because if you never make the exploit public that doesn't mean that the black-hats won't know about it. And the 'slow to update' users will be vulnerable without ever knowing it.
This is only true if you assume that damage remains constant regardless of the number of people who know the problem.
If 1 blackhat knows the problem and can exploit it, is it better or worse than 10 million blackhats knowing about the problem and exploiting it? Is it better or worse when spammers begin to use the exploit to expand their bot network? Is it better or worse when one of those blackhats creates a utility usable by a 10 year old to break into systems?
THAT is the problem with public disclosure of exploit details.
"Mainstream support will end two years after the next version of this product is released. Extended support will end five years after mainstream support ends."
They already had to fight a negative perception before the 360 launched: the original xbox.
Failing to release it in Japan would have left gamers with the impression that Microsoft wasn't commited to Japan. It would have been an insult to all of the Japaneese devs they've been courting to develop Japaneese content. And finally, they need every extra second of a lead they can get over Sony to establish some sort of presence in the Japaneese market.
The people seduced by conspiracy theories aren't the type that will be swayed with reason and logic. The millions of people you would be attempting to reach will either dismiss the conspiracy out of hand (because, let's be honest, the people latching onto them generally look and sound like nutters), or they'll accept it regardless of whatever evidence is presented to them.
People seduced by conspiracy theories don't do so because they believe they have hard evidence supporting their claims -- they do so because it might be possible given a set of conditions that nobody can either prove or disprove.
The moon landings are a hoax because it MIGHT have been some sort of anti-communist propoganda conspiracy. Hell, it doesn't take much effort to imagine circumstances in which that MIGHT have actually occured. The problem is, of course, there is no way to prove it might not have occured, because as we just stated it doesn't take much effort to imagine cirumstances that it MIGHT have occured. Disproving any evidence supporting the theory doesn't do any good, as it still MIGHT have happened.
If you want proof of this concept, you only have to look as far as the last slashdot article involving Microsoft.
You'll forgive me if I don't want to waste my life battling fanatics.
You don't get it... logic, reason, and evidence mean nothing to conspiracy theorists. If I (or anyone else) goes on TV, they'd consider us part of the conspiracy to hide the truth.
Not that I (or anyone else) could get any air time to debunk the stuff in the first place. Truth and science are boring.
I'm a hobbist photographer, and even I know enough to explain away the conspiracy theorist "discrepancies". This is simple optics and photography 101 we're talking about here...
This means lugging the whole darned unit with me, if I want to play a game.
You don't need to tote the entire machine. Just a small memory card with your live profile on it. You can download and play the game on any machine after you've payed for it (if you are using your profile).
in CLR 1.0, if you have relative directory traversal, you can access paths which are longer than 255 chars, but any of the "open by path" routines cap it at 255 chars (including filename!). I filed a bug on this that the CLR guys said "won't fix - we just do what Win32 does". (gosh guys, i thought.NET was going to free us all from Win32. Guess not.)
Then the CLR guys were being retarded. All they need to do is call the unicode file api and prepend \\?\ to the path to indicate they're passing in > 256 chars. This also turns on strict parsing of the filename/path, meaning you can't get away with "c:\foo\bar\\\\mycrappyfile.txt" and other garbage that has to be supported for legacy reasons.
What's even funnier is that Microsoft would probably prefer to have no media attention at all at this point.
Hell, look back at the UMPC debackle...all they did was put up a retarded flash site with almost no information a week before they announced the product. Everything else you heard about it was media-generated hype and speculation.
The GP suggested that the EU would think that source would be sufficient. I merely refuted that argument; it was not my intention to argue for or against the "source should be sufficient" argument.
With regards to the "task", anything is possible given enough time. I respectfully submit that the time period given is not long enough to sufficiently complete a task that entails documenting 10+ years of work.
API and protocols to the extent that a third party could use this information to produce the same behavior
There's the rub, now isn't it? If I could take that information and produce the same result, is that sufficient? What about some guy who never touched a computer before? What about someone with lots of application development experience but no experience with over-the-wire protocols? What about someone who doesn't understand how encyrption algorythms work? What about someone who's used unix all their lives and never touched a windows box?
For that matter, what specific protocols do you want? "Server protocols" you say. Well, what do YOU consider to be a server protocol that needs documentation produced? Do I need to document how I perform standard DNS queries? Ping? RPC calls? Can I point to an extenal RFC that defines the implementation? Can I point to documentation on MSDN for relevant background detail? Do I have to document behavior that doesn't go over the wire?
I can sit here and ask questions for hours about either-or-ways of writing documentation of this nature. And you can sit there and repeat the same thing "document server protocols so a 3rd party can use it." So I end up making a set of assumptions that I believe are correct (given the lack of guidance), then hand you my documentation. Your response could easily be "that's not sufficient." Of course, when asked what's wrong with the documentation, your response is simply "you didn't document the server protocols so a 3rd party could use it."
If that's not an exercise in futility, I don't know what is.
As to arbitrary dates, well, all project management and so in is effectively arbitrary dates, just ones that you think are well reasoned, and give enough time to perform a task. So, in reality, the arbitrary date wasn't that arbitrary
So if I told you that you had a week to build a car from scratch (I mean really, do you have to do anything other than bolt on a few parts and fire up the engine?), I'm not setting an arbitrary date because I think my date is well reasoned?
If they were really afraid of being noncompliant, they could probably just release the source for the various implementations in lieu of specifications
THEY DID. The commission rejected it.
Microsoft has only set it self an impossible task because its business model requires it to ride a razor's edge between giving out too much information (and giving up the home-court advantage that Microsoft's internal developers enjoy) and not enough (and facing the ire of the regulators).
Microsoft didn't set itself an impossible task. A 3rd party did. And the 3rd party set an arbitrary deadline to complete the work. And the 3rd party won't put in writing what specifically it wants done.
I'm sure the E.U. would be satisfied with the actual source
Because "Access vioation at 0xdededede" isn't an error message you can really troubleshoot. And if you could troubleshoot it, you'd have a debugger installed on the machine that would prevent the dialog from appearing in the first place.
...in my defense (after researching in disbelief), opera and konqueror only started to pass within the last few months (and I'd completely forgotten about Safari:p).
Damn, that sucks. I haven't tried 9 yet; I didn't realize that it had bloated that badly. For reference, IE is currently using 80mb on my machine with... 9 tabs open.
Memory usage: Less than firefox (not that that is difficult), more than opera Back compat: Seems fine to me ACID2 test: It fails miserably, just like every other browser out there Transparent ping support: It has it 7+ crap: basically, sandboxing of IE and other Vista only features
So what you are saying is that you will need to compress and degrade the signal more on HD-DVD.
Stop putting words in my mouth. I'm saying that, unless you consider DVD video "degraded", that you don't need 25gb of space to store a movie using a next gen codec. If you're using mpeg2 for all your release titles (see current shipping bluray titles) you actually need 24-36gb of storage space (you may also note many reviews complaining about poor quality of the encode and lack of extras on those discs).
You'll find that the bitrate of the encoded video will be large enough to fill the entire disc, regardless of capacity. With bluray, you're going to see mostly single layer discs holding 25gb of data, with hd-dvd you're going to see mostly dual layer discs holding 30gb of data.
In short Blue Ray can hold at min 5GB more on single layer.
Good grief, can you get any facts straight? It's a 10gb difference per layer.
HD-DVD currently has a 5gb advantage over bluray as they still haven't figured out how to punch out dual layer bluray discs in large quantities.
As far as Microsoft goes. Again, as the parent poster mentioned it all comes down to Java. They don't and will never control Java. They hate that. We can argue all day about how much money they get on HD-DVD vs Blu-Ray, but they get control of one format and that isn't Blu-Ray. Not to mention that Blu-Ray gets Java in the living room. That has to scare the crap out of Microsoft.
So your counter to a reasoned well thought out arguement is "Microsoft is teh evil no likey Java". The bozo hat is coming out in a minute here. Microsoft couldn't give a shit about Java on bluray. Java is, for all intensive purposes, dead on Windows, which is the only place it was ever a threat to them. Get over it.
Yeah and the less than 100k people that bought a HD-DVD player didn't have a DVD player also? This is a very small issue. However, your statement is incorrect. There is already a DVD,BluRay burner out there. So this "advantage" isn't there.
Were you born stupid or were you dropped on your head as a child? I, as a person currently owning a DVD player, and as a person NOT owning an HD-DVD player, like the thought of buying HD-DVD discs NOW, and playing them in my DVD player NOW. In 4 years, I'd like to be able to take those VERY SAME DISCS, stick them in an HD-DVD player, and watch them in their hi-def glory.
And wtf does this have to do with a combo dvd/bluray burner?
Then again it could be. More storage means less compression. Less compression most of the time means better quality.
You need exponentially more storage to achieve noticable quality improvements. A 10kb jpeg looks noticably better than a 1kb jpg. A 100kb jpeb looks noticably better than a 10kb jpeg. A 1mb jpeg looks noticably better than a 100kb jpeg. Etc. In this case, you would need a 500gb disc to achieve significant quality gains. An additional 20gb isn't enough to yield noticable differences in quality, and that's assuming of course studios even put out discs in that size.
Lets change the analogy a bit. One car is expensive and it run on Disel. The other car is not going to be out for a few months later and it runs on regular gas. Unfortunately this second car is going to initially cost more than the first, but a company is going to release an SUV that also runs on gas and over 100X the people that would buy either car will buy the SUV over the next two years. The market will see this and support gas over disel.
Slashdot Mirror
because if you never make the exploit public that doesn't mean that the black-hats won't know about it. And the 'slow to update' users will be vulnerable without ever knowing it.
This is only true if you assume that damage remains constant regardless of the number of people who know the problem.
If 1 blackhat knows the problem and can exploit it, is it better or worse than 10 million blackhats knowing about the problem and exploiting it? Is it better or worse when spammers begin to use the exploit to expand their bot network? Is it better or worse when one of those blackhats creates a utility usable by a 10 year old to break into systems?
THAT is the problem with public disclosure of exploit details.
If it is such a "risk", turn it off and install the patches by hand. Problem solved.
"Mainstream support will end two years after the next version of this product is released. Extended support will end five years after mainstream support ends."
http://support.microsoft.com/lifecycle/?p1=3223
They already had to fight a negative perception before the 360 launched: the original xbox.
Failing to release it in Japan would have left gamers with the impression that Microsoft wasn't commited to Japan. It would have been an insult to all of the Japaneese devs they've been courting to develop Japaneese content. And finally, they need every extra second of a lead they can get over Sony to establish some sort of presence in the Japaneese market.
The people seduced by conspiracy theories aren't the type that will be swayed with reason and logic. The millions of people you would be attempting to reach will either dismiss the conspiracy out of hand (because, let's be honest, the people latching onto them generally look and sound like nutters), or they'll accept it regardless of whatever evidence is presented to them.
People seduced by conspiracy theories don't do so because they believe they have hard evidence supporting their claims -- they do so because it might be possible given a set of conditions that nobody can either prove or disprove.
The moon landings are a hoax because it MIGHT have been some sort of anti-communist propoganda conspiracy. Hell, it doesn't take much effort to imagine circumstances in which that MIGHT have actually occured. The problem is, of course, there is no way to prove it might not have occured, because as we just stated it doesn't take much effort to imagine cirumstances that it MIGHT have occured. Disproving any evidence supporting the theory doesn't do any good, as it still MIGHT have happened.
If you want proof of this concept, you only have to look as far as the last slashdot article involving Microsoft.
You'll forgive me if I don't want to waste my life battling fanatics.
You don't get it ... logic, reason, and evidence mean nothing to conspiracy theorists. If I (or anyone else) goes on TV, they'd consider us part of the conspiracy to hide the truth.
Not that I (or anyone else) could get any air time to debunk the stuff in the first place. Truth and science are boring.
I'm a hobbist photographer, and even I know enough to explain away the conspiracy theorist "discrepancies". This is simple optics and photography 101 we're talking about here...
That being said, you can configure an x86 system to reject unsigned drivers.
My statement was poorly phrased. To clarify: I'd rather have a Saturn over an N64.
Uh, no, it doesn't. And I've got the proof sitting right in front of me:
95% - idle
2% - Virtual PC.exe
2% - taskmgr.exe
1% - svchost.exe
In all fairness, I'd rather have the last system Sega ended up producing over the N64 ...
This means lugging the whole darned unit with me, if I want to play a game.
You don't need to tote the entire machine. Just a small memory card with your live profile on it. You can download and play the game on any machine after you've payed for it (if you are using your profile).
in CLR 1.0, if you have relative directory traversal, you can access paths which are longer than 255 chars, but any of the "open by path" routines cap it at 255 chars (including filename!). I filed a bug on this that the CLR guys said "won't fix - we just do what Win32 does". (gosh guys, i thought .NET was going to free us all from Win32. Guess not.)
Then the CLR guys were being retarded. All they need to do is call the unicode file api and prepend \\?\ to the path to indicate they're passing in > 256 chars. This also turns on strict parsing of the filename/path, meaning you can't get away with "c:\foo\bar\\\\mycrappyfile.txt" and other garbage that has to be supported for legacy reasons.
What's even funnier is that Microsoft would probably prefer to have no media attention at all at this point.
Hell, look back at the UMPC debackle...all they did was put up a retarded flash site with almost no information a week before they announced the product. Everything else you heard about it was media-generated hype and speculation.
Hmmm, if I were a criminal, which would I prefer ... a prison made by Apple, or a prison made by Microsoft.
The GP suggested that the EU would think that source would be sufficient. I merely refuted that argument; it was not my intention to argue for or against the "source should be sufficient" argument.
With regards to the "task", anything is possible given enough time. I respectfully submit that the time period given is not long enough to sufficiently complete a task that entails documenting 10+ years of work.
API and protocols to the extent that a third party could use this information to produce the same behavior
There's the rub, now isn't it? If I could take that information and produce the same result, is that sufficient? What about some guy who never touched a computer before? What about someone with lots of application development experience but no experience with over-the-wire protocols? What about someone who doesn't understand how encyrption algorythms work? What about someone who's used unix all their lives and never touched a windows box?
For that matter, what specific protocols do you want? "Server protocols" you say. Well, what do YOU consider to be a server protocol that needs documentation produced? Do I need to document how I perform standard DNS queries? Ping? RPC calls? Can I point to an extenal RFC that defines the implementation? Can I point to documentation on MSDN for relevant background detail? Do I have to document behavior that doesn't go over the wire?
I can sit here and ask questions for hours about either-or-ways of writing documentation of this nature. And you can sit there and repeat the same thing "document server protocols so a 3rd party can use it." So I end up making a set of assumptions that I believe are correct (given the lack of guidance), then hand you my documentation. Your response could easily be "that's not sufficient." Of course, when asked what's wrong with the documentation, your response is simply "you didn't document the server protocols so a 3rd party could use it."
If that's not an exercise in futility, I don't know what is.
As to arbitrary dates, well, all project management and so in is effectively arbitrary dates, just ones that you think are well reasoned, and give enough time to perform a task. So, in reality, the arbitrary date wasn't that arbitrary
So if I told you that you had a week to build a car from scratch (I mean really, do you have to do anything other than bolt on a few parts and fire up the engine?), I'm not setting an arbitrary date because I think my date is well reasoned?
If they were really afraid of being noncompliant, they could probably just release the source for the various implementations in lieu of specifications
1 0/49210.html?Ad=1 )
THEY DID. The commission rejected it.
Microsoft has only set it self an impossible task because its business model requires it to ride a razor's edge between giving out too much information (and giving up the home-court advantage that Microsoft's internal developers enjoy) and not enough (and facing the ire of the regulators).
Microsoft didn't set itself an impossible task. A 3rd party did. And the 3rd party set an arbitrary deadline to complete the work. And the 3rd party won't put in writing what specifically it wants done.
I'm sure the E.U. would be satisfied with the actual source
They weren't: "The Windows 'source code was never asked for nor indeed welcomed'". ( http://www.windowsitpro.com/Article/ArticleID/492
Because "Access vioation at 0xdededede" isn't an error message you can really troubleshoot. And if you could troubleshoot it, you'd have a debugger installed on the machine that would prevent the dialog from appearing in the first place.
People like you are the reason why toaster manuals now state 20 different ways you shouldn't put a toaster into water.
...in my defense (after researching in disbelief), opera and konqueror only started to pass within the last few months (and I'd completely forgotten about Safari :p).
Damn, that sucks. I haven't tried 9 yet; I didn't realize that it had bloated that badly. For reference, IE is currently using 80mb on my machine with ... 9 tabs open.
Memory usage: Less than firefox (not that that is difficult), more than opera
Back compat: Seems fine to me
ACID2 test: It fails miserably, just like every other browser out there
Transparent ping support: It has it
7+ crap: basically, sandboxing of IE and other Vista only features
Unfair comparision. The PSP has sold in the 100k range, yet there will be 6 MILLION PS3's out by next March.
You might want to doublecheck those sales figures. The PSP hit 10 million units LAST OCTOBER ( http://www.megagames.com/news/html/console/pspsale sfiguresreleased.shtml ). It is a perfectly fair comparison.
So what you are saying is that you will need to compress and degrade the signal more on HD-DVD.
Stop putting words in my mouth. I'm saying that, unless you consider DVD video "degraded", that you don't need 25gb of space to store a movie using a next gen codec. If you're using mpeg2 for all your release titles (see current shipping bluray titles) you actually need 24-36gb of storage space (you may also note many reviews complaining about poor quality of the encode and lack of extras on those discs).
You'll find that the bitrate of the encoded video will be large enough to fill the entire disc, regardless of capacity. With bluray, you're going to see mostly single layer discs holding 25gb of data, with hd-dvd you're going to see mostly dual layer discs holding 30gb of data.
In short Blue Ray can hold at min 5GB more on single layer.
Good grief, can you get any facts straight? It's a 10gb difference per layer.
HD-DVD currently has a 5gb advantage over bluray as they still haven't figured out how to punch out dual layer bluray discs in large quantities.
As far as Microsoft goes. Again, as the parent poster mentioned it all comes down to Java. They don't and will never control Java. They hate that. We can argue all day about how much money they get on HD-DVD vs Blu-Ray, but they get control of one format and that isn't Blu-Ray. Not to mention that Blu-Ray gets Java in the living room. That has to scare the crap out of Microsoft.
So your counter to a reasoned well thought out arguement is "Microsoft is teh evil no likey Java". The bozo hat is coming out in a minute here. Microsoft couldn't give a shit about Java on bluray. Java is, for all intensive purposes, dead on Windows, which is the only place it was ever a threat to them. Get over it.
Yeah and the less than 100k people that bought a HD-DVD player didn't have a DVD player also? This is a very small issue. However, your statement is incorrect. There is already a DVD,BluRay burner out there. So this "advantage" isn't there.
Were you born stupid or were you dropped on your head as a child? I, as a person currently owning a DVD player, and as a person NOT owning an HD-DVD player, like the thought of buying HD-DVD discs NOW, and playing them in my DVD player NOW. In 4 years, I'd like to be able to take those VERY SAME DISCS, stick them in an HD-DVD player, and watch them in their hi-def glory.
And wtf does this have to do with a combo dvd/bluray burner?
Then again it could be. More storage means less compression. Less compression most of the time means better quality.
You need exponentially more storage to achieve noticable quality improvements. A 10kb jpeg looks noticably better than a 1kb jpg. A 100kb jpeb looks noticably better than a 10kb jpeg. A 1mb jpeg looks noticably better than a 100kb jpeg. Etc. In this case, you would need a 500gb disc to achieve significant quality gains. An additional 20gb isn't enough to yield noticable differences in quality, and that's assuming of course studios even put out discs in that size.
Lets change the analogy a bit. One car is expensive and it run on Disel. The other car is not going to be out for a few months later and it runs on regular gas. Unfortunately this second car is going to initially cost more than the first, but a company is going to release an SUV that also runs on gas and over 100X the people that would buy either car will buy the SUV over the next two years. The market will see this and support gas over disel.
Your analogy doesn
I know a lot of people who don't use their PS2 as their only DVD player. I think you're wierd. So where does that leave us, wierdo? :p
The "high end" xbox360 costs $400. The "core" sells for $300.