"..and I seriously doubt they LOSE money on each Console sale as they claim"
Why do you seriously doubt that? Do the math.
Unless M$ are somehow warping the very fabric of capitalism they are paying (very approximately) as much for their chips and circuit boards as anyone else. Sure, I bet they get a great deal from all their vendors, but in this case, the hardware is universally agreed to be some expensive shit to make. I saw an estimate of around $100 for the GPU+EDRAM alone. On the other end, what about the retailer markup? Sure, that's negotiable, but not by very much.
An 1.2-mm thick polycarbonate disc costs well under a buck. Let's say $1.50 with packaging. Throw handful of bucks to the publisher, another ten or so to the retailer, and considering a game retails for say $50, you can see where the money lies.
Sony recently sold 100 million PS2s; but over the years a total of 1.8 BILLION games have been sold for the PS1 and PS2. Let's just say Sony made $5 a game (which is likely a significant underestimate)...
Will someone here with a 360 and a spare half hour go get the aforementioned warez, and burn two copies - one with a single byte modified in one of the executable files?
Actual results posted here would be oh so welcome.
Indeed, The hilarious kiddie-ness of it all don't detract from the 1337ness of their h4x0r one iota. I hear development on the PSP hacking scene may slow a little early next week as SonyxTeam is in detention for pulling a girl's hair and MPH can't upload the PSP kernel sploit code until he's cleaned his soccer boots properly.
Politicians are anything but stupid... Frequently greedy (a.k.a. 'highly motivated' - subjective), misguided (subjective), misinformed (ditto), and reactionary (actually not ditto, they all are - is implicit) - but rarely actually
stupid
.
Being a politician (esp in US) is self-evidently; 1) Very expensive. 2) Very time consuming. 3) Somewhat dangerous. (Kennedy, Reagan, Lincoln, etc) 3) Very popular with the ladies. (Clinton, Kennedy, et al)
For example; George Dubya is frequently (to my ears) denounced as basically "in it for the money". WRONG! He was already rich as fuck! How much money do you need? Ppl going for the Prez are not, I suspect, particularly money-motivated. You need to be pretty frickin rich to even be a contender (see: many fortunes lost in failed Prez attempts).
Having said all that, I can't for the life of me figure out why they do it if not for the money. I certainly have a hard time believing they do it for the good of humanity..;-)
FYI Phil Karn ^^^ (a.k.a. KA9Q) is destined to be one of those people who gets written into the history books. IANAHistorian but AFAIK Phil is at least somewhat responsible for a significant proportion of Qualcomm's rather impressive success with CDMA (a.k.a. the cellphone technology that kicks the ass of all others).
Not only that; I most remember using his early dos-based TCP/IP stack and tools (repackaged by Demon Internet in the UK, BackInTheOldDays) which, while minimally friendly, were damn fine.
Apparantly rumour has it that there existed a system of sending information without wires before 802.11 that he was an amateur dabbler in..;-)
My metaphorical hat goes off to him for decades of hard, smart, cheerful, pioneering work....Thanks Phil!
you could write the most incredibly scary 'sploit with this hole; Naturally I don't know what I'm talking about (in terms of sploitability of the zlib hole, but it looks bad from a cursory scan) but..
Let's say that there are a buttload of vulnerable programs (let's suppose; multiple browser/IM client PNG implementations, Flash Player(!), email browsers, etcetera) and they mostly link in (statically or dynamically) one of say 4 different builds of zlib. I am making assumptions here which someone will be happy to correct me on, but as this code is right in the core of the decompressor, the local stack frame (regardless of which vulnerable app is running) will likely be usually very similar, making a near-universal buffer overflow sploit at least more practicable.
Now this may be conjecture, but it seems possible that sufficiently misguided individual(s) could work hard and produce an outrageouly virulent nasty that could infect a multitude of different apps. Dunno how hard it would be to get the payload working though.
Certainly busting into a web server will get much easier for a lot of people - there are a lot of server apps that accept (or look inside) zip files, not to mention _virus scanners_. Oh the irony - Your virus checker gets you 0wned.;-)
Disclaimer: Actually implementing any or all of the above sounds like, at best, a waste of one's precious lifetime. Go hang out with some friends instead.
Hey you guys, Just wanted to point out that, amidst the usual "They should've written it in perl" type nonsense, can I just point out that
** This is a _really_ serious bug **
Zlib is very easy to use, effective, and standard, so has been VERY WIDELY incorporated into apps for the last half-dozen years. Those apps are all the most popular *INTERNET FACING* apps (b/c most everyone adds a dash of zlib on incoming or outgoing internet data), and they almost all trust zlib to not blow up on incoming data.
Dudes, not only PNG, but *Macromedia Flash* does and has always used zlib. Anyone fancy checking that?
Perhaps it might be an idea to write a firewall filter that inspects data to detect poisoned zip streams? I believe it can be done reasonably efficiently b/c zip streams are not that expensive to identify.
I had my ~1Tb music server die on me last year. Was a buttload of Maxtor's, and they worked perfectly.. until the power supply suddenly decided that if 12V was good for hard drives, 110V must be better! Happily I had got paranoid a few months earlier and backed up all the static data, but for my database I was having one drive backup onto another daily. Now _that_ was a bad idea. I did eventually get the db data back by (as suggested above) swapping logic boards between non-dead and dead drives. It worked really well, and NONE of the drives had suffered worse than a toasted logic board. Spindle and seek motors etc were fine, as was the db data.. when I eventually got it back.
Swapping the controller boards on the drives was very very easy indeed - with many models you can just undo a handful of screws and without even yanking out connectors it's a piece of cake. Obviously try your best to get a board from the same model/batch of drive (firmware differences etc) however I found them to be remarkably interchangable.
Slashdot Mirror
"..and I seriously doubt they LOSE money on each Console sale as they claim"
Why do you seriously doubt that? Do the math.
Unless M$ are somehow warping the very fabric of capitalism they are paying (very approximately) as much for their chips and circuit boards as anyone else. Sure, I bet they get a great deal from all their vendors, but in this case, the hardware is universally agreed to be some expensive shit to make. I saw an estimate of around $100 for the GPU+EDRAM alone. On the other end, what about the retailer markup? Sure, that's negotiable, but not by very much.
An 1.2-mm thick polycarbonate disc costs well under a buck. Let's say $1.50 with packaging. Throw handful of bucks to the publisher, another ten or so to the retailer, and considering a game retails for say $50, you can see where the money lies.
http://www.gamespot.com/news/6140574.html
Sony recently sold 100 million PS2s; but over the years a total of 1.8 BILLION games have been sold for the PS1 and PS2. Let's just say Sony made $5 a game (which is likely a significant underestimate)...
Will someone here with a 360 and a spare half hour go get the aforementioned warez, and burn two copies - one with a single byte modified in one of the executable files?
Actual results posted here would be oh so welcome.
Indeed,
The hilarious kiddie-ness of it all don't detract from the 1337ness of their h4x0r one iota.
I hear development on the PSP hacking scene may slow a little early next week as SonyxTeam is in detention for pulling a girl's hair and MPH can't upload the PSP kernel sploit code until he's cleaned his soccer boots properly.
- stupid
.Being a politician (esp in US) is self-evidently;
1) Very expensive.
2) Very time consuming.
3) Somewhat dangerous. (Kennedy, Reagan, Lincoln, etc)
3) Very popular with the ladies. (Clinton, Kennedy, et al)
For example; George Dubya is frequently (to my ears) denounced as basically "in it for the money". WRONG! He was already rich as fuck! How much money do you need? Ppl going for the Prez are not, I suspect, particularly money-motivated. You need to be pretty frickin rich to even be a contender (see: many fortunes lost in failed Prez attempts).
Having said all that, I can't for the life of me figure out why they do it if not for the money. I certainly have a hard time believing they do it for the good of humanity..
y'think? But imagine - you could write dumb /. comments and pop your microwave popcorn USING THE SAME CONNECTION.
Hmmm. The Linksys WRT54GigaWatts ?
FYI Phil Karn ^^^ (a.k.a. KA9Q) is destined to be one of those people who gets written into the history books. IANAHistorian but AFAIK Phil is at least somewhat responsible for a significant proportion of Qualcomm's rather impressive success with CDMA (a.k.a. the cellphone technology that kicks the ass of all others).
;-)
...Thanks Phil!
Not only that; I most remember using his early dos-based TCP/IP stack and tools (repackaged by Demon Internet in the UK, BackInTheOldDays) which, while minimally friendly, were damn fine.
Apparantly rumour has it that there existed a system of sending information without wires before 802.11 that he was an amateur dabbler in..
My metaphorical hat goes off to him for decades of hard, smart, cheerful, pioneering work.
you could write the most incredibly scary 'sploit with this hole;
;-)
Naturally I don't know what I'm talking about (in terms of sploitability of the zlib hole, but it looks bad from a cursory scan) but..
Let's say that there are a buttload of vulnerable programs (let's suppose; multiple browser/IM client PNG implementations, Flash Player(!), email browsers, etcetera) and they mostly link in (statically or dynamically) one of say 4 different builds of zlib. I am making assumptions here which someone will be happy to correct me on, but as this code is right in the core of the decompressor, the local stack frame (regardless of which vulnerable app is running) will likely be usually very similar, making a near-universal buffer overflow sploit at least more practicable.
Now this may be conjecture, but it seems possible that sufficiently misguided individual(s) could work hard and produce an outrageouly virulent nasty that could infect a multitude of different apps. Dunno how hard it would be to get the payload working though.
Certainly busting into a web server will get much easier for a lot of people - there are a lot of server apps that accept (or look inside) zip files, not to mention _virus scanners_. Oh the irony - Your virus checker gets you 0wned.
Disclaimer: Actually implementing any or all of the above sounds like, at best, a waste of one's precious lifetime. Go hang out with some friends instead.
Hey you guys,
Just wanted to point out that, amidst the usual "They should've written it in perl" type nonsense, can I just point out that
** This is a _really_ serious bug **
Zlib is very easy to use, effective, and standard, so has been VERY WIDELY incorporated into apps for the last half-dozen years. Those apps are all the most popular *INTERNET FACING* apps (b/c most everyone adds a dash of zlib on incoming or outgoing internet data), and they almost all trust zlib to not blow up on incoming data.
Dudes, not only PNG, but *Macromedia Flash* does and has always used zlib. Anyone fancy checking that?
Perhaps it might be an idea to write a firewall filter that inspects data to detect poisoned zip streams? I believe it can be done reasonably efficiently b/c zip streams are not that expensive to identify.
I had my ~1Tb music server die on me last year. Was a buttload of Maxtor's, and they worked perfectly.. until the power supply suddenly decided that if 12V was good for hard drives, 110V must be better!
Happily I had got paranoid a few months earlier and backed up all the static data, but for my database I was having one drive backup onto another daily. Now _that_ was a bad idea.
I did eventually get the db data back by (as suggested above) swapping logic boards between non-dead and dead drives. It worked really well, and NONE of the drives had suffered worse than a toasted logic board. Spindle and seek motors etc were fine, as was the db data.. when I eventually got it back.
Swapping the controller boards on the drives was very very easy indeed - with many models you can just undo a handful of screws and without even yanking out connectors it's a piece of cake. Obviously try your best to get a board from the same model/batch of drive (firmware differences etc) however I found them to be remarkably interchangable.