I'm mixed on Steam. I like the automatic downloads and automatic updates, but I'm wary of situations where 2 or 3 people in my family want to play different Steam powered games at the same time. They're locked into one account.
I won't be buying GTA IV on Steam for that reason. I don't want to lock the family out of Peggle.
I guess I don't use enough large commercial apps for WM. Most of the ones I use give you a choice of CAB or EXE. Microsoft seems to be the big exception to that rule.
You could always just download the.cab from a web server using PocketIE and not use Wine at all. Or you could put the.cab on a memory card and then put the card into the phone.
SOE tries too hard to create everything for everyone, and winds up creating games that annoys pretty much every group. SWG is currently a MMORPG MUD SIMCity FPS Card game.
Honestly, I felt that if Sony and Lucas didn't get smacked down so hard with SWG, the next 'upgrade' would have been SWG: Peggle edition.
I had to do something similar several years ago on, obviously, a much smaller scale.
Migration costs money, lots of it if you want to do it properly. Our users had a choice, either continue with a backend that didn't work and crashed, lose profiles and settings and have to re-enter them, or burn money migrating what was essentially a few hundred useful profiles.
Considering that most profiles are just small amounts of user input, we figured that the users could always re-enter it. Yeah, it was a crappy thing to do, but it was the right thing to do. (And I personally spent my own time sending lost poems, URLs and pictures back to users who requested them. I'm not a heartless bastard, that title was reserved for upper management)
The problem with these and other non-cable co DVR's is that you're limited to OTA HD content or unencrypted QAM (OTA HD that's re-broadcast pretty much). I hate to say it, but you have to get your DVR from the cable company of you want the full feature set.
I love my HTPC, I wish I could record (or at least watch) HBO-HD on it.
Can you say database abstraction layer? Don't leave home without it.
No, not in a custom app. If I was writing something for widespread disribution then I would add an extra layer, but I'm not going to add that to a static platform.
In these, the same guy who writes Java writes stored procedures. I've seen some pretty horrific SQL in my time - manual "joins" using cursors, for example - but at least they were in stored procedures to optimize performance. (?!)
But at least the DB code can be reviewed and re-written without touching a line of code in the application.
The database server is designed to handle data efficiently. Most large DB's, Oracle, SQL Server, Sybase, DB/2, etc.. have years of experience in doing one thing, handling large amounts of data efficiently. Application servers are multifunction tools, while they are used to handle data retrieval, it's not their primary purpose, they have other things to do and can do them more efficiently.
While I think it's great to be able to throw ad-hoc queries down to the DB from the app server, I found that I'm better off in the long run creating a well defined interface to the data. I'm also happy that I can lock out all queries from the web servers, so in the event someone does manage to break the web server's security, all they can do is process data through the interface, and not inject something into the query processor.
All that being said, it depends on the task at hand. If all you're doing is a few small queries, then yeah, the app server is easier. If you're going to dump 50,000 records with multiple tables, the db server is where it belongs.
I'm about to start a new web project and I get to choose the DB. I'm concerned over the lack of stored procedures though. My last big project used SP's for everything and honestly, while initial coding was a pain, in the long run it was a huge benifit.
I need a lean and mean webDB, so, if not Drizzle, does anyone have other recommendations?
Speech that educates people on how to break DRM doesn't fall into that category, and should be protected.
But...you might hurt their PROFITS! It's their profits, their god given right to make more money!
Seriously, it says 'Congress shall make no law ' in the first amendment, I'll take that to mean 'Congress shall make no law' but I might be naive when it comes to something that is pretty much explicit.
I don't think this counts as a device covered by the DMCA. The locks put into MacOS are not to prevent copying, they are to prevent use on non apple hardware. The DMCA only covers circumvention devices to prevent copying.
Spoken like someone who has absolutely no concept on how certificates and signing works.
is full of smugness about the strength of certificates and public-key crypto. I agree that *if* a public-key crypto scheme is implemented 100% securely, it is in fact likely to be unforge-able during our lifetimes.
My original claim was a direct response to:
You mean that if somebody can figure out how to forge a microsoft signature or infect a signed file they can get carte blance access to your machine.
Which is not going to happen.
The Verisign/Microsoft fiasco has no bearing on the design of Microsoft to sign binaries and allow signed binaries access. They both used certificates, that's about it and it's not relevant to this topic.
The setup Microsoft is proposing is not a traditional PKI (Public Key) because there's no key authority outside of Microsoft. There is no third party, it's Microsoft along the entire certificate chain. I don't see how anyone could consider this a potential security hole. If someone is going to get in, they'll get in through another bug. They're not going to fake a signature, nor are they going to modify a signed binary without altering the signature.
I'm already familiar with it, there was no revocation mechanism. There is now, they learned that mistake the hard way, and again, this isn't your typical PKI setup.
The certs issued with the verisign screwup did not break the security, it allowed someone to sign things to appear to be Microsoft, but they were still new untrusted keys. If you read one of the linked stories:
When people double-click a Web link to install a program, a "Security Warning" dialog box pops up with details of the certificate used to sign the code. The dialog box will appear even on computers where the person had previously said to trust all Microsoft code.
So, if someone convinced Verisign to issue new certs as Microsoft again, the security would still be intact, as the cert wouldn't be trusted. Add that to the fact that Microsoft doesn't use Verisign to sign Windows components means that the attack vector you are describing is not possible.
Microsoft would have to sign the malware code with their certificate that they hold and issue from their root in order to bypass UAC. It's not going to happen, no way, no how.
You're saying that Microsoft is going to get tricked into giving out their self-signed root certificate to an untrusted third party and then not revoke it in time to prevent a disaster?
Yeah, and Steve Jobs will be the next CEO of Microsoft.
The social engineering scenario really only applies if you involve third parties, if you write the OS, and you self sign, you pretty much own the entire process. You would need a massive security breech at Microsoft, and in that case, you might as well just pump the malware down through automatic updates, the cert signing won't matter.
So basically:
You mean that if somebody can figure out how to forge a microsoft signature or infect a signed file they can get carte blance access to your machine.
Slashdot Mirror
I'm mixed on Steam. I like the automatic downloads and automatic updates, but I'm wary of situations where 2 or 3 people in my family want to play different Steam powered games at the same time. They're locked into one account.
I won't be buying GTA IV on Steam for that reason. I don't want to lock the family out of Peggle.
Yeah, TimeWarner/Roadrunner tech support will get right on that, I'm amazed they support ping.
This is slashdot, does this play well with x10?
There's always BBC news, they have lots of US National stories.
I guess I don't use enough large commercial apps for WM. Most of the ones I use give you a choice of CAB or EXE. Microsoft seems to be the big exception to that rule.
You could always just download the .cab from a web server using PocketIE and not use Wine at all. .cab on a memory card and then put the card into the phone.
Or you could put the
I know the feeling.
SOE tries too hard to create everything for everyone, and winds up creating games that annoys pretty much every group. SWG is currently a MMORPG MUD SIMCity FPS Card game.
Honestly, I felt that if Sony and Lucas didn't get smacked down so hard with SWG, the next 'upgrade' would have been SWG: Peggle edition.
I had to do something similar several years ago on, obviously, a much smaller scale.
Migration costs money, lots of it if you want to do it properly. Our users had a choice, either continue with a backend that didn't work and crashed, lose profiles and settings and have to re-enter them, or burn money migrating what was essentially a few hundred useful profiles.
Considering that most profiles are just small amounts of user input, we figured that the users could always re-enter it. Yeah, it was a crappy thing to do, but it was the right thing to do. (And I personally spent my own time sending lost poems, URLs and pictures back to users who requested them. I'm not a heartless bastard, that title was reserved for upper management)
The problem with these and other non-cable co DVR's is that you're limited to OTA HD content or unencrypted QAM (OTA HD that's re-broadcast pretty much). I hate to say it, but you have to get your DVR from the cable company of you want the full feature set.
I love my HTPC, I wish I could record (or at least watch) HBO-HD on it.
I thought that was what the USB port was for.
On a side note, I'm very happy with my phone with a WM 6.1 ROM that I hacked to my liking. I just wish the browser was a little better.
If you happened to fight and slave and earn an Amani Warbear, for example, you'd be owe an additional 45 dollars in capital gains taxes.
How about just taxing it when you sell the item using real money? That sidesteps all the accounting problems.
Can you say database abstraction layer? Don't leave home without it.
No, not in a custom app. If I was writing something for widespread disribution then I would add an extra layer, but I'm not going to add that to a static platform.
In these, the same guy who writes Java writes stored procedures. I've seen some pretty horrific SQL in my time - manual "joins" using cursors, for example - but at least they were in stored procedures to optimize performance. (?!)
But at least the DB code can be reviewed and re-written without touching a line of code in the application.
Thanks for the heads up.
I'll tinker around with it in a test VM for now.
I disagree.
The database server is designed to handle data efficiently. Most large DB's, Oracle, SQL Server, Sybase, DB/2, etc.. have years of experience in doing one thing, handling large amounts of data efficiently. Application servers are multifunction tools, while they are used to handle data retrieval, it's not their primary purpose, they have other things to do and can do them more efficiently.
While I think it's great to be able to throw ad-hoc queries down to the DB from the app server, I found that I'm better off in the long run creating a well defined interface to the data. I'm also happy that I can lock out all queries from the web servers, so in the event someone does manage to break the web server's security, all they can do is process data through the interface, and not inject something into the query processor.
All that being said, it depends on the task at hand. If all you're doing is a few small queries, then yeah, the app server is easier. If you're going to dump 50,000 records with multiple tables, the db server is where it belongs.
Has anyone here used Drizzle?
I'm about to start a new web project and I get to choose the DB. I'm concerned over the lack of stored procedures though. My last big project used SP's for everything and honestly, while initial coding was a pain, in the long run it was a huge benifit.
I need a lean and mean webDB, so, if not Drizzle, does anyone have other recommendations?
And this is why I stick around here.
Mod up, +5 Fermat.
Speech that educates people on how to break DRM doesn't fall into that category, and should be protected.
But...you might hurt their PROFITS! It's their profits, their god given right to make more money!
Seriously, it says 'Congress shall make no law ' in the first amendment, I'll take that to mean 'Congress shall make no law' but I might be naive when it comes to something that is pretty much explicit.
I don't know why that went out of style
It completely went out of style when:
Hi, I'm a Mac.
And I'm a PC.
Now I remember why I decided to go with software development over network administration!
As a network administrator, let me be the first to say, I hate you.
No more freerepublic and no more dailykos.
You still have a modem? If so, you're safe, just much much slower.
I don't think this counts as a device covered by the DMCA. The locks put into MacOS are not to prevent copying, they are to prevent use on non apple hardware. The DMCA only covers circumvention devices to prevent copying.
Your original claim:
Spoken like someone who has absolutely no concept on how certificates and signing works.
is full of smugness about the strength of certificates and public-key crypto. I agree that *if* a public-key crypto scheme is implemented 100% securely, it is in fact likely to be unforge-able during our lifetimes.
My original claim was a direct response to:
You mean that if somebody can figure out how to forge a microsoft signature or infect a signed file they can get carte blance access to your machine.
Which is not going to happen.
The Verisign/Microsoft fiasco has no bearing on the design of Microsoft to sign binaries and allow signed binaries access. They both used certificates, that's about it and it's not relevant to this topic.
The setup Microsoft is proposing is not a traditional PKI (Public Key) because there's no key authority outside of Microsoft. There is no third party, it's Microsoft along the entire certificate chain. I don't see how anyone could consider this a potential security hole. If someone is going to get in, they'll get in through another bug. They're not going to fake a signature, nor are they going to modify a signed binary without altering the signature.
I'm already familiar with it, there was no revocation mechanism. There is now, they learned that mistake the hard way, and again, this isn't your typical PKI setup.
The certs issued with the verisign screwup did not break the security, it allowed someone to sign things to appear to be Microsoft, but they were still new untrusted keys. If you read one of the linked stories:
When people double-click a Web link to install a program, a "Security Warning" dialog box pops up with details of the certificate used to sign the code. The dialog box will appear even on computers where the person had previously said to trust all Microsoft code.
So, if someone convinced Verisign to issue new certs as Microsoft again, the security would still be intact, as the cert wouldn't be trusted. Add that to the fact that Microsoft doesn't use Verisign to sign Windows components means that the attack vector you are describing is not possible.
Microsoft would have to sign the malware code with their certificate that they hold and issue from their root in order to bypass UAC. It's not going to happen, no way, no how.
You're saying that Microsoft is going to get tricked into giving out their self-signed root certificate to an untrusted third party and then not revoke it in time to prevent a disaster?
Yeah, and Steve Jobs will be the next CEO of Microsoft.
The social engineering scenario really only applies if you involve third parties, if you write the OS, and you self sign, you pretty much own the entire process. You would need a massive security breech at Microsoft, and in that case, you might as well just pump the malware down through automatic updates, the cert signing won't matter.
So basically:
You mean that if somebody can figure out how to forge a microsoft signature or infect a signed file they can get carte blance access to your machine.
...is not happening.