The original concept behind the design of the internet (DARPAnet) was to spread out the whole mess as to make it impervious (or at least resilient) to a tactical nuclear strike.
Fast forward almost three decades and now we should keep desigining it to avoid tactical commercial strikes.
If everything, like commercial web security, was placed in the hands on one trusted authority, some problems would be solved. (I for one welcome single sign-on to all my messageboards and other non-sensitive websites regardless of their affiliation) But build that authority on single corporate entity and the whole mess comes tumbling down once that solitary company folds, runs out of funds or cuts the project. Not to mention that they then have the power to determine limits of use to suit their own agenda.
MS Passport is one such technology that attempted to carve a market niche contrary to the spirit of the medium it was intended to support. The internet is not monolithic and it's use and enrichment should follow.
But then again, very few plumbers have to deal with users who consistently download BonziBuddy, blindly click on suspicious email attachments and use their cd trays as cupholders.
This is true. However, i'd take any clogged email box over a clogged toilet anyday. Throw in the occasional "upper decker", hairball clogged shower drain, backed up septic tank or the rare detonated water heater and suddenly being a mouse jockey seems like a luxury cruise.
Computer user stupidity pales in comparsion to plumbing user stupidity IMO.
While I may think AOL is too big for Microsoft to acquire and manage properly...
I agree wholeheartedly. Which is why I think that any possible acquisition by Microsoft would only result in moving over AOL's userbase to MSN, and then by the subsequent liquidation of AOL and all it's other assets.
After all, why compete in an open market when you can just buy your best competitor outright and assimilate them 'borg style'? If memory serves, there have been countless times in the past where MS has already done this with other (albeit smaller and lesser-known) products.
I'm all for accessability on the web. This is good stuff IMHO, but I'm wondering where the W3C will draw the line. Seems like everything is becomming a n XML grammar these days.
I shudder to think what "XML-Reccomendation XML" will wind up like. *ick*
BitTorrent's weak spot has always been thedistribution of the torrent files in the first place. If there isn't a torrent file on the conent provider's page, where do you look?
RSS+BitTorrent, is a step closer to a better web. It almost answers the problem of pointing your client at an actively downloaded torrent by steering users twoard a slimmer and more flexible protocol.
IMO, maybe some kind of 'standard' torrent directory/lookup that is guarnteed to be traded by all torrent clients is the right ticket; kind of like a DNS for media. The RSS+Torrent scheme is good, but all it does is displace the complexity of the matter onto a new protocol and rely on everyone hitting the same feed to begin (the problem Torrent is trying to eliminate).
It does however, make it easy to make distributing torrents a lot more dynamic. Neat stuff.
Take a look at X-Box games that have been ported to the PC. Aside from running on the same processor architecture, DirectX provides a nice buffer for X-Box games to be retargeted for the PC.
Window managers, glibc, OpenGL, etc close the gap somewhat, but there's way too much hardware out there in PC land that isn't supported to its potential under most environments. Also, what about sound (some consoles do 5.1 surround, and others don't) and input devices (light guns, DDR pads, keyboards, mice may or may not be present)?
IMO, An gaming/multimedia-oriented OSS middleware/API similar to DirectX would go a *very* long way to help build better games in a platform-neutral manner; This is exactly what a project like this needs.
Actually, it does make some sense that a Communist power might achieve this before, say, the US.
In the US there are only two ways that truely great things happen: A Federal Mandate of some kind or widespread commercial capitalism and competition.
As has been demonstrated numerous times before, the US government has positioned itself such that it is the only entity that gets to go into space from US soil. This pretty much eliminates the possibility of private enterprise carrying the torch. So if the president's plan fails to muster enough money to get this job done: nothing happens.
IMO, China's communist government, has a little more flexibility when it comes to targeting arbitrary goals like damming the Yang-tse or setting up a permanent moon base. As long as the *government* has a clear idea of what it wants to accomplish, it can say 'to hell' with anyone under them who disagrees.
I may be wrong about this, so anyone else have any facts to back this up or refute this? (thnx)
for the motion picture release of I-Robot. which should be right around the corner.
To think that people will have something like a robot in their homes by the time this story hits the big screen in a convincing way. Simply amazing.
I was one of the lucky few to catch Ghost in the Shell in the theatre (Washington, DC) during its very short-lived film debut in the US. This had to be the best way to see this film, on a hugmongous screen, right when the movie first hits american soil. IMO, Anyone looking to get the DVD should settle for nothing less than wide formatting with Japanese Dialouge, as the TV formatting does it no justice.
So, does anyone out there know if Innocence might see a theatre-film debut?
I agree that this will trigger yet another barrage of antitrust lawsuits for Microsoft.
Bundling the OS with antivirus software seems like a good idea, but it also has certain long-term implications that aren't so great. What happens when support for legacy OS's with built-in virus protection? Will older systems continue to be honeypots, festering with every new incarnation of worm and trojan simply because the sale of that OS isn't profitable anymore?
I also don't see why MS keeps trying to value-add their products by piling on support for add-ons (MSN, Media Player Updates, IE Updates)rather than more robust features and better security. It is nice to have a fully-usable OS right out of the box, but it sucks to be force-fed an entire OS upgrade simply because MS finds it no longer feasable to support an older OS plus all of its bugs/exploits and cruft.
IMO, MS needs to dump the extras, plug the third party guys that make Windows marketable in the first place and beef up the operating system itself in terms of security, speed and usefulness.
Also an API for standard OS-program hooks (anti-virus software, browsers, email, etc) would go a long way to make things better for everyone, not to mention avoid hemmoraging cash in the form of legal fees.
Grandparent does have a solid point though. The obvious intent of the 386 Protected Mode Specification (or any DPMI Spec for that matter that covers the behavior of segment descriptors) outlines the spirit of this concept he/she mentioned.
For the uninitiated, the CPU watches the kinds of activites performed on different types of segments and coughs up an interrupt if the program breaks the rules. This is the source of the infamous "Illegal Operation" errors you get in Windows 3.11, among other things. The second you try to execute data, or write to code without going through specific channels, things grind to an immediate halt. You can use pointer arithmetic to talk to other chunks of memory outside the allocation range of the segment, but the location of other code segments is also specified to be somewhat unpredictable, due to page caching (Unless those pages are locked).
So the sprit of processor-based protection did exist 14+years ago. That's somewhat besides the fact since the exploit mentioned in this article, has much more to do with working within stack, not data segments.
As long as you don't overflow the stack, you can still overrun a stack-allocated buffer and muck with the return address as well as older stack frames (remember, the stack winds down, not up, into memory). Adding additional, executable code to this 'payload' is really just an added bonus.
If I had to guess, I'd say that AMD is going to track if CS:IP is aimed at any allocated region assigned to a data or stack style descriptor and fire and interrupt. The same may go for any combination of ES, DS, GS or SS based pointer set to any code segment.
IMO, It makes sense that a processor manufacturer is stepping up to solve this problem since such protection would have to be a processor behavior in order to be secure. However, I wonder about the implications this will have on operating-system software since *something* will have to handle the destruction of compromised threads/processes.
Yes, although I cannot speak to having used it directly myself. I have, however done some research into the topic.
Some of the better (commerical) techniques I've seen involved encrypting/encoding class files and restricting their use to a custom ClassLoader of some kind. This would result in a binary file that is complete gibberish to a standard Java runtime environment using the standard ClassLoader.
Granted this isn't truely secure as the decryption key/algorithm has to exist within normal Java code someplace. It really just boils down to more obfuscation, not completely unlike what the author mentions in the article.
Now all we need is some slashcode to log off anyone who types in something resembling a troll or a flame. For example, say if someone types 'goatse.cx' or someth!~@($@!(#$*1029348..--NO CARRIER
Don't forget, Denmark is also where they hold Assembly Organizing every year; which happens to be run by the few remaining members of the legednary demo-coding group Future Crew.
I cannot stress enough that the 'future of web design' is pretty much now. (lack of W3C standards-compatibility in IE not withstanding)
If you keep your xhtml to just raw DIV tags and data, you force yourself to use the CSS code for layout. Once this is done, you achieve an unprecedented degree of flexiblity in design, as you can modify the page in broad strokes simply by altering the CSS.
For those interested: A perfect example of this is the CSS Zen Garden. Click on any of the styles listed on the page and you'll see what I'm talking about.
Slashdot Mirror
The original concept behind the design of the internet (DARPAnet) was to spread out the whole mess as to make it impervious (or at least resilient) to a tactical nuclear strike.
Fast forward almost three decades and now we should keep desigining it to avoid tactical commercial strikes.
If everything, like commercial web security, was placed in the hands on one trusted authority, some problems would be solved. (I for one welcome single sign-on to all my messageboards and other non-sensitive websites regardless of their affiliation) But build that authority on single corporate entity and the whole mess comes tumbling down once that solitary company folds, runs out of funds or cuts the project. Not to mention that they then have the power to determine limits of use to suit their own agenda.
MS Passport is one such technology that attempted to carve a market niche contrary to the spirit of the medium it was intended to support. The internet is not monolithic and it's use and enrichment should follow.
</soapbox>
But what about ANSI and ASCII graphical representations?
Seems to me that over 2 million hits seems to indicate that text is in fact very graphical in nature.
ASCII Art: Results 1 - 10 of about 1,850,000
ANSI Art: Results 1 - 10 of about 319,000
This is true. However, i'd take any clogged email box over a clogged toilet anyday. Throw in the occasional "upper decker", hairball clogged shower drain, backed up septic tank or the rare detonated water heater and suddenly being a mouse jockey seems like a luxury cruise.
Computer user stupidity pales in comparsion to plumbing user stupidity IMO.
While I may think AOL is too big for Microsoft to acquire and manage properly...
I agree wholeheartedly. Which is why I think that any possible acquisition by Microsoft would only result in moving over AOL's userbase to MSN, and then by the subsequent liquidation of AOL and all it's other assets.
After all, why compete in an open market when you can just buy your best competitor outright and assimilate them 'borg style'? If memory serves, there have been countless times in the past where MS has already done this with other (albeit smaller and lesser-known) products.
Citizen. Do not question friend computer.
::bzzzzt::
The flight you attempted to board requires Ultra-violet clearance. You only have yellow level clearance at this time.
You will be terminated for attempted treason and/or terrorism. Your clone will be commendated for your willingess to cooperate.
Thanks for the link!
I'm all for accessability on the web. This is good stuff IMHO, but I'm wondering where the W3C will draw the line. Seems like everything is becomming a n XML grammar these days.
I shudder to think what "XML-Reccomendation XML" will wind up like. *ick*
BitTorrent's weak spot has always been thedistribution of the torrent files in the first place. If there isn't a torrent file on the conent provider's page, where do you look?
RSS+BitTorrent, is a step closer to a better web. It almost answers the problem of pointing your client at an actively downloaded torrent by steering users twoard a slimmer and more flexible protocol.
IMO, maybe some kind of 'standard' torrent directory/lookup that is guarnteed to be traded by all torrent clients is the right ticket; kind of like a DNS for media. The RSS+Torrent scheme is good, but all it does is displace the complexity of the matter onto a new protocol and rely on everyone hitting the same feed to begin (the problem Torrent is trying to eliminate).
It does however, make it easy to make distributing torrents a lot more dynamic. Neat stuff.
Take a look at X-Box games that have been ported to the PC. Aside from running on the same processor architecture, DirectX provides a nice buffer for X-Box games to be retargeted for the PC.
Window managers, glibc, OpenGL, etc close the gap somewhat, but there's way too much hardware out there in PC land that isn't supported to its potential under most environments. Also, what about sound (some consoles do 5.1 surround, and others don't) and input devices (light guns, DDR pads, keyboards, mice may or may not be present)?
IMO, An gaming/multimedia-oriented OSS middleware/API similar to DirectX would go a *very* long way to help build better games in a platform-neutral manner; This is exactly what a project like this needs.
Don't forget massive incompatibility and upgrade hassles. :)
So, Microsoft won the contracting bid on this one, eh?
Looks like he'll have to extrude-a-server while he's at it.
Actually, it does make some sense that a Communist power might achieve this before, say, the US. In the US there are only two ways that truely great things happen: A Federal Mandate of some kind or widespread commercial capitalism and competition. As has been demonstrated numerous times before, the US government has positioned itself such that it is the only entity that gets to go into space from US soil. This pretty much eliminates the possibility of private enterprise carrying the torch. So if the president's plan fails to muster enough money to get this job done: nothing happens. IMO, China's communist government, has a little more flexibility when it comes to targeting arbitrary goals like damming the Yang-tse or setting up a permanent moon base. As long as the *government* has a clear idea of what it wants to accomplish, it can say 'to hell' with anyone under them who disagrees. I may be wrong about this, so anyone else have any facts to back this up or refute this? (thnx)
You forgot:
"Failure to comply with this notice will result in you being litigated into obvlivion by our legal team.
All your base,
The SCO Group."
for the motion picture release of I-Robot. which should be right around the corner. To think that people will have something like a robot in their homes by the time this story hits the big screen in a convincing way. Simply amazing.
I was one of the lucky few to catch Ghost in the Shell in the theatre (Washington, DC) during its very short-lived film debut in the US. This had to be the best way to see this film, on a hugmongous screen, right when the movie first hits american soil. IMO, Anyone looking to get the DVD should settle for nothing less than wide formatting with Japanese Dialouge, as the TV formatting does it no justice.
So, does anyone out there know if Innocence might see a theatre-film debut?
You want a toaster that burns CDRs? If you own a G4 laptop, just turn it on, flip it over and place some bread on top. Works great.
Simply insane.
I like it! Keep up the good work, I can't wait to see this completed.
I agree that this will trigger yet another barrage of antitrust lawsuits for Microsoft.
Bundling the OS with antivirus software seems like a good idea, but it also has certain long-term implications that aren't so great. What happens when support for legacy OS's with built-in virus protection? Will older systems continue to be honeypots, festering with every new incarnation of worm and trojan simply because the sale of that OS isn't profitable anymore?
I also don't see why MS keeps trying to value-add their products by piling on support for add-ons (MSN, Media Player Updates, IE Updates)rather than more robust features and better security. It is nice to have a fully-usable OS right out of the box, but it sucks to be force-fed an entire OS upgrade simply because MS finds it no longer feasable to support an older OS plus all of its bugs/exploits and cruft.
IMO, MS needs to dump the extras, plug the third party guys that make Windows marketable in the first place and beef up the operating system itself in terms of security, speed and usefulness.
Also an API for standard OS-program hooks (anti-virus software, browsers, email, etc) would go a long way to make things better for everyone, not to mention avoid hemmoraging cash in the form of legal fees.
Grandparent does have a solid point though. The obvious intent of the 386 Protected Mode Specification (or any DPMI Spec for that matter that covers the behavior of segment descriptors) outlines the spirit of this concept he/she mentioned.
See DPMI Specification, here and here.
For the uninitiated, the CPU watches the kinds of activites performed on different types of segments and coughs up an interrupt if the program breaks the rules. This is the source of the infamous "Illegal Operation" errors you get in Windows 3.11, among other things. The second you try to execute data, or write to code without going through specific channels, things grind to an immediate halt. You can use pointer arithmetic to talk to other chunks of memory outside the allocation range of the segment, but the location of other code segments is also specified to be somewhat unpredictable, due to page caching (Unless those pages are locked).
So the sprit of processor-based protection did exist 14+years ago. That's somewhat besides the fact since the exploit mentioned in this article, has much more to do with working within stack, not data segments.
As long as you don't overflow the stack, you can still overrun a stack-allocated buffer and muck with the return address as well as older stack frames (remember, the stack winds down, not up, into memory). Adding additional, executable code to this 'payload' is really just an added bonus.
If I had to guess, I'd say that AMD is going to track if CS:IP is aimed at any allocated region assigned to a data or stack style descriptor and fire and interrupt. The same may go for any combination of ES, DS, GS or SS based pointer set to any code segment.
IMO, It makes sense that a processor manufacturer is stepping up to solve this problem since such protection would have to be a processor behavior in order to be secure. However, I wonder about the implications this will have on operating-system software since *something* will have to handle the destruction of compromised threads/processes.
Yes, although I cannot speak to having used it directly myself. I have, however done some research into the topic. Some of the better (commerical) techniques I've seen involved encrypting/encoding class files and restricting their use to a custom ClassLoader of some kind. This would result in a binary file that is complete gibberish to a standard Java runtime environment using the standard ClassLoader. Granted this isn't truely secure as the decryption key/algorithm has to exist within normal Java code someplace. It really just boils down to more obfuscation, not completely unlike what the author mentions in the article.
I cannot speak for the book mentioned in the article, but I can reccomend some other good programming books to use (for any language).
IMO, no self-respecting OOP programmer should be without a copy of Design Patterns and The Pragmatic Programmer.
Now all we need is some slashcode to log off anyone who types in something resembling a troll or a flame. For example, say if someone types 'goatse.cx' or someth!~@($@!(#$*1029348..--NO CARRIER
Don't forget, Denmark is also where they hold Assembly Organizing every year; which happens to be run by the few remaining members of the legednary demo-coding group Future Crew.
It must be something in the water over there.
Mod parent up!
I cannot stress enough that the 'future of web design' is pretty much now. (lack of W3C standards-compatibility in IE not withstanding)
If you keep your xhtml to just raw DIV tags and data, you force yourself to use the CSS code for layout. Once this is done, you achieve an unprecedented degree of flexiblity in design, as you can modify the page in broad strokes simply by altering the CSS.
For those interested: A perfect example of this is the CSS Zen Garden. Click on any of the styles listed on the page and you'll see what I'm talking about.