How can we reverse the trend of more and more devices only running code signed by the manufacturer?
That every new PC, which almost invariably comes with Windows 8, will run only Microsoft operating systems by default is very scary. Sure, you can disable that in current versions, but what about the next version?
I personally am dreaming of either quantum computing or a major breakthrough in the hidden subgroup problem to destroy RSA, DSA, and ECDSA, but won't hold my breath...
Shouldn't it be more like, quantum tamper detection? It's just using one-time pad in such a way that the pad's transmission getting intercepted will trigger the tamper detection mechanism.
It seems to me that Microsoft considers the desktop to be a legacy interface, and that tablet interfaces are the way of the future. It's as if they only support having desktop programs at all just for backward compatibility reasons, and that everything new should use Metro.
What Microsoft's Windows team doesn't understand is that there are many things a desktop interface can do that Metro cannot. For example, have more than two programs on the screen at once.
Some of these restrictions are even done for nothing but Microsoft's benefit, in the name of security. Metro applications cannot use plugins, because all executable code has to be signed by Microsoft at application publishing time. Metro applications cannot do runtime code generation, making it difficult to write a browser that performs well. Metro applications cannot read or write any files except their own or the ones it writes.
There are many things that Windows 8 added that were really awesome even for desktop use, but it's just been polluted with this Metro crap. Let's see... UEFI booting, really fast startup, better security hardening, storage spaces... but you're forced to get the tablet UI on a desktop.
10 dollars says it's the US fan-made translation patch that some idiot programmed onto EPROMs and is passing it off as a "rare prototype".
While that's possible, in general, there exist ways to determine whether a game has been translated by force. Because of the lack of the original source code, many of the changes to the existing code will be done as branches to other areas of ROM.
If you change the size of a block of assembly code, you have to adjust pointers throughout that segment and beyond. This is the task of an assembler and linker, working on your source code. For ROM hacking, you don't have the source. It's infeasible--and provably uncomputable in the general case--to know where all these pointers are, so that you can adjust them when you rebuild with hacks in place.
Thus, patched ROMs are made by placing branches in one part of the code pointing at some previously unused area, then jumping back after finishing whatever needed to happen there. These jumps can be detected in a thorough analysis of a given ROM image in comparison to its Japanese original. If it is clear that the code adjustments made for the English version were made by reassembling from source, the probability that it is a translation from the original author is very high.
You're probably right about that. I love FF3, FF4, FF6, FF7, FF9; moderately like FF1 and FF5; and totally hate FF2, FF8, FF10, FF12, FF13. And yes, I miss Nintendo Power. =)
My friend and I made the FF5 fan translation you played, but I never actually played through the game until like a decade later. FF5 wasn't one of my favorites, but it didn't suck like FF8 and FF13.
A lot of these in-app purchases have an entirely client-side effect, such as changing how much in-game money you have. As usual, if you control the hardware, you can do whatever you want.
If you have a jailbroken iDevice, you can make a program to change any client-side variable of a game by just calling task_for_pid and vm_write. No need to mess with the purchase receipt system at all.
Driver signing doesn't mean squat for security. Third-party drivers with security holes and back doors are a dime a dozen, and there are even some in Microsoft drivers, of course. I have a publicly-available CPU diagnostic utility that comes with a signed 64-bit driver that allows user mode to write to any desired MSR. That easily leads to executing arbitrary code execution, most easily by changing the syscall vector. Malware that acquires administrator privileges can just install some company's vulnerable driver.
Driver signing is really about DRM. Hollywood was strongly concerned about fake video card and sound card drivers being used to dump unencrypted content from protected sources. The proof of my statement is what happens when you boot the Vista/7/8 kernel in debug or test signing mode: everything works except Blu-Ray movies and other DRM content.
Most programs don't need a 64-bit address space
on
Linux 3.4 Released
·
· Score: 5, Informative
The new x86-64 ABI with 32-bit pointers is cool because it allows you to get the architecture improvements of x86-64, such as extra registers and RIP-relative addressing, without increasing memory usage substantially due to larger data structures. Also, 64-bit operations will just use the 64-bit registers. The vast majority of programs simply do not need the extra address space.
One reason that this ABI works so well is that the majority of the x86-64 instruction set uses 32-bit operations. Some operations involving pointers can be done in one instruction without using a temporary register to load a 64-bit constant.
Windows actually also can support this, in theory, but you're on your own in trying to communicate with the Win32 API. The linker option/LARGEADRESSAWARE:NO causes the NT kernel to limit your program's address space to 2^31 bytes.
There is no unlock exploit for the iPhone 3 GS on any recent firmware. (At least, there isn't one that doesn't involve permanently losing GPS functionality.)
> He learned something when he took office. > Something scary
What scary thing could he possibly have learned?
That there were dangerous terrorists loose? That they've obtained the Red Substance or the All-Spark or the Ark of the Covenant?
That the world is running out of oil, and that a big fight is coming up over what's left. So the U.S.'s actions in the Middle East have an overtone of positioning for the coming war.
I find this conspiracy theory unlikely, but sadly, plausible.
They already do: it's referred to as "Manifest Destiny," and is the flimsy justification given to kids regarding the attempted genocide of the native American people. I'm sure someone will want to attempt to argue that point, but when you look at the facts objectively it becomes obvious the colonial settlers intentionally attempted to systematically wipe out an entire nation of people, in an effort to steal the native's land.
In my school, we did learn that. We were taught how a combination of European smallpox and force wiped out and/or forcefully relocated the native American populations. The "Trail of Tears" mentioned by sibling-poster is one of the things that we learned about.
I dislike Thanksgiving, which is, in effect, a celebration of genocide.
If you want to teach religion in a class dedicated to the subject, I'm OK with that. But it would need to cover ALL religions and beliefs, which I think people would throw the hissy fit to end all hissy fits over.
I went to public high school in Orange County, California, and that's how it was. We had a social science class where we were taught about many different religions, both modern and historical. We read parts of Genesis and the Qur'an. It wasn't just the Abrahamic religions, either.
What about charging 10-15 seconds of CPU time with some arbitrarily hard code?
A major obstacle to this is that you have to make the puzzle easy enough that your users on lower-end or mobile devices still have the necessary computation power to complete the puzzle in a reasonable time. Malicious organizations behind the spam will just put more hardware into their attack, typically by using the compromised machines in botnets. They'll also optimize the code, and parallelize the attack by performing the computation for multiple attempts on multiple CPU cores, while your code has to work for single-core machines.
Let's now imagine a perfect world in which you create a check that actually takes 15 seconds to complete. They can still do that 5,760 times per day.
A current NFL quarterback solved two of the Clay Millennium million-dollar prizes while in undergraduate school. Goes to show that stereotypes don't always fit!
Given the NFL's record, I don't think that anyone having been sacked a bunch of times will be able to do much more than count change when they're done.
If computers were allowed, it might have far-reaching effects. A computer could know the entire state of the game, and look through every game in history to determine the outcomes of each choice a coach has at a particular moment. It could present to the coach a list of choices along with the expected outcomes given the probabilities in the past. In a way, it would eliminate some choices of the coach.
I think baseball would be affected much more than football. Baseball has ten times the games per year as the NFL, so statistical analysis would be more effective.
I think he made it up. I am not making up (but could be completely wrong) that coincidentally the difficulty of preventing decoherence scales exponentially. And that is the primary limiter to # of qubits and performance, more or less correct?
This is why I more or less will ignore quantum computing unless they can get the number of qubits up enough to be useful.
Wake me when scientists make a 2048-qubit computer. The Xbox 1 public key and I have a score to settle.
"The President of the United States and all of Congress is basically going to tell Silicon Valley to go fuck off."
He will get a very unpleasant surprise on the next fund-raising trip if he tries that.
He'll have more than enough money to beat the yahoos on the other side. And even if he signs SOPA, I'll still vote for him, only because I know the fascist on the other side would have signed SOPA *and* reinstated Don't Ask Don't Tell.
And another thing: English is not my native language and I know a lot of English words I have never heard. Yet I can read them no problem. Another fact in favor of the theory in the article.
I am a native speaker and I've learned many words in writing before I learned them in speech. As a result, some of my pronunciations are nonstandard. I pronounce "comparable" as if it were "compare" + "able", even though the standard way is irregular, "comp" + "arable". I tried to pronounce these words from how they were written before I'd heard them.
Slashdot Mirror
How can we reverse the trend of more and more devices only running code signed by the manufacturer?
That every new PC, which almost invariably comes with Windows 8, will run only Microsoft operating systems by default is very scary. Sure, you can disable that in current versions, but what about the next version?
I personally am dreaming of either quantum computing or a major breakthrough in the hidden subgroup problem to destroy RSA, DSA, and ECDSA, but won't hold my breath...
when you put it on your dick and balls vanish!
Now I want one =(
Shouldn't it be more like, quantum tamper detection? It's just using one-time pad in such a way that the pad's transmission getting intercepted will trigger the tamper detection mechanism.
It seems to me that Microsoft considers the desktop to be a legacy interface, and that tablet interfaces are the way of the future. It's as if they only support having desktop programs at all just for backward compatibility reasons, and that everything new should use Metro.
What Microsoft's Windows team doesn't understand is that there are many things a desktop interface can do that Metro cannot. For example, have more than two programs on the screen at once.
Some of these restrictions are even done for nothing but Microsoft's benefit, in the name of security. Metro applications cannot use plugins, because all executable code has to be signed by Microsoft at application publishing time. Metro applications cannot do runtime code generation, making it difficult to write a browser that performs well. Metro applications cannot read or write any files except their own or the ones it writes.
There are many things that Windows 8 added that were really awesome even for desktop use, but it's just been polluted with this Metro crap. Let's see... UEFI booting, really fast startup, better security hardening, storage spaces... but you're forced to get the tablet UI on a desktop.
This is the programming language that still bundles the "Ask Toolbar" crapware with their installer. Nuff said.
It asks you whether you want to install the Ask Toolbar, defaulting to yes, of course, every time you install a security update.
I just updated Firefox between my "Flash freezing" post above and this post here, and I didn't have to log into Slashdot again.
Did they fix Flash freezing all the time, or is that Adobe's fault?
10 dollars says it's the US fan-made translation patch that some idiot programmed onto EPROMs and is passing it off as a "rare prototype".
While that's possible, in general, there exist ways to determine whether a game has been translated by force. Because of the lack of the original source code, many of the changes to the existing code will be done as branches to other areas of ROM.
If you change the size of a block of assembly code, you have to adjust pointers throughout that segment and beyond. This is the task of an assembler and linker, working on your source code. For ROM hacking, you don't have the source. It's infeasible--and provably uncomputable in the general case--to know where all these pointers are, so that you can adjust them when you rebuild with hacks in place.
Thus, patched ROMs are made by placing branches in one part of the code pointing at some previously unused area, then jumping back after finishing whatever needed to happen there. These jumps can be detected in a thorough analysis of a given ROM image in comparison to its Japanese original. If it is clear that the code adjustments made for the English version were made by reassembling from source, the probability that it is a translation from the original author is very high.
You're probably right about that. I love FF3, FF4, FF6, FF7, FF9; moderately like FF1 and FF5; and totally hate FF2, FF8, FF10, FF12, FF13. And yes, I miss Nintendo Power. =)
My friend and I made the FF5 fan translation you played, but I never actually played through the game until like a decade later. FF5 wasn't one of my favorites, but it didn't suck like FF8 and FF13.
A lot of these in-app purchases have an entirely client-side effect, such as changing how much in-game money you have. As usual, if you control the hardware, you can do whatever you want.
If you have a jailbroken iDevice, you can make a program to change any client-side variable of a game by just calling task_for_pid and vm_write. No need to mess with the purchase receipt system at all.
Is that due to driver signing requirements?
Driver signing doesn't mean squat for security. Third-party drivers with security holes and back doors are a dime a dozen, and there are even some in Microsoft drivers, of course. I have a publicly-available CPU diagnostic utility that comes with a signed 64-bit driver that allows user mode to write to any desired MSR. That easily leads to executing arbitrary code execution, most easily by changing the syscall vector. Malware that acquires administrator privileges can just install some company's vulnerable driver.
Driver signing is really about DRM. Hollywood was strongly concerned about fake video card and sound card drivers being used to dump unencrypted content from protected sources. The proof of my statement is what happens when you boot the Vista/7/8 kernel in debug or test signing mode: everything works except Blu-Ray movies and other DRM content.
The new x86-64 ABI with 32-bit pointers is cool because it allows you to get the architecture improvements of x86-64, such as extra registers and RIP-relative addressing, without increasing memory usage substantially due to larger data structures. Also, 64-bit operations will just use the 64-bit registers. The vast majority of programs simply do not need the extra address space.
One reason that this ABI works so well is that the majority of the x86-64 instruction set uses 32-bit operations. Some operations involving pointers can be done in one instruction without using a temporary register to load a 64-bit constant.
Windows actually also can support this, in theory, but you're on your own in trying to communicate with the Win32 API. The linker option /LARGEADRESSAWARE:NO causes the NT kernel to limit your program's address space to 2^31 bytes.
How do you define that? This is a question I ran into once:
"Of the twelve proposed amendments in the [U.S.] Bill of Rights, how many were ratified by the states?"
The traditional answer is ten. But the real answer is actually eleven. If I were to answer that with 11 on a test, am I wrong?
(11 wasn't an available answer, so I answered 10.)
google "jailbreak oldass iphone"
There is no unlock exploit for the iPhone 3 GS on any recent firmware. (At least, there isn't one that doesn't involve permanently losing GPS functionality.)
> He learned something when he took office.
> Something scary
What scary thing could he possibly have learned?
That there were dangerous terrorists loose? That they've obtained the Red Substance or the All-Spark or the Ark of the Covenant?
That the world is running out of oil, and that a big fight is coming up over what's left. So the U.S.'s actions in the Middle East have an overtone of positioning for the coming war.
I find this conspiracy theory unlikely, but sadly, plausible.
They already do: it's referred to as "Manifest Destiny," and is the flimsy justification given to kids regarding the attempted genocide of the native American people. I'm sure someone will want to attempt to argue that point, but when you look at the facts objectively it becomes obvious the colonial settlers intentionally attempted to systematically wipe out an entire nation of people, in an effort to steal the native's land.
In my school, we did learn that. We were taught how a combination of European smallpox and force wiped out and/or forcefully relocated the native American populations. The "Trail of Tears" mentioned by sibling-poster is one of the things that we learned about.
I dislike Thanksgiving, which is, in effect, a celebration of genocide.
If you want to teach religion in a class dedicated to the subject, I'm OK with that. But it would need to cover ALL religions and beliefs, which I think people would throw the hissy fit to end all hissy fits over.
I went to public high school in Orange County, California, and that's how it was. We had a social science class where we were taught about many different religions, both modern and historical. We read parts of Genesis and the Qur'an. It wasn't just the Abrahamic religions, either.
the Bill and Melinda Gates Foundation pledged to spend millions to reinvent the toilet. That investment has born fruit
I'm not sure I want to know what kind of fruit a toilet has to bear.
What about charging 10-15 seconds of CPU time with some arbitrarily hard code?
A major obstacle to this is that you have to make the puzzle easy enough that your users on lower-end or mobile devices still have the necessary computation power to complete the puzzle in a reasonable time. Malicious organizations behind the spam will just put more hardware into their attack, typically by using the compromised machines in botnets. They'll also optimize the code, and parallelize the attack by performing the computation for multiple attempts on multiple CPU cores, while your code has to work for single-core machines.
Let's now imagine a perfect world in which you create a check that actually takes 15 seconds to complete. They can still do that 5,760 times per day.
Have you vetted crt1.o for correctness?
Fine.
mov eax, 60
xor ebx, ebx
int 0x80
A current NFL quarterback solved two of the Clay Millennium million-dollar prizes while in undergraduate school. Goes to show that stereotypes don't always fit!
Given the NFL's record, I don't think that anyone having been sacked a bunch of times will be able to do much more than count change when they're done.
If computers were allowed, it might have far-reaching effects. A computer could know the entire state of the game, and look through every game in history to determine the outcomes of each choice a coach has at a particular moment. It could present to the coach a list of choices along with the expected outcomes given the probabilities in the past. In a way, it would eliminate some choices of the coach.
I think baseball would be affected much more than football. Baseball has ten times the games per year as the NFL, so statistical analysis would be more effective.
I think he made it up. I am not making up (but could be completely wrong) that coincidentally the difficulty of preventing decoherence scales exponentially. And that is the primary limiter to # of qubits and performance, more or less correct?
This is why I more or less will ignore quantum computing unless they can get the number of qubits up enough to be useful.
Wake me when scientists make a 2048-qubit computer. The Xbox 1 public key and I have a score to settle.
"The President of the United States and all of Congress is basically going to tell Silicon Valley to go fuck off."
He will get a very unpleasant surprise on the next fund-raising trip if he tries that.
He'll have more than enough money to beat the yahoos on the other side. And even if he signs SOPA, I'll still vote for him, only because I know the fascist on the other side would have signed SOPA *and* reinstated Don't Ask Don't Tell.
And another thing: English is not my native language and I know a lot of English words I have never heard. Yet I can read them no problem. Another fact in favor of the theory in the article.
I am a native speaker and I've learned many words in writing before I learned them in speech. As a result, some of my pronunciations are nonstandard. I pronounce "comparable" as if it were "compare" + "able", even though the standard way is irregular, "comp" + "arable". I tried to pronounce these words from how they were written before I'd heard them.