
Conflict resolution by scoring: Doing things that are suspect, like hitting invisible targets, moving places you shouldn't, or hitting with remarkable accuracy constantly, would lose you points, other actions such as losing a game, or being on for some time would gain you trust-points. These points would then be used in conflict resolution. One client says you died, the other says you didn't, the one with the highest trust-score gets decided for.
Baiting:
In concert with the above, a variety of non-visible targets etc are left lying around, shooting one loses you trust points and is indicative of a cheat, many other concepts along these lines are possible. its an arms race, but one that does not need to progress far before there are so many limitations to cheating that it hardly becomes worth it.
Logins:
Utilising logins, the scoring method could be enhanced, allowing the trust of a given player to build up over time. Anonymous players would have extremely low trust, thus be pretty much unable to cheat, as if a logged-in client disagrees with any of their movements, they would be overruled.
These are just some of the ideas I have heard about automated cheat damping, there were lots and lots, many ingenious and clever, on the previous discussion of this on slashdot. I suggest that if you're really concerned, solve the problem right, don't rely on a method that will be almost as easily broken as the plain source itself.
Not at all. I was only talking about 30 people, with a more napster-like level of hundreds or thousands of people, a vast number of CDs would be available at any given time, making discerning the usage from the noise much more difficult.
Even in 20 or 30 people, having 20 or 30 cds constantly swapping in or out, with various members' music tastes being different and many of them missing swaps or already having a given CD from the last time, it would be difficult to pinpoint a particular group in a membership as large as Beam-It as CD sharing.
I did not say that people are doing it, only that people other than myself have surely seen the possibilities. It is not in the least more combersome than napster. It utilises all the benefits of Beam-It (No local HD storage required, good quality encodes) without any of the negatives (Having to own or borrow the CD)
Writing an application that could make this kind of exchange possible is trivial, and should the numbers of users on the network rise enough, users could even operate the registration application without a CD, taking advantage of the large number of offered CDs by others.
I'd like to make the point that it actually isn't at all secure. A napster style configuration of people interested in listening to a wide variety of music could, by distribution, make the security method pretty much redundant.
:/
As noted, in order to sign up a CD, you need to be able to verify a particular random track. If the client machine, rather than checking its own CD drive, made a request out to a collaborative network for a given CD before attempting authentication, it could, apon reception of the request for a particular random block, forward this request to another machine who claimed to have the relevant CD, and get the data from that machine, then forwarding it on. once this has happened, its in your account, you don't have to repeat this, so a system where CDs are in drives only on occasion is perfectly acceptable.
Take 20 or 30 people, and an application that requires that they have a CD, any CD, in their drive on load, and they can Beam register any of the 20 or 30 CDs online at the time, and as time goes by, they would rapidly build up a massive collection without a huge number of resources being tied up.
The Beam It method is perhaps, because of this, even less secure, and more convenient than Napster, no long download times, no scratched, damaged or badly made recordings, all available for free on the condition that you have at least on CD you can share with everyone else.
I have no doubt this concept has been picked up already by others. Game over mp3.com
I sincerely hope they are not asking this. System and Network security is far to big and vital a topic to be covered in forums such as this.
There are many, well publicised portals and locations for such information, both system specific and universal. www.securityfocus.org, bugtraq, and many other environments provide up to the minute information on security for a wide range of systems, and any systems administrator should follow these closely, as well as system specific sources.
Those on a lesser scale, DSL and modem, should also pay attention. If you feel unwilling to take the time to secure your system, you should invest in an operating system that is Secure By Default. OpenBSD is the most publicised of these, but there are several hardened variants of linux, and hardeners for popular operating systems like RedHat (check out http://bastille-linux.org/).
For linux guys, I recommend reading the Linux Admin Security Guide (http://metalab.unc.edu/lasg/) and learning about IPChains, or for the bleeding edge people, Netfilter (Which is proving to be very powerful)
Unfortunately I have no pointers for Windows, but perhaps other users can contribute URLs where information like that can be located. A quick search in a search engine may help too.
There are no defenses. Trust me, as someone who is deeply concerned about it and has spent a considerable amount of time investigating.
The attack doesn't attack your firewall, it doesn't attack your boxes, it very simply attacks your bandwidth, it fills it up, completely, leaving no room for other traffic.
It doesn't matter if your firewall drops every single packet it sees, for that matter it doesn't matter if you unplug your box, it isn't going to help at all.
The vast number of machines that have been compromised, especially on university campuses where attention to security is limited on many boxes, and a crack can go unnoticed for months or years, give these flood networks more bandwidth than a medium-large sized ISP. If they are willing to take the risk that someone tracks them down, they can knock out most companies and for that matter, often their upstream.
So, as an administrator, there is little you can do. Some things can help slightly, (see following) but if you get one of the larger networks pointed at you, you call your provider, get them to call their provider, and hope that they can implement some kind of filtering on their router as a temporary solution. You probably won't get far with that however.
Things to do:
1. log log log log log. Strange packets coming in should be logged. If you can do this, theres a chance the guy can be traced back to source if one of the IPs is on a network with a competent admin and the source of the network control packets can be found.
2. Alert whoever you have to. If you're getting hammered, its a crime, tell the police, look on the CERT site for more details about who you can contact if you're in this situation.
3. close up all ports that aren't critical, from any replies. These guys function best when they can hit a wide range of ports and get replies from your box, effectively doubling the load generated by each packet. If you drop 98% of the ports on your box, that leaves most of the packet hits out in the cold, making them have to work harder. Don't be scared to start dropping whole class A/B networks if a large number of hits are coming through from them.
4. For those using unix based firewall solutions, have a couple of scripts handy which you can use to turn off all ICMP (you should already be filtering bad ICMP, this just goes the next step), and all non-essential ports.
5. Have syncookies on your system if available, this will help keep you working during small TCP floods
6. Make sure that you, as admin, have on your firewall the necessary rules to deny spoofed IPs from within your own network. If you don't, you are irresponsible and quite possibly a contributing cause to this whole mess. An internet connected network needs monitoring, no matter how well set up. Take the time to do it.
The final verdict is there is no individual solution to this problem. If everyone implemented #6, we'd be in a lot better shape, still not brilliant but certainly a vast improvement. On the positive side, there are many brilliant minds who have observed this problem and are working on infrastructure solutions (see BOF recently etc).
No matter how good your firewall software, script kids these days have the capability to flood your entire link. Proactive and constant vigilance is the only thing that could possibly minimise the damage.
Personally I think this guy has got it right, not for the content, he could have raved about Natalie Portman or ranted about M$ (well, he did) or whatever, what he has done, perhaps in not the nicest way but certainly one of the most convincing, is assure me that people at Andover are human, they're people, they rant, they act like kids, just like me sometimes (possibly right now :/
The point is, they're not out to rule the world any more than I am. Actually, thats a scary thought. They're probably out to rule the world less than I am. They're young, probably idealistic, certainly in this case, and therefore not likely to swing for the "whatever it takes to get money" etc garbage that the world-weary find all too easy.
The most confidence a company can give me is that they're just like me. I know what to expect then.
The Cave is the big room style VR thing, linking two together may be new, but I doubt it. Whats cool is that the military are using that kind of thing for simulation :)
Honestly, I am begining to suspect that the net has very few options in defending itself against what is becoming increasingly obvious: Let the world communicate, and a small percentage of them communicate nothing but garbage particularly loudly.
Slashdot has escaped the worst of those consequences utilising the cooperative moderation system, condeming most of the spam and junk to their own little world that people using 1/2 moderation levels rarely see. Various IRC channels have managed by either being particularly unknown, or in the case of one channel I'm a member of, simply having a very low kick threshold.
Usenet similarly, has adapted in several ways, some groups are small and targetted so specifically that they rarely recieve spam or don't attract people who are liable to argue a point well beyond having lost it. Others are moderated, the IRC kick equivalent, and some users have killfiles, the Slashdot moderation equivalent.
Unfortunately, the sheer freedom of usenet is working against it. Killfiles are the responsibility of the user, and most users are not willing to put much effort into filtering. Cancelbots do a good job against the worst offenders, but even cutting the spam down by 25% still leaves way too much.
But the very worst thing in terms of junk is the timespan. On slashdot, a story lasts a day. Shit flies for a day, then its gone, consigned to the archives for people doing searches. On IRC, the conversations are too rapid and too realtime to last long, but on usenet a political or value argument can last weeks, with people reading daily, replying, branching out into huge unweildy threads of disinformation and mistakes. Worse, their persistence means that if a user who hasn't read for a week or two fires up their client, they'll see all the articles in a discussion dead days, they post, and boom it starts all over again, constant non-ending argument. it hops threads, it hops newsgroups via common users, and pretty soon your signal to noise ratio has gone to hell and you flinch every time you see a new post just in case it starts up another diatribe.
I don't have solutions, but the problem is all too clear, and for those websites implementing discussion forums, beware, such a fate is not limited to usenet.
Far more information is required for such a question. Are you running it on a 486? or a Quad Xeon? Are you utilising clustering capabilities? do you have SCSI or IDE disk drives? how much RAM do you have? what is the nature of your application? is your SQL designed well to fit in with a MySQL style structure? (Ie: are you attempting to do heavy relational work, not MySQLs strong point, or do you have it well designed for the shallow style at which MySQL excels?) is your SQL efficient? do you have MySQL set up properly (Do you have all those performance-hitting log functions turned off?) what software are you using for your front end? PHP? Perl? C? do you use persistant database connections? do you have the database on the same machine as the web server?
/.
I could go on for hours. The simple fact is that this question requires 1. Far more information, and 2. should be posted to the MySQL list rather than to
http://richard.iguana.co.nz/nlp/ is my most recent IRC bot. Written in Perl, uses a fairly complex regex tree data file to enable conversation. Not a lot of data in the datafile at the moment, but enough to see how it works. Its GPL'd and I don't have any intention of entering this competition (I don't have enough time) but people who are interested are welcome to add to the code. Patch me :)
Well, I think its mostly about personal taste, which is one reason why GTK wins out, themes make it possible to adjust stuff to how you like it.
But as far as your two exhibits, well I looked at the first one and winced. The buttons are chunky for a start, and the huge arrow buttons look butt ugly (to me).
The title bar as well, big chunky square thing with far too much indentation (Those of you who have used old RiscOS applications know what I mean there..)
The GTK one however just makes me sigh happily. Arrow buttons are still slightly too large, and I dislike that odd orange thing around one of them, but the text buttons are niiiccee, small indentation, smooth gradient, mmm. And the titlebar too, much nicer look.
I could definitely improve on that theme, but overall, in my eyes it beats the motif look by leaps and bounds.
Get yourself a big radio transmitter, and just beam the stuff into space with lots of error correction. When you wanna retrieve it, you just have to hope for a faster-than-light drive. No media decay problems, and with technology advances your ability to retrieve the data properly increases every year, depending on the rate, this could mean thousands of years of archiving. Even better is if some alien races pick it up and store it as well.