Yeah, this is my problem with the reward scheme at the end of the day. It did not reward long term Half Life fans, it just gave them the finger.
Had I been a new purchaser to the series, I would have felt I was getting a better deal.
Plus, as you mention, the "360 tax" is pretty evil, but I guess Microsoft need their cut, and a lot of gamers are happy to pay for the achievment points. I bought on PC through Steam though, even as a happy 360 user. TF2 Beta access was not worth it though!
But that is the point I was making in the GP, the gifts SUCK cos, as a gamer who knows gamers, everyone I know has either: a) been playing HL2 since the moment it was released, so already owns it or... b) is buying Orange Box, so has HL2 already.
So for me... the GIFTS ARE WORTHLESS! Way to reward your long term customers, Valve.
Steam is great... but if it saves so many costs, why in the UK is it still 3 or 4 GBP more expensive than a physical copy of the same game bought online?
Incidentally, the online-bought physical copy conveniently arrives by post at my house the day before it is available on Steam for most titles! I see it is "cute" to have all the Valve games available in Steam, but the premium for having them there is wearing thin.
Incidentally - the Orange Box "gifts" sucked too. Everyone I know with a brain and desire to play Valva games already HAS Half Life 2 or (more likely) is buying Orange Box anyway, so it is of no value to me or many others in the same situation.
Indeed, I think what I should have said is "A default install of Real Alternative in this situation is just as vulnerable as a default install of RealPlayer", as is this most likely what the majority of RA users have.
Is the vulnerability not in the actual codecs and plugins, which are the same ones used by Real Alternative? My impression was that both Real Alternative and Quicktime Alternative both just distribute the official codecs in a package that does not install the surrounding junk.
Surely there is a good chance this still leaves you (and me) vulnerable?
Sorry, you are indeed correct if we assume they are handing out private keys.
When you said "RSA key fobs" I instantly thought of RSA SecurID tokens, which believe do not provide this as a feature, so would leave the mentioned hole open. However private keys clearly are provided by the RSA Smart Key range, which, as you say, would stop the MITM.
Does anyone know if RSA Smart Keys (or equivalent) actually integrate with browsers easily?
How does prevent the existing real time man in the middle attack?
e.g. user visits phisherman's site, phisherman's server visits bank, passes on RSA auth request to user's browser, user's browser passes auth request back to phisherman, who passes it to bank. Phisherman now logged on as user?
For extra points, with local exploits you can also add fake root trust certificates to the browser and listen on 443, which I believe would mean that all the SSL verification will also appear to be correct.
Indeed, http://www.internet2.edu/pubs/200402-POS-AN.pdf seems to confirm that only the top-tier has any redundancy at all, and what it does have is quite limited. Most likely your explanation of it being cost-related is spot on.
Well, you would think so, but had you RTFA, you would have been informed that the teams were also caught out by an unauthorised access point inside of the firewall! Just goes to show, even "trivial" solutions are not always complete.
Almost all load balancing proxies running across multiple IPs add the X-Forwarded-For http header, which many of the large sites take into account when looking for a "real" source IP. (IRL, many are SQUID or SQUID-based, which can add this header)
Clearly, the danger with trusting these is that the attacker can then use their own fake X-Forwarded-For header to pretend to be the original user the cookie was stolen from.
To be honest it is probably a good thing in the long run. A long term criticism of Linux has been the number of different distros leading to numerous ways of performing the same tasks.
More cooperation between the leading distros will hopefully push for more commonality between the distros, especially if this means a way to include proprietary software.
Hopefully some of the resulting technology may even end up as part of LSB or similar one day.
There is a delay involved, as they only ship to non-WGA machine via the Automatic Update mechanism, which I personally have seen delay patches for up to a week after patch Tuesday (on legitimate, activated copies of XP).
Then factor in that many people are likely to have the nasty habit of downloading the trojaned "WGA Validation Fix" files you see around the net and you start to get a plausible cause.
Re:Visual Studio requires admin rights to run (OT)
on
DNS Root Servers Attacked
·
· Score: 2, Informative
It's easier than that... Microsoft provide the helpful APIs ReadProcessMemory and WriteProcessMemory, although doing it that way is significantly less interesting. Another way is to CreateRemoteThread to inject your code into the target process.
Re:Bow to the upstream, for he is your master.
on
IsoHunt Shut Down?
·
· Score: 1
IANAL, but surely the ISPs are currently free to filter as they please? eg upon request of the MPAA/RIAA if they are persuaded to.
My impression was that the whole net neutrality controversy is about creating laws to prevent them doing as you suggest?
I have also seen this, but with onboard LAN, the drivers were meant to generate a unique MAC address for each one from the serial number, but a mistake in the driver caused all of them to be the same. Surprisingly even with three of them it was quite possible to use network shares and browse the web, a kind of swap would happen so one machine was "the one" for a while, then another would get connected.
You will actually find that TOE frequently refers to TCP/IP Offload Engine, which includes the IP packet checksum. If this is quick enough, it would indeed also improve the latency, as less (slower) code has to be run in the OS IP stack (although I certainly agree with you that this would most likely not be noticable in a gaming environment).
TCP is indeed not UDP, however the IP checksum falls under TCP/IP.
It's more an issue of the PC doing the encoding in software on the fly at the same time as decoding the video - it was speaking from personal experience, the PCs are involved are not incredibly powerful.
VNC is a great protocol, which as you rightly say is capable of sending video happily and I certainly use it much more than remote desktop, I just feel that RDP gives a better video experience. UltraVNC under Windows definitely helps (due to the video hook driver).
I'm curious now whether the head end of the digital TV you mention is encoded by hardware or software!
Agreed, I also have a number of machines as test servers with RealTek NICs in and all function excellently in a 100Mbps network, even when CPU load is high on the slower machines.
The Linux compatibility of pretty much all RealTek cards is also a bonus over some of the more bizarre onboard NICs you see now.
But back to the point... Video over RDP is never good for me, it's certainly much better than, say, VNC, but still nowhere what I would consider "acceptable". I sometimes may see enough frames to gather what the content of the video is, but certainly not "watch" it!
Slashdot Mirror
Yeah, this is my problem with the reward scheme at the end of the day. It did not reward long term Half Life fans, it just gave them the finger.
Had I been a new purchaser to the series, I would have felt I was getting a better deal.
Plus, as you mention, the "360 tax" is pretty evil, but I guess Microsoft need their cut, and a lot of gamers are happy to pay for the achievment points. I bought on PC through Steam though, even as a happy 360 user. TF2 Beta access was not worth it though!
But that is the point I was making in the GP, the gifts SUCK cos, as a gamer who knows gamers, everyone I know has either:
a) been playing HL2 since the moment it was released, so already owns it or...
b) is buying Orange Box, so has HL2 already.
So for me... the GIFTS ARE WORTHLESS! Way to reward your long term customers, Valve.
Incidentally, regarding your sig... It is Flamebait, not Flaimbate.
I'm not disagreeing with you, it's just that your sig IS flamebait?
Shame I spent my modpoints already... but then I would not get to tell you why.
Steam is great... but if it saves so many costs, why in the UK is it still 3 or 4 GBP more expensive than a physical copy of the same game bought online?
Incidentally, the online-bought physical copy conveniently arrives by post at my house the day before it is available on Steam for most titles!
I see it is "cute" to have all the Valve games available in Steam, but the premium for having them there is wearing thin.
Incidentally - the Orange Box "gifts" sucked too. Everyone I know with a brain and desire to play Valva games already HAS Half Life 2 or (more likely) is buying Orange Box anyway, so it is of no value to me or many others in the same situation.
Indeed, I think what I should have said is "A default install of Real Alternative in this situation is just as vulnerable as a default install of RealPlayer", as is this most likely what the majority of RA users have.
Thanks for the info!
Is the vulnerability not in the actual codecs and plugins, which are the same ones used by Real Alternative?
My impression was that both Real Alternative and Quicktime Alternative both just distribute the official codecs in a package that does not install the surrounding junk.
Surely there is a good chance this still leaves you (and me) vulnerable?
Any Proof Of Concept to test with?
Sadly this not 100% true.. I *am* a FoxIt user, but recently came across an issue.
FoxIt does not seem to cache the page you are looking at, it appears to re-render the whole thing every time you move it.
So, when you have an engineering drawing with only a few thousand vector lines on a page, it slows down to about a tenth of the speed of Reader 8.1.
Now I have both installed, much to my annoyance - before seeing this, FoxIt was the one!
I think pulse width modulation is more common now for high power applications.
It is widely used in the electric motors driving train-style transit systems, eg the newer London Underground lines.
Yes, as you say, the old carriages still switch windings though - you get 2 big bumps as they accelerate!
Sorry, you are indeed correct if we assume they are handing out private keys.
When you said "RSA key fobs" I instantly thought of RSA SecurID tokens, which believe do not provide this as a feature, so would leave the mentioned hole open. However private keys clearly are provided by the RSA Smart Key range, which, as you say, would stop the MITM.
Does anyone know if RSA Smart Keys (or equivalent) actually integrate with browsers easily?
How does prevent the existing real time man in the middle attack?
e.g. user visits phisherman's site, phisherman's server visits bank, passes on RSA auth request to user's browser, user's browser passes auth request back to phisherman, who passes it to bank. Phisherman now logged on as user?
For extra points, with local exploits you can also add fake root trust certificates to the browser and listen on 443, which I believe would mean that all the SSL verification will also appear to be correct.
Indeed, http://www.internet2.edu/pubs/200402-POS-AN.pdf seems to confirm that only the top-tier has any redundancy at all, and what it does have is quite limited. Most likely your explanation of it being cost-related is spot on.
Maybe the network topology info at http://noc.net.internet2.edu/i2network/maps.html will provide more info.
May I politely suggest that you Fox it? Although this alternative does not stack up perfectly against Reader, it does everything I need from it.
Well, you would think so, but had you RTFA, you would have been informed that the teams were also caught out by an unauthorised access point inside of the firewall! Just goes to show, even "trivial" solutions are not always complete.
Almost all load balancing proxies running across multiple IPs add the X-Forwarded-For http header, which many of the large sites take into account when looking for a "real" source IP. (IRL, many are SQUID or SQUID-based, which can add this header)
Clearly, the danger with trusting these is that the attacker can then use their own fake X-Forwarded-For header to pretend to be the original user the cookie was stolen from.
Does anyone have a good solution to this problem?
To be honest it is probably a good thing in the long run. A long term criticism of Linux has been the number of different distros leading to numerous ways of performing the same tasks.
More cooperation between the leading distros will hopefully push for more commonality between the distros, especially if this means a way to include proprietary software.
Hopefully some of the resulting technology may even end up as part of LSB or similar one day.
There is a delay involved, as they only ship to non-WGA machine via the Automatic Update mechanism, which I personally have seen delay patches for up to a week after patch Tuesday (on legitimate, activated copies of XP).
Then factor in that many people are likely to have the nasty habit of downloading the trojaned "WGA Validation Fix" files you see around the net and you start to get a plausible cause.
It's easier than that... Microsoft provide the helpful APIs ReadProcessMemory and WriteProcessMemory, although doing it that way is significantly less interesting. Another way is to CreateRemoteThread to inject your code into the target process.
IANAL, but surely the ISPs are currently free to filter as they please? eg upon request of the MPAA/RIAA if they are persuaded to.
My impression was that the whole net neutrality controversy is about creating laws to prevent them doing as you suggest?
I have also seen this, but with onboard LAN, the drivers were meant to generate a unique MAC address for each one from the serial number, but a mistake in the driver caused all of them to be the same. Surprisingly even with three of them it was quite possible to use network shares and browse the web, a kind of swap would happen so one machine was "the one" for a while, then another would get connected.
Surely your mention of an engineer means you believe that they are engineered!?
From everything I've seen so far, the "designing" does not stretch far below the PHB line!
*cough*
You will actually find that TOE frequently refers to TCP/IP Offload Engine, which includes the IP packet checksum. If this is quick enough, it would indeed also improve the latency, as less (slower) code has to be run in the OS IP stack (although I certainly agree with you that this would most likely not be noticable in a gaming environment).
TCP is indeed not UDP, however the IP checksum falls under TCP/IP.
It's more an issue of the PC doing the encoding in software on the fly at the same time as decoding the video - it was speaking from personal experience, the PCs are involved are not incredibly powerful.
VNC is a great protocol, which as you rightly say is capable of sending video happily and I certainly use it much more than remote desktop, I just feel that RDP gives a better video experience. UltraVNC under Windows definitely helps (due to the video hook driver).
I'm curious now whether the head end of the digital TV you mention is encoded by hardware or software!
Agreed, I also have a number of machines as test servers with RealTek NICs in and all function excellently in a 100Mbps network, even when CPU load is high on the slower machines.
The Linux compatibility of pretty much all RealTek cards is also a bonus over some of the more bizarre onboard NICs you see now.
But back to the point... Video over RDP is never good for me, it's certainly much better than, say, VNC, but still nowhere what I would consider "acceptable". I sometimes may see enough frames to gather what the content of the video is, but certainly not "watch" it!
Two words: Damage limitation.
They started to look too bad for their liking.