I was DMing a civil-war era slave escape campaign, with magic weapons instead of firearms. The party was moving as quickly and quietly as possible through the forest while their master's sons and neighbors looked for them with dogs and horses.
They'd just brilliantly ambushed a search party with lightning weapons at a river crossing. While looting the bodies:
Player: Is there anything else on him? DM: You've taken everything but his clothes and his hat. P: Hm... are any of these guys my size? DM: One of them is. P: OK, I strip his clothes and put them on.
(naughty remarks from other players)
DM: (Roll disguise check, comes out high.) OK, you succeed but it takes you several minutes. The hoofbeats in the distance are getting louder. P: Oh right, didn't we catch one of their horses? P2: Yeah. P: OK, I get up on the horse. (Makes ride check, comes out high.) DM: OK... P: How do I look? DM: Exactly like him, except you're black. P: Oh, shit.
For Bug Three, that is, the dimming of menu items, I found Mac OS 9's balloon help to be, well, helpful. If (in a well-written application) you hovered your mouse over a disabled menu item with balloon help on, the help balloon would say not only what the menu item normally does, but why it is currently grayed out.
I would nominate balloon help for one of the most annoying omissions from OS X. Sure there are tooltips, but they don't work in menus.
Objective-C is slow? Um... not terribly. Large memory footprint? Not unless you're forgetting to deallocate objects, or just have a bad design.
Obj-C boxes are huge. Method calls are heavily indirected. All this makes for more dynamism, but I stand by my claim that Python beats it, and that Objective-C beats it.
120-some-character method names? Not typically, and verbose method names are actually good, if occasionally overdone. Yea, it's unsafe, it's a superset of C, of course it's unsafe. You really think Objective-C is less memory-hungry than Python or O'Caml? Interesting... I'd like to see your benchmarks there.
OK, so they're toy problems, all benchmarks are lies, etc. But do you see why Obj-Caml is attractive?
It's clear we have different ideas of what makes a language developer-friendly. Access to C routines makes Objective-C developer-friendly in my book.
True. But mixing C and Objective-C code can be painful, even though they're compatible.
C is great for the core of most calculation routines of any type. Which is how it is often used in the context of an Objective-C program. You don't always need high-level.
Agreed. Which is why most high-level languages have a decent FFI.
Now you're making me wonder how many Python or O'Caml games there are out there. I guess there must be a few... any commercial ones? C++ when written correctly is awfully high-level, no? I can't belive you'd complain about Objective-C syntax and not C++ syntax...
Not very many. I don't keep track of commercial ones and can google as fast as you can. Plenty of compilers (eg Felix) are written in O'Caml, as well as some math stuff (FFTW). I don't think Caml is good for games though. Now, there is this Python gaming kit which is supposed to be pretty good, but I don't know what games are written in it. Most $n million productions are C++ and C, as you've said, but that's because it has to be fast.
I like Objective-C syntax for high-level code, because it's clean and descriptive, but for small, simple routines it's encumbering. C++ syntax is bitchy and complicated, but it's reasonably concise.
First, slow compared to what? Link me up with that Java/Python benchmark comparison.
Python is slower, but it's designed to have a C core for stuff that has to be fast. It has a very clean FFI, whereas Java has none.
No, really. Something tells me you might just be making this stuff up, repeating something you read somewhere or something. Java used to be slow. Starting up a JVM can be slow. Some Swing drawing routines on some platforms can be slow. I'm also wondering, huh, do you think of programming in terms of anything besides games?
Yes, I think about it mostly in terms of real applications, hence my inability to name commercial games written in any of these
You want to use something that's not the most developer-friendly language ever created ( Objective-C ), the most commonly used language ever created ( C ), the most commonly used in commercial products OO language ( C++ ) nor the best mulitplatform language ever ( Java ) ?? What's your reasoning there?
Objective-C is slow, it eats memory, and its syntax is very verbose. Most languages don't have 120-some character method names. And for all that, it's still unsafe, and has very little in the way of static type-checking, and no garbage collector (a refcounter where you have to twiddle references a lot doesn't count). I would not call it "the most developer-friendly language every created." I'd much rather code in Python or O'Caml.
C is not a good choice for anything but the core of most games, as it is too developer-unfriendly and lacks in features (like OO, anonymous functions, garbage collection...). While excellent for low-level code, it's not really in the running for high-level.
C++ is a good language for games, but many people would rather have something higher-level. It's unsafe, but many people will overlook.
Java is slow and verbose, and therefore painful for game development.
And what do you call this special technology? What a brilliant new development. Please, Mr. Balmer, you must share this invention with the rest of us. Or, perhaps, is it "sendmail" on "linux" running "spamassassin"? Ah, yes, perhaps so.
Not SpamAssassin. It doesn't scale very well. Every incoming message spawns a new perl process. Multiply this by 46 messages a second, peaking at perhaps double or triple that. This kind of load would bring down a small cluster... do you think they have a rack of servers just to deal with BillG's mail?
A filter written in C would do much better, methinks. Furthermore, it could have a slow learning curve, as he gets enough spam to train it anyway.
As far as I'm concerned, it's not a privacy issue unless they fuck it up. They can already track you by SSN, state ID, or whatever. It would only really be a privacy issue if they put RFID stuff in your card, and this enabled unintended people to scan the thing and get useful information. That would open the system up to abuse by criminals and stores alike.
But the real problem with national ID cards is that they have negative security value. They will be trusted more than ID cards and social security numbers, and they will be only one piece of information to forge or steal. The government databases connected with the ID cards will be vulnerable and unreliable, and more so than the SSN databases because of their size (i.e., more chances to create a privacy problem by fucking it up). They'll be a bigger pain in the neck for people who lose them, and the risks of identity theft will be monstrous.
It would be very difficult to get something on this scale right, and it would be worse than the current system of state IDs, kludgy as that is. On top of that, the project would be horrendously expensive.
There would also certainly be ways for an insider to ruin someone's life, even more than there are today, by fiddling with these databases.
If there were national ID cards from the beginning, the system might be better than what we see today (I personally think it would be simpler but probably more vulnerable to abuse). But I think that instituting them now would be a mistake.
There is only one way to use biometrics securely. If your office has a huge guy at the door who's good with faces, that's secure biometrics. He'll be much harder to dupe than a computer, and you can't steal his database. Of course, he's expensive, and you probably want at least one additional factor.
He doesn't want to be an artist. He doesn't want to make a living by art. He just wants not to have to hire an artist to make minor icons/interface elements in his programs.
... but that makes for only 40 bits, and so can only address 1 TB of data (plus epsilon from the carries).
Re:Hard Drive in the Freezer
on
Creative Data Loss
·
· Score: 5, Informative
If the drive was stictioned, depending on the lubricant, a decent way to rescue it might be
1) Heat the drive above room temperature. I'm not saying boil it; I put one of those chemical hand-warmers on mine and left it in a box for a while. This should heat it to around 40C.
2) Connect it to your computer, but leave the drive itself out on a desk. May require some monkeying with your case to let it run while open.
3) Turn the computer on. If the drive still clicks when it tries to spin up, tap it on the corner (in a way that would spin the drive if you hit it harder). The idea is to provide some torque to break the static friction of the lubricant and get it spun up.
I rescued (part of) a hard drive this way last year. I didn't get all the data off it, but at least I managed to retrieve/,/var and/etc. The/usr partition got read errors, possibly due to my whacking the disk.
While the nuclear waste may be less radioactive, how much damage it will do to living systems depends on the isotopes released and their tendencies to accumulate in nasty places, like people's thyroid glands (iodine, but there are others, such as isotopes of strontium and cesium, which are also quite nasty).
Furthermore, the pro-nuclear groups would like nuclear to be much cleaner than coal, especially in regards to "scary" things like radiation. And it would be, if you could find a good place to store the waste.
If you have one in your area, Micro Center has always been good to me. They have decent prices for a retail shop, usually a great selection of books, and a wider selection on pretty much any computer component than any store I've been to.
I'll second the comment on their books and selection (although Fry's has a bigger selection), but their prices are not that great. They seem to be substantially higher than, say, NewEgg. A DVD burner that costs $60 on NewEgg will cost $120 at MicroCenter. It will be retail instead of OEM, but the retail version is then $80 or so online. Similarly for hard drives and RAM. Their wireless cards (and the like) also tend not to have Linux drivers.
Still, occasionally you will find something priced competitively with NewEgg, and they do indeed have a nice selection.
Ports would be the first and most important thing. It seems easier to administer than Linux: pf is a good firewall, and the startup scripts are very logically organized. Built-in ACLs have come in handy; soft-updates and filesystem snapshots are very nice too.
Have you encountered many problems with hardware compatibility, particularly USB, RAID, and audio?
It auto-configured most stuff on my Mini-ITX box (small/low-power file/web/whatever server, and soon a jukebox too), which is rather strange hardware, including the onboard networking (Via Rhine) and on-die random number generator. I used to have a lot of trouble with spotty USB support, but it seems fixed in more recent 5.x builds. Audio did not auto-configure, but all it required was loading a module or adding it to kernel config.
A nice new trick is Project Evil, which is a binary compatibility layer for Windows wireless card drivers.
Have you had difficulty finding applications that will run on it?
No. It has a Linux ABI, so you should be able to run Linux binaries on it if necessary (or SCO, or Solaris....). Furthermore, Ports is generally quite complete. Sometimes a port will get out of date, but this is often because the maintainers are testing it.
Java was kind of annoying; the port isn't fully automated due to licensing stuff.
In general, will software written for Linux compile and run on FreeBSD without too much difficulty?
Yes. In fact, software compiled for Linux should (in theory) run without too much difficulty. This is how you get Java.
I agree. Also, in the World Series, they should just add up the number of total runs for all the games, and declair the team that got the most runs in the series the winner.
Yep. And in both cases, it wouldn't have mattered this year.
Tempest shmempest. A much more serious side-channel attack (i.e. an attack that allows one to break encrypted data or protocols through means other than the information transmitted intentionally by the card) is power analysis. This attack is exceedingly effective against many smart cards... is this one protected?
I admit that I, like the GP poster, don't have anything that I really need to protect. I also read the AES papers when they first came out, and it's been said that something so simple might just be "waiting for the right hammer". And I've read the "margin of security" stuff, and the tentative attacks (Courtois / Pieprzyk) using algebraic geometry.
None of it matters, for now. To break a strong symmetric cipher like AES just means to find a method which will deduce the key from an arbitrarily large amount of data (often with chosen plaintext or ciphertext) in a smaller number of basic operations than 2^(key size). This doesn't mean the attack is practical.
DES is broken, but not in a practical way. You need terabytes of crypts of chosen plaintext to break it in 2^40some time (here, would you please encrypt this RAID for me?). Of course, the key is now within the range of a brute-force attack, as EFF showed.
Of course, this is in the public domain; who knows if some government or other secret organization has broken it, and has the supercomputer power to actually run an attack. But unless you're a foreign government or prime enemy of the state (read: Osama bin Laden), it doesn't matter much whether the US (or French, or Nigerian....) government has broken AES, because tinfoil hat or no, they wouldn't blow a secret like that just to send you to jail (perhaps I am insufficiently paranoid?).
Now, it is possible that "the right hammer" will come along and there will be an attack on AES that runs on your PC. But I'm betting against it.
It's greedy. They'd rather that happen (and are more likely to find out about it) than the machine crashing after giving you cash but before deducting the amount.
Slashdot Mirror
I was DMing a civil-war era slave escape campaign, with magic weapons instead of firearms. The party was moving as quickly and quietly as possible through the forest while their master's sons and neighbors looked for them with dogs and horses.
They'd just brilliantly ambushed a search party with lightning weapons at a river crossing. While looting the bodies:
Player: Is there anything else on him?
DM: You've taken everything but his clothes and his hat.
P: Hm... are any of these guys my size?
DM: One of them is.
P: OK, I strip his clothes and put them on.
(naughty remarks from other players)
DM: (Roll disguise check, comes out high.) OK, you succeed but it takes you several minutes. The hoofbeats in the distance are getting louder.
P: Oh right, didn't we catch one of their horses?
P2: Yeah.
P: OK, I get up on the horse. (Makes ride check, comes out high.)
DM: OK...
P: How do I look?
DM: Exactly like him, except you're black.
P: Oh, shit.
For Bug Three, that is, the dimming of menu items, I found Mac OS 9's balloon help to be, well, helpful. If (in a well-written application) you hovered your mouse over a disabled menu item with balloon help on, the help balloon would say not only what the menu item normally does, but why it is currently grayed out.
I would nominate balloon help for one of the most annoying omissions from OS X. Sure there are tooltips, but they don't work in menus.
You want fast and a garbage collector??
Yes.
Objective-C is slow? Um... not terribly. Large memory footprint? Not unless you're forgetting to deallocate objects, or just have a bad design.
Obj-C boxes are huge. Method calls are heavily indirected. All this makes for more dynamism, but I stand by my claim that Python beats it, and that Objective-C beats it.
120-some-character method names? Not typically, and verbose method names are actually good, if occasionally overdone. Yea, it's unsafe, it's a superset of C, of course it's unsafe. You really think Objective-C is less memory-hungry than Python or O'Caml? Interesting... I'd like to see your benchmarks there.
CPU
Memory
LOC
OK, so they're toy problems, all benchmarks are lies, etc. But do you see why Obj-Caml is attractive?
It's clear we have different ideas of what makes a language developer-friendly. Access to C routines makes Objective-C developer-friendly in my book.
True. But mixing C and Objective-C code can be painful, even though they're compatible.
C is great for the core of most calculation routines of any type. Which is how it is often used in the context of an Objective-C program. You don't always need high-level.
Agreed. Which is why most high-level languages have a decent FFI.
Now you're making me wonder how many Python or O'Caml games there are out there. I guess there must be a few... any commercial ones? C++ when written correctly is awfully high-level, no? I can't belive you'd complain about Objective-C syntax and not C++ syntax...
Not very many. I don't keep track of commercial ones and can google as fast as you can. Plenty of compilers (eg Felix) are written in O'Caml, as well as some math stuff (FFTW). I don't think Caml is good for games though. Now, there is this Python gaming kit which is supposed to be pretty good, but I don't know what games are written in it. Most $n million productions are C++ and C, as you've said, but that's because it has to be fast.
I like Objective-C syntax for high-level code, because it's clean and descriptive, but for small, simple routines it's encumbering. C++ syntax is bitchy and complicated, but it's reasonably concise.
First, slow compared to what? Link me up with that Java/Python benchmark comparison.
Python is slower, but it's designed to have a C core for stuff that has to be fast. It has a very clean FFI, whereas Java has none.
No, really. Something tells me you might just be making this stuff up, repeating something you read somewhere or something. Java used to be slow. Starting up a JVM can be slow. Some Swing drawing routines on some platforms can be slow. I'm also wondering, huh, do you think of programming in terms of anything besides games?
Yes, I think about it mostly in terms of real applications, hence my inability to name commercial games written in any of these
You want to use something that's not the most developer-friendly language ever created ( Objective-C ), the most commonly used language ever created ( C ), the most commonly used in commercial products OO language ( C++ ) nor the best mulitplatform language ever ( Java ) ?? What's your reasoning there?
Objective-C is slow, it eats memory, and its syntax is very verbose. Most languages don't have 120-some character method names. And for all that, it's still unsafe, and has very little in the way of static type-checking, and no garbage collector (a refcounter where you have to twiddle references a lot doesn't count). I would not call it "the most developer-friendly language every created." I'd much rather code in Python or O'Caml.
C is not a good choice for anything but the core of most games, as it is too developer-unfriendly and lacks in features (like OO, anonymous functions, garbage collection...). While excellent for low-level code, it's not really in the running for high-level.
C++ is a good language for games, but many people would rather have something higher-level. It's unsafe, but many people will overlook.
Java is slow and verbose, and therefore painful for game development.
Maybe they want to code in Python?
I have to eat you know.
You misspelled "now."
I don't like you, but I like your wife. I'm going to take your wife. That's stealing.
No. That's kidnapping. If I don't like you, but I like your TV, and I take it, that's stealing.
And what do you call this special technology? What a brilliant new development. Please, Mr. Balmer, you must share this invention with the rest of us. Or, perhaps, is it "sendmail" on "linux" running "spamassassin"? Ah, yes, perhaps so.
Not SpamAssassin. It doesn't scale very well. Every incoming message spawns a new perl process. Multiply this by 46 messages a second, peaking at perhaps double or triple that. This kind of load would bring down a small cluster... do you think they have a rack of servers just to deal with BillG's mail?
A filter written in C would do much better, methinks. Furthermore, it could have a slow learning curve, as he gets enough spam to train it anyway.
As far as I'm concerned, it's not a privacy issue unless they fuck it up. They can already track you by SSN, state ID, or whatever. It would only really be a privacy issue if they put RFID stuff in your card, and this enabled unintended people to scan the thing and get useful information. That would open the system up to abuse by criminals and stores alike.
But the real problem with national ID cards is that they have negative security value. They will be trusted more than ID cards and social security numbers, and they will be only one piece of information to forge or steal. The government databases connected with the ID cards will be vulnerable and unreliable, and more so than the SSN databases because of their size (i.e., more chances to create a privacy problem by fucking it up). They'll be a bigger pain in the neck for people who lose them, and the risks of identity theft will be monstrous.
It would be very difficult to get something on this scale right, and it would be worse than the current system of state IDs, kludgy as that is. On top of that, the project would be horrendously expensive.
There would also certainly be ways for an insider to ruin someone's life, even more than there are today, by fiddling with these databases.
If there were national ID cards from the beginning, the system might be better than what we see today (I personally think it would be simpler but probably more vulnerable to abuse). But I think that instituting them now would be a mistake.
Schneier has a good essay on this here.
when they pry it from the ashes of my cold, dead hard drive.
I wasn't aware that cold things produced ashes.
There is only one way to use biometrics securely. If your office has a huge guy at the door who's good with faces, that's secure biometrics. He'll be much harder to dupe than a computer, and you can't steal his database. Of course, he's expensive, and you probably want at least one additional factor.
He doesn't want to be an artist. He doesn't want to make a living by art. He just wants not to have to hire an artist to make minor icons/interface elements in his programs.
Hitting it certainly does sound like a usr error.
/usr on a disk that won't spin up.
Heh. True, but without hitting the drive, it wouldn't spin up, and it's really hard to read
Good rate, but very long hours (24-7), not the most glamorous position, and little possibility of advancement. ;)
True, but he gets room and board, and he has a 9-year contract.
The work-at-home 'offers' are merely "Here is a list of companies. Write to them and see if they'll hire you to work at home"
Apparently, some of them are also basically money laundering for the Russian mob. They aren't terrible as work-at-home jobs go, but highly illegal.
the issue with heating is that it will neutralize magnetic fields on metal...
You're right. If you use this procedure, be sure not to heat the drive above 760C.
... but that makes for only 40 bits, and so can only address 1 TB of data (plus epsilon from the carries).
If the drive was stictioned, depending on the lubricant, a decent way to rescue it might be
/, /var and /etc. The /usr partition got read errors, possibly due to my whacking the disk.
1) Heat the drive above room temperature. I'm not saying boil it; I put one of those chemical hand-warmers on mine and left it in a box for a while. This should heat it to around 40C.
2) Connect it to your computer, but leave the drive itself out on a desk. May require some monkeying with your case to let it run while open.
3) Turn the computer on. If the drive still clicks when it tries to spin up, tap it on the corner (in a way that would spin the drive if you hit it harder). The idea is to provide some torque to break the static friction of the lubricant and get it spun up.
I rescued (part of) a hard drive this way last year. I didn't get all the data off it, but at least I managed to retrieve
While the nuclear waste may be less radioactive, how much damage it will do to living systems depends on the isotopes released and their tendencies to accumulate in nasty places, like people's thyroid glands (iodine, but there are others, such as isotopes of strontium and cesium, which are also quite nasty).
Furthermore, the pro-nuclear groups would like nuclear to be much cleaner than coal, especially in regards to "scary" things like radiation. And it would be, if you could find a good place to store the waste.
... not friction.
If you have one in your area, Micro Center has always been good to me. They have decent prices for a retail shop, usually a great selection of books, and a wider selection on pretty much any computer component than any store I've been to.
I'll second the comment on their books and selection (although Fry's has a bigger selection), but their prices are not that great. They seem to be substantially higher than, say, NewEgg. A DVD burner that costs $60 on NewEgg will cost $120 at MicroCenter. It will be retail instead of OEM, but the retail version is then $80 or so online. Similarly for hard drives and RAM. Their wireless cards (and the like) also tend not to have Linux drivers.
Still, occasionally you will find something priced competitively with NewEgg, and they do indeed have a nice selection.
Why do you prefer it over other Unix-like OS's?
Ports would be the first and most important thing. It seems easier to administer than Linux: pf is a good firewall, and the startup scripts are very logically organized. Built-in ACLs have come in handy; soft-updates and filesystem snapshots are very nice too.
Have you encountered many problems with hardware compatibility, particularly USB, RAID, and audio?
It auto-configured most stuff on my Mini-ITX box (small/low-power file/web/whatever server, and soon a jukebox too), which is rather strange hardware, including the onboard networking (Via Rhine) and on-die random number generator. I used to have a lot of trouble with spotty USB support, but it seems fixed in more recent 5.x builds. Audio did not auto-configure, but all it required was loading a module or adding it to kernel config.
A nice new trick is Project Evil, which is a binary compatibility layer for Windows wireless card drivers.
Have you had difficulty finding applications that will run on it?
No. It has a Linux ABI, so you should be able to run Linux binaries on it if necessary (or SCO, or Solaris....). Furthermore, Ports is generally quite complete. Sometimes a port will get out of date, but this is often because the maintainers are testing it.
Java was kind of annoying; the port isn't fully automated due to licensing stuff.
In general, will software written for Linux compile and run on FreeBSD without too much difficulty?
Yes. In fact, software compiled for Linux should (in theory) run without too much difficulty. This is how you get Java.
I agree. Also, in the World Series, they should just add up the number of total runs for all the games, and declair the team that got the most runs in the series the winner.
Yep. And in both cases, it wouldn't have mattered this year.
Tempest shmempest. A much more serious side-channel attack (i.e. an attack that allows one to break encrypted data or protocols through means other than the information transmitted intentionally by the card) is power analysis. This attack is exceedingly effective against many smart cards... is this one protected?
I admit that I, like the GP poster, don't have anything that I really need to protect. I also read the AES papers when they first came out, and it's been said that something so simple might just be "waiting for the right hammer". And I've read the "margin of security" stuff, and the tentative attacks (Courtois / Pieprzyk) using algebraic geometry.
None of it matters, for now. To break a strong symmetric cipher like AES just means to find a method which will deduce the key from an arbitrarily large amount of data (often with chosen plaintext or ciphertext) in a smaller number of basic operations than 2^(key size). This doesn't mean the attack is practical.
DES is broken, but not in a practical way. You need terabytes of crypts of chosen plaintext to break it in 2^40some time (here, would you please encrypt this RAID for me?). Of course, the key is now within the range of a brute-force attack, as EFF showed.
Of course, this is in the public domain; who knows if some government or other secret organization has broken it, and has the supercomputer power to actually run an attack. But unless you're a foreign government or prime enemy of the state (read: Osama bin Laden), it doesn't matter much whether the US (or French, or Nigerian....) government has broken AES, because tinfoil hat or no, they wouldn't blow a secret like that just to send you to jail (perhaps I am insufficiently paranoid?).
Now, it is possible that "the right hammer" will come along and there will be an attack on AES that runs on your PC. But I'm betting against it.
It's greedy. They'd rather that happen (and are more likely to find out about it) than the machine crashing after giving you cash but before deducting the amount.