Who does your computer trust at that point then? It has to trust someone, otherwise we'll have all sorts of viruses and spyware that tell the CPU "trust me, but don't trust the user, or any of his evil antispyw^H^H^H^H^H^H^H^H hacker tools." So all computers will be controlled by some particular oligarchy then?
On the other hand, hardware monoculture is, in my humble opinion, currently beneficial. In hardware, as long as you have at least one competitor (AMD), economies of scale are the most significant way to reduce costs, since manufacturing costs are unavoidable in hardware.
We haven't had any usable open-source binary-translation virtualizers yet. My guess is that it's because the binary-translation that vmWare does is very complicated. The hardware modifications that AMD and Intel are releasing should simplify this quite a bit, allowing many more OSS projects to be written that support binary-level virtualization.
Eventually most people should have virtualization support in their hardware. And there will be many different OSS virtualizers. And at that point, it will be much easier for normal people to try linux, because Knoppix will support virtualization at that point, and run side-by-side with Windows.
In the meantime, I don't see any point in supporting x86 virtualizers that plan on sticking with existing methods (either paravirtualization or binary translation ones).
Ahh, I think you are correct, sir! Paravirtualization, where you recompile the guest OS, can, if you you make the guest OS happy to always run under ring 1, be secure, I think you're correct.
The Usenix paper I quoted I guess only examines only the Binary Translation way of doing things, where the VMM has to share Ring0 with the guest OS, but as you point out, that's not required with Paravirtualization.
You don't need an arbitrary number of levels necessarily, unless end-user use-cases require it. Many processrs have securely supported VMM in hardware for a while, and have done it with more minimal changes. In particular, the new x86 changes from Intel and AMD seem fairly minimal. The Usenix paper goes through the details of which specific processer instructions have problems, and suggested fixes for each of them, so it gives a good perspective of this.
I don't know... As much as I like to root for the underdog, references like AMD, Intel, IBM, and "6 million dollars" make Xen seem pretty alluring to me.
Also, from a technical perspective, aren't there concerns over how secure virtualized machines can be on 2004-era x86 machines?
"We conclude that current VMM products for the Intel architecture should not be used as a secure virtual machine monitor.
... Slight modifications to the processor would significantly facilitate development of a highly secure Type I VMM."
So, if you're on x86, you really want the upgraded hardware support anyway, to be able to be protected much more from webserver break-ins or just random untrusted software.
So why is GMail the ONLY product they've released that quite strictly limited the influx of people? (not simply hiding a Beta link one or two levels deep, but requiring limited registration)
Warcraft requires a $50 up-front fee, and has $15 ongoing-revenue to fund server enhancements, yet is swamped. This is a technical problem. It happens to have ingenious marketing side-effects, yes, but the login-queues and dangerous lag on super-populated continents are still fundamentally a technical problem.
Google requires $0 up-front fee, and probably gets less than $15/mo in ad revenue from GMail users. They have to devote max probably 300MB per user. They do have the benefit that new users will use much less space on average than existing users, but still, the negative effects of popularity on server infrastructure are still simply a reality, especially for a free service.
What happened when Blizzard released World of Warcraft to the public? Its popularity far outstripped Blizzard's predictions, and their previous rock-solid product became an endless string of "emergency maintenance" announcements.
Same with Google... GMail requires space to be dedicated to each new person. If the influx of new people is greater than the rate at which they can aquire new hardware and squash new scalability bugs, then it won't be rock-solid anymore.
Controlling popularity is important. Google might be overdoing it a little bit... But in this game, it's far better to err on the side of going too slow, especially when you're as popular as google is.
The problem I've had with online-cable sites is that inevitably shipping plays a big part in the price (L-com will sell you 4 7ft cat5e cables for $3.29 each, plus approx $2.00 shipping EACH). But the shipping cost is also highly variable, eg. some sites include more of the product cost in the shipping cost, others less. So, if you want to buy 3 cables, you should get it from one place, and if you want 10 cables, you should buy from an entirely different place. I wish there was a meta-website that did all these calculations for you...
1) so old buddies that Google for you can never contact you?
2) I have *@paperlined.org sent to a single inbox, and can blacklist or whitelist them them whenever I want (for free), and it takes 0 seconds to create an email address. However, I'm still thwarted two things: mothers who keep giving my email address to extremely disreputable postcard sites and the like; and by the fact that I think it's somewhat rude to give a live human a randomized email address (even if they are semi-irresponsible).
It's just a feeling I have that's the combination of a couple different things...
One is that Blizzard's initial response to chinese farming was to making the professions "Fishing" and "Cooking" basically worthless. You could still do those professions, but there was basically little point in doing so. So chinese farmers had the indirect effect of making something that was previously enjoyable now not enjoyable.
Second is that... people play games to escape the real world. If we allow the real world economy to merge with in-game economies, the game will be reduced to something like stock market trading or factory work or something like that. Seriously. Economic principles taken to their fullest extent result in required work that is interesting to some, but definitely is not something that most people would want to pay $15/month for to use as an escape.
Third... even if it WERE possible to design a game that people would pay $15/mo to play, but still be merged with the real-world economy, it still limits Blizzard quite a bit in what they can do. Everything would need to be economically sound... rare items would either have to be exceeeeedingly rare, or not be worth very much. The whole point to the game is to make this artificial combination of electrons look/act like a very powerful weapon, and so be rewarding to receive, but it still fundamentally is a completely artificial creation that's functionally useless other than its entertainment value. It's not something you should apply real-world economics to.
Mod parent up! Yes, the template response to proposed spam solutions has easy ways to dismiss that post, but seriously, we're to the point where email is almost usuable.
From a practical point of view, we don't even need to break backwards-compatibility. Somebody just needs to come up with a communications solution that 1) functions like email, 2) doesn't interface to normal email, and 3) becomes popular enough that people actually use it.
We need SOME option for non-anonymous communications. The technical details don't matter. Just give people the option [ ]anonymous? [x]no-anonymous. That's it.
There's a huge difference between someone selling a major item or two, every once in a while, or even selling their character once they stop playing the game... and people who SET UP ENTIRE COMPANIES and employee lots of people who PLAY ACCOUNTS 24/7 and whose sole purposes is to sell in-game currency for US dollars, and who do it on an industrial scale. People who pay chinese people to do absolutely mindless boring repetitive tasks, on an industrial scale, force games to move in the direction of mindless/repetitive/boring. This is a GAME. It should be ENTERTAINING. In-game economies should not merge with the real-life economy.
One difference between console games and PC games is that usually it's effortless to take a console game to a friend's house, and enjoy some four-way action over there. Whereas for PC games, usually you have to 1) agree to a EULA that says you'll only use it on one machine and 2) type in the CD-key, making it remotely possible for the company to enforce that. Will tray-and-play games on the PC be different? Presumably part of the difference is that consoles have more BIOS/tray-hardware/etc security modifications that make console games impossible to copy for the first couple of months they're released, and once the platform has been cracked, still requires some small effort (eg. void your warranty, etc).
From the article:
This new feature allegedly won't be exclusive to Microsoft's upcoming Longhorn Windows platform and could theoretically be put into games today, provided it gets planned for in development early on.
Exactly. We already have auto-run. Games can do this already if they want to. But they haven't chosen to.
And what's the probability that TiVo would go the way of mp3.com at that point? The INSTANT that somebody thought about letting people download CDs legally, The Industry jumped all over them, no matter how legal the plan was.
Yes, we have iTunes now. But the important thing is that The Industry needs to prove it has balls. The first one to dare stand up to The Industry MUST be responded to in a powerful way, even if The Industry gives in to the exact same plan 12 months later.
Okay, look.... heavily networked cell phones are DEFINITELY IN OUR FUTURE. VoIP will be one benefit, but there are many others, and this is NOT a niche thing.
Back in the 80's, when PCs went from being separate little boxes to being part of the global network, we found all sorts of new uses for computers. Computers became an order of magnitude more useful.
When cell phones have really responsive, always-on data network connections, there will similarly be a profusion of new ways to use your cell phone. At that point, you're essentially carrying a miniature extension of the internet in your pocket, which allows the internet to reach out and touch even more things in your life. Yes, geeks will take this way too far, but there are extremely practical things that NTT DoCoMo are considering, for instance. Examples are point-of-sale interactions (e-cash, mediated by your own personal connetion to the network, allowing additional possibilities), barcode scanning (barcodes are everywhere... allowing you to search for reviews on a product, or easily create a shopping list, etc), physical entry authentication (eg. at work). Yes, some of these require some small amount of additional hardware, but the fact that DoCoMo is considering these now, means that there's a good chance that some of this additional local-internet-interaction hardware WILL be added by many cell phone manufacturers in the future.
In the far-off future, we WILL have little star-trek devices that have very fast and snapppy GPS readers, fast network data connections, etc. They'll be like current desktops, miniaturized to fit in our pockets. The cell phones that will be available in a few years will be intermediate devices that start the process of removing all limitations of our current cell phones, allowing people to implement many of the applications that they wish they could now.
So, how should companies respond to a claim if they honestly believe it to have no merit?
Anyway, try this: find either an RF engineer in college, or one working in a cell phone company. Take them out to a bar, and ask them their honest opinion. If they're in college, they might tell you that cell phones emit much less energy than is considered even minimally harmful. Or they'll compare a cell phone to normal widespread devices, like a microwave. Talk to someone in the workplace, and they'll most likely tell you that cell phone companies go overboard on their RF testing before releasing new phones, in order to address these largely unwarranted concerns.
I have no doubt that ultimately everything (audio, video, text, unicast and broadcast) will be over the same network (eg. 200 years in the future) due to economies of scale, and will be relatively open, as that yields much greater economic growth. However, as you say, in the near-to-medium-future, all sorts of legislative barriers may be put up to prevent the unification of the networks. And ultimately, there will definitely be SOME amount of control, at least by the government, since as the network grows in importance, there will be at least a few things that everyone agrees is absolutely unlawful.
DOCSIS contains provisions for filtering ranges of ports, and companies I've been with regularly use this to block ports that particularly obnoxious worms/viruses use. So this isn't anything new. But it's a good question whether this violates the common-carrier thing.
Sure, you can copy-and-paste anything you want into your URL bar, and hit enter. This takes time, and thought, and you have to look at the string in two different places, so it's reasonably secure based on that.
The only security problems that could arise would be if there were links that you could click on, or bookmark them. Try it here (slashdot won't let you write chrome:// URLs unfortunately). It doesn't work.
There are tons of security measures related to XPI/XUL, the Firefox team has IMHO taken an OVERLY aggressive approach to XUL/XPI issues. You know why there are several extra steps required in Firefox to install an XPI plugin? Because there were some theoretical exploits where someone might ask a user to click on a place on the screen over and over (eg. hit the monkey), and then display the XPI dialog there, and the user might end up clicking "yes, please install" before they realized that they were running potentially suspicious code. So now users have to wait a few seconds before being able to click.
Users CAN actually configure their browser to let remote sites do just about anything, include read/write files, change the clipboard, etc., because this is sometimes something that's useful that users might want from a few special sites. But it's a pain in the butt to get the several security configuration settings set properly, and again, as a developer, I think they might have overdone it.
This has nothing to do with management decisions, intelligent or otherwise. A different poster posted this, but you probably missed it. Scroll down about a third of the way, and look at Figure 1. As soon as we hit ~3.5GHz (circa 2003), physics basically demanded that we stop looking to clock speeds for significant performance boosts, and the switch to multi-core chips was the obvious next step.
Yes, Intel/AMD could have started doing multi-core sooner, but the entire point of the article is that designing software for multi-core hardware is hard, and requires a shift in the mindset of software designers to 1) realize noticable performance increases from it, and 2) properly find all race issues (some of which never show up on a single-core machine).
One function of OSS is to ensure that the freedom available to programmers now is never diminished.
Can the microcode can be used in a malevolent manner that exercises corporate control at the expense of the invidual? Companies have already threatened to do this with the BIOS (eg. DRM and such). Graphics firmware probably will never threaten the control over the general-purpose computing like the CPU bios can, but if it does, we can implement an OSS version at that point.
Except that you're wrong too. VMWare is a virtualizer (what's the first letter in "VMWare"?) When Vanderpool comes out, vmWare's role will be as a VMM (Virtual Machine Manager).
Personally though, I think we need to create even more synonyms for simulator/emulator/virtualizer so we can all be just a little more confused.
Slashdot Mirror
Who does your computer trust at that point then? It has to trust someone, otherwise we'll have all sorts of viruses and spyware that tell the CPU "trust me, but don't trust the user, or any of his evil antispyw^H^H^H^H^H^H^H^H hacker tools." So all computers will be controlled by some particular oligarchy then?
We haven't had any usable open-source binary-translation virtualizers yet. My guess is that it's because the binary-translation that vmWare does is very complicated. The hardware modifications that AMD and Intel are releasing should simplify this quite a bit, allowing many more OSS projects to be written that support binary-level virtualization.
Eventually most people should have virtualization support in their hardware. And there will be many different OSS virtualizers. And at that point, it will be much easier for normal people to try linux, because Knoppix will support virtualization at that point, and run side-by-side with Windows.
In the meantime, I don't see any point in supporting x86 virtualizers that plan on sticking with existing methods (either paravirtualization or binary translation ones).
The Usenix paper I quoted I guess only examines only the Binary Translation way of doing things, where the VMM has to share Ring0 with the guest OS, but as you point out, that's not required with Paravirtualization.
You don't need an arbitrary number of levels necessarily, unless end-user use-cases require it. Many processrs have securely supported VMM in hardware for a while, and have done it with more minimal changes. In particular, the new x86 changes from Intel and AMD seem fairly minimal. The Usenix paper goes through the details of which specific processer instructions have problems, and suggested fixes for each of them, so it gives a good perspective of this.
Also, from a technical perspective, aren't there concerns over how secure virtualized machines can be on 2004-era x86 machines?
- "We conclude that current VMM products for the Intel architecture should not be used as a secure virtual machine monitor.
So, if you're on x86, you really want the upgraded hardware support anyway, to be able to be protected much more from webserver break-ins or just random untrusted software.... Slight modifications to the processor would significantly facilitate development of a highly secure Type I VMM."
Z) Wait 6 months, shell out a bit of cash, and have a fully open-source virtualizer that runs significantly faster.
So why is GMail the ONLY product they've released that quite strictly limited the influx of people? (not simply hiding a Beta link one or two levels deep, but requiring limited registration)
Warcraft requires a $50 up-front fee, and has $15 ongoing-revenue to fund server enhancements, yet is swamped. This is a technical problem. It happens to have ingenious marketing side-effects, yes, but the login-queues and dangerous lag on super-populated continents are still fundamentally a technical problem.
Google requires $0 up-front fee, and probably gets less than $15/mo in ad revenue from GMail users. They have to devote max probably 300MB per user. They do have the benefit that new users will use much less space on average than existing users, but still, the negative effects of popularity on server infrastructure are still simply a reality, especially for a free service.
Same with Google... GMail requires space to be dedicated to each new person. If the influx of new people is greater than the rate at which they can aquire new hardware and squash new scalability bugs, then it won't be rock-solid anymore.
Controlling popularity is important. Google might be overdoing it a little bit... But in this game, it's far better to err on the side of going too slow, especially when you're as popular as google is.
The problem I've had with online-cable sites is that inevitably shipping plays a big part in the price (L-com will sell you 4 7ft cat5e cables for $3.29 each, plus approx $2.00 shipping EACH). But the shipping cost is also highly variable, eg. some sites include more of the product cost in the shipping cost, others less. So, if you want to buy 3 cables, you should get it from one place, and if you want 10 cables, you should buy from an entirely different place. I wish there was a meta-website that did all these calculations for you...
2) I have *@paperlined.org sent to a single inbox, and can blacklist or whitelist them them whenever I want (for free), and it takes 0 seconds to create an email address. However, I'm still thwarted two things: mothers who keep giving my email address to extremely disreputable postcard sites and the like; and by the fact that I think it's somewhat rude to give a live human a randomized email address (even if they are semi-irresponsible).
One is that Blizzard's initial response to chinese farming was to making the professions "Fishing" and "Cooking" basically worthless. You could still do those professions, but there was basically little point in doing so. So chinese farmers had the indirect effect of making something that was previously enjoyable now not enjoyable.
Second is that... people play games to escape the real world. If we allow the real world economy to merge with in-game economies, the game will be reduced to something like stock market trading or factory work or something like that. Seriously. Economic principles taken to their fullest extent result in required work that is interesting to some, but definitely is not something that most people would want to pay $15/month for to use as an escape.
Third... even if it WERE possible to design a game that people would pay $15/mo to play, but still be merged with the real-world economy, it still limits Blizzard quite a bit in what they can do. Everything would need to be economically sound... rare items would either have to be exceeeeedingly rare, or not be worth very much. The whole point to the game is to make this artificial combination of electrons look/act like a very powerful weapon, and so be rewarding to receive, but it still fundamentally is a completely artificial creation that's functionally useless other than its entertainment value. It's not something you should apply real-world economics to.
From a practical point of view, we don't even need to break backwards-compatibility. Somebody just needs to come up with a communications solution that 1) functions like email, 2) doesn't interface to normal email, and 3) becomes popular enough that people actually use it.
We need SOME option for non-anonymous communications. The technical details don't matter. Just give people the option [ ]anonymous? [x]no-anonymous. That's it.
There's a huge difference between someone selling a major item or two, every once in a while, or even selling their character once they stop playing the game... and people who SET UP ENTIRE COMPANIES and employee lots of people who PLAY ACCOUNTS 24/7 and whose sole purposes is to sell in-game currency for US dollars, and who do it on an industrial scale. People who pay chinese people to do absolutely mindless boring repetitive tasks, on an industrial scale, force games to move in the direction of mindless/repetitive/boring. This is a GAME. It should be ENTERTAINING. In-game economies should not merge with the real-life economy.
Wele the ./configure script be set up to accomodate both New Jersey and Mexican accents?
From the article:
- This new feature allegedly won't be exclusive to Microsoft's upcoming Longhorn Windows platform and could theoretically be put into games today, provided it gets planned for in development early on.
Exactly. We already have auto-run. Games can do this already if they want to. But they haven't chosen to.Yes, we have iTunes now. But the important thing is that The Industry needs to prove it has balls. The first one to dare stand up to The Industry MUST be responded to in a powerful way, even if The Industry gives in to the exact same plan 12 months later.
Back in the 80's, when PCs went from being separate little boxes to being part of the global network, we found all sorts of new uses for computers. Computers became an order of magnitude more useful.
When cell phones have really responsive, always-on data network connections, there will similarly be a profusion of new ways to use your cell phone. At that point, you're essentially carrying a miniature extension of the internet in your pocket, which allows the internet to reach out and touch even more things in your life. Yes, geeks will take this way too far, but there are extremely practical things that NTT DoCoMo are considering, for instance. Examples are point-of-sale interactions (e-cash, mediated by your own personal connetion to the network, allowing additional possibilities), barcode scanning (barcodes are everywhere... allowing you to search for reviews on a product, or easily create a shopping list, etc), physical entry authentication (eg. at work). Yes, some of these require some small amount of additional hardware, but the fact that DoCoMo is considering these now, means that there's a good chance that some of this additional local-internet-interaction hardware WILL be added by many cell phone manufacturers in the future.
In the far-off future, we WILL have little star-trek devices that have very fast and snapppy GPS readers, fast network data connections, etc. They'll be like current desktops, miniaturized to fit in our pockets. The cell phones that will be available in a few years will be intermediate devices that start the process of removing all limitations of our current cell phones, allowing people to implement many of the applications that they wish they could now.
Anyway, try this: find either an RF engineer in college, or one working in a cell phone company. Take them out to a bar, and ask them their honest opinion. If they're in college, they might tell you that cell phones emit much less energy than is considered even minimally harmful. Or they'll compare a cell phone to normal widespread devices, like a microwave. Talk to someone in the workplace, and they'll most likely tell you that cell phone companies go overboard on their RF testing before releasing new phones, in order to address these largely unwarranted concerns.
I have no doubt that ultimately everything (audio, video, text, unicast and broadcast) will be over the same network (eg. 200 years in the future) due to economies of scale, and will be relatively open, as that yields much greater economic growth. However, as you say, in the near-to-medium-future, all sorts of legislative barriers may be put up to prevent the unification of the networks. And ultimately, there will definitely be SOME amount of control, at least by the government, since as the network grows in importance, there will be at least a few things that everyone agrees is absolutely unlawful.
So that whole user/root separation is a problem, and not a solution? And 'su' is something that's fatally flawed? And don't get me STARTED on 'sudo'!
DOCSIS contains provisions for filtering ranges of ports, and companies I've been with regularly use this to block ports that particularly obnoxious worms/viruses use. So this isn't anything new. But it's a good question whether this violates the common-carrier thing.
Sure, you can copy-and-paste anything you want into your URL bar, and hit enter. This takes time, and thought, and you have to look at the string in two different places, so it's reasonably secure based on that.
The only security problems that could arise would be if there were links that you could click on, or bookmark them. Try it here (slashdot won't let you write chrome:// URLs unfortunately). It doesn't work.
There are tons of security measures related to XPI/XUL, the Firefox team has IMHO taken an OVERLY aggressive approach to XUL/XPI issues. You know why there are several extra steps required in Firefox to install an XPI plugin? Because there were some theoretical exploits where someone might ask a user to click on a place on the screen over and over (eg. hit the monkey), and then display the XPI dialog there, and the user might end up clicking "yes, please install" before they realized that they were running potentially suspicious code. So now users have to wait a few seconds before being able to click.
Users CAN actually configure their browser to let remote sites do just about anything, include read/write files, change the clipboard, etc., because this is sometimes something that's useful that users might want from a few special sites. But it's a pain in the butt to get the several security configuration settings set properly, and again, as a developer, I think they might have overdone it.
Yes, Intel/AMD could have started doing multi-core sooner, but the entire point of the article is that designing software for multi-core hardware is hard, and requires a shift in the mindset of software designers to 1) realize noticable performance increases from it, and 2) properly find all race issues (some of which never show up on a single-core machine).
Can the microcode can be used in a malevolent manner that exercises corporate control at the expense of the invidual? Companies have already threatened to do this with the BIOS (eg. DRM and such). Graphics firmware probably will never threaten the control over the general-purpose computing like the CPU bios can, but if it does, we can implement an OSS version at that point.
Personally though, I think we need to create even more synonyms for simulator/emulator/virtualizer so we can all be just a little more confused.