On the Microsoft side, DirectX came out nearly 10 years ago...
Let's see... that would be, what, ten years after the initial release of Windows 1.0 (we'll ignore DOS for the moment)?
And DirectX is comparable to SDL, not to ALSA/OSS. How many years after Linux was in a releasable form did SDL come out?
ALSA/OSS is a driver revamp. I do believe Microsoft underwent a pretty thorough throwing out of drivers when they ended the 9x line and moved to the NT line completely.
Ever used a system with multiple sound cards? I have, and I'm not even an audio engineer. That approach wouldn't work very well for it.
You want to "dump a file to/dev/audio"? What format would be used? Linear or logarithmic encoding? What if the sound card does MP3 decompression onboard -- how do you get MP3 data to it? How do you detect whether to use 44.1 or 48kHz? Am I unable to set bass enhancement from the command line? What if I want to play a MIDI? What about cards that have a front and rear stereo channel -- where does what go?
I'm not saying that these are insoluable, just that there's a bit more complexity than you're making out.
How would you implement "mixing should be handled intelligently"? This is something that I've thought and bitched about for a while. The ideal would be to automatically use hardware mixing up to the maximum number of channels (two on an old card I had, 32 on my current Sound Blaster Live), then fall back to software mixing. The problem is that you have to have some buffer space to mix audio, which means adding latency. When you hit 33 channels and that last channel has to be software-mixed, what are you going to do -- suddenly bump up the latency in the audio to add a buffer into the audio output line? Right in the middle of playback?
* The OpenAL library came around. Does 3d audio, hardware mixing, doppler, etc, etc. Good for games.
* OSS/Free got deprecated.
* The plethora of eight million halfassed sound servers resolved down into just a few -- artsd is probably going away in favor of JACK (if the article is correct), which means that we just have the (icky) esound -- which with any luck will give way to JACK -- and JACK. Finally, applications can avoid having eight million output plugins.
* Hardware mixing in drivers became par for the course. Five years ago, everyone used OSS/Free. Today, you can play audio in xmms and *still* hear your "bong" when an error occurs without having to ram everything through a high-latency sound server.
* Wavetable MIDI is, at long last, reasonably well supported. I remember the early days with my emu10k1-based Sound Blaster Live Value and earlier cards where I had to just use FM synth because I couldn't load soundfonts to my card. Linux was behind for years here.
* Creative Labs is no longer ignoring Linux users.
* At least in theory, I can use the DSP on my emu10k1 chip to do things like adjust bass.
* There are half-decent sound applications out there. Rosegarden doesn't suck, there are synths and trackers and editors. Still not the same as a Windows or MacOS-based sound editing environment, but you can actually do sound work on Linux without coding up your own tools.:-)
I actually really like Linux as a sound-using environment. I can plonk two or three sound cards into a Linux system and (unlike Windows) all my apps let me choose what device to play out of. I can be playing music going to speakers out of Sound Card A for everyone in a room, but still be listening to what someone's saying on VoIP over my headphones connected to Sound Card B.
I realize that this is going to be a really unpopular view, but hear me out.
My argument is that we institute legal processes to fix things only when we cannot fix them otherwise. For example, we have no way of keeping people from burning people's houses down, so we have the crime of "arson". If there was a simple spray for a house that made everything completely non-flammable, there'd be no reason to introduce the complexity and overhead of legalities.
The problem is that this is not an insoluable technical problem. (I don't think that *spam* is an insoluable technical problem either, but at least it's *harder* to solve.) It is very, very easy to stop boxes from ever popping up. Microsoft screwed up, and it'd be easy for them to provide a download from Windows Update that disables the Messenger service. Instead, they've chosen not to do so. This is an easy, easy fix. If people's computers were being *compromised* (so that by the time Microsoft's update came in, the computer was already controlled by a hacker, and nothing could be done), there would be a different issue. Pop-ups? Just disable the damned thing.
The same goes for instant messenger messages (though to a lesser extent). It is *extremely* difficult to try to slip ads past our existing messaging services, which are both (a) centralized, and (b) unencrypted. If IP Foo using account Bar is sending messages to a thousand different people in a day, something is very clearly quite dubious about that person.
I really, really, really do not think that the FTC should get involved. I can understand people being pissed off, but the person to be pissed off at is Microsoft in the case of Windows Messenger and the instant message provider in the case of the instant messaging. One of the fundamental things that you have to do when you design a system is make it reasonably unpromising to abusers. That was not done in either case. It's not something that requires intervention from the FTC (unless they want to make a statement about how people should complain to Microsoft/whatever instant messaging company is involved).
I could even see the FTC working with the industry to try to set up a mechanism for identifying people using their software that requires updates and notifying those people. But trying to stop advertising by going after one company at a time is pointless, and a waste of my tax dollars.
I don't like Microsoft. Microsoft has happily screwed me in all kinds of ways, just as it has most people on this site.
People tend to flame Microsoft as much as possible to get back at them for the things that they *don't* have any influence over, like the "integration" of MSIE and Windows.
However, this particular issue has reached the ridiculous. I don't care how badly Microsoft has screwed you over in the past, you're starting to sound ridiculous. At this point:
* Microsoft has been bashed on Slashdot for delaying SP2.
* Microsoft has been bashed on Slashdot for releasing SP2 with bugs still in it (based on, I must point out, a *prerelease* copy).
* Microsoft has been bashed on Slashdot for releasing SP2 to pirates (and encouraging piracy, and thus "beating Linux" by putting out Windows for free).
* Microsoft has been bashed on Slashdot for *not* releasing SP2 to pirates, and thus hurting everyone else from zombie boxes.
* Microsoft has been bashed for adding compatibility-breaking security fixes (most notably, no execute on stack) to SP2.
* Microsoft has been bashed for not having no execute on stack.
* Red Hat has been lauded for adding no-execute on stack support to their own systems.
* Many major Linux distros have not been bashed for not adding no-execute-on-stack support.
At this point, Slashdotters should just drop the subject.
Don't be misled by the submitter's mention of Doom 3's test_boxstack map, Doom 3's physics were done in-house at id by Jan Paul van Waveren (a.k.a. Mr. Elusive), who was also responsible for bots both official and unofficial in past Quakes. Gamespy interviewed him and Robert Duffy back in 2001, although the interview doesn't go too much into the details of exactly how Doom 3's physics work.
Yes, that was my guess when I read this article. Marketroid: "People like DOOM3 right now. Hmm. Time to get a Slashdot story submitted."
"DOOM3's physics engine is awesome! You can license [unrelated, permanently-proprietary engine] for only a small amount of money here [link]!"
Marketroid: "Yes sir, confused people are clicking on that link like mad."
The future is the people in hardware development, who have had a long and rich tradition of keeping their interfaces secret, switch *not* requiring their customers to NDA their SDKs so that people like Nvidia can open source their goddamn drivers. When I buy a product, I want that thing to stay usable, not sorta-supported as long as the company happens to stay in business.
The flashlight is really just an evolution in the way gameplay is going.
Go back and play an old FPS (say, Marathon). You'll find the combat to be *incredibly* easy. Why? Because everything moved so slowly -- enemies saunter towards you, shots lazily drift your way. Game developers had to keep coming up with new challenges for those people that beat early FPSes, so they kept jacking up the speed (look at those angry mutant lemur things that jump at you in FarCry, for instance).
The problem is that the reaction time allowed now is generally quite low in a modern FPS (where Serious Sam and similar are throwbacks to an earlier time). It's to the point where a middle-aged person will have a real problem playing a game like this, and where even new FPS gamers aren't always comfortable with it. What's the solution? Reduced visibility! Sure, a lot of old FPSes had "dark" areas, but the idea of imperfect or limited-time vision is really catching on. You don't have a perfect image of everything in the real world -- there's blurring and the like, vision that blackens, stuff that gets in your eyes, etc. DOOM 3 takes it to more of an extreme than existing games, to where visibility is really a core element of the game (really, DOOM 3 wouldn't be all that hard without the limited visibility).
There will always be games like Serious Sam (which is more like Doom 1 and 2 than Doom 3, IMHO), just as there are still above-view shooters and the like. But I think that the idea of limited visibility is pretty much here to stay. I'd expect that some people wouldn't like it, just as with any other gameplay genre. Me, I like easy FPSes with things that move in interesting ways (I dunno, use metaballs, use a couple of sine-like functions, that sort of thing), a small amount of sniping, and a small amount of stealth. Like anyone, I like high-resolution texturing. I don't like terribly complex puzzles, though I do like to have a couple. I like having goals that are a bit varied (not just hit switch A to open door B).
Yes, and this really is his account. John Carmack posts to Slashdot occasionally (and presumably even reads it). He's most definitely a member of the open source/geek community. He spent a lot of volunteer time coding up 3d drivers in XFree86 (and is one of the most influential people in establishing Linux as a gaming platform at all -- he helped bring the first apps and drivers around back when there was no infrastructure at all and no reason for anyone to do games on Linux). I suspect that id loses money on their Linux ports, but they do them anyway. JC open-sources his engines. He kept id small (I'm sure he and the other folks at id could have cashed in long ago and had a lot of suits and paper-shufflers, but chose to remain a "cool" company, sort of Hitchhiker's Guide to the Galaxy before the suits took over).
I dunno if JC reads all the responses to his posts, especially if those reponses come in a bit late, but I wanted to post this.
I've been advocating that an effective method of dissuading people from just swiping content is to put forward the human element. People *tip* waitresses, barbers and bellhops. People don't even blink before swiping the latest EA football game. What's the difference? People have a hard time ripping people off if they actually see them as people -- we've built up mental structures that dissuade us from screwing over *people*.
Corporations, on the other hand, are easy to screw over. They aren't *people*.
Somewhere along the line, publishers decided that they needed to try to market themselves. They demand that games be categorized under their name, that they appear before the developer on the title intro (and sometimes in an unskippable intro), so on and so forth. The problem is, nobody buys a game based on who publishes it. It's the development house that matters. Plus, developers provide that crucial human element -- "Sid Meyer" is a *person* who made a nice game, and when people pirate Civilization, they are taking away sales from him.
I think that John Carmack does one of the best jobs I've ever seen of promoting a human element, and deliberately or not, enjoys the benefits of the loyalty that comes with such. He posts about software that he's working on, and he puts out quite straightforward.plans that don't smack of the sort of marketroid-sterilized content that would come from EA. Really, I'd very much like to see games all include a brief video clip in the intro of the development team grinning and saying "Good luck!" or whatnot to keep that link alive.
One of the most effective tools that the RIAA has used (and has never been shot down) is that a pirate is "taking from the artist". People arguing with the RIAA didn't even bother to try to argue against this -- they just worked on pointing out that the RIAA doesn't give a whole lot of the CD royalties to the artist. We know that taking from content creators is bad. Publishers -- ah, nobody cares.
I wish more publishers and developers would do what Sid Meyer, John Carmack, and a few others do -- present a *human* face, let people associate *creators* with a game. That doesn't mean a carefully organized marketing scheme with a scantily clad female developer on staff, that means just letting the human "oh, that's a *person* who I shouldn't screw over" mechanism kick in.
The weapons SUCK. It feels like I'm playing with Unreal's weapons.
I felt that the weapons didn't have the insanely overpowered effects that are characteristic of older id titles either. My guess is that this is deliberate -- you're supposed to be *scared* of those fucking powerful bastards that can smash their way through walls and doors, not click a mouse button and watch ten guys drop. However, my guess was that there will be at least five mods to make everything sound and feel more powerful within three months, given the id fan base.
I've started marking people that submit obviously deliberately misleading stories "foe". My only regret is that Slashcode doesn't slap a "friend/foe" identifier pill next to the name of story submitters in stories.
Just to be a bit more clear, this means that the 2TB limit probably has nothing to do at all with the physical limitations on the card, and is simply an addressing limitation (i.e. you can only address bytes up to 2TB, as the designers suspected that it was certain that nobody could ever manage to design a card with this form factor that addresses more than 2TB).
The problem is that the court is doing the traditional role of law. If there is a social problem as a result of abusive behavior, a law is produced to prohibit that behavior. The problem is that (a) behavior limitations on the Internet are largely unenforceable and (b) that in many cases, we can just redesign a system. If someone abuses the telephone lines, we're fucked, because it costs too much to deploy a new abuse-resistant system. If someone abuses a piece of software (keyword-using search engines), it's cheap and easy to just produce a new search engine that ignores keywords, like Google.
The problem is that a lot of judges haven't caught on to this (Why would they? There's nobody actively informing them of the fact!), and are still doing their duty as they would in a traditional environment, even though it serves no purpose and stifles new systems on the Internet.
Uh, the Nazis *did* bill the Reichstag Fire as a terrorist conspiracy, and a reason for extended police powers, and a reason for the nation to need to "stand together" and not criticize them.
There should be a term that refers to events like the Reichstag Fire and 9/11.
PIN-entry on card. Right. Like my ATM is going to believe your card when it says you have the PIN. That's like rsh, except with money. You go first.
In smartcard-like systems (which differ from credit card systems), the PIN is not for the benefit of the ATM -- the smartcard would *never* hand over a PIN if it could get it directly from the user. As soon as you enter a PIN in smartcard, the ATM hands off the PIN to the smartcard and then is supposed to promptly "forget" about the PIN. The PIN is just what tells the smartcard that it should sign/endorse/do whatever the ATM hands to it. Generally, smartcards disable themselves if they get several bogus PINs in a row, as a matter of fact. The only reason for putting the buttons on the machine is that it reduces the unit cost of the card and lets you put buttons with nice texture and feedback.
As a matter of fact, cell phones could already provide much of this functionality onboard (though cell companies would be *certain* to want to route purchases through their own networks and take a cut, rather than just using IrDA or similar to talk directly to the ATM), and the FBI would be sure to want the phone to broadcast where you're using it and the like. Sigh.
I'm also wondering how I'm going to send someone payment without sending them personal information.
You don't. Your card-issuer (or a proxy, if there's any interest from card-issuers in providing anonymized transactions, which I'm guessing there won't be.:-(
Here's the data that goes back and forth in such a system:
1) You stick card into reader. Reader provides power, card powers itself on.
2) You enter PIN. Card notices that PIN is really yours and decides that "you are you", and allows you to authorize things.
3) ATM sends "WalMart, $55.95" to the card.
4) The card displays "WalMart, $55.95 on its display".
5) You hit "okay" on the card (probably doubles as one of the number buttons).
6) The card signs the following tuple ("12529134131", "WalMart, $55.95, 3451", where "3451" is an internal counter to the card that is incremented each use -- this prevents replay attacks, much like the serial number on a check), and sends it back to the reader. "12529134131" is a number that identifies you. Note that this can be anything, which is why such a system allows disconnecting personal information from your identity that WalMart can see. You could have just one, as debit card/credit cards currently have. You could have a number of "personas" on card that you hit a number to choose between. You could have a large store of one-time-use, pre-approved numbers on the card that are just moved through, one by one. This prevents Wal-Mart from tracking you, but gives them an identifier that whoever is holding your account (probably your card vendor or a proxy) knows maps to "you".
7) If you have the required money, the account-holding-server can return a response containing a tuple of "authorized" and all the data that they were previously sent (this prevents attacking transmission lines to ATMs and sending bogus "authorized" responses) signed with their *own* private key.
8) The reader checks, decides that the response is good, and gives you a recepit.
If anything, this is *easier* to use than a credit card, because the interface on a given, hell, I dunno what to call a button-and-display-enabled smartcard...(say, "brilliant card", in the vein of the "smart rocks"/"brilliant pebbles" anti-ICBM defense), brilliant card, is the same each time. With a card reader, the user has to figure out something different each time.
And for the life of me I don't see why biometrics couldn't be used in conjunction with other ID methods for enhanced security.
In theory, they could, as long as all ATMs/readers *strictly* never trusted biometrics alone, and required a second, strong form of authentication. There are two main drawbacks: (1) this destroys any possible vestig
A good ID verifying-device (card, token, whatever):
* Does not contain or rely on biometrics. Generally can change, and once copied/forged one can never change the identifying information.
* Is capable of doing public-key encryption on-card. The information that identifies the person never leaks to the device. (Technically, this can be done with symmetric encryption as well in conjunction with a trusted centralized server, but this has some drawbacks.)
* Has a PIN, so that stealing the card is not sufficient to impersonate a person.
* Has a PIN entry keypad *on-card*, so that false readers and bogus ATMs cannot steal PINs.
* If any data must go back to the card owner, has a rudimentary display *on-card* (say, a calculator-style LCD display), so that a false reader or bogus ATM cannot say that someone is paying "$10.00 to WalMart" for something and actually having them pay "$14.00 to Joe Hacker".
* Should support a scheme where personal identity is not disclosed, but a persona is (my "persona" at the moment is "0x0d0a"). This is because any national ID card will naturally be used by other systems as well, and without this step, severe privacy abuses will occur. This requires use of a trusted, centralized server or of a card that can natively store multiple identities.
* Allows one to disable the trusted nature of the the card quickly and easily if it is lost, and in a manner that cannot be easily done by others (which would allow a denial-of-service attack against the card owner).
* Can handle water, crushing force, and high temperature.
* Can fit in a wallet.
* Should have the ability to log identity verification usage, so that the user can sync his card up with a computer or similar and check to see what he actually signed off on two days ago.
This certainly isn't a complete list of desireable characteristics, but it's a start.
I am a doctor and we say 'never write something in the notes that you would not want them to see'.
Sad that we live in a society with such huge legal awards taken from medical providers that they are forced to wear false masks to get by.
Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.
Good incentive for company firewalls *not* to block outbound IMAP/IMAPS, since it encourages people to keep potentially incriminating mail off the corporate mail system.
we just don't want our admins to read all our mail too easily.
The mail and sysadmins are marvelously underpaid beasts, as the damage they can do to a company is phenomenal. They can generally see everything that anyone has written or does -- even the CEO is limited in this respect.
This puts IT in a very interesting position. They are in a position of extreme trust. A ranking IT person that "goes rogue" could probably get all of the email of the company, as well as other files. This means that it may be worthwhile to pay the IT people that you grant full control over your systems well to minimize the risk of them turning on you. The same thing happens for CEOs -- lots of pay, since the damage they can do is phenomenal.
nice guy - reporting the company... did it profit you any?
Actually, I'd say he is. If you define "nice" as "willing to take personal cost to benefit others (in this case society)", I'd say that he pretty much falls exactly into that category.
If "nobody likes a snitch" then perhaps everybody should stop breaking the law at their company. Frankly, I think it's too bad that we can't reward whistleblowers even more.
What the hell has this country become, and when is it going to change back?
The problem is that the US has punitive damages, and generally no caps on said damages. It also has class action lawsuits with no caps on attorney fees (there should be *flat caps*). The initial point of this was to rein in out-of-control companies, but it has horrendously backfired. Now, a huge amount of our business overhead results from attempts to compensate for ridiculous legal concerns. My disposable coffee cup each day has a molded plastic top with a huge blurb of text right in front of my eyes when I'm drinking that reads "WARNING! SIP WITH CAUTION! CONTENTS MAY BE HOT!"
In general, I do not believe that this has been a net win for society. We spend a huge amount of time in businesses doing stupid things to avoid legal problems. Many useful things that a company *might* do to help someone (like offer advice from their helpdesk with solutions that aren't on the "script" when the "script" has been exhausted and can't help anyone) are now avoided for fear of litigation. We see class-action lawyers (such as for the tobacco lawsuits) sucking down *huge* fees, on the order of hundreds of millions of dollars. The result has been flat bans on litigation (which, in my opinion, should never, ever be done and should be unconstitutional -- the lawsuit is the way our legal system allows a citizen to demand reparations). Now, a citizen cannot file suit against a food company for food "making them fat", and came close to not being able to file a lawsuit against tobacco companies (thanks to John McCain and Clinton for shooting that down). I'm not saying that either of these lawsuits would have merit, but the idea of banning lawsuits is appalling, and the idea of taking control of whether a lawsuit is reasonable or not from the judicial branch is particularly egregious.
Slashdot Mirror
On the Microsoft side, DirectX came out nearly 10 years ago...
... that would be, what, ten years after the initial release of Windows 1.0 (we'll ignore DOS for the moment)?
Let's see
And DirectX is comparable to SDL, not to ALSA/OSS. How many years after Linux was in a releasable form did SDL come out?
ALSA/OSS is a driver revamp. I do believe Microsoft underwent a pretty thorough throwing out of drivers when they ended the 9x line and moved to the NT line completely.
Ever used a system with multiple sound cards? I have, and I'm not even an audio engineer. That approach wouldn't work very well for it.
/dev/audio"? What format would be used? Linear or logarithmic encoding? What if the sound card does MP3 decompression onboard -- how do you get MP3 data to it? How do you detect whether to use 44.1 or 48kHz? Am I unable to set bass enhancement from the command line? What if I want to play a MIDI? What about cards that have a front and rear stereo channel -- where does what go?
You want to "dump a file to
I'm not saying that these are insoluable, just that there's a bit more complexity than you're making out.
How would you implement "mixing should be handled intelligently"? This is something that I've thought and bitched about for a while. The ideal would be to automatically use hardware mixing up to the maximum number of channels (two on an old card I had, 32 on my current Sound Blaster Live), then fall back to software mixing. The problem is that you have to have some buffer space to mix audio, which means adding latency. When you hit 33 channels and that last channel has to be software-mixed, what are you going to do -- suddenly bump up the latency in the audio to add a buffer into the audio output line? Right in the middle of playback?
Oh, let's see:
:-)
* The OpenAL library came around. Does 3d audio, hardware mixing, doppler, etc, etc. Good for games.
* OSS/Free got deprecated.
* The plethora of eight million halfassed sound servers resolved down into just a few -- artsd is probably going away in favor of JACK (if the article is correct), which means that we just have the (icky) esound -- which with any luck will give way to JACK -- and JACK. Finally, applications can avoid having eight million output plugins.
* Hardware mixing in drivers became par for the course. Five years ago, everyone used OSS/Free. Today, you can play audio in xmms and *still* hear your "bong" when an error occurs without having to ram everything through a high-latency sound server.
* Wavetable MIDI is, at long last, reasonably well supported. I remember the early days with my emu10k1-based Sound Blaster Live Value and earlier cards where I had to just use FM synth because I couldn't load soundfonts to my card. Linux was behind for years here.
* Creative Labs is no longer ignoring Linux users.
* At least in theory, I can use the DSP on my emu10k1 chip to do things like adjust bass.
* There are half-decent sound applications out there. Rosegarden doesn't suck, there are synths and trackers and editors. Still not the same as a Windows or MacOS-based sound editing environment, but you can actually do sound work on Linux without coding up your own tools.
I actually really like Linux as a sound-using environment. I can plonk two or three sound cards into a Linux system and (unlike Windows) all my apps let me choose what device to play out of. I can be playing music going to speakers out of Sound Card A for everyone in a room, but still be listening to what someone's saying on VoIP over my headphones connected to Sound Card B.
I realize that this is going to be a really unpopular view, but hear me out.
My argument is that we institute legal processes to fix things only when we cannot fix them otherwise. For example, we have no way of keeping people from burning people's houses down, so we have the crime of "arson". If there was a simple spray for a house that made everything completely non-flammable, there'd be no reason to introduce the complexity and overhead of legalities.
The problem is that this is not an insoluable technical problem. (I don't think that *spam* is an insoluable technical problem either, but at least it's *harder* to solve.) It is very, very easy to stop boxes from ever popping up. Microsoft screwed up, and it'd be easy for them to provide a download from Windows Update that disables the Messenger service. Instead, they've chosen not to do so. This is an easy, easy fix. If people's computers were being *compromised* (so that by the time Microsoft's update came in, the computer was already controlled by a hacker, and nothing could be done), there would be a different issue. Pop-ups? Just disable the damned thing.
The same goes for instant messenger messages (though to a lesser extent). It is *extremely* difficult to try to slip ads past our existing messaging services, which are both (a) centralized, and (b) unencrypted. If IP Foo using account Bar is sending messages to a thousand different people in a day, something is very clearly quite dubious about that person.
I really, really, really do not think that the FTC should get involved. I can understand people being pissed off, but the person to be pissed off at is Microsoft in the case of Windows Messenger and the instant message provider in the case of the instant messaging. One of the fundamental things that you have to do when you design a system is make it reasonably unpromising to abusers. That was not done in either case. It's not something that requires intervention from the FTC (unless they want to make a statement about how people should complain to Microsoft/whatever instant messaging company is involved).
I could even see the FTC working with the industry to try to set up a mechanism for identifying people using their software that requires updates and notifying those people. But trying to stop advertising by going after one company at a time is pointless, and a waste of my tax dollars.
Just to make it clear, "you" refers to those Slashdotters bashing Microsoft over SP2 right and left, not the parent poster.
Even if it wasn't routine, it's *stupid*.
I don't like Microsoft. Microsoft has happily screwed me in all kinds of ways, just as it has most people on this site.
People tend to flame Microsoft as much as possible to get back at them for the things that they *don't* have any influence over, like the "integration" of MSIE and Windows.
However, this particular issue has reached the ridiculous. I don't care how badly Microsoft has screwed you over in the past, you're starting to sound ridiculous. At this point:
* Microsoft has been bashed on Slashdot for delaying SP2.
* Microsoft has been bashed on Slashdot for releasing SP2 with bugs still in it (based on, I must point out, a *prerelease* copy).
* Microsoft has been bashed on Slashdot for releasing SP2 to pirates (and encouraging piracy, and thus "beating Linux" by putting out Windows for free).
* Microsoft has been bashed on Slashdot for *not* releasing SP2 to pirates, and thus hurting everyone else from zombie boxes.
* Microsoft has been bashed for adding compatibility-breaking security fixes (most notably, no execute on stack) to SP2.
* Microsoft has been bashed for not having no execute on stack.
* Red Hat has been lauded for adding no-execute on stack support to their own systems.
* Many major Linux distros have not been bashed for not adding no-execute-on-stack support.
At this point, Slashdotters should just drop the subject.
Don't be misled by the submitter's mention of Doom 3's test_boxstack map, Doom 3's physics were done in-house at id by Jan Paul van Waveren (a.k.a. Mr. Elusive), who was also responsible for bots both official and unofficial in past Quakes. Gamespy interviewed him and Robert Duffy back in 2001, although the interview doesn't go too much into the details of exactly how Doom 3's physics work.
Yes, that was my guess when I read this article. Marketroid: "People like DOOM3 right now. Hmm. Time to get a Slashdot story submitted."
"DOOM3's physics engine is awesome! You can license [unrelated, permanently-proprietary engine] for only a small amount of money here [link]!"
Marketroid: "Yes sir, confused people are clicking on that link like mad."
Argh.
I already posted an admission (P.S. why was that moderated funny?)
Keep in mind that when John Carmack posted about DOOM 3 on the DOOM 3 article a few days ago, it was moderated as "Offtopic".
You're right. I apologize.
I should have said "computer-readable biometric".
The problem comes in when we require a reader for whatever biometric data you're using and a malicious reader can swipe it.
The future is the people in hardware development, who have had a long and rich tradition of keeping their interfaces secret, switch *not* requiring their customers to NDA their SDKs so that people like Nvidia can open source their goddamn drivers. When I buy a product, I want that thing to stay usable, not sorta-supported as long as the company happens to stay in business.
The flashlight is really just an evolution in the way gameplay is going.
Go back and play an old FPS (say, Marathon). You'll find the combat to be *incredibly* easy. Why? Because everything moved so slowly -- enemies saunter towards you, shots lazily drift your way. Game developers had to keep coming up with new challenges for those people that beat early FPSes, so they kept jacking up the speed (look at those angry mutant lemur things that jump at you in FarCry, for instance).
The problem is that the reaction time allowed now is generally quite low in a modern FPS (where Serious Sam and similar are throwbacks to an earlier time). It's to the point where a middle-aged person will have a real problem playing a game like this, and where even new FPS gamers aren't always comfortable with it. What's the solution? Reduced visibility! Sure, a lot of old FPSes had "dark" areas, but the idea of imperfect or limited-time vision is really catching on. You don't have a perfect image of everything in the real world -- there's blurring and the like, vision that blackens, stuff that gets in your eyes, etc. DOOM 3 takes it to more of an extreme than existing games, to where visibility is really a core element of the game (really, DOOM 3 wouldn't be all that hard without the limited visibility).
There will always be games like Serious Sam (which is more like Doom 1 and 2 than Doom 3, IMHO), just as there are still above-view shooters and the like. But I think that the idea of limited visibility is pretty much here to stay. I'd expect that some people wouldn't like it, just as with any other gameplay genre. Me, I like easy FPSes with things that move in interesting ways (I dunno, use metaballs, use a couple of sine-like functions, that sort of thing), a small amount of sniping, and a small amount of stealth. Like anyone, I like high-resolution texturing. I don't like terribly complex puzzles, though I do like to have a couple. I like having goals that are a bit varied (not just hit switch A to open door B).
Yes, and this really is his account. John Carmack posts to Slashdot occasionally (and presumably even reads it). He's most definitely a member of the open source/geek community. He spent a lot of volunteer time coding up 3d drivers in XFree86 (and is one of the most influential people in establishing Linux as a gaming platform at all -- he helped bring the first apps and drivers around back when there was no infrastructure at all and no reason for anyone to do games on Linux). I suspect that id loses money on their Linux ports, but they do them anyway. JC open-sources his engines. He kept id small (I'm sure he and the other folks at id could have cashed in long ago and had a lot of suits and paper-shufflers, but chose to remain a "cool" company, sort of Hitchhiker's Guide to the Galaxy before the suits took over).
Other notables to look out for on Slashdot include Bruce Perens and Alan Cox.
I dunno if JC reads all the responses to his posts, especially if those reponses come in a bit late, but I wanted to post this.
.plans that don't smack of the sort of marketroid-sterilized content that would come from EA. Really, I'd very much like to see games all include a brief video clip in the intro of the development team grinning and saying "Good luck!" or whatnot to keep that link alive.
I've been advocating that an effective method of dissuading people from just swiping content is to put forward the human element. People *tip* waitresses, barbers and bellhops. People don't even blink before swiping the latest EA football game. What's the difference? People have a hard time ripping people off if they actually see them as people -- we've built up mental structures that dissuade us from screwing over *people*.
Corporations, on the other hand, are easy to screw over. They aren't *people*.
Somewhere along the line, publishers decided that they needed to try to market themselves. They demand that games be categorized under their name, that they appear before the developer on the title intro (and sometimes in an unskippable intro), so on and so forth. The problem is, nobody buys a game based on who publishes it. It's the development house that matters. Plus, developers provide that crucial human element -- "Sid Meyer" is a *person* who made a nice game, and when people pirate Civilization, they are taking away sales from him.
I think that John Carmack does one of the best jobs I've ever seen of promoting a human element, and deliberately or not, enjoys the benefits of the loyalty that comes with such. He posts about software that he's working on, and he puts out quite straightforward
One of the most effective tools that the RIAA has used (and has never been shot down) is that a pirate is "taking from the artist". People arguing with the RIAA didn't even bother to try to argue against this -- they just worked on pointing out that the RIAA doesn't give a whole lot of the CD royalties to the artist. We know that taking from content creators is bad. Publishers -- ah, nobody cares.
I wish more publishers and developers would do what Sid Meyer, John Carmack, and a few others do -- present a *human* face, let people associate *creators* with a game. That doesn't mean a carefully organized marketing scheme with a scantily clad female developer on staff, that means just letting the human "oh, that's a *person* who I shouldn't screw over" mechanism kick in.
The weapons SUCK. It feels like I'm playing with Unreal's weapons.
I felt that the weapons didn't have the insanely overpowered effects that are characteristic of older id titles either. My guess is that this is deliberate -- you're supposed to be *scared* of those fucking powerful bastards that can smash their way through walls and doors, not click a mouse button and watch ten guys drop. However, my guess was that there will be at least five mods to make everything sound and feel more powerful within three months, given the id fan base.
I've started marking people that submit obviously deliberately misleading stories "foe". My only regret is that Slashcode doesn't slap a "friend/foe" identifier pill next to the name of story submitters in stories.
Just to be a bit more clear, this means that the 2TB limit probably has nothing to do at all with the physical limitations on the card, and is simply an addressing limitation (i.e. you can only address bytes up to 2TB, as the designers suspected that it was certain that nobody could ever manage to design a card with this form factor that addresses more than 2TB).
The problem is that the court is doing the traditional role of law. If there is a social problem as a result of abusive behavior, a law is produced to prohibit that behavior. The problem is that (a) behavior limitations on the Internet are largely unenforceable and (b) that in many cases, we can just redesign a system. If someone abuses the telephone lines, we're fucked, because it costs too much to deploy a new abuse-resistant system. If someone abuses a piece of software (keyword-using search engines), it's cheap and easy to just produce a new search engine that ignores keywords, like Google.
The problem is that a lot of judges haven't caught on to this (Why would they? There's nobody actively informing them of the fact!), and are still doing their duty as they would in a traditional environment, even though it serves no purpose and stifles new systems on the Internet.
Uh, the Nazis *did* bill the Reichstag Fire as a terrorist conspiracy, and a reason for extended police powers, and a reason for the nation to need to "stand together" and not criticize them.
There should be a term that refers to events like the Reichstag Fire and 9/11.
PIN-entry on card. Right. Like my ATM is going to believe your card when it says you have the PIN. That's like rsh, except with money. You go first.
:-(
In smartcard-like systems (which differ from credit card systems), the PIN is not for the benefit of the ATM -- the smartcard would *never* hand over a PIN if it could get it directly from the user. As soon as you enter a PIN in smartcard, the ATM hands off the PIN to the smartcard and then is supposed to promptly "forget" about the PIN. The PIN is just what tells the smartcard that it should sign/endorse/do whatever the ATM hands to it. Generally, smartcards disable themselves if they get several bogus PINs in a row, as a matter of fact. The only reason for putting the buttons on the machine is that it reduces the unit cost of the card and lets you put buttons with nice texture and feedback.
As a matter of fact, cell phones could already provide much of this functionality onboard (though cell companies would be *certain* to want to route purchases through their own networks and take a cut, rather than just using IrDA or similar to talk directly to the ATM), and the FBI would be sure to want the phone to broadcast where you're using it and the like. Sigh.
I'm also wondering how I'm going to send someone payment without sending them personal information.
You don't. Your card-issuer (or a proxy, if there's any interest from card-issuers in providing anonymized transactions, which I'm guessing there won't be.
Here's the data that goes back and forth in such a system:
1) You stick card into reader. Reader provides power, card powers itself on.
2) You enter PIN. Card notices that PIN is really yours and decides that "you are you", and allows you to authorize things.
3) ATM sends "WalMart, $55.95" to the card.
4) The card displays "WalMart, $55.95 on its display".
5) You hit "okay" on the card (probably doubles as one of the number buttons).
6) The card signs the following tuple ("12529134131", "WalMart, $55.95, 3451", where "3451" is an internal counter to the card that is incremented each use -- this prevents replay attacks, much like the serial number on a check), and sends it back to the reader. "12529134131" is a number that identifies you. Note that this can be anything, which is why such a system allows disconnecting personal information from your identity that WalMart can see. You could have just one, as debit card/credit cards currently have. You could have a number of "personas" on card that you hit a number to choose between. You could have a large store of one-time-use, pre-approved numbers on the card that are just moved through, one by one. This prevents Wal-Mart from tracking you, but gives them an identifier that whoever is holding your account (probably your card vendor or a proxy) knows maps to "you".
7) If you have the required money, the account-holding-server can return a response containing a tuple of "authorized" and all the data that they were previously sent (this prevents attacking transmission lines to ATMs and sending bogus "authorized" responses) signed with their *own* private key.
8) The reader checks, decides that the response is good, and gives you a recepit.
If anything, this is *easier* to use than a credit card, because the interface on a given, hell, I dunno what to call a button-and-display-enabled smartcard...(say, "brilliant card", in the vein of the "smart rocks"/"brilliant pebbles" anti-ICBM defense), brilliant card, is the same each time. With a card reader, the user has to figure out something different each time.
And for the life of me I don't see why biometrics couldn't be used in conjunction with other ID methods for enhanced security.
In theory, they could, as long as all ATMs/readers *strictly* never trusted biometrics alone, and required a second, strong form of authentication. There are two main drawbacks: (1) this destroys any possible vestig
A good ID verifying-device (card, token, whatever):
* Does not contain or rely on biometrics. Generally can change, and once copied/forged one can never change the identifying information.
* Is capable of doing public-key encryption on-card. The information that identifies the person never leaks to the device. (Technically, this can be done with symmetric encryption as well in conjunction with a trusted centralized server, but this has some drawbacks.)
* Has a PIN, so that stealing the card is not sufficient to impersonate a person.
* Has a PIN entry keypad *on-card*, so that false readers and bogus ATMs cannot steal PINs.
* If any data must go back to the card owner, has a rudimentary display *on-card* (say, a calculator-style LCD display), so that a false reader or bogus ATM cannot say that someone is paying "$10.00 to WalMart" for something and actually having them pay "$14.00 to Joe Hacker".
* Should support a scheme where personal identity is not disclosed, but a persona is (my "persona" at the moment is "0x0d0a"). This is because any national ID card will naturally be used by other systems as well, and without this step, severe privacy abuses will occur. This requires use of a trusted, centralized server or of a card that can natively store multiple identities.
* Allows one to disable the trusted nature of the the card quickly and easily if it is lost, and in a manner that cannot be easily done by others (which would allow a denial-of-service attack against the card owner).
* Can handle water, crushing force, and high temperature.
* Can fit in a wallet.
* Should have the ability to log identity verification usage, so that the user can sync his card up with a computer or similar and check to see what he actually signed off on two days ago.
This certainly isn't a complete list of desireable characteristics, but it's a start.
Lots of good points here:
I am a doctor and we say 'never write something in the notes that you would not want them to see'.
Sad that we live in a society with such huge legal awards taken from medical providers that they are forced to wear false masks to get by.
Similarly we only use our 'official' work emails for the most anodyne correspondence. Anything of interest is between our home email accounts, which are much less likely to get subpoened.
Good incentive for company firewalls *not* to block outbound IMAP/IMAPS, since it encourages people to keep potentially incriminating mail off the corporate mail system.
we just don't want our admins to read all our mail too easily.
The mail and sysadmins are marvelously underpaid beasts, as the damage they can do to a company is phenomenal. They can generally see everything that anyone has written or does -- even the CEO is limited in this respect.
This puts IT in a very interesting position. They are in a position of extreme trust. A ranking IT person that "goes rogue" could probably get all of the email of the company, as well as other files. This means that it may be worthwhile to pay the IT people that you grant full control over your systems well to minimize the risk of them turning on you. The same thing happens for CEOs -- lots of pay, since the damage they can do is phenomenal.
The burden of proof is on the accuser. The defendant needs no records.
It might shorten the case, but they should never need them.
nice guy - reporting the company... did it profit you any?
Actually, I'd say he is. If you define "nice" as "willing to take personal cost to benefit others (in this case society)", I'd say that he pretty much falls exactly into that category.
If "nobody likes a snitch" then perhaps everybody should stop breaking the law at their company. Frankly, I think it's too bad that we can't reward whistleblowers even more.
What the hell has this country become, and when is it going to change back?
The problem is that the US has punitive damages, and generally no caps on said damages. It also has class action lawsuits with no caps on attorney fees (there should be *flat caps*). The initial point of this was to rein in out-of-control companies, but it has horrendously backfired. Now, a huge amount of our business overhead results from attempts to compensate for ridiculous legal concerns. My disposable coffee cup each day has a molded plastic top with a huge blurb of text right in front of my eyes when I'm drinking that reads "WARNING! SIP WITH CAUTION! CONTENTS MAY BE HOT!"
In general, I do not believe that this has been a net win for society. We spend a huge amount of time in businesses doing stupid things to avoid legal problems. Many useful things that a company *might* do to help someone (like offer advice from their helpdesk with solutions that aren't on the "script" when the "script" has been exhausted and can't help anyone) are now avoided for fear of litigation. We see class-action lawyers (such as for the tobacco lawsuits) sucking down *huge* fees, on the order of hundreds of millions of dollars. The result has been flat bans on litigation (which, in my opinion, should never, ever be done and should be unconstitutional -- the lawsuit is the way our legal system allows a citizen to demand reparations). Now, a citizen cannot file suit against a food company for food "making them fat", and came close to not being able to file a lawsuit against tobacco companies (thanks to John McCain and Clinton for shooting that down). I'm not saying that either of these lawsuits would have merit, but the idea of banning lawsuits is appalling, and the idea of taking control of whether a lawsuit is reasonable or not from the judicial branch is particularly egregious.