"What do you mean, 'where are the keys for it?' Awwww man..."
Re:Does it always produce true responses?
on
Torture in Games
·
· Score: 1
I don't doubt that they are effective at times. It has more to do with the fact that I don't want my government torturing anyone, because eventually that anyone could trickle down to be me or someone I care about.
I concur with the overall sentiment, but I have to question the exact concept as you've expressed it.
Torture is one thing, but how do you feel about being imprisoned? Should the government not imprison anyone for fear that you and yours may be imprisoned? I would say not. Imprisonment is a part of government (if unfortunate). The important thing is to ensure the reasons and methods of imprisonment are proper and acceptable.
We have to separate the act from the process. Both are critical. But they are not the same.
So, basically, you're not going to believe what they say unless they say what you already believe? Lovely.
Tell ya what - you can practice your surprised-face too. That way, you can act surprised if I act surprised. And we can all pretend like its a big deal that our biases and skepticism entered in to the interpretation of events.
I would also be shocked (SHOCKED!) to find gambling on the premises.
People need incentives to buy products, and open source software doesn't give people that incentive outside of the enterprise realm where paid support is a big money maker. Let's get closer to regular users here. What incentive do home users have to buy StarOffice when OpenOffice is more than good enough?
I never thought of StarOffice being directed towards the "regular user" market. It seems to be very much an enterprise application. Having said that, there is very attractive licensing for individuals. I couldn't say whether it is all that attractive over Openoffice.org. But then, I've never ever paid for an office suite out of my own pocket.
How about pay anything for WordPress when it's free and easily installed by CPanel?
Normal users use CPanel? Once again, we're in to a completely different category of users. Most "normal users" are going to go for the hosted option. Anyone hosting their own instance of Wordpress are going to be more advanced or hiring someone to do it for them. And it doesn't seem that Wordpress cares (their business model seems to be hosting, not licensing).
A pure open source approach isn't going to allow Sun to make good money on their R&D investment, but if they were to dramatically improve MySQL and provide high quality tools at reasonable prices, that sort of hybrid approach would work. Companies that want to make their core software open source are going to have to make compelling products that interact with them if they want to be able to sell more than consulting and support services.
Sun makes its money from the enterprise. Why do they need this hybrid business model?
So to suggest that "the community" is owed nothing for their efforts (developing, testing, debugging, suggesting improvements, etc) is also näive.
I'm not sure how the community is owed anything. They have what they are guaranteed: code and a license that allows them to take it (almost) wherever they want. Seems like payment in full to me. The accounts are balanced and everyone can split right now - although it would probably be mutually beneficial if everyone continued to play nice (especially Sun).
If all Sun wanted to do was run a support business for MySQL, why did they even worry about buying it? Why not just hang out a shingle and say, "I will install MySQL for you for $99.99"? Why bother trying to "own" the community instead of joining the community? Try to own, get powned.
Because those who control the budgets that make support contracts profitable want someone to "own" the problem. Now that MySQL AB is a subsidiary of Sun, Sun has a claim to MySQL that nobody else can have. Sure - there are plenty of other outfits out there that are entirely capable of supporting MySQL. But none of them ARE MySQL.
I know most Slashdotters made up their mind a long time ago, but at least Ubisoft is open to other ideas.
The reason "Slashdotters made up their mind" is due to the tone coming from Ubisoft.
"A lot of people complain that DRM is what forces people to pirate games but as PoP PC has no DRM we'll see how truthful people actually are. Not very, I imagine."
It sounds like Ubisoft already has their minds made up. That's what "Slashdot" is picking up on.
Yeah - it'll be interesting to see what happens with this. It makes for a very interesting experiment and discussion. But I'll have to practice my "surprise face" just in case Ubisoft announces that their experiment has proven the need for DRM.
If you make a really crap game, piracy will go down, but sales would go down too. If you make a good game, both piracy and sales will go up.
I don't know what the warez scene is like these days, but a couple decades ago folks would copy software for the sake of having the software. It didn't matter if the tittle was a useful / good or bad / useless. If it was another piece to add to the collection, the warez packrats would squirrel it away. It was kind of an illicit data version of Pokemon; gotta collect them all. I wouldn't imagine it's much different today.
That would mean that a bad game would get copied indifferently to the quality of the game. In fact, bad games may even appear to be copied more as the percentage of illicit to legitimate copies skews to the warez packrats.
Robbins, who said he supports the troops, noted other recent attempts to squelch free speech after criticism of the war. ''One was when my wife, who was supposed to be the guest speaker at a United Way fund-raiser in Tampa, was cancelled because of her political views.'' Another, he said, is pressure from some viewers who have threatened to boycott ABC if the network goes ahead with plans to air a situation comedy starring Janeane Garofalo, another antiwar activist.
Still, many entertainers known for liberalism have kept silent on the war, buttressing Mr. Robbins's notion that "a chill wind is blowing." In a speech at the National Press Club, he contended: "A message is being sent through the White House and its allies in talk radio and Clear Channel and Cooperstown: 'If you oppose this administration, there... will be ramifications.'"
As for the Dixie Chicks - I have to admit that I'm coming up short with quotes from them showing dismay over the business side. There's certainly some negative reaction. But anything that touches on business tends to be along the lines of a sort of brush-off that said fan base wasn't important. They even begin to change their music style. And in the end, the business side really doesn't seem to suffer that much.
Having said that - show business is often trading on stardom. I still find it hard to believe that seeing one's popularity take a hit isn't damaging to someone who's careers are impacted by that popularity.
Well, wasn't the big draw of Android supposed to be that the big mean ol' bad Apple man couldn't tell your apps what they could or couldn't do? Complete freedom from turtlenecked oppression?
A corporate authority (i.e. Apple) not being able to dictate what an application can or can not do is different than the user being able to dictate what an application can or can not do.
You know their names? They're just as anonymous as people on the internet.
There's a certain degree of anonymity to strangers on the street. But its not quite the same as anonymity on the 'net.
A common phrase about abuse of being anonymous goes something along the lines of "would you say that if you were face-to-face with the person?" While personal identification has implications, so does physical presence where you can be subject to immediate repercussions for your actions.
I sincerely doubt you can name even one case of that happening.
Tim Robbins and Susan Sarandon and the Baseball Hall of Fame / Bull Durham tempest-in-a-teapot. Dixie Chicks (or at least Natalie Maines) and the Bush-from-Texas-embarrassment brouhaha. Those come immediately to mind.
Note that I don't mention Bill Maher as politics is his schtick (talking politics is his job) and I'm not aware of him actually suffering repercussions for anything he's said.
Also note that this is not about whether any specific comments were "right" or not. My criticism is restricted to stars who use their stardom to gain an otherwise unearnedly large platform for their opinion(s).
I don't have any favorable views towards churches mixing in politics either (especially when they lie).
Not everybody uses their Internet anonymity to be a jerk, but enough do that I wonder if things would be different if they were using their real names.
Ever walk the streets of New York (or any large city for that manner). Whole throngs of people walk around being jerks at each other. And they're doing it right there in person! Right in front of you. Within arm's reach.
Yeah, sure. Some people are jerks when they're anonymous. But its hardly the root cause of the problem.
How about the right to free speech? This is so abridged that regular people feel the need to speak anonymously, lest they be fired from their work, denied a new job, sued, etc. So, it seems to me that anonymity is a symptom of the problem rather than the fundamental right that is being violated.
It reminds me of stars that use their name recognition to draw an audience to give political speeches. And then they get upset if those political views cause others to decide to not do business with them and it affects their careers. It seemed to me that they wanted to trade on their name to gain attention but didn't want to be responsible for their actions.
Along the same lines, I've had various professional accouterments (titles, uniforms, etc.) over the years. I had to be very careful sometimes that what I said would not be mistaken as representative of my employer. I found that this was easier if I didn't stress my employer and position when using my name or discussed things under a pseudonym.
With all this in mind... it seems to me that the option of being anonymous is a part of the ability to exercise free speech rather than a crutch due to other limitations of it.
What about the hundreds of other stories about copyright infringement? Or, do you suggest that we should only consider the few stories that don't prove my contention?
No - I'm suggesting you stay remotely on subject (i.e. binary drivers?!).
No, I'm pretty sure you're wrong. When Cisco announced that their network had been compromised and IOS source code was copied, nobody blamed Cisco for trying to track down the perpetrators. Likewise, nobody seemed at all upset at Cisco when discussions about Cisco knock-offs with illegal copies of IOS have been mentioned. I don't believe there's been any criticism of copyright in these cases.
All I want to say is that it was not necessarily someone who looked at the disassembled code, looking for the patched vulnerability and just realizing (matrix like by "seeing the code") another vulnerability.
My post was a mixture of sarcasm, humor, and a disbelief in the idea that releasing patches causes more problems than it solves.
Well - OK. Sure. That's basically what I'm saying. But what you missed was the main point; people often name things to bluff their way through ignorance of the subject at hand.
Not at all. You see - exploits are only developed by analyzing patches. What you have here is a very advanced malware developer. For they had gazed on the patch and, instead of seeing the vulnerabilities being patched, they saw the one that was not. It's all very Zen.
Actually - it's not the first time Microsoft's patch cycle has been gamed.
I have a hard time believing that someone who actually installed and tried linux in college would believe it was illegal.
Saying something and doing something are sometimes two very different things. Back during my helldesk years, one of the worse calls one could get would begin with the customer stating "I am a MCSE." It is certainly possible some of these folks were, in fact, MCSEs and really should have been embarrassed over having to call up for help on getting dial-up networking going. But I am pretty sure more than a few of these folks' IT experience ended at knowing "MCSE" and were trying to add weight to their request as if "MCSE" were a mystical incantation or secret code phrase for the illuminati of techies.
Likewise, I wouldn't be surprised to find out that this teacher's experience with Linux ends at knowing the word "Linux" and maybe an off-hand comment by some Windows fanboi. Yet she has mentioned having had past experience with Linux as if she's pierced the veil of secrecy and the gig is up..
The attack described in that article is obviously a professional targeted heist, especially considering the 0day.
Keep in mind that there are numerous attacks described in the series of articles. I don't know about all of them. And I can't comment in detail as I'd prefer to keep my career intact (which is the nature of this stuff and why its so suspect - how can you verify if you can't review?).
Just out of curiosity, how was the attack discovered? It should be quite possible to pull off that kind of attack without discovery even considering the spamming (injecting rookits with steganographic connect-back using dual-stage shellcode and making the website look like harmless viagra spam, assuming that the "unknown vulnerability" is a normal client memory corruption class of vuln). How do you know more subtle attacks aren't passing under your radar?
The attackers that I've investigated are pretty good at remaining undetected. Most of what they're doing blends well with daily patterns. However, a particularly alert individual noted something amiss, investigated, and found something that wasn't normal. Because they had a good relationship with the Infosec group, it got reported early. The Infosec group then started back tracking access through multiple systems until the initial breach was deturmined (as well as a lot of information on what the attacker(s) were doing).
How many subtle attacks are passing under the radar? Who can say. Before this particular incident, the concept was often discussed and various things were being worked on to try and solve the issue. We didn't know for sure that there WAS something going on - but we were asking ourselves "what if" and trying to figure out what tactics and tools we could use to figure it out. Those projects helped make the job of tracking the intruders easier once we understood what there WAS an intruder and some hint at what to look for. But ultimately, it was one individual who tipped us off.
One side comment to all this - its all about people. Good people. They're the ones that tend to catch this stuff. They're the ones who also manage to stop it (how often is hard to quantify). But so often I've seen really great people disappear in to the ether because of the beurocracies managing these environments. The US Government needs to figure out how to not only attract good people - but how to retain them as well. That's going to be really difficult for the Government to do as the very nature of these agencies tends to squander good people.
Slashdot Mirror
"What do you mean, 'where are the keys for it?' Awwww man..."
I don't doubt that they are effective at times. It has more to do with the fact that I don't want my government torturing anyone, because eventually that anyone could trickle down to be me or someone I care about.
I concur with the overall sentiment, but I have to question the exact concept as you've expressed it.
Torture is one thing, but how do you feel about being imprisoned? Should the government not imprison anyone for fear that you and yours may be imprisoned? I would say not. Imprisonment is a part of government (if unfortunate). The important thing is to ensure the reasons and methods of imprisonment are proper and acceptable.
We have to separate the act from the process. Both are critical. But they are not the same.
So, basically, you're not going to believe what they say unless they say what you already believe? Lovely.
Tell ya what - you can practice your surprised-face too. That way, you can act surprised if I act surprised. And we can all pretend like its a big deal that our biases and skepticism entered in to the interpretation of events.
I would also be shocked (SHOCKED!) to find gambling on the premises.
What does any of that have to do with "software that is free in every way?"
People need incentives to buy products, and open source software doesn't give people that incentive outside of the enterprise realm where paid support is a big money maker. Let's get closer to regular users here. What incentive do home users have to buy StarOffice when OpenOffice is more than good enough?
I never thought of StarOffice being directed towards the "regular user" market. It seems to be very much an enterprise application. Having said that, there is very attractive licensing for individuals. I couldn't say whether it is all that attractive over Openoffice.org. But then, I've never ever paid for an office suite out of my own pocket.
How about pay anything for WordPress when it's free and easily installed by CPanel?
Normal users use CPanel? Once again, we're in to a completely different category of users. Most "normal users" are going to go for the hosted option. Anyone hosting their own instance of Wordpress are going to be more advanced or hiring someone to do it for them. And it doesn't seem that Wordpress cares (their business model seems to be hosting, not licensing).
A pure open source approach isn't going to allow Sun to make good money on their R&D investment, but if they were to dramatically improve MySQL and provide high quality tools at reasonable prices, that sort of hybrid approach would work. Companies that want to make their core software open source are going to have to make compelling products that interact with them if they want to be able to sell more than consulting and support services.
Sun makes its money from the enterprise. Why do they need this hybrid business model?
So to suggest that "the community" is owed nothing for their efforts (developing, testing, debugging, suggesting improvements, etc) is also näive.
I'm not sure how the community is owed anything. They have what they are guaranteed: code and a license that allows them to take it (almost) wherever they want. Seems like payment in full to me. The accounts are balanced and everyone can split right now - although it would probably be mutually beneficial if everyone continued to play nice (especially Sun).
Why bother with BSD then? Stick to the public domain.
If all Sun wanted to do was run a support business for MySQL, why did they even worry about buying it? Why not just hang out a shingle and say, "I will install MySQL for you for $99.99"? Why bother trying to "own" the community instead of joining the community? Try to own, get powned.
Because those who control the budgets that make support contracts profitable want someone to "own" the problem. Now that MySQL AB is a subsidiary of Sun, Sun has a claim to MySQL that nobody else can have. Sure - there are plenty of other outfits out there that are entirely capable of supporting MySQL. But none of them ARE MySQL.
I know most Slashdotters made up their mind a long time ago, but at least Ubisoft is open to other ideas.
The reason "Slashdotters made up their mind" is due to the tone coming from Ubisoft.
"A lot of people complain that DRM is what forces people to pirate games but as PoP PC has no DRM we'll see how truthful people actually are. Not very, I imagine."
It sounds like Ubisoft already has their minds made up. That's what "Slashdot" is picking up on.
Yeah - it'll be interesting to see what happens with this. It makes for a very interesting experiment and discussion. But I'll have to practice my "surprise face" just in case Ubisoft announces that their experiment has proven the need for DRM.
If you make a really crap game, piracy will go down, but sales would go down too.
If you make a good game, both piracy and sales will go up.
I don't know what the warez scene is like these days, but a couple decades ago folks would copy software for the sake of having the software. It didn't matter if the tittle was a useful / good or bad / useless. If it was another piece to add to the collection, the warez packrats would squirrel it away. It was kind of an illicit data version of Pokemon; gotta collect them all. I wouldn't imagine it's much different today.
That would mean that a bad game would get copied indifferently to the quality of the game. In fact, bad games may even appear to be copied more as the percentage of illicit to legitimate copies skews to the warez packrats.
Look a little longer. There's (at least) hints if not outright anger at the backlash.
http://query.nytimes.com/gst/fullpage.html?res=9C03E0DF143BF932A25757C0A9659C8B63
Robbins, who said he supports the troops, noted other recent attempts to squelch free speech after criticism of the war. ''One was when my wife, who was supposed to be the guest speaker at a United Way fund-raiser in Tampa, was cancelled because of her political views.'' Another, he said, is pressure from some viewers who have threatened to boycott ABC if the network goes ahead with plans to air a situation comedy starring Janeane Garofalo, another antiwar activist.
http://www.csmonitor.com/2003/0501/p03s01-ussc.html
Still, many entertainers known for liberalism have kept silent on the war, buttressing Mr. Robbins's notion that "a chill wind is blowing." In a speech at the National Press Club, he contended: "A message is being sent through the White House and its allies in talk radio and Clear Channel and Cooperstown: 'If you oppose this administration, there ... will be ramifications.'"
As for the Dixie Chicks - I have to admit that I'm coming up short with quotes from them showing dismay over the business side. There's certainly some negative reaction. But anything that touches on business tends to be along the lines of a sort of brush-off that said fan base wasn't important. They even begin to change their music style. And in the end, the business side really doesn't seem to suffer that much.
Having said that - show business is often trading on stardom. I still find it hard to believe that seeing one's popularity take a hit isn't damaging to someone who's careers are impacted by that popularity.
Well, wasn't the big draw of Android supposed to be that the big mean ol' bad Apple man couldn't tell your apps what they could or couldn't do? Complete freedom from turtlenecked oppression?
A corporate authority (i.e. Apple) not being able to dictate what an application can or can not do is different than the user being able to dictate what an application can or can not do.
You know their names? They're just as anonymous as people on the internet.
There's a certain degree of anonymity to strangers on the street. But its not quite the same as anonymity on the 'net.
A common phrase about abuse of being anonymous goes something along the lines of "would you say that if you were face-to-face with the person?" While personal identification has implications, so does physical presence where you can be subject to immediate repercussions for your actions.
I sincerely doubt you can name even one case of that happening.
Tim Robbins and Susan Sarandon and the Baseball Hall of Fame / Bull Durham tempest-in-a-teapot. Dixie Chicks (or at least Natalie Maines) and the Bush-from-Texas-embarrassment brouhaha. Those come immediately to mind.
Note that I don't mention Bill Maher as politics is his schtick (talking politics is his job) and I'm not aware of him actually suffering repercussions for anything he's said.
Also note that this is not about whether any specific comments were "right" or not. My criticism is restricted to stars who use their stardom to gain an otherwise unearnedly large platform for their opinion(s).
I don't have any favorable views towards churches mixing in politics either (especially when they lie).
Not everybody uses their Internet anonymity to be a jerk, but enough do that I wonder if things would be different if they were using their real names.
Ever walk the streets of New York (or any large city for that manner). Whole throngs of people walk around being jerks at each other. And they're doing it right there in person! Right in front of you. Within arm's reach.
Yeah, sure. Some people are jerks when they're anonymous. But its hardly the root cause of the problem.
How about the right to free speech? This is so abridged that regular people feel the need to speak anonymously, lest they be fired from their work, denied a new job, sued, etc. So, it seems to me that anonymity is a symptom of the problem rather than the fundamental right that is being violated.
It reminds me of stars that use their name recognition to draw an audience to give political speeches. And then they get upset if those political views cause others to decide to not do business with them and it affects their careers. It seemed to me that they wanted to trade on their name to gain attention but didn't want to be responsible for their actions.
Along the same lines, I've had various professional accouterments (titles, uniforms, etc.) over the years. I had to be very careful sometimes that what I said would not be mistaken as representative of my employer. I found that this was easier if I didn't stress my employer and position when using my name or discussed things under a pseudonym.
With all this in mind... it seems to me that the option of being anonymous is a part of the ability to exercise free speech rather than a crutch due to other limitations of it.
What about the hundreds of other stories about copyright infringement? Or, do you suggest that we should only consider the few stories that don't prove my contention?
No - I'm suggesting you stay remotely on subject (i.e. binary drivers?!).
No, I'm pretty sure you're wrong. When Cisco announced that their network had been compromised and IOS source code was copied, nobody blamed Cisco for trying to track down the perpetrators. Likewise, nobody seemed at all upset at Cisco when discussions about Cisco knock-offs with illegal copies of IOS have been mentioned. I don't believe there's been any criticism of copyright in these cases.
VisiCalc was first released for the Apple (not Mac), and sales skyrocketed. Apple's were the original business desktop computer.
And not only that, they were a key part of getting IBM to consider the microcomputer more than a toy. Enter the IBM PC.
All I want to say is that it was not necessarily someone who looked at the disassembled code, looking for the patched vulnerability and just realizing (matrix like by "seeing the code") another vulnerability.
My post was a mixture of sarcasm, humor, and a disbelief in the idea that releasing patches causes more problems than it solves.
For the record, I'm also skeptical of the mystical powers often attributed to hackers.
Having said that - great post.
Well - OK. Sure. That's basically what I'm saying. But what you missed was the main point; people often name things to bluff their way through ignorance of the subject at hand.
Not at all. You see - exploits are only developed by analyzing patches. What you have here is a very advanced malware developer. For they had gazed on the patch and, instead of seeing the vulnerabilities being patched, they saw the one that was not. It's all very Zen.
Actually - it's not the first time Microsoft's patch cycle has been gamed.
I have a hard time believing that someone who actually installed and tried linux in college would believe it was illegal.
Saying something and doing something are sometimes two very different things. Back during my helldesk years, one of the worse calls one could get would begin with the customer stating "I am a MCSE." It is certainly possible some of these folks were, in fact, MCSEs and really should have been embarrassed over having to call up for help on getting dial-up networking going. But I am pretty sure more than a few of these folks' IT experience ended at knowing "MCSE" and were trying to add weight to their request as if "MCSE" were a mystical incantation or secret code phrase for the illuminati of techies.
Likewise, I wouldn't be surprised to find out that this teacher's experience with Linux ends at knowing the word "Linux" and maybe an off-hand comment by some Windows fanboi. Yet she has mentioned having had past experience with Linux as if she's pierced the veil of secrecy and the gig is up..
Excuse me, I'm an American and I understand "gratis" perfectly, thank you very much.
I also understand "vrij", "libre", "frei", "libero" and "livre".
A witch! A witch! Burn 'em!
The attack described in that article is obviously a professional targeted heist, especially considering the 0day.
Keep in mind that there are numerous attacks described in the series of articles. I don't know about all of them. And I can't comment in detail as I'd prefer to keep my career intact (which is the nature of this stuff and why its so suspect - how can you verify if you can't review?).
Just out of curiosity, how was the attack discovered? It should be quite possible to pull off that kind of attack without discovery even considering the spamming (injecting rookits with steganographic connect-back using dual-stage shellcode and making the website look like harmless viagra spam, assuming that the "unknown vulnerability" is a normal client memory corruption class of vuln). How do you know more subtle attacks aren't passing under your radar?
The attackers that I've investigated are pretty good at remaining undetected. Most of what they're doing blends well with daily patterns. However, a particularly alert individual noted something amiss, investigated, and found something that wasn't normal. Because they had a good relationship with the Infosec group, it got reported early. The Infosec group then started back tracking access through multiple systems until the initial breach was deturmined (as well as a lot of information on what the attacker(s) were doing).
How many subtle attacks are passing under the radar? Who can say. Before this particular incident, the concept was often discussed and various things were being worked on to try and solve the issue. We didn't know for sure that there WAS something going on - but we were asking ourselves "what if" and trying to figure out what tactics and tools we could use to figure it out. Those projects helped make the job of tracking the intruders easier once we understood what there WAS an intruder and some hint at what to look for. But ultimately, it was one individual who tipped us off.
One side comment to all this - its all about people. Good people. They're the ones that tend to catch this stuff. They're the ones who also manage to stop it (how often is hard to quantify). But so often I've seen really great people disappear in to the ether because of the beurocracies managing these environments. The US Government needs to figure out how to not only attract good people - but how to retain them as well. That's going to be really difficult for the Government to do as the very nature of these agencies tends to squander good people.