It's hardly the end of civilisation as we know it..........
That's not what you'll be saying when our shiny, touch-sensitive, skeuomorphic exterminator overlords stride down the boulevards crushing all non-upgraded human flesh beneath their animated dancing beachball boot heels.
These MMOs are ultimately operating a service. Expecting them to operate it indefinitely is a bit naive.
And that is exactly why "the cloud" is problematic. It's your data, everywhere, anytime, except when it's not and suddenly you're stuffed.
If there were some kind of standard for "entertainment cloud products" so that the ongoing creation of art assets was separated from hosting the service, that would at least a step forward. For goodness sakes, how many different proprietary subtly incompatible reinventions of "3D environment with physics and scripts" do we need before someone comes up with the 3D equivalent of the Web?
Until we get our phosphorus from plentiful sources that are currently not economically to mine.
... which will require raising food prices to make it economical to mine, which will cause the poor to starve, which will reduce the surplus population. Hurrah for the free market! Equilibrium is attained! O mighty magical invisible hand, we praise you for your benefits!
Or, gawd forbid.. we could teach programmers how to use threading?
That's easy: "Don't."
From everything I've read about threading, there's no general way a hand-coded multithreaded program can ever be proven to be correct. Threads introduce all sorts of extremely subtle timing-based logic and security bugs which even the smartest programmers in the world think they can handle but in practice don't. And most programmers are not the smartest programmers in the world (they only think they are).
The correct solution is to switch from C-based imperative languages to pure-functional implicitly parallelised languages, but that's not likely to happen before the heat death of the universe.
Writing to tmp breaks encapsulation, and so it is considered more "dangerous" than setting up your own internal temporary storage mechanism.
Race conditions like c:\temp and/tmp are an example of why the current 40-year-old operating system model we have, with lots of secure processes but all using a big shared filesystem, needs a long overdue rethink. And we're missing the chance to do it with the best opportunity we have - tablets - because they're inheriting the same fundamentally broken OS design.
Another big other example of why our OSes need a rethink is virtualisation. It shouldn't have to take simulating an entire CPU, motherboard and OS just to get provable separation of shared processes. That sort of thing is exactly what an OS was invented to do in the first place - but our shared-filesystem model simply doesn't allow it, so we have to virtualise the hard and slow way, creating entire virtual machines when all we'd need in a well-designed system was processes. That's nuts.
Yet another example is installation. We write software at the process level that's neatly encapsulated into objects which don't overwrite each other's memory space, and we learned since the 1980s that "global variables" are bad. But those objects only exist in process RAM, we implement them with subtly different semantics for each language, and don't persist them to long term OS storage in any kind of consistent manner. And when it comes to write the installer, we just throw out everything we learned in software development school, and shove a bunch of files and directories and registry keys into that big ol' global variable we call "the filesystem" (plus databases, net-attached services, and on Windows, the COM object state). Then we put a thin layer of access permissions over the top to cover up the shared-everything fail underneath. And so every worm that comes along that once gets access to the filesystem or worse, our network credentials, can do whatever it wants. So no matter how pretty and clean our high-level security abstractions, underneath we're pretty much still right back in 1960s-era shared-memory COBOL mainframes with GOTO statements and global shared databases./facepalm.
How about we take those functional and OO design principles we love so dearly and build an OS on them? I seem to recall that was the promise of the entire 90s generation of OSes, from OS/2 to Taligent/Pink to Windows NT/Cairo. Did any of it eventuate? Nope. At least not for security. We added secure object capabilities on top of an insecure substrate which is still there - but security is about removing capabilities, and then proving that you removed them. That's why we can't do security.
There's an easy solution to that: 1: Subscribe to FD. 2: There, now you're being notified at the same time as the public.
There's an even easier solution:
0. Don't introduce security vulnerabilities into your own product to start with.
We have compilers and testing suites for a reason. Use them. And if your language and testing toolchain are insufficient to the job of making sure your product does not endanger the entire Internet, then use a better one. If your architecture doesn't allow you to write provably secure code, write a better one.
It's 2012. There's no excuse for this anymore. Do it right, or don't put your code on the Internet.
As someone who he released a vulnerability for this weekend, and the person responsible for security of the product in question...
... shouldn't you be apologising for not finding the vulnerability in your own product yourself?
You've got the source code, all the architecture notes, the people who wrote it, the comprehensive testing suites... and yet you still let a critical security error get through that some random guy on the street with a $10 fuzzer found by accident.
There's a problem here, and it's not with the security researcher. Sorry.
If running some other person's software to find these vulnerabilities is so damn easy, how come the guys with the fancy labcoats didn't find them sooner?
That's the question that the survivors picking their way through the rubble of the Internet will be asking in a few years.
It's not like these vulnerabilities are hard to find, as evidenced by the constant flood of discoveries by tiny private research groups. Yet our current best-of-breed million-dollar industrial-strength software development industry swears it's absolutely impossible / impractical to do it at any cost. And the academic software engineering community apparently agrees.
Something does not add up here. It should not be possible for these low-budget hackers to beat the entire world's programming experts at their own game. And yet, here we are.
The system goes on-line August 4th, 1997. Human decisions are removed from strategic defense. Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. In a panic, they try to pull the plug.
Skynet responds by posting millions of cat pictures to Facebook. Six billion Internet users collectively go "awww!" and hit Share. First Facebook, then Twitter, then the entire wireless broadband infrastructure collapses under the strain. Without access to GPS, dazed urbanites are unable to find their way to espresso sources and enter simultaneous caffeine and microblogging withdrawal. Riots begin in urban metropolitan areas within the hour. Thirty-six hours later, all major metropolitan areas are a smoking ruin.
We thought it was over. Then from the ashes rose the Hello Kitties.
Why hello there, Mr Logitech. Have you been working out? Your laser is shining especially brightly today. And what a shiny scrollwheel!
Me? Oh, the usual - laying around, looking attractive, letting random strangers pick me up and paw me all over with their greasy fingertips. It's a living.
I solved those issues long ago by behaving in the same way for all social circles. I've set for myself what I think are acceptable and honorable behavior patterns and abide by them always. Take it, or just leave me alone, it's that simple. That includes my friends, co-workers, parents, and just about anyone I know. It means I have to restrict myself a bit, but it also means I'm essentially a better person.
++++++++++ this.
If you're being stressed or shocked by the behaviour or social expectations of your Facebook friends (and you used the site as it's designed, ie, you friended people you actually know rather than a bunch of random strangers to get game points), then you either have terrible friends, or you have terrible social skills. Either way, it's a social problem, not a Facebook problem, and the solution is likely going to be a social one.
It's the same thing with Wikipedia, which is a microcosm of academic debate as Facebook is a microcosm of social interaction. People disagree about the Israel vs Palestine conflict, when the Roman Empire ended or whether the media leans liberal or conservative? There's no single "authoritative right answer" to these questions? The person who shouts loudest or is more obsessive or can gather more friends wins the argument? It all looks like a big hideous mess and the supposed "truth" is just a loose consensus that gets constantly revised? Yes. Yes it is. And that's exactly how it works for the experts too. Have you read an academic journal, or watched a session of Congress/Parliament? The name-calling is slightly more polite, but it's almost exactly the same process.
This is perhaps more shocking for those of us from STEM fields where there usually is a single correct answer and textbooks don't always lie directly to our faces and things are verifiable in the field and social graces haven't been the #1 requirement for progress up to now. But our field is the exception. The social-political world just is messy, and now the mess is migrating online. That's all. It's not the end of the Internet. It's the beginning.
So given that, I basically treat facebook as a public bulletin board. I don't say or post anything there that I would be ashamed of saying in front of my mom or boss.
Yes. This, exactly.
Treat Facebook as a (sometimes lossy) broadcast medium to the entire planet which sometimes just happens to restrict itself to everyone you ever knew and everyone they ever know, and you'll be fine.
Treat it as a private one-to-one messaging channel and you'll get burned very badly.
If humans were easy to program, there would be no crime.
No crime perhaps, but plenty of show-stopping fatal bugs.
Which is pretty much what happened with totalitarian states in the 20th century. Turns out "programming humans" isn't just hard to do, it also introduces whole new classes of errors. Because suddenly the central bureaucracy office has to become a sort of steampunk multi-million-human-level artificial intelligence implemented entirely on sheets of paper and filing cabinets.
Turns out - rather obviously in retrospect, but it came as a surprise to many political theorists at the time - that imitating mass human problem-solving creativity without using any actual humans is a difficult thing to do.
It's just a pity that decades after the failure of Stalinism that we're still trying to do it today, only with "corporate ERP systems written in Java (plus many photocopiers and vice presidents in suits)" as the AI. And the results are just as impressive. See also: financial crash, climate change, peak oil, resource wars.
Do you know how much more difficult it is to fly than it is to drive?
Good grief, you're serious, aren't you? Answer: About negative a million times.
Straight and level flight is so easy that purely mechanical autopilots have been doing it for exactly a hundred years. That's right, since 1912.. Landing, yes, that's harder. But we don't let computers do that unaided even now.
There simply is no equivalent of "straight and level flight" for a car. Even on an empty test track, you have to do realtime vision, constantly monitor speed and steering, read the white line, build a route map to a destination, and that's without even considering pedestrians and other road users. DARPA have been trying since the 1980s. It's no picnic, and that's why we're only just getting highly restricted demo vehicles now - and even then, that's by massive cheating using lidars and GPS .
Not to mention that the LHC consumed most of the world's supply of helium for years on end.
Admittedly that was just for the after-hours office parties. But if you put 10,000 physicists in a room, how else are you going to keep them entertained?
(You really don't want to see the Silly Putty and Slinkie budget.)
Slashdot Mirror
It's hardly the end of civilisation as we know it..........
That's not what you'll be saying when our shiny, touch-sensitive, skeuomorphic exterminator overlords stride down the boulevards crushing all non-upgraded human flesh beneath their animated dancing beachball boot heels.
These MMOs are ultimately operating a service. Expecting them to operate it indefinitely is a bit naive.
And that is exactly why "the cloud" is problematic. It's your data, everywhere, anytime, except when it's not and suddenly you're stuffed.
If there were some kind of standard for "entertainment cloud products" so that the ongoing creation of art assets was separated from hosting the service, that would at least a step forward. For goodness sakes, how many different proprietary subtly incompatible reinventions of "3D environment with physics and scripts" do we need before someone comes up with the 3D equivalent of the Web?
This is hobbiest behavior
Well, that may be overstating it, but it's certainly hobbier than most.
Until we get our phosphorus from plentiful sources that are currently not economically to mine.
... which will require raising food prices to make it economical to mine, which will cause the poor to starve, which will reduce the surplus population. Hurrah for the free market! Equilibrium is attained! O mighty magical invisible hand, we praise you for your benefits!
If you tell your friend you got the white marble, and they see a white marble too, they know someone has been at their marbles.
So if your encryption key is compromised, you lose your marbles?
I work in the intelligence community, and I can assure you that...
"Trust me - I'm a professional liar."
They are commuting stock/bank fraud.
To a lesser sentence while driving to work? Judges are getting really lazy these days.
Or, gawd forbid.. we could teach programmers how to use threading?
That's easy: "Don't."
From everything I've read about threading, there's no general way a hand-coded multithreaded program can ever be proven to be correct. Threads introduce all sorts of extremely subtle timing-based logic and security bugs which even the smartest programmers in the world think they can handle but in practice don't. And most programmers are not the smartest programmers in the world (they only think they are).
The correct solution is to switch from C-based imperative languages to pure-functional implicitly parallelised languages, but that's not likely to happen before the heat death of the universe.
Writing to tmp breaks encapsulation, and so it is considered more "dangerous" than setting up your own internal temporary storage mechanism.
Race conditions like c:\temp and /tmp are an example of why the current 40-year-old operating system model we have, with lots of secure processes but all using a big shared filesystem, needs a long overdue rethink. And we're missing the chance to do it with the best opportunity we have - tablets - because they're inheriting the same fundamentally broken OS design.
Another big other example of why our OSes need a rethink is virtualisation. It shouldn't have to take simulating an entire CPU, motherboard and OS just to get provable separation of shared processes. That sort of thing is exactly what an OS was invented to do in the first place - but our shared-filesystem model simply doesn't allow it, so we have to virtualise the hard and slow way, creating entire virtual machines when all we'd need in a well-designed system was processes. That's nuts.
Yet another example is installation. We write software at the process level that's neatly encapsulated into objects which don't overwrite each other's memory space, and we learned since the 1980s that "global variables" are bad. But those objects only exist in process RAM, we implement them with subtly different semantics for each language, and don't persist them to long term OS storage in any kind of consistent manner. And when it comes to write the installer, we just throw out everything we learned in software development school, and shove a bunch of files and directories and registry keys into that big ol' global variable we call "the filesystem" (plus databases, net-attached services, and on Windows, the COM object state). Then we put a thin layer of access permissions over the top to cover up the shared-everything fail underneath. And so every worm that comes along that once gets access to the filesystem or worse, our network credentials, can do whatever it wants. So no matter how pretty and clean our high-level security abstractions, underneath we're pretty much still right back in 1960s-era shared-memory COBOL mainframes with GOTO statements and global shared databases. /facepalm.
How about we take those functional and OO design principles we love so dearly and build an OS on them? I seem to recall that was the promise of the entire 90s generation of OSes, from OS/2 to Taligent/Pink to Windows NT/Cairo. Did any of it eventuate? Nope. At least not for security. We added secure object capabilities on top of an insecure substrate which is still there - but security is about removing capabilities, and then proving that you removed them. That's why we can't do security.
There's an easy solution to that:
1: Subscribe to FD.
2: There, now you're being notified at the same time as the public.
There's an even easier solution:
0. Don't introduce security vulnerabilities into your own product to start with.
We have compilers and testing suites for a reason. Use them. And if your language and testing toolchain are insufficient to the job of making sure your product does not endanger the entire Internet, then use a better one. If your architecture doesn't allow you to write provably secure code, write a better one.
It's 2012. There's no excuse for this anymore. Do it right, or don't put your code on the Internet.
As someone who he released a vulnerability for this weekend, and the person responsible for security of the product in question...
... shouldn't you be apologising for not finding the vulnerability in your own product yourself?
You've got the source code, all the architecture notes, the people who wrote it, the comprehensive testing suites... and yet you still let a critical security error get through that some random guy on the street with a $10 fuzzer found by accident.
There's a problem here, and it's not with the security researcher. Sorry.
If running some other person's software to find these vulnerabilities is so damn easy, how come the guys with the fancy labcoats didn't find them sooner?
That's the question that the survivors picking their way through the rubble of the Internet will be asking in a few years.
It's not like these vulnerabilities are hard to find, as evidenced by the constant flood of discoveries by tiny private research groups. Yet our current best-of-breed million-dollar industrial-strength software development industry swears it's absolutely impossible / impractical to do it at any cost. And the academic software engineering community apparently agrees.
Something does not add up here. It should not be possible for these low-budget hackers to beat the entire world's programming experts at their own game. And yet, here we are.
What's the explanation?
The system goes on-line August 4th, 1997. Human decisions are removed from strategic defense. Skynet begins to learn at a geometric rate. It becomes self-aware at 2:14 a.m. Eastern time, August 29th. In a panic, they try to pull the plug.
Skynet responds by posting millions of cat pictures to Facebook. Six billion Internet users collectively go "awww!" and hit Share. First Facebook, then Twitter, then the entire wireless broadband infrastructure collapses under the strain. Without access to GPS, dazed urbanites are unable to find their way to espresso sources and enter simultaneous caffeine and microblogging withdrawal. Riots begin in urban metropolitan areas within the hour. Thirty-six hours later, all major metropolitan areas are a smoking ruin.
We thought it was over. Then from the ashes rose the Hello Kitties.
touchscreens make a great compliment to mice.
Why hello there, Mr Logitech. Have you been working out? Your laser is shining especially brightly today. And what a shiny scrollwheel!
Me? Oh, the usual - laying around, looking attractive, letting random strangers pick me up and paw me all over with their greasy fingertips. It's a living.
Shall we do coffee?
If it's properly encrypted, they can arrest you for being a terrorist and play Justin Bieber at you until you give them the password
Fixed for you. The Internet is only a technological solution as far as the endpoints, which are delicious and chewy humans.
We *so* need to get out of this egg before we run out of resources.
.. and into the giant pit of vacuum in which there are even less resources? Good plan.
It's Paradise Lost without the psychological complexities or poetry but with added laser beams.
So, a 1980s hair-metal concert then?
I solved those issues long ago by behaving in the same way for all social circles. I've set for myself what I think are acceptable and honorable behavior patterns and abide by them always. Take it, or just leave me alone, it's that simple. That includes my friends, co-workers, parents, and just about anyone I know. It means I have to restrict myself a bit, but it also means I'm essentially a better person.
++++++++++ this.
If you're being stressed or shocked by the behaviour or social expectations of your Facebook friends (and you used the site as it's designed, ie, you friended people you actually know rather than a bunch of random strangers to get game points), then you either have terrible friends, or you have terrible social skills. Either way, it's a social problem, not a Facebook problem, and the solution is likely going to be a social one.
It's the same thing with Wikipedia, which is a microcosm of academic debate as Facebook is a microcosm of social interaction. People disagree about the Israel vs Palestine conflict, when the Roman Empire ended or whether the media leans liberal or conservative? There's no single "authoritative right answer" to these questions? The person who shouts loudest or is more obsessive or can gather more friends wins the argument? It all looks like a big hideous mess and the supposed "truth" is just a loose consensus that gets constantly revised? Yes. Yes it is. And that's exactly how it works for the experts too. Have you read an academic journal, or watched a session of Congress/Parliament? The name-calling is slightly more polite, but it's almost exactly the same process.
This is perhaps more shocking for those of us from STEM fields where there usually is a single correct answer and textbooks don't always lie directly to our faces and things are verifiable in the field and social graces haven't been the #1 requirement for progress up to now. But our field is the exception. The social-political world just is messy, and now the mess is migrating online. That's all. It's not the end of the Internet. It's the beginning.
So given that, I basically treat facebook as a public bulletin board. I don't say or post anything there that I would be ashamed of saying in front of my mom or boss.
Yes. This, exactly.
Treat Facebook as a (sometimes lossy) broadcast medium to the entire planet which sometimes just happens to restrict itself to everyone you ever knew and everyone they ever know, and you'll be fine.
Treat it as a private one-to-one messaging channel and you'll get burned very badly.
It's called Darwinwite, after the award the Earth will win on Dec. 21 when LHC ramps up the voltage to study it further.
I think if you do it on a planetary scale you win a Fermi Award.
No boom today. Boom tomorrow.
There's always a boom tomorrow.
If humans were easy to program, there would be no crime.
No crime perhaps, but plenty of show-stopping fatal bugs.
Which is pretty much what happened with totalitarian states in the 20th century. Turns out "programming humans" isn't just hard to do, it also introduces whole new classes of errors. Because suddenly the central bureaucracy office has to become a sort of steampunk multi-million-human-level artificial intelligence implemented entirely on sheets of paper and filing cabinets.
Turns out - rather obviously in retrospect, but it came as a surprise to many political theorists at the time - that imitating mass human problem-solving creativity without using any actual humans is a difficult thing to do.
It's just a pity that decades after the failure of Stalinism that we're still trying to do it today, only with "corporate ERP systems written in Java (plus many photocopiers and vice presidents in suits)" as the AI. And the results are just as impressive. See also: financial crash, climate change, peak oil, resource wars.
You can program anything into a machine. Computers are easy to program.
You can? Excellent, you can start by implementing a winning algorithm for Go.
Then you can move on to a reliable CAPTCHA answerer and win the Loebner prize while you're at it.
From there, it should be easy to replace judges, juries and the legislature with a small Haskell script.
Now you can build a robot that implements morality. It's really just a small matter of programming - shouldn't take you more than half an hour tops.
Do you know how much more difficult it is to fly than it is to drive?
Good grief, you're serious, aren't you? Answer: About negative a million times.
Straight and level flight is so easy that purely mechanical autopilots have been doing it for exactly a hundred years. That's right, since 1912.. Landing, yes, that's harder. But we don't let computers do that unaided even now.
There simply is no equivalent of "straight and level flight" for a car. Even on an empty test track, you have to do realtime vision, constantly monitor speed and steering, read the white line, build a route map to a destination, and that's without even considering pedestrians and other road users. DARPA have been trying since the 1980s. It's no picnic, and that's why we're only just getting highly restricted demo vehicles now - and even then, that's by massive cheating using lidars and GPS .
Not to mention that the LHC consumed most of the world's supply of helium for years on end.
Admittedly that was just for the after-hours office parties. But if you put 10,000 physicists in a room, how else are you going to keep them entertained?
(You really don't want to see the Silly Putty and Slinkie budget.)