How are you supposed to use Windows on a MacBook when there's only 1 mouse button?
I wish Steve Jobs would get his head out of his ass about the 1 mouse button thing. The lack of a second mouse button is now the only thing stopping me from buying a MacBook. Yes, I know that you can just hook up a USB mouse, but that only works when using the laptop in a desktop situation.
As for the Mighty Mouse, that is a 1 1/2-button mouse. You can't click both the left and right buttons at the same time, making it useless for playing World of Warcraft.
If you look at the design of the 360's security system, you will see that they have taken *extreme* measures to protect against running unauthorized software, but very little protection against piracy. The anti-piracy system is more or less the same as it was on Xbox 1.
It's very obvious that Microsoft cares much more about blocking Linux and Xbox Media Player than it does about piracy. They have their priorities way out of whack.
Since the kernel is unchanging (except service packs), they would probably use static compilation of.net code if they were to go that route, which is very unlikely.
You could certainly write many parts of the kernel in a language like.net and it would be fine. The big problem is that garbage collection in a kernel environment is a big no-no. Kernel allocations must be *very* carefully managed for things to work right under heavy load like WoW.
The "classic" DVD specification has the same idea as Blu-Ray with regard to key revocation. Each disk is encrypted with a random key selected at mastering time. The key is then stored 1000 times* on the disk, with each copy encrypted with one of the "player" keys that were assigned when the specification was made.
Each model of player has one of these keys. The idea is that if a key is stolen or reverse engineered, the movie industry will simply blacklist that key by not putting the disk key for that particular player on the disk. New movies released after the key was "revoked" would not work on the model of player that was cracked.
This scheme works well to limit the damage. In DVD's case, however, it did not matter at all. Once the algorithm was reverse engineered, it was quickly realized that the algorithm itself was faulty, and it was possible to quickly discover the keys with a kind of brute force. All 1000+ player keys were figured out, and the scheme could never be used.
This will not happen with Blu-Ray. They use AES-128, a formally standardized encryption algorithm highly trusted by most cryptographers including the NSA. Because of this, it's much more likely that the key revocation system would actually be used.
The only thing that really limits the use of such a system is consumer backlash. Nobody wants to have to return their Blu-Ray player for "repair" just because some guy on the Internet happened to have that model and cracked it.
Almost all commercial multiplayer games use encryption as security-through-obscurity, usually by using custom algorithms. In online games, you're trying to keep cheaters from manipulating packets, not keep eavesdroppers from watching.
For https and such, setting up the connection is the majority of the work. Public-key key exchange (public-key certificates, Diffie-Hellman, etc.) is an expensive operation because it requires a modular exponentiation on the part of the server. However, once the connection is set up, the cost of encrypting each packet is extremely small.
When I write emails that I want to be anonymous, I mostly just degrade the quality of writing. I start imitating the people on video game forums. I normally write quite well and it always confuses people if they find out it was me.
Look at today's AT&T article... AT&T was split into pieces for being the most abusive monopoly since Standard Oil.. Now, AT&T is recombining itself with its former pieces to form the same thing.
It's unlikely that AT&T will return to its former "glory" with the competition it now has, but it still shows the current administration's complete indifference towards abuse by megacompanies.
I really hope that AMD's response to this will be to make CPUID programmable by the operating system. Then you could just use a program or device driver to set your AMD CPU to call itself GenuineIntel and be done with such stupid limitations.
They wouldn't get in trouble because the GenuineIntel string would have to come from something else, not AMD.
Windows doesn't open executables for writing when you run them. In fact, when you run a program, it prevents writing entirely. Windows loads executables through the memory-mapped file interface. It does this so it can share code pages between different processes, and get away with paging out part of a program without actually writing to the page file first.
Windows programs that modify their own EXE have to do some crazy tricks. While you cannot modify or delete a running program, you *can* rename or move one. You rename yourself then you make a new copy of yourself with the desired changes. When you're done, you execute the new copy and terminate yourself so that the new copy can delete you.
What would be even better is something in the IRC server that automatically added two control-B's (0x02's) between the words "start" and "keylogger", or anything similar. Then you don't ban people for using it, and prevent it from working.
There actually was a simple workaround for that problem that almost all modems support. The standard command ATS2= sets which ASCII value is your modem escape code: the default value 33 is +.
However, the value 255 was special: if you do ATS2=255, the +++ escape feature is disabled entirely. In this mode, you hang up by dropping the "terminal ready" bit on the serial port - something that can't be faked like +++. This has the disadvantage that you can't switch to command mode without hanging up, but that feature was rarely used (especially because data sent by the other side while in command mode gets dropped).
This feature was frequently used by BBSs to stop this kind of thing from happening (IE, people doing +++ATH ATDT911).
How does it look sitting next to the used game for $15?
$15? I guess you haven't been to GameStop recently. They'll sell a $39.95 game used for $37.95 and have the sales droids push that $2 "discount" on anyone interested in the game.
What kind of things can an automated process do for auditing, anyway? This is Java we're talking about. 90%+ of things that are security problems in other languages aren't even an issue in Java, as the compiler and/or the assembly language verifier already do that.
The main issues in Java are going to be logic errors and misimplementing security protocols. Things like bad packet handling in a network server. There is NO WAY an automated system can detect problems like this: it is the Halting Problem.
So what can this program do? All I can imagine it doing is checking to make sure that you're not using any function calls that Fortify's authors consider "unsafe", no matter whether the particular context makes it safe. It probably will also yell at you for using variable names that don't follow its stupid rules.
I can imagine how things like this exist. They approach these security-paranoid companies with offerings of a magic solution that will allow them to verify that their system is secure. Extremely afraid of being the next target of a class-action lawsuit, they are eager to pay large sums of money. The people who make the decisions aren't trained in computer science, so they don't understand that an automated system such as this is truly impossible.
It is the small companies who have to deal with this that suffer. The magic oracle says that you used a single letter as a variable name, so you absolutely must change it, with no excuses. You spend a lot of time and money "fixing" it to please the oracle, when you have done absolutely nothing for true security.
Simple. The amazing things that the human brain is capable of doing are parallelizable. Things like recognizing the shape of letters or phonemes in speech are definitely parallelizable tasks.
Try doing something that isn't parallelizable, like modular exponentiation of a 2048-bit number, in the human brain. It goes very slowly.
What is to say that we don't have a lot of very tiny explosions all the time? Cosmic/background radiation, anyone?
Melissa
Why WineX will never be as good
on
Cedega 5.1 Released
·
· Score: 4, Interesting
People complain all the time about Cedega not being completely open-source. You can blame the DMCA and United States patent law for that.
The problem is that almost every game is copy protected. Pretty much the *only* current popular games that are not are WoW and Guild Wars. (CD keys don't count as the copy protection I'm referring to here.)
Because almost all modern copy protection systems rely on intimate details of Windows to make it difficult to crack - most of the modern ones even install kernel-mode device drivers - it is impossible to directly emulate/simulate the API closely enough that these protection schemes. As a result of this, you really have two choices:
1. Disable the protection. This works well, but it is very time consuming. More importantly, it is in direct violation of the DMCA, a felony.
2. Rewrite the protection. In this method, you implement the protection yourself, doing whatever CD check necessary and disabling the original protection scheme. This method has three legal problems:
a. The protection schemes are usually patented by the protection companies.
b. In order for this to work, you must disable the existing protection. Even though you are adding a protection system to replace it, the DMCA does not distinguish this, and so this is illegal.
c. Implementing it yourself means that it will be unobfuscated. Anyone with the source - which is just about anyone - can edit out the check in your code and the protection is broken. The fact that the protection is severely weakened might be seen as a judge as violating the DMCA. Considering the way courts have decided lately, I'd say it's quite likely.
The only legal solution is to have the protection companies make you a Linux version of the protection and/or describe how the system works so you can make a wrapper. There is absolutely no way this will happen without an NDA, something a fully open-source project cannot do.
Cedega is the best we'll have as long as American law is the way it is now. Everything points to the laws becoming even more strict over time - we haven't even reached the apex of the pendulum swing.
It really annoys me that they're doing this *again*. I have very large hands, large even compared to men's, and the DS is the perfect size for me. I hate how they keep making it smaller then discontinue the bigger one. I resented Nintendo for only making a lighted "SP" GBA - the primary reason I got a DS was so I'd *finally* get a big lighted GBA without having to do soldering work.
My current DS has dead pixels now and now when I try to get a replacement I won't be able to get a big one.
I bitched about the Xbox "Controller S" too. I spent a month on Xbox modding forums posting "WTB: Original big controller" to get 3 more big ones since you can't get them anymore.
I think the primary reason for the "Controller S", "Gameboy Micro", and the smaller DS is that Japanese gamers complain loudly when something is too big. Nintendo's a Japanese company so they listen, and Microsoft was hurting badly in Japan so they listened too.
Nintendo would be much better off releasing a DS of approximately the same size with a pressure-sensitive "analog" D-pad (no "stick") and CGB support.
Windows NT has two sets of file system drivers, CD-ROM file systems and block device file systems. UDF is registered only as a CD-ROM file system, so if you stick in a USB flash drive with a UDF image written on it, it won't work.
The primary reason they do this seems to be the sector size difference (512 vs. 2048).
Just what I need, a computer that's always depressed because I am. I click something and it'll tell me that it doesn't feel like doing anything. Reminds me of Hitchhiker's Guide to the Galaxy.
I was about to type up the translation when I hit refresh and saw your post.
I amaze my friends a lot because I can translate Japanese message posts. They think I know Japanese. Nope, I just know how to read the letters (kana). The language I *really* know is Babelian (and no not FF4's Babel). A lot of people complain how Babelfish doesn't work with Japanese. I understand it just fine, so all I'm doing is reordering some words so my friends can understand it... I use the ability to read kana to fix up the many English words in kana that Babelfish doesn't know.
Slashdot Mirror
Raises based on social skills and appearance? So THAT'S how they keep the nerds keeping the company running from moving up.
Melissa
How are you supposed to use Windows on a MacBook when there's only 1 mouse button?
I wish Steve Jobs would get his head out of his ass about the 1 mouse button thing. The lack of a second mouse button is now the only thing stopping me from buying a MacBook. Yes, I know that you can just hook up a USB mouse, but that only works when using the laptop in a desktop situation.
As for the Mighty Mouse, that is a 1 1/2-button mouse. You can't click both the left and right buttons at the same time, making it useless for playing World of Warcraft.
Melissa
If you look at the design of the 360's security system, you will see that they have taken *extreme* measures to protect against running unauthorized software, but very little protection against piracy. The anti-piracy system is more or less the same as it was on Xbox 1.
It's very obvious that Microsoft cares much more about blocking Linux and Xbox Media Player than it does about piracy. They have their priorities way out of whack.
Melissa
Since the kernel is unchanging (except service packs), they would probably use static compilation of .net code if they were to go that route, which is very unlikely.
.net and it would be fine. The big problem is that garbage collection in a kernel environment is a big no-no. Kernel allocations must be *very* carefully managed for things to work right under heavy load like WoW.
You could certainly write many parts of the kernel in a language like
Melissa
The "classic" DVD specification has the same idea as Blu-Ray with regard to key revocation. Each disk is encrypted with a random key selected at mastering time. The key is then stored 1000 times* on the disk, with each copy encrypted with one of the "player" keys that were assigned when the specification was made.
Each model of player has one of these keys. The idea is that if a key is stolen or reverse engineered, the movie industry will simply blacklist that key by not putting the disk key for that particular player on the disk. New movies released after the key was "revoked" would not work on the model of player that was cracked.
This scheme works well to limit the damage. In DVD's case, however, it did not matter at all. Once the algorithm was reverse engineered, it was quickly realized that the algorithm itself was faulty, and it was possible to quickly discover the keys with a kind of brute force. All 1000+ player keys were figured out, and the scheme could never be used.
This will not happen with Blu-Ray. They use AES-128, a formally standardized encryption algorithm highly trusted by most cryptographers including the NSA. Because of this, it's much more likely that the key revocation system would actually be used.
The only thing that really limits the use of such a system is consumer backlash. Nobody wants to have to return their Blu-Ray player for "repair" just because some guy on the Internet happened to have that model and cracked it.
* Unsure of exact number of copies.
Melissa
Almost all commercial multiplayer games use encryption as security-through-obscurity, usually by using custom algorithms. In online games, you're trying to keep cheaters from manipulating packets, not keep eavesdroppers from watching.
For https and such, setting up the connection is the majority of the work. Public-key key exchange (public-key certificates, Diffie-Hellman, etc.) is an expensive operation because it requires a modular exponentiation on the part of the server. However, once the connection is set up, the cost of encrypting each packet is extremely small.
Melissa
When I write emails that I want to be anonymous, I mostly just degrade the quality of writing. I start imitating the people on video game forums. I normally write quite well and it always confuses people if they find out it was me.
Melissa
Look at today's AT&T article... AT&T was split into pieces for being the most abusive monopoly since Standard Oil.. Now, AT&T is recombining itself with its former pieces to form the same thing.
It's unlikely that AT&T will return to its former "glory" with the competition it now has, but it still shows the current administration's complete indifference towards abuse by megacompanies.
Melissa
I really hope that AMD's response to this will be to make CPUID programmable by the operating system. Then you could just use a program or device driver to set your AMD CPU to call itself GenuineIntel and be done with such stupid limitations.
They wouldn't get in trouble because the GenuineIntel string would have to come from something else, not AMD.
Melissa
Read Maxxuss's article. The code that did the check was *specifically* encrypted, when the rest of the program was not. That's not stupidity.
Normally, it's better to assume stupidity rather than malice. But here we have evidence of malice.
You're right about the DMCA - it only covers copy protection systems.
Melissa
Windows doesn't open executables for writing when you run them. In fact, when you run a program, it prevents writing entirely. Windows loads executables through the memory-mapped file interface. It does this so it can share code pages between different processes, and get away with paging out part of a program without actually writing to the page file first.
Windows programs that modify their own EXE have to do some crazy tricks. While you cannot modify or delete a running program, you *can* rename or move one. You rename yourself then you make a new copy of yourself with the desired changes. When you're done, you execute the new copy and terminate yourself so that the new copy can delete you.
Melissa
What would be even better is something in the IRC server that automatically added two control-B's (0x02's) between the words "start" and "keylogger", or anything similar. Then you don't ban people for using it, and prevent it from working.
There actually was a simple workaround for that problem that almost all modems support. The standard command ATS2= sets which ASCII value is your modem escape code: the default value 33 is +.
However, the value 255 was special: if you do ATS2=255, the +++ escape feature is disabled entirely. In this mode, you hang up by dropping the "terminal ready" bit on the serial port - something that can't be faked like +++. This has the disadvantage that you can't switch to command mode without hanging up, but that feature was rarely used (especially because data sent by the other side while in command mode gets dropped).
This feature was frequently used by BBSs to stop this kind of thing from happening (IE, people doing +++ATH ATDT911).
Meow,
Melissa
Omg. I guess I'm not the only one. When I got an Xbox, I had to go on eBay to try to find someone selling the original full-sized controllers.
Melissa
no text
Actually, the original Lemmings had 120 levels. The other 5 you're thinking of were added in the SNES version, which wasn't the original. =)
</nitpick>
Melissa
How does it look sitting next to the used game for $15?
$15? I guess you haven't been to GameStop recently. They'll sell a $39.95 game used for $37.95 and have the sales droids push that $2 "discount" on anyone interested in the game.
Melissa
What kind of things can an automated process do for auditing, anyway? This is Java we're talking about. 90%+ of things that are security problems in other languages aren't even an issue in Java, as the compiler and/or the assembly language verifier already do that.
The main issues in Java are going to be logic errors and misimplementing security protocols. Things like bad packet handling in a network server. There is NO WAY an automated system can detect problems like this: it is the Halting Problem.
So what can this program do? All I can imagine it doing is checking to make sure that you're not using any function calls that Fortify's authors consider "unsafe", no matter whether the particular context makes it safe. It probably will also yell at you for using variable names that don't follow its stupid rules.
I can imagine how things like this exist. They approach these security-paranoid companies with offerings of a magic solution that will allow them to verify that their system is secure. Extremely afraid of being the next target of a class-action lawsuit, they are eager to pay large sums of money. The people who make the decisions aren't trained in computer science, so they don't understand that an automated system such as this is truly impossible.
It is the small companies who have to deal with this that suffer. The magic oracle says that you used a single letter as a variable name, so you absolutely must change it, with no excuses. You spend a lot of time and money "fixing" it to please the oracle, when you have done absolutely nothing for true security.
Melissa
Simple. The amazing things that the human brain is capable of doing are parallelizable. Things like recognizing the shape of letters or phonemes in speech are definitely parallelizable tasks.
Try doing something that isn't parallelizable, like modular exponentiation of a 2048-bit number, in the human brain. It goes very slowly.
Melissa
What is to say that we don't have a lot of very tiny explosions all the time? Cosmic/background radiation, anyone?
Melissa
People complain all the time about Cedega not being completely open-source. You can blame the DMCA and United States patent law for that.
The problem is that almost every game is copy protected. Pretty much the *only* current popular games that are not are WoW and Guild Wars. (CD keys don't count as the copy protection I'm referring to here.)
Because almost all modern copy protection systems rely on intimate details of Windows to make it difficult to crack - most of the modern ones even install kernel-mode device drivers - it is impossible to directly emulate/simulate the API closely enough that these protection schemes. As a result of this, you really have two choices:
1. Disable the protection. This works well, but it is very time consuming. More importantly, it is in direct violation of the DMCA, a felony.
2. Rewrite the protection. In this method, you implement the protection yourself, doing whatever CD check necessary and disabling the original protection scheme. This method has three legal problems:
a. The protection schemes are usually patented by the protection companies.
b. In order for this to work, you must disable the existing protection. Even though you are adding a protection system to replace it, the DMCA does not distinguish this, and so this is illegal.
c. Implementing it yourself means that it will be unobfuscated. Anyone with the source - which is just about anyone - can edit out the check in your code and the protection is broken. The fact that the protection is severely weakened might be seen as a judge as violating the DMCA. Considering the way courts have decided lately, I'd say it's quite likely.
The only legal solution is to have the protection companies make you a Linux version of the protection and/or describe how the system works so you can make a wrapper. There is absolutely no way this will happen without an NDA, something a fully open-source project cannot do.
Cedega is the best we'll have as long as American law is the way it is now. Everything points to the laws becoming even more strict over time - we haven't even reached the apex of the pendulum swing.
Melissa
It really annoys me that they're doing this *again*. I have very large hands, large even compared to men's, and the DS is the perfect size for me. I hate how they keep making it smaller then discontinue the bigger one. I resented Nintendo for only making a lighted "SP" GBA - the primary reason I got a DS was so I'd *finally* get a big lighted GBA without having to do soldering work.
My current DS has dead pixels now and now when I try to get a replacement I won't be able to get a big one.
I bitched about the Xbox "Controller S" too. I spent a month on Xbox modding forums posting "WTB: Original big controller" to get 3 more big ones since you can't get them anymore.
I think the primary reason for the "Controller S", "Gameboy Micro", and the smaller DS is that Japanese gamers complain loudly when something is too big. Nintendo's a Japanese company so they listen, and Microsoft was hurting badly in Japan so they listened too.
Nintendo would be much better off releasing a DS of approximately the same size with a pressure-sensitive "analog" D-pad (no "stick") and CGB support.
I hate how I can't play Zelda DX on my DS...
Melissa
Sorry, won't work.
Windows NT has two sets of file system drivers, CD-ROM file systems and block device file systems. UDF is registered only as a CD-ROM file system, so if you stick in a USB flash drive with a UDF image written on it, it won't work.
The primary reason they do this seems to be the sector size difference (512 vs. 2048).
Melissa
Just what I need, a computer that's always depressed because I am. I click something and it'll tell me that it doesn't feel like doing anything. Reminds me of Hitchhiker's Guide to the Galaxy.
Melissa
I was about to type up the translation when I hit refresh and saw your post.
I amaze my friends a lot because I can translate Japanese message posts. They think I know Japanese. Nope, I just know how to read the letters (kana). The language I *really* know is Babelian (and no not FF4's Babel). A lot of people complain how Babelfish doesn't work with Japanese. I understand it just fine, so all I'm doing is reordering some words so my friends can understand it... I use the ability to read kana to fix up the many English words in kana that Babelfish doesn't know.
Melissa