We may see some of these tools shipping with Doom 3. I can only speculate, but I heard tale of some really cool editing tools this time around. Something about making levels in realtime? Can anyone confirm/deny this? (JC?)
I'm heading up a special mod project for Doom 3 that will only see the light if we can get some amazing models talent on board, so even if there is IF styled game design, there still remains the problems of customization.
I see the problem with video game stories as a systemic one, and Sam Lake touches on this when he identifies novels as a singular effort, and video games as a team effort. When you have a bunch of people with different backgrounds working on a project, quite a bit of infighting can occur. Plus there is the aspects of how stories affect the gameplay, and the scaling of the combat in games. The story may call for particular systems to be in place that are impossible, so it is critical for authors to fully understand the game design process to interpret these events into a literary context.
Oh boy, I can remember my first exposure to computers was in the basement of a friend-of-the-family, when I learned how to program in basic for the first time.
10 print "Scott rules!!" 20 goto 10
Seriously though, where would we be today without Basic? Even the most complex systems rely on the knowledge we have received after years of mistakes in computational design. Some mistakes are still around, and leading the trends of computing, and others have disappeared. But the same thing happens whenever I teach a class in PHP; students revert to the Basic model as a basis for everything, until they learn how to break up their code into blocks, functions and classes. I guess that kind of knowledge only comes from experience, after many wasted hours in the lab. That's when you know who has cheated on their latest assignment; when they don't understand the fundamentals that can only come from hours of pushing through the code revisions.
> what blows my mind is those that use the DB column name in a webform to be passed
OMG how many times I've seen that!!! It makes me wonder what planet these people are on. It's like they have a big bullseye on their asses, really.
Keeping table names secret is a good way to make it harder for script kiddies to attack. PHPBB allows for table names to have a prefix for this purpose, and sadly most people using it don't even bother.
Since most attacks come from script kiddies, you limit the ability by obfuscating things. I'm not suggesting it's the only path to security, just that it helps deter anyone but the more adept.
> Nothing that is ever given to the user, or recieved from the user should be trusted... EVER
Yeah it's like giving them your bank card PIN and mailing them the card, so they can check for errors on the little black stripe; the oldest game in the book is that wallet-inspector gag.
> Always check user input as much as is possible. Probably at least two-thirds of my programming is input data verification.
Good. You are off to the right start, but with better function programming, you will find yourself writing more feature code than purification code.
Things to look for:
Push 99% of all expected/selectable data into tables with a record_id, so you can easily purify the incoming data:
function npurify(&$text){
if(!is_numeric($text)) $text = 1;
}
Protects against SELECT SQL injection attacks.
Snuff out > and < chars so that they can't contain the Script HTML tag when purifying data. Replacing these characters with their html entities usually works; ie: > becomes > < becomes <
Convert data in your database to base_64 and gzdeflate it: $data = base64_encode(gzdeflate($data)); This will prevent the problems with escaping quotes and apostrophes for SQL, and it will kill any SQL injections in your data.
Use better logic for testing incoming data; if($this) {perform action}... will limit your chances of having to cope with scipt injections because you are only testing for the existence of a condition, and not the value of the data.
Run bitchecking against acceptable alphabets for purification of character values. Gauge to have good CPU usage of this sort of thing.
Code a good link converter, so you don't have to accept HTML in posts, and you don't need to accept any HTML.
There are likely more, but these are the big ones.
> Always escape text which is going into an SQL query
I prefer to write my own SQL text, based on input values. That way you are never using data submitted for the SQL query. The only time they would really submit values would be when they are sending in a username and password, but in that case, you should be extremely stringent in purification by only accepting alphanumeric usernames and passwords (ie: run the alphabet function above, but erase all non-alphanumeric chars from the $ALPHABET var).
> Use htmlspecialchars() on any text that's being output, to stop users putting rogue HTML
htmlspecialchars() doesn't always work. I prefer using the example above, by limiting the characters allowed and disallowing HTML in the form of post body/subject data. Converting everything to base64 will make it nearly impossible to script attack the database, too.
> Put database usernames, passwords, pathnames and other similarly important but site-specific data in a define()
I disagree, because I use the $_SESSION array instead, which can not be changed by a user if the session cookie is server-side. Sessions can be scooped by sniffers, but that can be managed by your host's security, to prevent it. Certainly change the locale for session data from/tmp/, because that narrows down hack attempts, making it all the more harder to compromise the system.
> Never include() or require() something that isn't a hard-coded string
To me, this isn't totally required if you have suitable purification, but that extra bit of paranoia is welcomed, because it shows true fear and that is acceptable in any kind of programming. That sort of humility is welcomed because it demonstrates a compassion for the task at hand.
> If you're going to make that argument (which, BTW, I think is accurate), then you'd better be prepared to say that Windows isn't inherantly insecure as well.
No, not really. If you're arguing that Windows isn't insecure (which is slightly off-topic) I would have to disagree. The security flaws in Windows are due to over-complication of a proprietary system, leading to gaping holes that keep springing up on a systemic level; these holes are compounded by closed source, financial rationale (lacking in motivation for corrections) and corporate belligerence on a systemic level. Fewer eyes have seen Windows source code than PHP source code, and those that have are swimming from confusing and conflicting design models.
Windows is insecure because the people involved are xenophobic. Plus PHP isn't an operating system, so we're really talking about penguins, apples and windows.
PHP and MySQL are not weak; faux programmers are weak. Purification of incoming data is essential, and often ignored by novice script-writers, and that's the problem. SQL injections are common among novice coders, and they can slip past even competent coders, but a strict design engine for passing SQL vars using $_REQUEST, and turning off register_globals, will result in better results.
Essentially, the problem is with those making insecure scripts, not the whole PHP and SQL system.
This comes down to rewards, really. AXA goes after Google, because they are worth billions, and can pay out large sums of money if they are sued and lose. AXA should be suing their competitor for faulty advertising (by linking their products and services to the AXA name). AXA is going after the wrong goose because they suspect they can railroad a court into thinking Google is responsible for the advertising it distributes. In any newspaper in the world, if you advertise, you are responsible for the content of the ad, not the publisher. Google, therefore, is nothing but a medium and has strict limits to liability, and I'm pretty sure a competant team of laywers can successfully argue this point, and win. Publishing companies are protected from huge lawsuits for publishing false advertising claims (within reason), because publishers are in less of a position to test the accuracy of claims than those making them; they are being paid for a delivery service only and they do not support the accuracy of advertising; how could they?
IANAL, but this is my take on it: AXA has made a huge mistake, and they are going to wind up with nothing (nothing, minus legal fees), and they are feeding their competitor eventual legal advantage by going after the wrong goose. AXA, therefore, is sly, but quite possibly stupid.
If you want to have a real chuckle, check out the Custom Graphics section. I was a TI 99/4A die-hard, and I couldn't help but remember my old system, and coding graphics from 99er Magazine, in all its glory, upon setting eyes on those custom graphics. I must have one of those calculators.
> I think we will rather see that before we see any horror scenarios like "Blade Runner like replicant slaves".
No jokes there. When the baby boomers die off, and they will, we're going to need replacements for many key positions that nobody will want to do. Janitorial, factory, septic and other unsavory positions will need filling, and there will be a huge vacuum in these positions as companies hire up people for more and more office (thinking) jobs. Allan Watts, the renowned philosopher, suggested that we have the means to create a subservient robot race to serve us in this capacity. Maybe these Bio Bricks are another step towards his dream?
I've heard rants on Slashdot before, but you take the cake, man. People can disagree without becoming disagreeable. Not every person has to share the same view... the world is better for having multiple views. I can appreciate how you dislike football, football players and even football heroes.
But what I was saying and what you're saying don't match up as adversarial statements.
> You still don't get it. For all he did, he's still considered a football "hero".
I never said he was a football hero. I said he was a hero for giving up millions to join the fight against terrorism. Point out any other millionaire who has given his life to serve and I'll likely be looking at another hero. There are heroes of valour (guys that perform excellent military service like the character of Forest Gump), but Tillman is a hero of sacrifice, and that extends beyond military service, IMHO.
> But he is singled out for fanfare only because of the NFL connection, which disrespects the personal sacrifices made by all who have died in war.
I never said anything about NFL; just that he gave up significant monetary gains to serve. I wouldn't necessarily single him out for fanfare, either; I would remember that as an example of self-sacrifice.
Don't look at me as if I'm siding with the press. I don't like the press very much, and I've had direct contact with them before that was unpleasant, in that they tend to mess everything up and make a story, rather than report news.
> All I can do is distance myself from morons who cheer when a muscle-headed millionaire runs a ball past a line and does a self-aggrandizing dance.
This only shows your hatred for football, nothing significant there really because it's a subjective analysis only.
> Tillman knew that was a meaningless game, and it's sad that he couldn't distance himself far enough away from it; not in going overseas and not in death.
How could you possibly know this? Did you know the man? Do you know someone that knew him?
> I can't control that people think like you do, and the only way I can distance myself here is to make you a foe.
This is obviously your decision to make. Why bother posting about it? That's trollish.
> I encourage you to actually think about what makes a man a hero. Until you get your priorities straight, you're an unbearable person to be around.
Can it be so easily quantified, what makes a hero? I think not. It's like art; I know what art is when I see it, but I can't define art. How could anyone define art? How could anyone define what makes a hero? I know what some ingredients are, and I've seen many of them in the people I know.
You likely aren't a hero, because you have to become disagreeable when you disagree. Maybe if you could be agreeable, even in debate, you would find yourself exhibiting hero qualities. You obviously have the intellect for it... maybe not the patience?
> With them in on the ground floor on this one, I think it's doomed to be proprietary.
This really goes without saying. Let's face it, MS has always been an adopter of closed technology, even when they have been tinkering with open standards. They consistently over-complicate things, to try and keep things in the family. Their overcomplicating is what has lead to so many security leaks, IMHO. They write XML as if it was some kind of machine language... it doesn't have to be that difficult, at all.
What the hell is with that little campaign against my puny UID in your sig? Are you some kind of nut? Don't you think it's wise to get to know someone before making them a foe?
> No trespassing. Violators will be shot. Survivors will be shot again.
I love this Vice City reference!:-) Just started playing it again and I'm having a blast. I love the feeling of running the speedy bikes down that main drag in front of Ocean View.
> 1) Why are their terms of service / Pirvacy Policy so vague?
This is to keep it simple. Exacting legal language is the path to screwing people. Vague terms of service are good because both sides can wiggle. Has anyone been sued because of these terms of service? I'd like to see some refs to that, but I'm guessing it's just to protect the general public from a-holes who would exploit Google.
> 2) Why does their cookie stay until the year 2038?
Not to be funny, but someone at Google likely knows when the end of the world is coming and has set the cookie to reflect this. Seriously, who cares how long cookies stay alive for? You can block them if you like, but I think it's really just to keep Google more effective.
> 3) Why does their Google search bar report information and auto-update without permission?
I'm against Spyware, so I don't run it, but Google tracks searches anyway, so what's the point of getting upset about it? These technologies makes Google more user-friendly. Google doesn't have loads of popups trying to get you to install the bar -- it's not right in your face. People who want it likely don't care if it auto-updates because then they have the most recent version of it.
> If truth is the first casualty of war, openness is the first casualty of going public.
Maybe this is the reason after all, but I think it's more about Google being simple, smart and clean. They play fair (no browser interstitials, no sneaky crap, no registration necessary...etc); I would equate Google's victory thusfar to a kind of no-nonsense attitude to business, always, no-exception.
> Doesn't sound like it will catch most of what we call Spyware.
I'd have to agree. Spyware is any software that installs, either with or without permission, to monitor the user and relay information to third parties, for the purposes of selling merchandise or services. Spyware runs in the background, and is difficult to uninstall, or breaks other programs when uninstalled.
> You all clearly know he didn't want the fanfare, and yet the media imposes it anyway!
Nobody can control the love or hatred of the people. The best examples of humanity are etched into history, because they motivate us. The worst people are also there, as a reminder of how things can go horribly wrong. Tillman is a hero, and you can't control it. So just accept it.
One of the comments on Groklaw asks, "Why not Baystar, RBC and Microsoft?".
I think it's likely because these are corporations that would probably resist assisting IBM, and the IBM legal team could still be working out methods for compelling each of these corporations into full testimony. RBC would likely resist, and as a Canadian Bank they can tie up the whole process for as long as they want, unless compelled by a Canadian federal court. Plus, RBC is the most profitable bank in Canada, so they have billions in pocket change to throw at the fight, need be.
Trying to get documents from Microsoft in connection to SCO would likely be a huge legal undertaking, so that might be what's slowing things down. IANAL, but if Microsoft, BayStar and RBC joined the fray, wouldn't they have the power to somehow stop the whole process, or slow it dramatically as a joint force? You have to be extremely delicate when handling companies with track records like Microsoft. Maybe IBM's legal team is getting as much data as they can from corporations who won't put up much of a fight, before Microsoft comes in and shuts everything down.
> Kingston (where I am, too) has atrocious vagrancy problems
I would have to agree. It's really sad.
> not totally unrelated to the centralization of federal prisons in the area
My experience is that most ex-cons flee the city after being released, because they don't wish to stick around. I guess some stay, but for the most part they depart.
> lack of sustainable industry.
This is likely the real problem. Kingston's ecconomy is terrible, due mostly to the corruption of city officials, from what I can tell. Remember the Tall Ships fiasco? They spent thousands on food, and lost $700k on that one. Not sure where it went, but it went. Also, Block D! I've never heard of a lot like that anywhere in the world, where countless opportunities for development have been thwarted by locals wishing to keep their view of the harbour. It's really a sad state of affairs. Any time a developer has come to develop Block D, they have lost their shirts or just barely escaped with a huge loss of profit. Then there was the whole Memorial Centre fiasco with that famous Las Vegas singer, that only drew about 700 tickets. They were expecting thousands! Oh and when CCR played a reunion concert, the Kingston City Council decided not to back it; the concert was a huge success anyway! I was there man, and let me just say that CCR totally ROCKED. The City had a chance to recoup losses from the previous disaster and they opted out from backing CCR out of fear, or perhaps stupidity in motion.
> In the summer the tourist industry is focused around Princess and the downtown area, and I gather it's possible to do fairly well pan-handling, or playing music on the street.
Personally, I think that relying on the charity of others is a hard sell. Buskers make a lot of money because they are entertaining, but what about the ones that just suck? There are plenty of those trying to merely exist. The noise!
> It is non-taxable income, so $5/hr is really equivalent to $8/hr working, and I'd think that'd be a low ballpark figure for the summer (albeit perhaps a bit high for winter).
Agreed. Winter on the street would be damn hard in Kingston. Summer, would be easier but still very difficult. If I was homeless, I'd cross the border and head for Florida (and lose my ID on the way).
Slashdot Mirror
We may see some of these tools shipping with Doom 3. I can only speculate, but I heard tale of some really cool editing tools this time around. Something about making levels in realtime? Can anyone confirm/deny this? (JC?)
I'm heading up a special mod project for Doom 3 that will only see the light if we can get some amazing models talent on board, so even if there is IF styled game design, there still remains the problems of customization.
I see the problem with video game stories as a systemic one, and Sam Lake touches on this when he identifies novels as a singular effort, and video games as a team effort. When you have a bunch of people with different backgrounds working on a project, quite a bit of infighting can occur. Plus there is the aspects of how stories affect the gameplay, and the scaling of the combat in games. The story may call for particular systems to be in place that are impossible, so it is critical for authors to fully understand the game design process to interpret these events into a literary context.
> Can anyone tell me how to do a solid path checking so I can include a module specified by a POST variable?
. $fields['the_filename']);
:-)
Personally, I would create a table of values that lists the existing filenames.
Possible fields:
record_id (INT, PRIMARY KEY, AUTO INCREMENT)
the_filename (VARCHAR 128) (ie: thatfile.php)
Don't put the path in the_filename... hard code the path in your init file. ie: $FILENAME_PATH = '/images/birthday2004/';
Then:
print $PATH.$fields['the_filename'];
or
require($PATH
This way the file your clients request has to be in the table.
Make the POST var a numeric one, and that way you can quickly SELECT from the table, the record_id, and read the_filename.
I've got examples of how to do this in the Gemsites code.
> what blows my mind is those that use the DB column name in a webform to be passed
OMG how many times I've seen that!!! It makes me wonder what planet these people are on. It's like they have a big bullseye on their asses, really.
Keeping table names secret is a good way to make it harder for script kiddies to attack. PHPBB allows for table names to have a prefix for this purpose, and sadly most people using it don't even bother.
Since most attacks come from script kiddies, you limit the ability by obfuscating things. I'm not suggesting it's the only path to security, just that it helps deter anyone but the more adept.
> Nothing that is ever given to the user, or recieved from the user should be trusted... EVER
Yeah it's like giving them your bank card PIN and mailing them the card, so they can check for errors on the little black stripe; the oldest game in the book is that wallet-inspector gag.
Good. You are off to the right start, but with better function programming, you will find yourself writing more feature code than purification code.
Things to look for:
Protects against SELECT SQL injection attacks.
> becomes >
< becomes <
$data = base64_encode(gzdeflate($data));
This will prevent the problems with escaping quotes and apostrophes for SQL, and it will kill any SQL injections in your data.
if($this) {perform action}... will limit your chances of having to cope with scipt injections because you are only testing for the existence of a condition, and not the value of the data.
> Always escape text which is going into an SQL query
/tmp/, because that narrows down hack attempts, making it all the more harder to compromise the system.
I prefer to write my own SQL text, based on input values. That way you are never using data submitted for the SQL query. The only time they would really submit values would be when they are sending in a username and password, but in that case, you should be extremely stringent in purification by only accepting alphanumeric usernames and passwords (ie: run the alphabet function above, but erase all non-alphanumeric chars from the $ALPHABET var).
> Use htmlspecialchars() on any text that's being output, to stop users putting rogue HTML
htmlspecialchars() doesn't always work. I prefer using the example above, by limiting the characters allowed and disallowing HTML in the form of post body/subject data. Converting everything to base64 will make it nearly impossible to script attack the database, too.
> Put database usernames, passwords, pathnames and other similarly important but site-specific data in a define()
I disagree, because I use the $_SESSION array instead, which can not be changed by a user if the session cookie is server-side. Sessions can be scooped by sniffers, but that can be managed by your host's security, to prevent it. Certainly change the locale for session data from
> Never include() or require() something that isn't a hard-coded string
To me, this isn't totally required if you have suitable purification, but that extra bit of paranoia is welcomed, because it shows true fear and that is acceptable in any kind of programming. That sort of humility is welcomed because it demonstrates a compassion for the task at hand.
> Be hugely care
> If you're going to make that argument (which, BTW, I think is accurate), then you'd better be prepared to say that Windows isn't inherantly insecure as well.
No, not really. If you're arguing that Windows isn't insecure (which is slightly off-topic) I would have to disagree. The security flaws in Windows are due to over-complication of a proprietary system, leading to gaping holes that keep springing up on a systemic level; these holes are compounded by closed source, financial rationale (lacking in motivation for corrections) and corporate belligerence on a systemic level. Fewer eyes have seen Windows source code than PHP source code, and those that have are swimming from confusing and conflicting design models.
Windows is insecure because the people involved are xenophobic. Plus PHP isn't an operating system, so we're really talking about penguins, apples and windows.
PHP and MySQL are not weak; faux programmers are weak. Purification of incoming data is essential, and often ignored by novice script-writers, and that's the problem. SQL injections are common among novice coders, and they can slip past even competent coders, but a strict design engine for passing SQL vars using $_REQUEST, and turning off register_globals, will result in better results.
Essentially, the problem is with those making insecure scripts, not the whole PHP and SQL system.
This comes down to rewards, really. AXA goes after Google, because they are worth billions, and can pay out large sums of money if they are sued and lose. AXA should be suing their competitor for faulty advertising (by linking their products and services to the AXA name). AXA is going after the wrong goose because they suspect they can railroad a court into thinking Google is responsible for the advertising it distributes. In any newspaper in the world, if you advertise, you are responsible for the content of the ad, not the publisher. Google, therefore, is nothing but a medium and has strict limits to liability, and I'm pretty sure a competant team of laywers can successfully argue this point, and win. Publishing companies are protected from huge lawsuits for publishing false advertising claims (within reason), because publishers are in less of a position to test the accuracy of claims than those making them; they are being paid for a delivery service only and they do not support the accuracy of advertising; how could they?
IANAL, but this is my take on it: AXA has made a huge mistake, and they are going to wind up with nothing (nothing, minus legal fees), and they are feeding their competitor eventual legal advantage by going after the wrong goose. AXA, therefore, is sly, but quite possibly stupid.
If you want to have a real chuckle, check out the Custom Graphics section. I was a TI 99/4A die-hard, and I couldn't help but remember my old system, and coding graphics from 99er Magazine, in all its glory, upon setting eyes on those custom graphics. I must have one of those calculators.
> I think we will rather see that before we see any horror scenarios like "Blade Runner like replicant slaves".
No jokes there. When the baby boomers die off, and they will, we're going to need replacements for many key positions that nobody will want to do. Janitorial, factory, septic and other unsavory positions will need filling, and there will be a huge vacuum in these positions as companies hire up people for more and more office (thinking) jobs. Allan Watts, the renowned philosopher, suggested that we have the means to create a subservient robot race to serve us in this capacity. Maybe these Bio Bricks are another step towards his dream?
> Where's that in Vice City?
:-)
On the loading screen when Mitch Baker comes up, it's the sign that hangs beside him. Likely it's somewhere on his property, too!
> I got it from a sign my uncle's hunting club has up.
Cool, I guess it's one of those hunting signs, then? Likely the team for Vice City saw one or had one of their own and wanted to put it in the game?
Kinda coincidental you'd have a sig with it, playing the game, even though you got it from the real deal!
> I wouldn't advise breaking in, especially if you're a lawyer (they seem to have a passion again lawyers).
I don't blame 'em. Lawyers are scum! Except a few who read Slashdot.
I've heard rants on Slashdot before, but you take the cake, man. People can disagree without becoming disagreeable. Not every person has to share the same view... the world is better for having multiple views. I can appreciate how you dislike football, football players and even football heroes.
But what I was saying and what you're saying don't match up as adversarial statements.
> You still don't get it. For all he did, he's still considered a football "hero".
I never said he was a football hero. I said he was a hero for giving up millions to join the fight against terrorism. Point out any other millionaire who has given his life to serve and I'll likely be looking at another hero. There are heroes of valour (guys that perform excellent military service like the character of Forest Gump), but Tillman is a hero of sacrifice, and that extends beyond military service, IMHO.
> But he is singled out for fanfare only because of the NFL connection, which disrespects the personal sacrifices made by all who have died in war.
I never said anything about NFL; just that he gave up significant monetary gains to serve. I wouldn't necessarily single him out for fanfare, either; I would remember that as an example of self-sacrifice.
Don't look at me as if I'm siding with the press. I don't like the press very much, and I've had direct contact with them before that was unpleasant, in that they tend to mess everything up and make a story, rather than report news.
> All I can do is distance myself from morons who cheer when a muscle-headed millionaire runs a ball past a line and does a self-aggrandizing dance.
This only shows your hatred for football, nothing significant there really because it's a subjective analysis only.
> Tillman knew that was a meaningless game, and it's sad that he couldn't distance himself far enough away from it; not in going overseas and not in death.
How could you possibly know this? Did you know the man? Do you know someone that knew him?
> I can't control that people think like you do, and the only way I can distance myself here is to make you a foe.
This is obviously your decision to make. Why bother posting about it? That's trollish.
> I encourage you to actually think about what makes a man a hero. Until you get your priorities straight, you're an unbearable person to be around.
Can it be so easily quantified, what makes a hero? I think not. It's like art; I know what art is when I see it, but I can't define art. How could anyone define art? How could anyone define what makes a hero? I know what some ingredients are, and I've seen many of them in the people I know.
You likely aren't a hero, because you have to become disagreeable when you disagree. Maybe if you could be agreeable, even in debate, you would find yourself exhibiting hero qualities. You obviously have the intellect for it... maybe not the patience?
> With them in on the ground floor on this one, I think it's doomed to be proprietary.
This really goes without saying. Let's face it, MS has always been an adopter of closed technology, even when they have been tinkering with open standards. They consistently over-complicate things, to try and keep things in the family. Their overcomplicating is what has lead to so many security leaks, IMHO. They write XML as if it was some kind of machine language... it doesn't have to be that difficult, at all.
What the hell is with that little campaign against my puny UID in your sig? Are you some kind of nut? Don't you think it's wise to get to know someone before making them a foe?
> So Google is going to show me penis enlargement and nude cheerleader search links every time I receive spam?
RTF Abstract: "the free service boasts a sophisticated spam filter"
So basically, you'll not be getting much spam, if any.
> No trespassing. Violators will be shot. Survivors will be shot again.
:-) Just started playing it again and I'm having a blast. I love the feeling of running the speedy bikes down that main drag in front of Ocean View.
I love this Vice City reference!
> 1) Why are their terms of service / Pirvacy Policy so vague?
This is to keep it simple. Exacting legal language is the path to screwing people. Vague terms of service are good because both sides can wiggle. Has anyone been sued because of these terms of service? I'd like to see some refs to that, but I'm guessing it's just to protect the general public from a-holes who would exploit Google.
> 2) Why does their cookie stay until the year 2038?
Not to be funny, but someone at Google likely knows when the end of the world is coming and has set the cookie to reflect this. Seriously, who cares how long cookies stay alive for? You can block them if you like, but I think it's really just to keep Google more effective.
> 3) Why does their Google search bar report information and auto-update without permission?
I'm against Spyware, so I don't run it, but Google tracks searches anyway, so what's the point of getting upset about it? These technologies makes Google more user-friendly. Google doesn't have loads of popups trying to get you to install the bar -- it's not right in your face. People who want it likely don't care if it auto-updates because then they have the most recent version of it.
> If truth is the first casualty of war, openness is the first casualty of going public.
Maybe this is the reason after all, but I think it's more about Google being simple, smart and clean. They play fair (no browser interstitials, no sneaky crap, no registration necessary...etc); I would equate Google's victory thusfar to a kind of no-nonsense attitude to business, always, no-exception.
> Doesn't sound like it will catch most of what we call Spyware.
I'd have to agree. Spyware is any software that installs, either with or without permission, to monitor the user and relay information to third parties, for the purposes of selling merchandise or services. Spyware runs in the background, and is difficult to uninstall, or breaks other programs when uninstalled.
If we could only do something about my neighbour's pounding stereo.
Most of the raids were for supporting evidence.
> You all clearly know he didn't want the fanfare, and yet the media imposes it anyway!
Nobody can control the love or hatred of the people. The best examples of humanity are etched into history, because they motivate us. The worst people are also there, as a reminder of how things can go horribly wrong. Tillman is a hero, and you can't control it. So just accept it.
One of the comments on Groklaw asks, "Why not Baystar, RBC and Microsoft?".
I think it's likely because these are corporations that would probably resist assisting IBM, and the IBM legal team could still be working out methods for compelling each of these corporations into full testimony. RBC would likely resist, and as a Canadian Bank they can tie up the whole process for as long as they want, unless compelled by a Canadian federal court. Plus, RBC is the most profitable bank in Canada, so they have billions in pocket change to throw at the fight, need be.
BayStar confirmed that Microsoft was connected to SCO, but maybe they have some kind of legal reason not to help? Or maybe the public facts are enough?
Trying to get documents from Microsoft in connection to SCO would likely be a huge legal undertaking, so that might be what's slowing things down. IANAL, but if Microsoft, BayStar and RBC joined the fray, wouldn't they have the power to somehow stop the whole process, or slow it dramatically as a joint force? You have to be extremely delicate when handling companies with track records like Microsoft. Maybe IBM's legal team is getting as much data as they can from corporations who won't put up much of a fight, before Microsoft comes in and shuts everything down.
> Kingston (where I am, too) has atrocious vagrancy problems
I would have to agree. It's really sad.
> not totally unrelated to the centralization of federal prisons in the area
My experience is that most ex-cons flee the city after being released, because they don't wish to stick around. I guess some stay, but for the most part they depart.
> lack of sustainable industry.
This is likely the real problem. Kingston's ecconomy is terrible, due mostly to the corruption of city officials, from what I can tell. Remember the Tall Ships fiasco? They spent thousands on food, and lost $700k on that one. Not sure where it went, but it went. Also, Block D! I've never heard of a lot like that anywhere in the world, where countless opportunities for development have been thwarted by locals wishing to keep their view of the harbour. It's really a sad state of affairs. Any time a developer has come to develop Block D, they have lost their shirts or just barely escaped with a huge loss of profit. Then there was the whole Memorial Centre fiasco with that famous Las Vegas singer, that only drew about 700 tickets. They were expecting thousands! Oh and when CCR played a reunion concert, the Kingston City Council decided not to back it; the concert was a huge success anyway! I was there man, and let me just say that CCR totally ROCKED. The City had a chance to recoup losses from the previous disaster and they opted out from backing CCR out of fear, or perhaps stupidity in motion.
> In the summer the tourist industry is focused around Princess and the downtown area, and I gather it's possible to do fairly well pan-handling, or playing music on the street.
Personally, I think that relying on the charity of others is a hard sell. Buskers make a lot of money because they are entertaining, but what about the ones that just suck? There are plenty of those trying to merely exist. The noise!
> It is non-taxable income, so $5/hr is really equivalent to $8/hr working, and I'd think that'd be a low ballpark figure for the summer (albeit perhaps a bit high for winter).
Agreed. Winter on the street would be damn hard in Kingston. Summer, would be easier but still very difficult. If I was homeless, I'd cross the border and head for Florida (and lose my ID on the way).
Hey, how long before someone creates a video game with one of these things? That'd be a lot of fun to design.