What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
From my layman's understanding of what they did (View the actual conference footage here: http://www.youtube.com/watch?v=GPjd6gHY6A4 ), they don't HAVE the private key. Sony made a big mistake in their key generation method, where they were supposed to use a random value for one variable, they used a static value. Because of that, you're able to generate valid signed packages without the private key.
They don't have Sony's signing key, from what I've read. What they have is a flaw in the key generation process, which allows them to generate valid signed packages without the private key. In fact, here's the video from the conference itself: http://www.youtube.com/watch?v=GPjd6gHY6A4
The people that did this exploit/hack/whatever reportedly only chose this method of action after Sony decided to remove OtherOS support from PS3's. Their stated goal is to get Linux up and running on retail PS3s. Maybe this would've occured a lot quicker if OtherOS never existed.
Wouldn't it make more sense just to load Office 2003 on the C2D machine? It'll be more energy efficient, faster, and has less chance of taking a random nose-dive due to old age.
You, good sir, live in the land of plenty. Can I come?
I think my corp is at about 1 syadmin per 800 people, one netadmin per 1500 people, and about 1 tech support per 700 people. I think the users would be happier with 1 tech support per 250-300users.
Lack of AD doesn't prevent automated OS updates. You can implement WSUS without AD, which will take care of many critical OS updates, it just requires that you alter some registry settings and ensure the users have the latest Windows Update client.
Re:anyone got hires of the beach scene ??
on
Carl Sagan Sings
·
· Score: 1, Informative
Up until (as a previous poster mentioned) LosTech (Old Star League technology) was rediscovered, what I said was true. All MechWarrior games after the first were set post-clan invasion, which is after the Inner Sphere began to recover methods and technology on the creation of BattleMechs. The Clans never lost that tech, so building mechs wasn't as large an issue for them.... also, pretty much all of the MechWarrior games so far have been pretty Action/Arcadey. It's nescessary to have a multitude of enemies, so the limitations of the fictional universe weren't applied nearly as strictly.
Regarding adaptation, I think you're partially correct, within the confines of the fictional universe. Yes, weapons can be adapted to fit mechs that weren't designed for them, but I'd guess it's extremely unlikely that you could do it effectively in the field. It'd be like taking an afternoon to put a 600hp rotary engine in a Corolla. Also, the weapons may not have been so compartmentalized back in 3015. Sure, you could probably weld on a weapon to a part of the Chassis, but did you plan for the added weight in that area? Did you make sure that enough power was routed there? Do you have localized heatsinks ready to dissipate the heat involved with firing that weapon?
This game seems to be based upon the defense of a fairly backwater planet from a Kurita invasion. Based on that subject, I think it's unlikely that there would be too much customization of weapons possible, if it sticks true(er) to the fictional universe.
IGN: That actually brings me to my next question. As far as PC gamers were concerned, part of the appeal of controlling your mech in the MechWarrior franchise was feeling like you were in control of your mech, having access to multiple cockpit commands at one time with your keyboard and your mouse. How are you planning to keep this classic control scheme feel, and will you be adding any new elements for your mechs, especially now that you want to create this full cockpit experience?
Russ Bullock: First and foremost, in this day and age and this time, we've all played the PC games in the past and absolutely loved them. But certainly going forward, just out of necessity and because we think we can, we're definitely very focused also on the Xbox 360. So we're very focused on the console standpoint moving forward. Now, we still need to work out a lot with our chosen publishing partner, so some of these questions will become answered, but I think that Jordan and I are in agreement that we want to make a MechWarrior game.
The MechAssault games were interesting in the role they played inside the universe for the consoles at the time, but we feel the technology is there that we can make a true MechWarrior game, a MechWarrior experience on both the Xbox 360 and the PC and not lose anything from that true MechWarrior feeling. We feel confident obviously in the PC and its control scheme that can be realized because it's been done before. But for the Xbox 360, we've spent a lot of thought and a lot of time in playing around with the controller and finding ways to give the same level of control in the way that you throttle, in the way that you turn and move, use your jump jets, and everything that gives you that MechWarrior experience that doesn't turn it into a power-up pickup sort of arcade style game. So that is something that we're spending a lot of time on â" all the answers aren't there yet, but we want to make a MechWarrior experience and we feel like we can do it both on the 360 and the PC.
MechWarrior (286/386 era) didn't have any customisations for mechs, if I remember correctly. You could purchase whatever mech you wanted, but it had a fairly standard loadout (though some weapons came destroyed and had to be repaired, IIRC).
Rather, the developers are staying within the existing confines of the BattleTech universe. In 3015, it simply isn't possible to have a variable weapons loadout, especially not out in the field. Mechs were rare commodities, very very very few NEW mechs were being produced, and the ones that were generally were based on older designs.
There were no Omnimechs. There was no system to effectively retrofit a battlemech in the field. There WERE Battlemech Variants. So you may be able to choose from a Battlemaster C and a Battlemaster A, but you couldn't (easily) convert from A to C.
I dunno, they made a pretty penny on the recent wireless spectrum sale, maybe they can use some of the R&D to develop new unheard of spectrum to auction off!
Minor correction, the ANA/HANA chip does not do scaling for the x360. The Xbox360 does all scaling in software. Purportedly the ANA/HANA chip handles transferring the framebuffer to the output format (composite, hdmi, component, s-video, SCART, etc).
So, a SSP array would produce 5 times as much raw power as one on the ground on a sunny day.
When is it not a sunny day in space? There's a lot less weather outside of our atmosphere to interfere with solar power gathering. Granted, you have to deal with other issues, I'd be especially worried about large arrays of solar panels being hit by space junk.
Some have suggested sourcing construction material from the moon, and assembling panels outside of earth, which would certainly reduce cost if it is feasible.
Man, if lockups were my only issues with the game.
Fallout3 is the buggiest game I've played in some time. It's crashed repeatedly, and I've broken the game no less than at four times. By broken, I mean the scripting for events didn't expect me to do this or that, and thereby the game stopped responding. Specifically, nobody would interract with me, and in one instance I was stuck in a room with no way out, and had to reload an earlier save.
Regardless, I plowed through the game on friday/sunday, did a few of the sidequests but not everything. Ending is totally crappy and non-satisfying, at least with the route I chose, I'll have to go back and try being evil:)
I was perusing this yesterday, and came across the Weird Al video "Don't Download This Song". One line in the original song goes: o/~ Like Morpheus or Grokster or Limewire or KaZaA o/~
But the version on the new MTV site goes: o/~ Like *beep* or *beep* or *beep* or *beep* o/~
Does anyone know if it was aired on MTV/VH1 this way, or is this unique to the web version?
1) FireFox3's handling of expired/selfsigned certificates is proper. 2) If you regularly visit a site that has an expired certificate, you can easily add it to the exception list, which is leagues better than how FF2 handled it.
People need to get and maintain proper certs, it's as simple as that. Not displaying a scary warning about a self-signed cert would be worse than a short but descriptive error message warning users of a potential security risk.
This guy certainly isn't alone. My father has taken it upon himself to archive, catalog, and digitally store thousands of long out of print Folk Music LPs from Eastern Europe. These records are outside of the scope of the Library of Congress (as they were mostly recorded/printed outside of the US), and are some of the few ways to have (mostly) accurate records of a rapidly vanishing folk music tradition.
I'm quite annoyed that one of my two senators voted in favor of this amendment, and I've already written her an email, not that she'll ever read it.
Anywho, Feingold had a really nice position-point short written up on this subject, and I found myself to be largely in agreement with his views.
http://feingold.senate.gov/~feingold/statements/08/07/20080708.htm
When Congress passed FISA three decades ago, in the wake of the extensive, well-documented wiretapping abuses of the 1960s and 1970s, it decided that, in the future, telephone companies should not simply assume that any government request for assistance to conduct electronic surveillance was appropriate. It was clear that some checks needed to be in place to prevent future abuses of this incredibly intrusive power â" the power to listen in on peopleâ(TM)s personal conversations... ...So Congress devised a system that would take the guesswork out of it completely. Under that system, which is still in place today, the companiesâ(TM) legal obligations and liability depend entirely on whether the government has presented the company with a court order or a certification stating that certain basic requirements have been met. If the proper documentation is submitted, the company must cooperate with the request and is immune from liability. If the proper documentation has not been submitted, the company must refuse the governmentâ(TM)s request, or be subject to possible liability in the courts.
9. Guards are no longer required to carry human rights cards. 10. MP's are now labeled as Guards.
Item 9 is somewhat outrageous. However, if the staff is briefed on human rights, and is following those requirements, then no biggie. Item 10 allows the US to more easily staff Guantanamo Bay with outside contractors (Blackwater), or other Military or Civil officers (FBI, military personel who aren't MP's specificly). This is the more questionable change in my mind.
Putting up a free download link, and having a donate button OR Having an order form that explicitly lets you type in $0 for the purchase price.
Your method will not work because the audience at large feels no obligation to to "donate". Radioheads makes you feel like you ought to pay something, even if it's minimal. Those 62% must feel really bad about now, unless they didn't like the music, in which case they probably appreciate Radiohead for not charging them.
Google acquired Urchin for a definite purpose. They saw the Urchin 6 On Demand service, and realized that it could have a large impact on how they target ads. They purchased Urchin, and converted Urchin 6 On Demand into Google Analytics.
Urchin 6 (standalone) was supposedly nearly finished. There are reviews of it out there on the web, along with screenshots. So in a sense, THAT individual product has disappeared, but it's legacy lives on in Google Analytics.
Sadly, I can't use Google Analytics, since our privacy policy restricts the use of cookies.
Most people shouldn't be outraged about it. Honestly, most people shouldn't even care.
If the people who purchased upgrade support from URCHIN want to take them to court, they'd have a decent case. If the people who purchased it after Google acquired it want a new version, your only decent recourse is to bitch and moan. And guess what? Google isn't listening. And neither should anyone else.
However, Google should release security fixes for the existing product.
Slashdot Mirror
Mod parent up. PSGroove's mention of NOR flash and dongleless jailbreaking is bunk, not sure how they got that.
What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
From my layman's understanding of what they did (View the actual conference footage here: http://www.youtube.com/watch?v=GPjd6gHY6A4 ), they don't HAVE the private key. Sony made a big mistake in their key generation method, where they were supposed to use a random value for one variable, they used a static value. Because of that, you're able to generate valid signed packages without the private key.
They don't have Sony's signing key, from what I've read. What they have is a flaw in the key generation process, which allows them to generate valid signed packages without the private key. In fact, here's the video from the conference itself:
http://www.youtube.com/watch?v=GPjd6gHY6A4
The people that did this exploit/hack/whatever reportedly only chose this method of action after Sony decided to remove OtherOS support from PS3's. Their stated goal is to get Linux up and running on retail PS3s. Maybe this would've occured a lot quicker if OtherOS never existed.
Wouldn't it make more sense just to load Office 2003 on the C2D machine? It'll be more energy efficient, faster, and has less chance of taking a random nose-dive due to old age.
You, good sir, live in the land of plenty. Can I come?
I think my corp is at about 1 syadmin per 800 people, one netadmin per 1500 people, and about 1 tech support per 700 people. I think the users would be happier with 1 tech support per 250-300users.
Lack of AD doesn't prevent automated OS updates. You can implement WSUS without AD, which will take care of many critical OS updates, it just requires that you alter some registry settings and ensure the users have the latest Windows Update client.
The mpg on the creators site is a bit higher quality, but not much.
http://hinome.net/EFh9F10/galaxyrise.jpg
Up until (as a previous poster mentioned) LosTech (Old Star League technology) was rediscovered, what I said was true. All MechWarrior games after the first were set post-clan invasion, which is after the Inner Sphere began to recover methods and technology on the creation of BattleMechs. The Clans never lost that tech, so building mechs wasn't as large an issue for them. ... also, pretty much all of the MechWarrior games so far have been pretty Action/Arcadey. It's nescessary to have a multitude of enemies, so the limitations of the fictional universe weren't applied nearly as strictly.
Regarding adaptation, I think you're partially correct, within the confines of the fictional universe. Yes, weapons can be adapted to fit mechs that weren't designed for them, but I'd guess it's extremely unlikely that you could do it effectively in the field. It'd be like taking an afternoon to put a 600hp rotary engine in a Corolla. Also, the weapons may not have been so compartmentalized back in 3015. Sure, you could probably weld on a weapon to a part of the Chassis, but did you plan for the added weight in that area? Did you make sure that enough power was routed there? Do you have localized heatsinks ready to dissipate the heat involved with firing that weapon?
This game seems to be based upon the defense of a fairly backwater planet from a Kurita invasion. Based on that subject, I think it's unlikely that there would be too much customization of weapons possible, if it sticks true(er) to the fictional universe.
This point is addressed directly in the interview that IGN did.
http://pc.ign.com/articles/100/1002164p1.html
IGN: That actually brings me to my next question. As far as PC gamers were concerned, part of the appeal of controlling your mech in the MechWarrior franchise was feeling like you were in control of your mech, having access to multiple cockpit commands at one time with your keyboard and your mouse. How are you planning to keep this classic control scheme feel, and will you be adding any new elements for your mechs, especially now that you want to create this full cockpit experience?
Russ Bullock: First and foremost, in this day and age and this time, we've all played the PC games in the past and absolutely loved them. But certainly going forward, just out of necessity and because we think we can, we're definitely very focused also on the Xbox 360. So we're very focused on the console standpoint moving forward. Now, we still need to work out a lot with our chosen publishing partner, so some of these questions will become answered, but I think that Jordan and I are in agreement that we want to make a MechWarrior game.
The MechAssault games were interesting in the role they played inside the universe for the consoles at the time, but we feel the technology is there that we can make a true MechWarrior game, a MechWarrior experience on both the Xbox 360 and the PC and not lose anything from that true MechWarrior feeling. We feel confident obviously in the PC and its control scheme that can be realized because it's been done before. But for the Xbox 360, we've spent a lot of thought and a lot of time in playing around with the controller and finding ways to give the same level of control in the way that you throttle, in the way that you turn and move, use your jump jets, and everything that gives you that MechWarrior experience that doesn't turn it into a power-up pickup sort of arcade style game. So that is something that we're spending a lot of time on â" all the answers aren't there yet, but we want to make a MechWarrior experience and we feel like we can do it both on the 360 and the PC.
MechWarrior (286/386 era) didn't have any customisations for mechs, if I remember correctly. You could purchase whatever mech you wanted, but it had a fairly standard loadout (though some weapons came destroyed and had to be repaired, IIRC).
Rather, the developers are staying within the existing confines of the BattleTech universe. In 3015, it simply isn't possible to have a variable weapons loadout, especially not out in the field. Mechs were rare commodities, very very very few NEW mechs were being produced, and the ones that were generally were based on older designs.
There were no Omnimechs. There was no system to effectively retrofit a battlemech in the field. There WERE Battlemech Variants. So you may be able to choose from a Battlemaster C and a Battlemaster A, but you couldn't (easily) convert from A to C.
I dunno, they made a pretty penny on the recent wireless spectrum sale, maybe they can use some of the R&D to develop new unheard of spectrum to auction off!
Minor correction, the ANA/HANA chip does not do scaling for the x360. The Xbox360 does all scaling in software. Purportedly the ANA/HANA chip handles transferring the framebuffer to the output format (composite, hdmi, component, s-video, SCART, etc).
Clearly that's due to Cheetos and Cheesy Poofs, not bromide or any other chemical in the plastics.
So, a SSP array would produce 5 times as much raw power as one on the ground on a sunny day.
When is it not a sunny day in space? There's a lot less weather outside of our atmosphere to interfere with solar power gathering. Granted, you have to deal with other issues, I'd be especially worried about large arrays of solar panels being hit by space junk.
Some have suggested sourcing construction material from the moon, and assembling panels outside of earth, which would certainly reduce cost if it is feasible.
Man, if lockups were my only issues with the game.
Fallout3 is the buggiest game I've played in some time. It's crashed repeatedly, and I've broken the game no less than at four times. By broken, I mean the scripting for events didn't expect me to do this or that, and thereby the game stopped responding. Specifically, nobody would interract with me, and in one instance I was stuck in a room with no way out, and had to reload an earlier save.
Regardless, I plowed through the game on friday/sunday, did a few of the sidequests but not everything. Ending is totally crappy and non-satisfying, at least with the route I chose, I'll have to go back and try being evil :)
I was perusing this yesterday, and came across the Weird Al video "Don't Download This Song". One line in the original song goes:
o/~ Like Morpheus or Grokster or Limewire or KaZaA o/~
But the version on the new MTV site goes:
o/~ Like *beep* or *beep* or *beep* or *beep* o/~
Does anyone know if it was aired on MTV/VH1 this way, or is this unique to the web version?
MTV: http://www.mtvmusic.com/video/?id=108884
Youtube: http://www.youtube.com/watch?v=Yz-grdpKVqg
1) FireFox3's handling of expired/selfsigned certificates is proper.
2) If you regularly visit a site that has an expired certificate, you can easily add it to the exception list, which is leagues better than how FF2 handled it.
People need to get and maintain proper certs, it's as simple as that. Not displaying a scary warning about a self-signed cert would be worse than a short but descriptive error message warning users of a potential security risk.
This guy certainly isn't alone. My father has taken it upon himself to archive, catalog, and digitally store thousands of long out of print Folk Music LPs from Eastern Europe. These records are outside of the scope of the Library of Congress (as they were mostly recorded/printed outside of the US), and are some of the few ways to have (mostly) accurate records of a rapidly vanishing folk music tradition.
Not a bad way to spend your retirement, hmm?
I'm quite annoyed that one of my two senators voted in favor of this amendment, and I've already written her an email, not that she'll ever read it.
...So Congress devised a system that would take the guesswork out of it completely. Under that system, which is still in place today, the companiesâ(TM) legal obligations and liability depend entirely on whether the government has presented the company with a court order or a certification stating that certain basic requirements have been met. If the proper documentation is submitted, the company must cooperate with the request and is immune from liability. If the proper documentation has not been submitted, the company must refuse the governmentâ(TM)s request, or be subject to possible liability in the courts.
Anywho, Feingold had a really nice position-point short written up on this subject, and I found myself to be largely in agreement with his views.
http://feingold.senate.gov/~feingold/statements/08/07/20080708.htm
When Congress passed FISA three decades ago, in the wake of the extensive, well-documented wiretapping abuses of the 1960s and 1970s, it decided that, in the future, telephone companies should not simply assume that any government request for assistance to conduct electronic surveillance was appropriate. It was clear that some checks needed to be in place to prevent future abuses of this incredibly intrusive power â" the power to listen in on peopleâ(TM)s personal conversations...
You left out;
9. Guards are no longer required to carry human rights cards.
10. MP's are now labeled as Guards.
Item 9 is somewhat outrageous. However, if the staff is briefed on human rights, and is following those requirements, then no biggie.
Item 10 allows the US to more easily staff Guantanamo Bay with outside contractors (Blackwater), or other Military or Civil officers (FBI, military personel who aren't MP's specificly). This is the more questionable change in my mind.
There's a big difference psychologically between:
Putting up a free download link, and having a donate button
OR
Having an order form that explicitly lets you type in $0 for the purchase price.
Your method will not work because the audience at large feels no obligation to to "donate". Radioheads makes you feel like you ought to pay something, even if it's minimal. Those 62% must feel really bad about now, unless they didn't like the music, in which case they probably appreciate Radiohead for not charging them.
Google acquired Urchin for a definite purpose. They saw the Urchin 6 On Demand service, and realized that it could have a large impact on how they target ads. They purchased Urchin, and converted Urchin 6 On Demand into Google Analytics.
Urchin 6 (standalone) was supposedly nearly finished. There are reviews of it out there on the web, along with screenshots. So in a sense, THAT individual product has disappeared, but it's legacy lives on in Google Analytics.
Sadly, I can't use Google Analytics, since our privacy policy restricts the use of cookies.
Most people shouldn't be outraged about it. Honestly, most people shouldn't even care.
If the people who purchased upgrade support from URCHIN want to take them to court, they'd have a decent case.
If the people who purchased it after Google acquired it want a new version, your only decent recourse is to bitch and moan. And guess what? Google isn't listening. And neither should anyone else.
However, Google should release security fixes for the existing product.