Slashdot Mirror


User: SanityInAnarchy

SanityInAnarchy's activity in the archive.

Stories
0
Comments
12,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,413

  1. Re:repost with the blockquotes fixed on SWSoft Out of Compliance With the GPL · · Score: 1

    Since you live in a black & white world -- would you lie to save your child's life?

    I didn't say that. I also am not sure lying is necessarily wrong.

    But that's irrelevant. What you're saying is more like, because some children may be about to dye, all lying is OK, whether it has anything to do with children or not.

    Would you steal food if you were homeless?

    No, I'd go to a homeless shelter where I can be given food.

    The questions you are asking are generally, is it acceptable to do somewhat-immoral thing A in order to avoid much-more-immoral-thing B. I'd generally answer yes. (Perhaps not always, but generally.)

    However, B is something you made up here. The reality is, someone violated copyright -- A -- and there is no B. They did not violate copyright to save their child. And it is still wrong for them to do that. And the fact that I illustrated it with something even more wrong doesn't make my analogy invalid.

    For that matter, why is it that no one complains about going the other way? "A penny saved is a penny earned." But you don't hear anyone saying "Yeah, but it's just a penny! Why, you probably wasted 2.39 cents worth of your time saving that one penny!"

  2. Re:The problem with anti-cheat software.. on Fighting Online Game Cheating in Hardware · · Score: 2, Interesting

    Eventually there might be an anti-cheat relying on TCPM sort of things, but eventually somebody will just make a TCPM-less version indistinguishable from the TCPM type by the server.

    In order to defeat TCPM, you can:

    1. Fool the TCPM chip itself into authenticating something that isn't properly signed. Probably can be made impossible.
    2. Crack the authenticated software, while it's executing -- something like a buffer overflow. Difficult, and is impossible with perfect software. Perfect software is not impossible.
    3. Crack the TCPM chip itself (or surrounding hardware), somehow, and steal the key. Might be made physically impossible in the future, physics permitting.
    4. Crack the server at the other end, or fool it in some way. Could be made impossible.
    5. Steal the key used to sign stuff for the TCPM chip. Requires actual data theft -- this key will NEVER be on your computer in any form.

    #1 and #2 require you to have an actual TCPM chip. #4 is unlikely, and would be fixed. Only #3 and #5 really seem likely to produce a version that would work on a computer without a TCPM chip.

    Somebody moves all over the screen, faster than the player can actually run? Cheating. Wait - or a laggy connection.. or a bug.

    The solution to this is, fix the bug.

    Somebody moving all over the screen can be made impossible by having the client send velocity and direction updates, and the server send positional updates back. Or even if you send entirely positional updates, both ways, the simple solution is to have the server send positional updates back, correcting the client. So if somebody is moving at 105% speed, all that will happen is they'll jump back from lag. The faster their connection, the closer it will get to their screen vibrating, rather than them being jerked back a foot or two. And it will only look that way to them, so I can't see it giving them an advantage.

    And even when you can detect all the -technical- cheats (more ammo, faster reloads, increased speed, greater jetpack fuel (if there's any)

    Not even detect. Defeat, plain and simple.

    Consider someone trying to create a godmode. Can't be done. You might be able to convince your own client that you have 100 health, but if the server says -37, that's what everyone else sees, and they also see your body blow up, and their score go up.

    that leaves you with the cheats that cheat the User Input. Aimbots and the like

    You forgot cheats with the display. Invisible or translucent walls, giant target boxes on people's heads, even things like adjusting the screen brightness.

    And you're right, those you have to deal with by having competent admins. But you have to be careful here -- some people really are that good. One way to tell is go to a first-person view of that player, which can help, but not always.

    As always, the surest way to tell is to know the people personally, have occasional LAN parties, and maybe form a team.

  3. Re:there is no technological fix on Fighting Online Game Cheating in Hardware · · Score: 1

    The servers knows there is poeple out here but YOU don't always need to know where they are, except if they can be seen from your POV.

    Not always, but often. You can sometimes hear their footsteps, or see them on your radar.

    There are possible tradeoffs, but none really acceptable. For instance, the server could send you a streaming video of your radar screen (it's not very big), and streaming audio of potential footsteps, but that would use a lot more bandwidth and server CPU. And when you consider the logical conclusion -- playing the WHOLE GAME that way -- well, figure the server needs one awesome videocard for everyone playing, and enough bandwidth to stream HD video to every player...

    But short of that, you'll have cheating, and even there, you can have cheating anyway -- for example, a semiautomatic gun with a very rapid rate of fire, meaning whoever has a rapid-fire mouse wins.

    In an online chess game, where the rules are fixed, I would challenge you to trick the server other than by hacking it.

    Certainly, but that's chess -- though you CAN cheat by having a computer assist you, if you're worse than the computer.

  4. Re:there is no technological fix on Fighting Online Game Cheating in Hardware · · Score: 2, Interesting

    Sibling is wrong that you'd have to duplicate XP. You'd have to duplicate Linux, because it'd be a HELL of a lot cheaper than licensing XP, or developing your own drivers.

    But here's why that's a bad idea:

    1. Modern OSes are fast. You're really not losing a lot of cycles to the OS, compared to what developers willingly throw away in order to make development easier -- many games have significant chunks of the game logic written in a scripting language.
    2. It can be nice to multitask with a game. For example, I run my MMOs in a window, next to an IM client, a web browser, and a notepad. This is even nice with an FPS, for example, to have an ssh window open to control the game server with at a LAN party.
    3. It'd be entirely too easy to run the whole thing in a hypervisor or emulator. Failing that, you could do tricks like a chroot in Linux... I'm sure Windows has tricks I don't know about, or maybe something custom. Notice how much cheating there is on Xbox Live, and they control the boot CD and the entire console.
    4. It would be slow, unless you used the hard drive as a cache -- which kind of starts to defeat the purpose, as you could modify the files in the cache. If you use checksums to prevent that, you still have to boot from the DVD, which will take some time.
    5. Any way you use to prevent someone from just burning a hacked version also prevents backup copies. But I guess that's "copy protection."
    6. It would be difficult to patch. The patching system, if you had one, is yet another way someone could potentially hack it.
    7. It would be difficult to use the hard drive, for caching, patching, or saving. Some people have weird BIOS RAID configurations, some people have real RAID, some people have SATA, some have IDE, some have two hard drives, some have many partitions. The only way this could possibly work is if you had a custom partition for that game, or a fixed directory on an OS partition -- the first requires you to repartition just to install a damn game, and the second requires you to have a specific OS installed.
    8. At tournaments, there's no real need for custom hardware. Just clone a disk image around, and don't give any players access to the game before they start playing -- during which time they get no Internet access and no custom disks, except config files they've supplied ahead of time for scrutiny.

    Let me tell you one thing it would be good for, though: LAN parties. I've been meaning for awhile to make a DVD of UT2004 (maybe minus a few maps), Quake3, Doom3, etc, probably based on Ubuntu, so that people who bring a crappy, spyware-infested computer to a LAN party at least have a chance of getting into the game with a decent framerate, without us having to format them and install a pirated XP (which we have done).

    Currently, we ask that people bring their computers a day early -- even to a small, 10-person LAN party -- so we can check them out, and decide if we want them on the same subnet as our own, and maybe clean them up a little -- not to mention do mass-installs of whatever games we're playing.

    But, even here, it's a backup, because it won't work for all games, and the ones it does work for almost certainly have Windows ports, or we can just install Linux partitions everywhere. It's a LAN party, so we can look over someone's shoulder and physically beat them if they cheat, and it's much faster to boot an OS off your hard drive and launch the game, because hard drives really are that much faster.

    It's actually not a horrible idea, though. Someone founded a company based on it, but they didn't get very far. They were called "Gentoo Games".

  5. Mod me offtopic... on Fighting Online Game Cheating in Hardware · · Score: 4, Interesting

    Is that a reference to the horrible, horrible, Chinese pirated Attack of the Clones (subtitled in english-chinese-english translation)?

    That always cracks me up. Vader's "NOOOOOOOO" becomes "DO NOT WANT!!!"

  6. Re:Add the cheats as features to the game on Fighting Online Game Cheating in Hardware · · Score: 1

    This sometime works, and sometimes not, and sounds like a weak justification if you do cheat. (The reason I'm not cheating too doesn't mean I'm a noob, it means I like the game when played legitimately.)

    For example: Radar works well. However, I would not want radar in a game which does not already have it -- the game could be designed to deliberately force you to listen to footsteps. Also, even radar often has limitations -- for instance, a player crouching and moving slowly might not show up on the motion sensor, and radar has a limited range.

    Seeing through walls is almost never normal, and kills camping. Camping is a legitimate tactic. It also kills any kind of partially-destructable environment -- if you can snipe through a wooden box and get a perfect headshot, then wooden boxes are worthless as cover.

    Auto aim and auto trigger are incorporated into some games. For instance, there is a mod to Quake 3 Arena called AlternateFire, which adds alternate (right click) weapons to the game, as well as additional powerups. Quad Damage generally alternates between the Quad and "Accuracy", which effectively gives you an aimbot, with certain weapons, within a certain (large) radius. But it still requires you to click, and it's still limited to that radius, and those weapons -- and to when you have the powerup; would it be fair if someone had Quad Damage all the time?

    Auto trigger would be more like the melee weapon of UT2004. The "Shield Gun" can be charged up, and will then fire when an enemy is close enough.

    I prefer tightening it down on the server side. Have the server not send updates of other players' positions constantly, only when there's a line of sight, or maybe if they are close enough for footsteps, as an example. More importantly, have a competent admin and a decent voting system for when the admin is not there. And in general, I consider cheating to be a part of online games, and I can beat the cheaters, often -- but that does not make it alright, and does not mean that one game should be changed to a fundamentally different one just because one type of gameplay is more susceptible to cheating.

    And some cheats, particularly glitches like item duping in Diablo, never make any sense at all as a legitimate addition. Timing tricks, maybe, but free rare items, no.

    The reason for cheating is generally not because someone wants an improvement to the game. The main reasons for cheating are because you can (for someone who likes looking at hex code all day, who wants a challenge), and because you want to win, and maybe because you have an ego and something to prove, perhaps because you have a small penis... But let's face it, if you really wanted to play a different game, you'd play one. If you really wanted to improve a game or invent a style of gameplay, there's all kinds of moddable engines, even good open source ones (Quake 3). It would probably take much less effort with source code than without, I would think.

  7. Re:This is craziness, calm down people... on SWSoft Out of Compliance With the GPL · · Score: 1

    Imagine - Parallels, a "major Linux developer company", unnecessarily slitting the throat of a major Linux open source project.

    If they don't fix this, and soon, they deserve everything they get. We'll go back to VMWare or Qemu if we have to, and life will go on -- not as well, Parallels looks pretty slick, but corporate asshatry should not be allowed, even by people who are nice to Linux.

  8. repost with the blockquotes fixed on SWSoft Out of Compliance With the GPL · · Score: 1

    Oh shut up. Distributing a very slightly modified version of a freely-available code library is about a 0.02 on the Scale Of Injustive. Kicking someone in the ribs is about a 7.4. It would be hard to come up with a more pointlessly absurd analogy.

    You know, people use this all the time, and it's simply not true. Wrong is wrong. It's not like you have a quota of immorality points you can spend how you like, and if you don't go over that limit, all is forgiven.

    If you steal my french fry, you're still a bastard, and if I was hungry, I'll complain. I won't throw a screaming fit, but I'll say "Hey, don't take my fries, man." Except in this case, it's actually illegal, and it does hurt.

    The whole fucking point of an analogy is to draw a parallel. The only perfect analogy isn't an analogy, it's a definition.

    Look, maybe they screwed up, maybe they didn't.

    I don't know how you can possibly understand enough about the statement to make a moral judgment -- and think they might not have screwed up.

    If they did, well, guess what? Nobody's being hurt!

    But they are being abused, and there is damage.

    OK, better analogy: Let's say my bank decides to take money out of my account for some reason. I log into my electronic bank one day, and half my savings are gone. I ask them to put it back, and they say they have to check with their lawyers, because they thought they were allowed to steal from me.

    You know, no one's hurt. I'm not physically in pain. Most people would still be able to shop for food, pay the bills, and so on -- it probably wouldn't be a big deal to wait another few weeks. But would you call this an acceptable situation?

    In the real world, that's exactly when I'd move to another bank. Not after they've had a few more weeks to dick around and delay while they have my money and I don't, but right fucking then. The moment I login and see that, I call the bank. If it's not corrected immediately, e-check the entire account to PayPal while I continue to ask the bank for the rest of it, the next day I can take a walk around town looking for a good brick&mortar bank.

    If they didn't, then this is a whole big stick about nothing (the Slashdot specialty.)

    I'd think that if they didn't, either you're right, which means the summary has to be completely wrong, or there is something very wrong with the language of the LGPL, which is a big deal.

    The LGPL license is confusing and vague, and it's not a done deal that they're in violation of it.

    I found it to be more clear than just about any other license I've read, and an order of magnitude clearer than any EULA.

    Here, read this:

    You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.

    There is no doubt that they intended to distribute Wine under the LGPL -- along with libmspack and the Plex86 VGABIOS. I do not have a copy of Parallels itself, but judging from the Wine wiki, source code did not ship with Parallels -- that, or the Wine wiki is lying. And even if the LGPL allowed such measures, I do not even see a link from the Parallels website to the Wine website, and the only mention of it anywhere but their forums seems to be on this page [parallels.com], which contains no URLs at all. It is reasonable to assume that even if they have altered nothing (which seems unlikely or impossible), that page is not really sufficient for a consumer to go download the source code -- it doesn't ev

  9. Re:For a lawyers opinion on SWSoft Out of Compliance With the GPL · · Score: 1

    Oh shut up. Distributing a very slightly modified version of a freely-available code library is about a 0.02 on the Scale Of Injustive. Kicking someone in the ribs is about a 7.4. It would be hard to come up with a more pointlessly absurd analogy.

    You know, people use this all the time, and it's simply not true. Wrong is wrong. It's not like you have a quota of immorality points you can spend how you like, and if you don't go over that limit, all is forgiven.

    If you steal my french fry, you're still a bastard, and if I was hungry, I'll complain. I won't throw a screaming fit, but I'll say "Hey, don't take my fries, man." Except in this case, it's actually illegal, and it does hurt.

    The whole fucking point of an analogy is to draw a parallel. The only perfect analogy isn't an analogy, it's a definition.

    Look, maybe they screwed up, maybe they didn't.

    I don't know how you can possibly understand enough about the statement to make a moral judgment -- and think they might not have screwed up.

    If they did, well, guess what? Nobody's being hurt!

    But they are being abused, and there is damage.

    OK, better analogy: Let's say my bank decides to take money out of my account for some reason. I log into my electronic bank one day, and half my savings are gone. I ask them to put it back, and they say they have to check with their lawyers, because they thought they were allowed to steal from me.

    You know, no one's hurt. I'm not physically in pain. Most people would still be able to shop for food, pay the bills, and so on -- it probably wouldn't be a big deal to wait another few weeks. But would you call this an acceptable situation?

    In the real world, that's exactly when I'd move to another bank. Not after they've had a few more weeks to dick around and delay while they have my money and I don't, but right fucking then. The moment I login and see that, I call the bank. If it's not corrected immediately, e-check the entire account to PayPal while I continue to ask the bank for the rest of it, the next day I can take a walk around town looking for a good brick&mortar bank.

    If they didn't, then this is a whole big stick about nothing (the Slashdot specialty.)

    I'd think that if they didn't, either you're right, which means the summary has to be completely wrong, or there is something very wrong with the language of the LGPL, which is a big deal.

    The LGPL license is confusing and vague, and it's not a done deal that they're in violation of it.

    I found it to be more clear than just about any other license I've read, and an order of magnitude clearer than any EULA.

    Here, read this:

    You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange.

    There is no doubt that they intended to distribute Wine under the LGPL -- along with libmspack and the Plex86 VGABIOS. I do not have a copy of Parallels itself, but judging from the Wine wiki, source code did not ship with Parallels -- that, or the Wine wiki is lying. And even if the LGPL allowed such measures, I do not even see a link from the Parallels website to the Wine website, and the only mention of it anywhere but their forums seems to be on this page, which contains no URLs at all. It is reasonable to assume that even if they have altered nothing (which seems unlikely or impossible), that page is not really sufficient for a consumer to go download the source code -- it doesn't even mention winehq.org, much l

  10. Re:For a lawyers opinion on SWSoft Out of Compliance With the GPL · · Score: 4, Insightful

    The license expressly states that the reason for the LGPL is to allow proprietary software to use the library in some ways.

    But if I understand this, they have modified the library itself, and not released their changes. The LGPL lets you link with a library, including using the library's official header files, without your program being considered a derivative work of the library -- your own code does not have to be LGPL'd.

    However, the library itself is still LGPL'd, and anything you do with it must still have source code released.

    Point is, lawyers are slow, and companies often use them to prevent negative, unforseen consequences. Give them more time before crucifying/boycotting/etc. instinctively.

    I'm sorry, the time lawyers have to work this out is before the software is released. They are now in violation.

    Let's say I start beating the shit out of you, and you tell me to stop. Should I stop, or should I call my lawyer and wait a week for him to tell me it's OK to stop (during which time I'm still kicking you)? The correct answer is I should stop, and for that matter, I should never have started. My lawyer should have told me not to kick you in the first place.

  11. Re:Obvious Request I Can Think Of on Rutkowska Faces 'Blue Pill' Rootkit Challenge · · Score: 1

    Why can't you load a rootkit into main memory from a disc and remove the disc?

    I guess you could. I think that defeats the point of the exercise, though. Many Windows computers get rebooted daily; even my Kubuntu box does, to save power, and so I don't have to mess with hibernation. The point of a rootkit is to stay there, undetected, probably for a long time, in order to do something permanent.

    It's a cat and mouse game just like all other security.

    That's the point. I'm not trying to prove that any rootkit is 100% detectable by one particular method, but rather that anyone claiming "100% undetectability" is either exaggerating or actually being dishonest. I know it's cliche'd and somewhat wrong in the real world, but just as the only secure computer is one that's not plugged into the Internet and preferably turned off, the only undetectable rootkit is one that does absolutely nothing at all, including actually install itself (as in, it doesn't really exist). Obviously, a rootkit is detectable by the rootkit author, otherwise what's the point?

  12. Re:Obvious Request I Can Think Of on Rutkowska Faces 'Blue Pill' Rootkit Challenge · · Score: 2, Interesting

    Another obvious thing I would request is that different services software be installed (and running) on the laptops. Like maybe put MySql on one running as a service and PostGres on the other.

    Better yet: Let each laptop (out of maybe 20 or so, instead of just two) be used by someone for maybe a few days or a week leading up to the test. Rutkowska is the only one allowed to (deliberately) install a rootkit, or any kind of malware, but everyone else is allowed to do pretty much whatever they want. Then, let them sort out which ones have rootkits, and specifically, which one was Blue Pill.

    But how many times do you approach a computer that's infected & have all the behaviors of that machine mapped out? I think the real world answer to that is never.

    At least, not completely. I suspect they might still be able to figure it out, but the test could at least be made fair.

    Then again, I suspect that this test was created more because many people, myself included, find that "100%" anything in security leaves a bad taste in our mouths. I admit that there's pretty much no chance anyone would be able to detect her rootkit. However, a completely unfair test (in which you can simply do a full-drive checksum from a boot CD) is all that's needed to prove it's not "100%".

    Just one more reason to only use open source, I guess!

    While I agree, sort of, this doesn't really make sense for the reasons you said. Unless you have a behavior/benchmark for each process on ANY system, you can't know that there isn't some infected process somewhere -- this has nothing to do with it being proprietary. I tend to suspect that open source would make it less likely for malware to get on the system in the first place, and less likely for it to get elevated to a level where a really good rootkit is possible (although I admit, most of us would probably be fooled by any rootkit), but that is only because I tend to suspect that open source is generally more secure overall.

    And sendmail proves that it isn't, always.

    The availability of source code, if anything, probably increases the vulnerability of the system to a really, really hard-to-detect rootkit. After all, the rootkit could recompile your kernel.

    I do think you should use open source, and I do think malware is a reason, but I don't think rootkits are any less likely to happen than any other kind of malware on an open source system. Don't forget, "rootkit" is a term from the UNIX world.

  13. Re:Xen and OS X question on Desperately Seeking Xen · · Score: 1

    Also note: The OSX86 stuff, if I remember, is based on a fairly old kernel, because at the time, OSX had to run on real PC hardware, which had a real BIOS. Newer kernels run on OpenFirmware machines, just like on PowerPC...

    But I don't really know what I'm talking about; maybe I'm entirely wrong.

  14. Re:Xen and OS X question on Desperately Seeking Xen · · Score: 1

    It's also a virtual machine.

    I remember, when I first got WinXP on this machine (free, courtesy of my school), I installed it in Qemu. I then tried to install it directly on the hardware, and it insisted that it was a different computer, and I would have to re-activate it. I called MS, and I had to explain to a woman with a thick Indian accent that it was the same machine. (She didn't have a clue about virtualization.)

    The problem is, legally, is a VM the same computer, or a different one? It's one of those tricky philosophical questions...

    In any case, the Vista license answers this specifically -- if I recall, only Ultimate may legally be installed under VMs, and a VM is clearly enough defined, I think, that you can't pretend that a Transmeta processor or the Intel/AMD microcode is at all like a VM.

  15. Re:Clarification on Anatomy of the Linux Kernel · · Score: 1

    Trust is an action. By executing a program at all, you are trusting that program.

    Fine. But that's not the point.

    The point is to be able to run multiple, untrustworthy and (relatively) untrusted programs in the same address space.

    Or, in other words, being able to sandbox programs that are not trustworthy so that they are also not entrusted with any ability that we don't want them to have.

    At a very basic level, think JavaScript, or Java applets. Those are generally run in the same process as the web browser -- thus, the same address space. However, both are limited such that one applet or script cannot affect another applet or script, or another website, much less anything outside the browser, without explicit user consent. If this can be done very well and securely, and on a large scale, you don't need separate address spaces at all.

    ... you need a language that is restrictive enough that you can actually run multiple, less trustworthy programs in the same address space ...

    This is not sufficient, because as you say, millions of people run untrustworthy code every day. There's really nothing stopping you from downloading a bunch of random executable code, throwing it together into one process, and running it -- that would be what you just said, and it would be a security hazard. I'm talking about taking such code and running it, while actually not trusting it.

  16. Doesn't help competitors a lot, either on Linus Warms (Slightly) to GPL3 · · Score: 1

    I mean, sure, it depends what field you're in. For example, GPL-ing Java certainly helps Sun's competitors -- I guess in theory, some wicked-cool feature of Java can now be ported to Mono.

    However, take something like Drupal. Pretty much any company implementing Drupal (or another open-source CMS) on their website is going to have to write some custom modules, or at least a custom theme. If they release their modules back to the community, so what?

    For example: I used to work here. They are starting to use Drupal in places, and one thing I was planning to do (which never got finished) was create an easy way to take their Word documents (very well-styled, well-formatted Word documents) and convert them into HTML, for use in Drupal, via FCKEditor.

    Now, if you've seen their homepage, you can see very clearly that they are in the magazine business, and the blogging/ranting business. I suppose, in theory, they have competition, who might theoretically benefit from any changes they made. But I was told, in very simple terms, that I could GPL and release whatever the hell I wanted. It's their content that's valuable to them; they were only paying for me to develop software because there wasn't any out there that did what they wanted.

    If I help their competition run their website, it really doesn't matter at all to them.

    Of course, if I licensed some of their articles under Creative Commons, it would kill them.

  17. Not quite so cynical... on A School District's Education in Free Software · · Score: 1

    After all, if you save $100,000 a year for the school, certainly they can afford to give you at least a $50,000/year raise, right? Keep in mind, also -- while the system is likely to need a LOT less maintenance, they will need you when it does, rather than just grabbing some random MSCE-tard off the street.

    My own view is that this is 50% sheer inertia, and 50% financial bullshit, just like at the individual level. At the individual level, the "financial bullshit" is that it actually, in theory, costs Dell less to pre-install Windows than to pre-install Linux, because, all other concerns aside (including support), they can load crapware on Windows to offset the cost.

    At the school level, Microsoft can easily throw around TCO numbers, and a tidy "discount" here and there, and make Windows look like an attractive alternative -- and maybe have it actually be that attractive alternative, for the first year or so. I bet Apple can do the same.

  18. Not stealing. on Apple's DRM Whack-a-Mole · · Score: 1

    Copyright infringement.

    I don't know if Islamic extremists would see the difference, but it's there. Only way this would be stealing is if you somehow managed to download a file, for free, directly from Apple's servers, and then you're only stealing their bandwidth.

  19. Really? on Apple's DRM Whack-a-Mole · · Score: 1

    Sharing files is not, in itself, illegal. Nor is sharing copyrighted files, or ripping or burning CDs.

    It is ONLY illegal to share files which you don't have the rights to share.

    And our desire to have files DRM-free has little to do with filesharing, and everything to do with fair use. I want to be able to put these files on my Linux computer, on my iPod, or on some other, cheaper device that didn't pay Apple a licensing fee, or on Xbox Media Center, not to mention, I want to be able to burn as many CDs of them as I need, or send the files over the Internet to other computers that I have, and so on.

    I agree that anyone bitching about the *gasp* "personal information" encoded in these files is almost certainly wanting to use them for something illegal, though I don't really see why anyone would care -- it's not as if there's much incentive to upload things to a filesharing network, versus downloading them. I would feel a lot happier if this information was at least cryptographically signed by Apple, so that at least no one could upload a file that I supposedly bought without first stealing it from me, but I'm not too worried about that.

    But whoever modded this insightful needs their head examined. ANY DRM reduces legal functionality, unless it's not really DRM. (I don't consider watermarking files to be DRM.)

  20. What does apply... on A School District's Education in Free Software · · Score: 3, Insightful

    Microsoft and Apple, among others, are willing to give stuff to schools. With Linux, the software may be free, but you probably have to buy your own hardware.

    It's true, it may be cheaper in the long run, if you're not a highly technical school -- meaning, you don't have to upgrade your hardware very often. But even then, many schools prefer to take the first hit free, and then be stuck with the recurring licencing fees.

    Personally, though, schools are the first places I'd want to start on free software, as unlikely as it is. That way, when they graduate, they'll be ready to move their workplace over -- or at least be easily trainable for anything -- and if they go on to be programmers, they'll be more likely to fix the free tools than to buy the commercial ones.

    Contrast that to the way it is now, where you only use the proprietary stuff because it's free in school and easy to pirate at home, so when you get to work, you insist that the company buy you the same tools, and the company figures it's cheaper than retraining you.

  21. Re:dear sensitive religious types on Indian Nationalists Forcibly Censor Orkut · · Score: 2, Insightful

    It's also okay to learn to ignore that mockery. Or, if such mockery is rational, to respond rationally to it.

    This not only makes you less likely to take such criminal actions, but it also is likely to reduce your stress and your blood pressure, and teach you a useful skill.

    Let me put it this way: I find crap like this to be offensive. But then, I usually have to look for it, and even if it was right there in my face, I only have to close that tab to make it go away. And if I really, really cared, I could go write a thoughtful, intelligent response, instead of a troll (caution: second page is NSFW, due to said troll).

  22. Re:Net Neutrality on ISPs Starting To Charge for 'Guaranteed' Email Delivery · · Score: 1

    So you want to trust the government to be honest and fair?

    Let me put it this way: Lately, when the government hasn't been honest and fair, it has tended to lean towards supporting corporations in what they wanted to do anyway. If they do that here, it's no worse than what we've got now, but at least there's a chance they'll implement some sane restrictions. So I don't exactly trust government, but I think it's our best shot now.

    What this is a perfect example of is why centralized control of the internet is a real evil.

    It's not necessarily centralized. I think it kind of proves the point that even multiple ISPs have the capability to cooperate.

    Unless by "decentralized", you mean directly controlled by the people, and I'm not sure how that would physically work.

    1) Local governments should be allowed to offer utilities, including electricity, water, phone, etc. They should not be granted a monopoly.

    So in a town where any utility is probably going to have a near-monopoly anyway, that's going to be the government now. Ok.

    5) Contracts should not be allowed to be changed after they have been agreed to except by negotiation.

    Agreed, mostly. I would say that it's fair to allow a contract to expire, and to present a new one, but every contract should have a name and a version number unique to that contract. In other words, it can change, but not without notification.

    6) EULAs, including click through license agreements, should be void unless the person accepting the license knew and understood the terms BEFORE he paid money or other advantage to receive the goods.

    I would be happy if it was a choice between that and a money-back guarantee. In other words, if you bought a product which requires an EULA, and you didn't know and understand the terms when you paid for it, you can return it and get your money back, similar to "Windows Refund". This should be stated clearly and simply enough that you can take them to a small-claims court if they give you the runaround.

    7) It should always be legal to be anonymous, even by deceit

    I would say this requires a bit of mechanism that simply isn't there yet. And we have a long way to go.

    For instance: I can pay for something with a credit card, but that requires a lot of my information, and at any rate, it's effectively a shared secret, no matter how many more retarded numbers they add. (What the FUCK makes them think a number on the back of a credit card is any harder to get than the number on the front?)

    Paypal is a step up from that -- you don't automatically give them the ability to make purchases on your behalf, and they cannot control the amount of money you authorize to send to them. There are two problems here, though. First, Paypal itself is only one such service, and there are others, but there is no standard way to accept payments from any of them. Second, it does require me to give out the email address associated with the account. They may not be able to trace it back to me, but they could track some entity called "ninja@slaphack.com" around the world.

    I would say, to go beyond this, it has to be decentralized about as much as the current banking system is. Which ultimately isn't very much -- as far as I know, the federal reserve controls quite a bit.

    It would be nice for such a rule to apply at least to anything other than financial transactions. But then, the real trick is, how do you define "fraudulently deprive someone of a valuable commodity"?

    I would say that it should be possible to verify someone's identity, absolutely and securely, but in pieces. For instance, when buying a product, they only need to know that I can afford that particular product. They don't even need to know where to ship it -- a service like FedEx, in theory, could work anonymously. (They

  23. Re:Microkernels are flexible... on Anatomy of the Linux Kernel · · Score: 1

    If I understand that, I actually have an idea for a much simpler model -- at least in its primitives. You could use this model to build POSIX, or capability security, or UAC, or whatever you want, all while sharing one address space through your entire program.

    Unfortunately, to perform at all well, it demands a compiler/VM with optimizations I haven't seen tried anywhere before.

  24. That's BSD. on Anatomy of the Linux Kernel · · Score: 1

    Due to the nature of the BSD license, I wouldn't be surprised if NT had as much BSD code in it as OS X does.

    Of course, that's difficult to prove. All we really know are a few trivial things like telnet, although I hear most modern OSes just ripped off the BSD network stack wholesale.

  25. Microkernels are flexible... on Anatomy of the Linux Kernel · · Score: 4, Interesting

    I don't disagree, in theory. In practice, there are at least a few things that microkernels can do that monolithic kernels can't (yet).

    For example, a microkernel can run filesystems and probably even certain kinds of drivers on a per-user basis. Give them access to the chunk of hardware they need, but don't require them to be able to pwn the rest of the system. This would be really nice for binary drivers, too -- it not only kills the licensing issues, but it allows us to, for example, run nvidia drivers without trusting nvidia with any hardware beyond my video card.

    Microkernels can also allow drivers to be restarted and upgraded easily, without having to upgrade the entire system. It would be theoretically possible to upgrade the nvidia drivers in-place, or even recover from an nvidia driver crash without having to reboot the whole system. If it was designed intelligently, you might not even have to restart X to reload a driver.

    Monolithic kernels can do this in theory. In practice, "kernel modules" are ugly and hackish, often requiring you compile a kernel module for a specific kernel version, and too often being held "in use" by something. Also, they just sit there eating up RAM (though a small amount, I admit) when not being used, yet often you want them loaded anyway -- for example, loop is completely useless except for the 1% of the time I want to mount a disk image, but if loop isn't loaded, mount won't load it.

    One of the major selling points of a Unix system in the first place, at least to me, was that a single rogue program is unlikely to bring the entire system down with it. Sure, forkbombs still work, and eating tons of memory still sucks, although you can prevent both of them -- but you don't often have the situation you see on Windows (especially 95/98), where a single badly-written program can make the whole system unstable.

    This is true on microkernels, only more so. In order to replace them entirely with a monolithic kernel, you need a bit more than type-safety -- you need a language that is restrictive enough that you can actually run multiple, untrusted programs in the same address space. If you can do that, you don't even need userspace processes to have a private address space, except for some backwards-compatible POSIX layer.

    But then you're stuck with the tricky problem of making that kind of language useful for the low-level stuff a kernel has to do. Like it or not, I don't think we're at a point where you can make a viable kernel in LISP or Erlang, though Java might be close (when extended with C, which kind of kills the point).

    I would love to develop such a system, but I am about to be gone for two weeks, and when I get back, I still won't have a ton of time.

    And I think you're probably wrong about microkernels using shared memory "destroying the separation advantage" -- I'm guessing it's probably done in a fairly safe/quick way. (Or if it's not, it can be.) Consider a pipe between two processes -- what you write to stdout would, in a naive implementation, be copied to the stdin of the other process. A smarter implementation might actually allow you to simply pass ownership of that particular buffer to the other process -- functionally about the same, but almost as fast as shared memory.

    But if I have no clue what I'm talking about, please tell me. I don't want to sound like a moron.