We need a harsher laws for destruction of evidence.
If x is suspect of crime A, and was mandated by law to maintain data that would be an evidence, failure to produce this data should lead to immediate assumption of guilt on the side of whoever should have the evidence, and maximum penalty....imagine I have "lost" invoices I had used in my tax deductions.
Another argument against piracy goes bye-bye. "I like to have the box with the disk and the printed manual." I wonder what percent of legal purchasers had this for an argument.
Board manufacturers get to push a new board model for people who want to upgrade the CPU.
I upgraded a CPU once. The CPU required a new motherboard. The new motherboard required new RAM and new gfx card. And the new components combined required a new PSU.
maybe after a month the ad will get changed to something really annoying. My former employer had an interesting policy on "wrong ads". You purchase a time slot for displaying your ad in a box on the page. The ad must conform to strict guidelines. If you violate the guidelines, the ad gets removed immediately and without notice. You still have the time slot and can post another ad, or the same, fixed - but the clock is ticking, and the ads there being helluva expensive, you'd better pay a close attention to the guidelines.
Yep, I've spotted one non-conforming one once. It was a fill-page ad. The close button was "jumping away" from the mouse and you needed 2-3 tries to nab it. It was gone in 5 minutes. It returned, fixed, the next day. The amount of money my one mail to the ad dept cost the advertiser (purchased time slot without displaying the ad) - probably more than I earned in my lifetime.
Heh, the fact your mind revolts about such outrageous idea is really no reason the reality will conform with the way you believe it should be. Do some research on the subject. Seriously. A very recent scandal in Poland revealed patients being experimented on (with drug-placebo comparison) -without- their consent or knowledge. Some dying from the disease after receiving no medication (only placebo) in cases where alternative, efficient medication exists and should have been administered were it not for high bribes from pharmaceutical companies that got doctors to essentially kill their patients.
Dual core is optimal in most cases though. One core for the OS and background tasks, one core for your foreground app. Everything is snappy and smooth.
You seem to have never worked in 10k+ clicks per second environment.
A farm of several hundreds of servers works at between 80 and 100% load at all times. The developer costs are minor/negligible comparing to hardware, electricity and bandwidth costs. A man-month to optimize size of a single page by 1% is well worth the investment.
Increase of server load by 30% to remove another 0.1% of attacks is completely unacceptable. We don't care if 1% of users won't see the page. When the farm peaks in the rush hours about 5-10% won't anyway. So we're more concerned about these 5-10% than about that 1%. The core systems are properly secured - the main database and all script pages are 100% read-only from the frontend side. Devs and editors access it through dedicated link, which is properly secured. The only vulnerable parts are user-editable extras - fora, blogs, comments, polls, galleries. They are the first to cut off when the system peaks, they are sandboxed safely away so breaking them won't break the main articles, and honestly, if some of them get hacked from time to time - like someone takes over someone else's account, someone injects rude posts into someone's blog through some XSS, some poll gets skewed - nobody cares.
The beauty of the "deceitful" methods is that they cost nothing. A 401 error page would have to be displayed anyway, what costs us to replace it with a fake 200? A lookup into memcache brings necessary user ID along with blacklist status and then actually -saves- us a costly commit to disk. A proxy is there to protect the front servers from the traffic, the side effect of confusing the attacker is a desirable but not essential consequence. These counter-measures are okay because they cost only developer effort (cheap) and no server load (expensive).
Also, with Google eating up the lion share of the market, profit margins got much more narrow. It's not just a matter of buying another 500 servers. It's a matter of staying 3% above the break-even line, instead of 3% below. And if it comes to cutting costs, developers will be the first to cut.
Any 8-grader can figure out switching IPs, but they won't if they see the site reply with "Authorization successful" to attempt to log in with a blacklisted IP. All queries will go to the site, will enter the memcache and won't ever get written to disk cache, and as they are gone a hour later, the 8th-grader will guess "moderators noticed and removed everything".
If the site replied with "Access denied", he'd switch IP, clear cookies, and we'd have to deal with him again.
Yep, the distinction is valid, even concerning data. Credit card data of customers is often being stolen from small stores. Yes, stolen, as in the thief breaks in, removes the hard drive from the Point of Sale unit and runs away with it. THAT is stealing data.
I worked at a big portal, and I can say it was not possible to protect our apps from -everything-. Some things are not possible - like keeping IPs of all the users ever vs every page in the portal visited ever. Too much data, simply.
We depended on obscurity - keeping the code secret - in several cases:
- make the attacker believe the attack succeeded while it didn't, to make them continue this vector instead of trying something harder which could actually succeed
- short-lived, statistical blacklists. If you knew you got blacklisted, you'd mitigate it, say, by switching IP.
- caches that make your results unverifiable. Even if you affected the page on current page, you'll get result from one of 100 random nodes in the cluster, which was unaffected and thus you won't see results of your attack and decide it's not working.
- volatile personal caches. If you really want, you can change the way the site behaves - for you. Nothing and nobody else will be affected.
- bulletproof pages - several levels of fallback in case of error. If you manage to DoS one service, the page falls back to its alternative, quietly and transparently. It looks like your attack didn't work. It did, but we won't let you know it.
This is an efficient deceit that kills 99% of attacks dead in their tracks. Reading the sources by 3rd party would reveal it, and we'd be pretty much fucked - implementing -proper- security would cost a fortune, increase the cluster load by good 30%, and hold back current projects by months. But currently the site is built on a million of small white lies, so that if you try to break something, you never know if you succeeded or not.
I'm not so adamant about it. I consider jailbreak something like more convoluted click on [x]Advanced checkbox.
You buy a device that is powerful but foolproof. A typical fool's characteristics is they will deem themselves smart enough, unlock advanced features and mess things up. So the process of unlocking the advanced features must be difficult enough so that only smart people can do it. Whether it's creating a Goldcard with a replacement bootloader, or solving a tech quiz is moot: the bar is over idiot's head, the device is safe from them - and if you know how to unlock it, you've deserved to have it unlocked.
Please note EULAs can specify all kind of bullshit like you disclaim rights to all your property and internal organs, and sign up to be Steve Jobs' sex slave. It doesn't mean they are valid claims, and that anyone is ever able to enforce them. There are consumer right laws that limit the scope of EULA and they are simply invalid wherever they trespass on these consumer rights.
It's the same like you can sue anyone for anything ever, except if what they did is not unlawful, your case will be thrown out of court without a trial.
I bought a second-hand device with OS and software preinstalled. I never agreed to any EULAs. The deal, best to my knowledge, was fair - I have no reason to believe he violated any laws. Maybe, just maybe, the previous owner violated them upon selling the device to me. I don't know - I didn't see any EULA, so I had no opportunity to check. That's yet another exit.
Tell me please, then, why did he have to use OpenGL in the first place? All he wanted was to display a bitmap on the screen. You'd think such basic functionality could be supported by the API on both platforms in a compatible manner...?
Okay, but what's so bad to have a good phone app ported to desktop, say, as a desktop widget, with support added for full keyboard and using the extra CPU power? A weather gadget, a RSS ticker, a clock, a post-it notes app, this kind of thing. It should be trivial, shouldn't it?
Slashdot Mirror
And the cave people will be called Morlocks and the wave-people will be called Eloi...
Gamers are yet a separate domain.
Find a gfx card that can do 6000x4000 @ sustained 60FPS with a decent polygon count and most modern shaders.
Lighting a quarter billion pixels is one thing. Calculating them and pushing them to the screen at least sixty times a second is another...
We need a harsher laws for destruction of evidence.
If x is suspect of crime A, and was mandated by law to maintain data that would be an evidence, failure to produce this data should lead to immediate assumption of guilt on the side of whoever should have the evidence, and maximum penalty. ...imagine I have "lost" invoices I had used in my tax deductions.
Another argument against piracy goes bye-bye.
"I like to have the box with the disk and the printed manual."
I wonder what percent of legal purchasers had this for an argument.
they should have said "fuck the deadline, we want a stable and modern system."
Board manufacturers get to push a new board model for people who want to upgrade the CPU.
I upgraded a CPU once. The CPU required a new motherboard. The new motherboard required new RAM and new gfx card. And the new components combined required a new PSU.
Pure business.
And imagine how many etch-a-sketch could you get for that price!
maybe after a month the ad will get changed to something really annoying.
My former employer had an interesting policy on "wrong ads". You purchase a time slot for displaying your ad in a box on the page. The ad must conform to strict guidelines. If you violate the guidelines, the ad gets removed immediately and without notice. You still have the time slot and can post another ad, or the same, fixed - but the clock is ticking, and the ads there being helluva expensive, you'd better pay a close attention to the guidelines.
Yep, I've spotted one non-conforming one once. It was a fill-page ad. The close button was "jumping away" from the mouse and you needed 2-3 tries to nab it. It was gone in 5 minutes. It returned, fixed, the next day. The amount of money my one mail to the ad dept cost the advertiser (purchased time slot without displaying the ad) - probably more than I earned in my lifetime.
Heh, the fact your mind revolts about such outrageous idea is really no reason the reality will conform with the way you believe it should be. Do some research on the subject. Seriously. A very recent scandal in Poland revealed patients being experimented on (with drug-placebo comparison) -without- their consent or knowledge. Some dying from the disease after receiving no medication (only placebo) in cases where alternative, efficient medication exists and should have been administered were it not for high bribes from pharmaceutical companies that got doctors to essentially kill their patients.
Dual core is optimal in most cases though.
One core for the OS and background tasks, one core for your foreground app. Everything is snappy and smooth.
...also, customers who got only 4 cores for the same price as the guy next to them who got 6 would get pissed.
Actually, 1 in 6. The drugs works on 1 in 3, another 3 get placebo for reliable research results.
You seem to have never worked in 10k+ clicks per second environment.
A farm of several hundreds of servers works at between 80 and 100% load at all times. The developer costs are minor/negligible comparing to hardware, electricity and bandwidth costs. A man-month to optimize size of a single page by 1% is well worth the investment.
Increase of server load by 30% to remove another 0.1% of attacks is completely unacceptable. We don't care if 1% of users won't see the page. When the farm peaks in the rush hours about 5-10% won't anyway. So we're more concerned about these 5-10% than about that 1%. The core systems are properly secured - the main database and all script pages are 100% read-only from the frontend side. Devs and editors access it through dedicated link, which is properly secured. The only vulnerable parts are user-editable extras - fora, blogs, comments, polls, galleries. They are the first to cut off when the system peaks, they are sandboxed safely away so breaking them won't break the main articles, and honestly, if some of them get hacked from time to time - like someone takes over someone else's account, someone injects rude posts into someone's blog through some XSS, some poll gets skewed - nobody cares.
The beauty of the "deceitful" methods is that they cost nothing. A 401 error page would have to be displayed anyway, what costs us to replace it with a fake 200? A lookup into memcache brings necessary user ID along with blacklist status and then actually -saves- us a costly commit to disk. A proxy is there to protect the front servers from the traffic, the side effect of confusing the attacker is a desirable but not essential consequence. These counter-measures are okay because they cost only developer effort (cheap) and no server load (expensive).
Also, with Google eating up the lion share of the market, profit margins got much more narrow. It's not just a matter of buying another 500 servers. It's a matter of staying 3% above the break-even line, instead of 3% below. And if it comes to cutting costs, developers will be the first to cut.
Any 8-grader can figure out switching IPs, but they won't if they see the site reply with "Authorization successful" to attempt to log in with a blacklisted IP. All queries will go to the site, will enter the memcache and won't ever get written to disk cache, and as they are gone a hour later, the 8th-grader will guess "moderators noticed and removed everything".
If the site replied with "Access denied", he'd switch IP, clear cookies, and we'd have to deal with him again.
Yep, the distinction is valid, even concerning data. Credit card data of customers is often being stolen from small stores. Yes, stolen, as in the thief breaks in, removes the hard drive from the Point of Sale unit and runs away with it. THAT is stealing data.
I worked at a big portal, and I can say it was not possible to protect our apps from -everything-.
Some things are not possible - like keeping IPs of all the users ever vs every page in the portal visited ever. Too much data, simply.
We depended on obscurity - keeping the code secret - in several cases:
- make the attacker believe the attack succeeded while it didn't, to make them continue this vector instead of trying something harder which could actually succeed
- short-lived, statistical blacklists. If you knew you got blacklisted, you'd mitigate it, say, by switching IP.
- caches that make your results unverifiable. Even if you affected the page on current page, you'll get result from one of 100 random nodes in the cluster, which was unaffected and thus you won't see results of your attack and decide it's not working.
- volatile personal caches. If you really want, you can change the way the site behaves - for you. Nothing and nobody else will be affected.
- bulletproof pages - several levels of fallback in case of error. If you manage to DoS one service, the page falls back to its alternative, quietly and transparently. It looks like your attack didn't work. It did, but we won't let you know it.
This is an efficient deceit that kills 99% of attacks dead in their tracks. Reading the sources by 3rd party would reveal it, and we'd be pretty much fucked - implementing -proper- security would cost a fortune, increase the cluster load by good 30%, and hold back current projects by months. But currently the site is built on a million of small white lies, so that if you try to break something, you never know if you succeeded or not.
like, they make the person hidden to disappear. For real, permanently.
OSM is a map. Not a database of locations. No addresses, no details, no search by business name.
Wikimapia is much closer to the ideal but still not there.
I'm not so adamant about it. I consider jailbreak something like more convoluted click on [x]Advanced checkbox.
You buy a device that is powerful but foolproof. A typical fool's characteristics is they will deem themselves smart enough, unlock advanced features and mess things up. So the process of unlocking the advanced features must be difficult enough so that only smart people can do it. Whether it's creating a Goldcard with a replacement bootloader, or solving a tech quiz is moot: the bar is over idiot's head, the device is safe from them - and if you know how to unlock it, you've deserved to have it unlocked.
Please note EULAs can specify all kind of bullshit like you disclaim rights to all your property and internal organs, and sign up to be Steve Jobs' sex slave. It doesn't mean they are valid claims, and that anyone is ever able to enforce them. There are consumer right laws that limit the scope of EULA and they are simply invalid wherever they trespass on these consumer rights.
It's the same like you can sue anyone for anything ever, except if what they did is not unlawful, your case will be thrown out of court without a trial.
I bought a second-hand device with OS and software preinstalled. I never agreed to any EULAs. The deal, best to my knowledge, was fair - I have no reason to believe he violated any laws. Maybe, just maybe, the previous owner violated them upon selling the device to me. I don't know - I didn't see any EULA, so I had no opportunity to check. That's yet another exit.
How would that be different?
Tell me please, then, why did he have to use OpenGL in the first place? All he wanted was to display a bitmap on the screen. You'd think such basic functionality could be supported by the API on both platforms in a compatible manner...?
sed /NS/UI/ /(\w+?).isOK()/!$1.isNotOK()/ /getRed()/getColor("Red")/ /onClick/onTap/ /toRGBA(r,g,b,a)/toRGB(r,g,b).setAlpha(a)/ ...and the like.
sed
sed
sed
sed
(nope, not serious)
Not necessarily directly, but it should not ban the users or developers from installing these if they wish so.
OTOH, it could just claim it's Linux Gnome and GTK compatible.
Okay, but what's so bad to have a good phone app ported to desktop, say, as a desktop widget, with support added for full keyboard and using the extra CPU power? A weather gadget, a RSS ticker, a clock, a post-it notes app, this kind of thing. It should be trivial, shouldn't it?