If Valve and therefore Steam ever went bankrupt, they have a universal unlock all ready to go. Cache your games, as mentioned before, and then import from the DVD when you want it.
No, that's not what would happen. If Valve went bankrupt, the company assets would be sold off to another company. That new company might continue to operate Steam, or they might not, but one thing is certain - they would be very pissed if Valve had given away their universal unlock, since that would destroy much of the value of the Steam platform. Also, I doubt that the third-party games on Steam would be affected by the universal unlock. So don't put any faith in Valve doing the right thing as the ship sinks, because it won't happen.
I don't know where you got this idea. Surely activating online is the same as entering a CD key, only online? What if you lose the CD key and you want to install the game later? What if you want to go back in 20 years time only to realise you can't install the game because you don't have a code?
No, it's not the same. If the servers are down or you don't have an Internet connection, you can't do online activation. And you do have to reactivate online if your hardware or your OS changes, even if you install from a backup you have made. CD keys don't have these problems.
Never forget, Steam is iTunes for games. There's nasty DRM all over the place, but since it mostly works fine, many people don't mind. Just bear in mind that the games aren't really yours, even though you paid for them, because Valve can ban your account. This is the price of convenience. It is the same deal with DIVX, with iTunes, with Wii Shop/Xbox Live Arcade, and with Windows Media. If you don't like it, don't buy it.
In Steam's defense, I will say this - there are no limits to the number of downloads for a particular game. You really have bought a license to play, so you can shift your account between as many PCs as you want. This is a good thing: much better than DIVX, who didn't provide free replacement disks, much better than the console services which lock downloaded games to one device, and much better than iTunes, which limits the number of machines you can activate. What really amazes me about Steam is that the DRM it provides is not enough for some companies (cough, Take 2) and their games (cough, Bioshock), so they hack on their own incompatible extra solutions (cough, SecuROM). If we must have DRM, at least let it be standardised.
Yes, it's strange that they don't do that. They've made some maps symmetrical - why not also take the easier step of always making the enemies the same colour! It would also reduce the mistakes made by drunk players: "what team am I on again?"
I think America's Army did something like this. No matter what team you join, you're always an American fighting against the terrorists. (That way, America never loses, even when the insurgents win.)
I think it could work because data mining works in other places, e.g. for analysing shopping patterns. Provided that you can capture the data in the first place, why isn't it possible to extend an existing model of what someone is likely to buy to cover the other things they might do?
You have much more information about each person in a crowd than a CCTV picture. You also have data about everything else they have done. That's how the hypothetical surveillance system works: it doesn't detect terrorists, it detects statistical anomalies. It uses a complete record of an individual's movements over a period of time, and all it does is spot new movements that seem unlikely because they don't fit the profile it has built up for that person. It's like a network intrusion detection system for a city: it warns a human operator when it spots something unusual so they can check it out.
Of course, no police state should be without one. It will cause inconvenience for innocent people, and arguably on that basis the project shouldn't be attempted, but that's a different question to the one of whether it could actually work (i.e. spot anomalies) or not.
I think the image recognition bit is definitely bullshit. But the data mining aspects are not. This technology is already widely used by shops to predict what people are likely to buy, and IBM is part of that business. Privacy and digital police state implications aside, why not also use it to spot unusual behaviour?
Suppose you drop the image recognition part and instead recognise people using personally identifiable information that is captured wirelessly from their mobile phones and RFID. That would give you a lot of data on each person's movements, and the system could scale to track millions of people throughout a city or country. Just add more sensors.
At this time, we just don't know how effectively the resulting data could be searched for unusual behaviour. Nothing of this scale has been done yet. But it could work, at least in principle, because all of the technology issues involved have already been solved for other problems. The remaining issue is how well you can automatically distinguish between a terrorist and a regular person when all you know about each is everywhere they have been in the last few years. Being flagged with a false positive could prove rather inconvenient.
I do not understand why they bother doing image recognition when most people are already carrying wireless tracking devices. Take away the need for image recognition and instead recognise people using the hardware addresses of the devices they carry, and the CPU requirements for surveillance become tiny.
I'm not convinced computer "intelligence" is really changing at all. Computers are better than they used to be, but we haven't got a a new way of programming them, so AI continues to be a hard problem. We don't seem to have got very far beyond mimicking small subsets of human abilities. The chess playing problem was solved by using a database of grandmaster openings and endings, rather than by programming the computer to think. The chatbot problem is still being solved in the Eliza bot way by mechanically rearranging sentences.
Although this can still be impressive, does it really have anything to do with actual intelligence? If we had really solved the AI problem, we'd be able to teach the chatbot to play chess, and persuade the chess bot to chat up horny nerds...
I wonder how many other potential customers have been turned away because of this.
A handful at least, based on the posts in this thread. The demo wouldn't run on my computer because of SecuROM, so I am a member of a small percentage of people who (a) wanted to buy the game, (b) had the hardware to run the game, but (c) couldn't play because of the copy protection. It is crazy to add a feature to a program to artificially reduce the number of computers it will run on. It is the opposite of good business. It is retarded.
One day, SecuROM and Starforce and the other snakeoil salesmen will be put out of business by a single standardised PC copy protection scheme designed by Microsoft, integrated into Windows, and based on TCPA. I should feel sad about this, since SecuROM and friends will be crushed like Netscape and Microsoft will dominate another slice of the PC market. But instead I am actually looking forward to it, because unlike some of the other companies that have been destroyed by the juggernaut, SecuROM adds nothing of value and causes nothing but problems for paying customers.
Its almost incomprehensible by normal, english-speaking humans.
Yes, but add a few $'s and %'s in the right places, and it turns into a one-line cross-platform implementation of iPlayer written in Perl. (If your Perl code can be understood by humans without extreme effort, you're just not trying.)
If you need a "ghetto" works-almost-anywhere free secure instant messenger to talk to Alice or Bob, create an account for your friend on your Linux machine and let them SSH in using PuTTY. Then use "write" to talk to each other, or if you're really fancy, use "talk". SSH is great for this because it (a) uses strong crypto, (b) lets you check for man-in-the-middle attacks with it's "host key", and (c) destroys the session keys after use. Get Alice and Bob to reboot from a Knoppix CD and you're secure against Windows spyware as well.
Encrypted RAM would be very secure, but it would need hardware support. The key would be stored within a CPU register, having been generated from random noise on bootup. Hitting reset/power should be all the security you need. We effectively have this now in free software with encrypted swap space, and I think the TCPA spec says that bus encryption keys need to be negotiated using public key algorithms. The curious thing is that there doesn't need to be much access time overhead, because you do all the decryption to burst transfers on the RAM side of the instruction cache.
That's not my point. My point is that you shouldn't have to pay for iPlayer unless you (a) can use it, and (b) want to use it.
Perhaps this is a bit like arguing that the BBC shouldn't be wasting the licence money on game shows, digital channels, football matches, the World Service or films, as many people have done during the Corporation's history (without success). But I think it's a bit more like asking for a licence fee discount because you've not got a colour TV. Sure, I could buy Windows XP and get access to iPlayer, but I don't want to.
You can get a TV licence discount if you have a black and white TV, or if you are registered blind.
How about a discount for everyone who is either unable or unwilling to receive the iPlayer service?
Since they have deliberately locked the service away from a percentage of the viewers, it seems only fair to offer a discount to those people. (I wonder how many WinXP users would also decide that a discount was preferable to access to the iPlayer service?)
Because P2P can be disguised as other protocols, the only way to wipe it out completely is to centrally control the applications on every Internet-connected computer. The technology could be implemented incrementally over many years. Widespread use of free software is a good way to fight this, but widespread piracy just helps to motivate the political case for the "trusted Internet"
Installing noscript and flashblock might help, since Javascript and Flash are the two ways in which websites can waste your CPU time. Executing scripts correctly must also involve executing badly written scripts that burn CPU cycles, and the whole "Web 2.0" is full of badly written scripts.
The fact that 25million records were being sent via. post burnt on DVDs should give some idea of the level of technical competency in the public sector.
I worked at a large software corporation a few years ago, and was amazed to discover that master CD images were sent to the duplication plant by courier. To this day, I do not know why. The duplication plant was owned by the same corporation and was connected to their global intranet along with the office I was working at. Sending the files electronically would have been much faster, cost almost nothing, and would also have been extremely secure!
The self-modifying code parts have already been described by Hal Porter, but he didn't explain how the algorithm actually works.
Registers: ebp holds a fixed point integer which represents a position within the column. 25 bits hold the fractional part. For each pixel, esi holds the memory offset of the column texture. eax and ebx hold the memory offset of the colour translation table, which is used for lighting effects. This address has to be aligned to a 256 byte boundary for reasons that will become clear. Finally, edi holds the current video memory address.
Algorithm: For even-numbered pixels, ebp is copied to ecx and shifted right by 25 bits to obtain the texture pixel (comment says: "finish calculation"). ebp is then incremented by a fractional value that represents the ratio between screen pixels and texture pixels (that's the value inserted using self-modifying code). Then, ecx+esi is computed and dereferenced ("movb al, [esi+ecx]"). The result is stored in al - the low 8 bits of the eax register. Then, dereferencing eax gives the value of the pixel to be written to the screen. Lastly, edi is incremented to the next row.
The same process is almost simultaneously applied to odd-numbered pixels, which use ebx, edx and bl instead.
There are at least five clever things here. There's the self-modifying code. There's the use of eax/al to avoid an addition. There's the interleaving of two loop iterations - manual modulo scheduling. There's only one branch, so the code pipelines really well, even if the branch predictor is very primitive. And finally, there's an interpolation algorithm that doesn't use any slow multiplications or divisions. (It's not really like Bresenham's line drawing algorithm.. I was mistaken about that. If it was like Bresenham's algorithm, it would not fetch the same pixel from the texture memory twice. But it would also have to include branches on a non-predicated architecture like x86, and that would make it slower.)
You can see more stuff like this in README.asm, included with linuxdoom-1.10, the GPL'ed Doom source release.
Carmack's code is always interesting. Most famously, there's the infamous square root approximation from Quake. But I'm still impressed by the original Doom render loop, with it's self-modifying code.
The loop is drawing columns (vertical slivers of wall). It needs to interpolate between two things: the input wall texture, and the output part of the screen. Carmack uses something like Bresenham's line drawing algorithm to do this, but because the 386 has such a limited register set, he stores the fractional increment in an immediate attached to the "addl" instruction:
doubleloop:
movl ecx,ebp// begin calculating third pixel patch1:
addl ebp,12345678h// advance frac pointer
movb [edi],al// write first pixel
shrl ecx,25// finish calculation for third pixel
movl edx,ebp// begin calculating fourth pixel patch2:
addl ebp,12345678h// advance frac pointer
movl [edi+SCREENWIDTH],bl// write second pixel
shrl edx,25// finish calculation for fourth pixel
movb al,[esi+ecx]// get third pixel
addl edi,SCREENWIDTH*2// advance to third pixel destination
movb bl,[esi+edx]// get fourth pixel
decl [loopcount]// done with loop?
movb al,[eax]// color translate third pixel
movb bl,[ebx]// color translate fourth pixel
jnz doubleloop
A similarly impressive trick is used to draw floors, where 3D interpolation is required because each texture needs to be crossed diagonally, not vertically. I never understood how Doom drew floors until I looked at the code, and I still think it's deep magic. And that's without even mentioning the BSP code!
I think you're right, and when a cheaper solution exists, it doesn't make sense to overcomplicate things.
In the end, to be effective, this type of approach would need to be complex enough to defeat (or stay ahead of) automatic analysis, but also simple enough to actually work. Very tricky.
2) make the game code so different between each dump that it wouldn't be easily reverse-engineerable (difficult as well).
Basically, that's the idea. The results of reverse engineering become worthless as soon as the client disconnects from the server, because the game code will be different on the next connection. Blizzard seem to be using this with Warden now... my suggestion is that perhaps this technology should not be used for spying on the other programs, but rather for hiding what the game is doing, so that bot detection and anti-cheat code can be incorporated into the game itself.
Perhaps this wouldn't be easy, and perhaps it would be much cheaper to use something like Warden, but I think it would work.
In wow (and fps games in general) player movement is not predictable, at any point a player can stop and turn with no inertia (so it's not like, say, a space sim game where you can do dead reckoning at even fairly high latencies and make things look decent) and if you've seen any wow pvp you know it consists of a lot of jumping around and running through each other to try to get behind the other player. Also several abilities need to be used with very tight timings, there is the gcd to take care of etc. etc. etc.
Indeed, this is the problem that means the client has to be trusted to some extent.
A few years ago I had an idea for a cheat prevention system that would allow the client to be trusted without forcing Warden/VAC/Punkbuster-style spyware on the player. Instead of sending a cheat detection program to each player, why not send part of the game: say, the part that enforces the rules on the client, and communicates with the server? Like Warden, this could be generated randomly for each connection to make reverse engineering difficult (and also obfuscate the network protocol).
Arbitrary code would still be being sent to each player, so bot authors would still probably cry "rootkit". But at least the code wouldn't need to do any spying outside of the game itself. The code could even be written in.NET or Java and designed to run within a sandbox.
I doubt I will ever get the chance to develop my idea, particularly as trusted computing is going to obsolete this type of technology in the next ten years, so it's now in the public domain. Criticise away!
The purpose of Warden is not just to detect cheats but also automated players ("bots").
Bot prevention is an extremely hard problem. Warden gives Blizzard a way to send arbitrary code to the player's computer in order to carry out any "test for a bot" that they like. If the set of available tests were restricted to a defined interface, then bot authors would be able to fake the test results, and according to TFA, this is actually what happened: "previously, roughly 318 permutations of Warden existed per patch". Presumably the bot code would detect which version of Warden was in use, and use the appropriate Warden-faking code for that version.
Now, many more permutations exist, so this type of attack is much more difficult. I find it particularly interesting to point out that Warden doesn't actually have any new capabilities: it has always had the ability to accept arbitrary code from Blizzard, and all that has happened here is that Blizzard have made their "test for a bot" more difficult to fake.
Steam games have "Valve Anti-Cheat" (VAC), which is similar in principle to the Blizzard Warden. Other games use Punkbuster, which uses the same strategy to detect cheats. All of these programs scan your machine's memory and look for the signatures of known cheats. The mechanism used to carry out the scanning and report the results is deliberately obfuscated to make it difficult to reverse engineer the process and send fake results. All three of these programs are spyware. But you agree to the use of each within the EULA of whatever game you are playing.
Warden has always had the ability to be updated with arbitrary code as you play. The observations of this article are nothing new: Blizzard has always been able to access files on your computer, just by sending the appropriate program to Warden. It seems that they have recently been sending more complex programs, generated for each client, so the current generation of programs that spy on Warden no longer work. The arms race continues.
Can you backup Wii games to a memory card or hard drive? The T&C for the shop on my Wii says that games have to be saved in the built-in Flash memory, and are tied to that Wii. (Although I can redownload a game if I delete it.)
Slashdot Mirror
If Valve and therefore Steam ever went bankrupt, they have a universal unlock all ready to go. Cache your games, as mentioned before, and then import from the DVD when you want it.
No, that's not what would happen. If Valve went bankrupt, the company assets would be sold off to another company. That new company might continue to operate Steam, or they might not, but one thing is certain - they would be very pissed if Valve had given away their universal unlock, since that would destroy much of the value of the Steam platform. Also, I doubt that the third-party games on Steam would be affected by the universal unlock. So don't put any faith in Valve doing the right thing as the ship sinks, because it won't happen.
I don't know where you got this idea. Surely activating online is the same as entering a CD key, only online? What if you lose the CD key and you want to install the game later? What if you want to go back in 20 years time only to realise you can't install the game because you don't have a code?
No, it's not the same. If the servers are down or you don't have an Internet connection, you can't do online activation. And you do have to reactivate online if your hardware or your OS changes, even if you install from a backup you have made. CD keys don't have these problems.
Never forget, Steam is iTunes for games. There's nasty DRM all over the place, but since it mostly works fine, many people don't mind. Just bear in mind that the games aren't really yours, even though you paid for them, because Valve can ban your account. This is the price of convenience. It is the same deal with DIVX, with iTunes, with Wii Shop/Xbox Live Arcade, and with Windows Media. If you don't like it, don't buy it.
In Steam's defense, I will say this - there are no limits to the number of downloads for a particular game. You really have bought a license to play, so you can shift your account between as many PCs as you want. This is a good thing: much better than DIVX, who didn't provide free replacement disks, much better than the console services which lock downloaded games to one device, and much better than iTunes, which limits the number of machines you can activate. What really amazes me about Steam is that the DRM it provides is not enough for some companies (cough, Take 2) and their games (cough, Bioshock), so they hack on their own incompatible extra solutions (cough, SecuROM). If we must have DRM, at least let it be standardised.
Yes, it's strange that they don't do that. They've made some maps symmetrical - why not also take the easier step of always making the enemies the same colour! It would also reduce the mistakes made by drunk players: "what team am I on again?"
I think America's Army did something like this. No matter what team you join, you're always an American fighting against the terrorists. (That way, America never loses, even when the insurgents win.)
I think it could work because data mining works in other places, e.g. for analysing shopping patterns. Provided that you can capture the data in the first place, why isn't it possible to extend an existing model of what someone is likely to buy to cover the other things they might do?
You have much more information about each person in a crowd than a CCTV picture. You also have data about everything else they have done. That's how the hypothetical surveillance system works: it doesn't detect terrorists, it detects statistical anomalies. It uses a complete record of an individual's movements over a period of time, and all it does is spot new movements that seem unlikely because they don't fit the profile it has built up for that person. It's like a network intrusion detection system for a city: it warns a human operator when it spots something unusual so they can check it out.
Of course, no police state should be without one. It will cause inconvenience for innocent people, and arguably on that basis the project shouldn't be attempted, but that's a different question to the one of whether it could actually work (i.e. spot anomalies) or not.
I think the image recognition bit is definitely bullshit. But the data mining aspects are not. This technology is already widely used by shops to predict what people are likely to buy, and IBM is part of that business. Privacy and digital police state implications aside, why not also use it to spot unusual behaviour?
Suppose you drop the image recognition part and instead recognise people using personally identifiable information that is captured wirelessly from their mobile phones and RFID. That would give you a lot of data on each person's movements, and the system could scale to track millions of people throughout a city or country. Just add more sensors.
At this time, we just don't know how effectively the resulting data could be searched for unusual behaviour. Nothing of this scale has been done yet. But it could work, at least in principle, because all of the technology issues involved have already been solved for other problems. The remaining issue is how well you can automatically distinguish between a terrorist and a regular person when all you know about each is everywhere they have been in the last few years. Being flagged with a false positive could prove rather inconvenient.
I do not understand why they bother doing image recognition when most people are already carrying wireless tracking devices. Take away the need for image recognition and instead recognise people using the hardware addresses of the devices they carry, and the CPU requirements for surveillance become tiny.
I'm not convinced computer "intelligence" is really changing at all. Computers are better than they used to be, but we haven't got a a new way of programming them, so AI continues to be a hard problem. We don't seem to have got very far beyond mimicking small subsets of human abilities. The chess playing problem was solved by using a database of grandmaster openings and endings, rather than by programming the computer to think. The chatbot problem is still being solved in the Eliza bot way by mechanically rearranging sentences.
Although this can still be impressive, does it really have anything to do with actual intelligence? If we had really solved the AI problem, we'd be able to teach the chatbot to play chess, and persuade the chess bot to chat up horny nerds...
I wonder how many other potential customers have been turned away because of this.
A handful at least, based on the posts in this thread. The demo wouldn't run on my computer because of SecuROM, so I am a member of a small percentage of people who (a) wanted to buy the game, (b) had the hardware to run the game, but (c) couldn't play because of the copy protection. It is crazy to add a feature to a program to artificially reduce the number of computers it will run on. It is the opposite of good business. It is retarded.
One day, SecuROM and Starforce and the other snakeoil salesmen will be put out of business by a single standardised PC copy protection scheme designed by Microsoft, integrated into Windows, and based on TCPA. I should feel sad about this, since SecuROM and friends will be crushed like Netscape and Microsoft will dominate another slice of the PC market. But instead I am actually looking forward to it, because unlike some of the other companies that have been destroyed by the juggernaut, SecuROM adds nothing of value and causes nothing but problems for paying customers.
Its almost incomprehensible by normal, english-speaking humans.
Yes, but add a few $'s and %'s in the right places, and it turns into a one-line cross-platform implementation of iPlayer written in Perl. (If your Perl code can be understood by humans without extreme effort, you're just not trying.)
Skype isn't very trustworthy. My favourite link about Skype security. You can't necessarily trust a closed source app with confidential information.
If you need a "ghetto" works-almost-anywhere free secure instant messenger to talk to Alice or Bob, create an account for your friend on your Linux machine and let them SSH in using PuTTY. Then use "write" to talk to each other, or if you're really fancy, use "talk". SSH is great for this because it (a) uses strong crypto, (b) lets you check for man-in-the-middle attacks with it's "host key", and (c) destroys the session keys after use. Get Alice and Bob to reboot from a Knoppix CD and you're secure against Windows spyware as well.
Encrypted RAM would be very secure, but it would need hardware support. The key would be stored within a CPU register, having been generated from random noise on bootup. Hitting reset/power should be all the security you need. We effectively have this now in free software with encrypted swap space, and I think the TCPA spec says that bus encryption keys need to be negotiated using public key algorithms. The curious thing is that there doesn't need to be much access time overhead, because you do all the decryption to burst transfers on the RAM side of the instruction cache.
That's not my point. My point is that you shouldn't have to pay for iPlayer unless you (a) can use it, and (b) want to use it.
Perhaps this is a bit like arguing that the BBC shouldn't be wasting the licence money on game shows, digital channels, football matches, the World Service or films, as many people have done during the Corporation's history (without success). But I think it's a bit more like asking for a licence fee discount because you've not got a colour TV. Sure, I could buy Windows XP and get access to iPlayer, but I don't want to.
You can get a TV licence discount if you have a black and white TV, or if you are registered blind.
How about a discount for everyone who is either unable or unwilling to receive the iPlayer service?
Since they have deliberately locked the service away from a percentage of the viewers, it seems only fair to offer a discount to those people. (I wonder how many WinXP users would also decide that a discount was preferable to access to the iPlayer service?)
Because P2P can be disguised as other protocols, the only way to wipe it out completely is to centrally control the applications on every Internet-connected computer. The technology could be implemented incrementally over many years. Widespread use of free software is a good way to fight this, but widespread piracy just helps to motivate the political case for the "trusted Internet"
Installing noscript and flashblock might help, since Javascript and Flash are the two ways in which websites can waste your CPU time. Executing scripts correctly must also involve executing badly written scripts that burn CPU cycles, and the whole "Web 2.0" is full of badly written scripts.
The fact that 25million records were being sent via. post burnt on DVDs should give some idea of the level of technical competency in the public sector.
I worked at a large software corporation a few years ago, and was amazed to discover that master CD images were sent to the duplication plant by courier. To this day, I do not know why. The duplication plant was owned by the same corporation and was connected to their global intranet along with the office I was working at. Sending the files electronically would have been much faster, cost almost nothing, and would also have been extremely secure!
Nothing is as foolish as a bureaucracy.
Perhaps the next thing we will hear is that we all have to register immediately on the national ID register, in order to avoid being defrauded!
The self-modifying code parts have already been described by Hal Porter, but he didn't explain how the algorithm actually works.
Registers: ebp holds a fixed point integer which represents a position within the column. 25 bits hold the fractional part. For each pixel, esi holds the memory offset of the column texture. eax and ebx hold the memory offset of the colour translation table, which is used for lighting effects. This address has to be aligned to a 256 byte boundary for reasons that will become clear. Finally, edi holds the current video memory address.
Algorithm: For even-numbered pixels, ebp is copied to ecx and shifted right by 25 bits to obtain the texture pixel (comment says: "finish calculation"). ebp is then incremented by a fractional value that represents the ratio between screen pixels and texture pixels (that's the value inserted using self-modifying code). Then, ecx+esi is computed and dereferenced ("movb al, [esi+ecx]"). The result is stored in al - the low 8 bits of the eax register. Then, dereferencing eax gives the value of the pixel to be written to the screen. Lastly, edi is incremented to the next row.
The same process is almost simultaneously applied to odd-numbered pixels, which use ebx, edx and bl instead.
There are at least five clever things here. There's the self-modifying code. There's the use of eax/al to avoid an addition. There's the interleaving of two loop iterations - manual modulo scheduling. There's only one branch, so the code pipelines really well, even if the branch predictor is very primitive. And finally, there's an interpolation algorithm that doesn't use any slow multiplications or divisions. (It's not really like Bresenham's line drawing algorithm.. I was mistaken about that. If it was like Bresenham's algorithm, it would not fetch the same pixel from the texture memory twice. But it would also have to include branches on a non-predicated architecture like x86, and that would make it slower.)
You can see more stuff like this in README.asm, included with linuxdoom-1.10, the GPL'ed Doom source release.
Be sure to seal the wormhole after yourself, so that the Nazis can't sneak a copy of AES through it.
The loop is drawing columns (vertical slivers of wall). It needs to interpolate between two things: the input wall texture, and the output part of the screen. Carmack uses something like Bresenham's line drawing algorithm to do this, but because the 386 has such a limited register set, he stores the fractional increment in an immediate attached to the "addl" instruction: and elsewhere...
I think you're right, and when a cheaper solution exists, it doesn't make sense to overcomplicate things.
In the end, to be effective, this type of approach would need to be complex enough to defeat (or stay ahead of) automatic analysis, but also simple enough to actually work. Very tricky.
2) make the game code so different between each dump that it wouldn't be easily reverse-engineerable (difficult as well).
Basically, that's the idea. The results of reverse engineering become worthless as soon as the client disconnects from the server, because the game code will be different on the next connection. Blizzard seem to be using this with Warden now... my suggestion is that perhaps this technology should not be used for spying on the other programs, but rather for hiding what the game is doing, so that bot detection and anti-cheat code can be incorporated into the game itself.
Perhaps this wouldn't be easy, and perhaps it would be much cheaper to use something like Warden, but I think it would work.
In wow (and fps games in general) player movement is not predictable, at any point a player can stop and turn with no inertia (so it's not like, say, a space sim game where you can do dead reckoning at even fairly high latencies and make things look decent) and if you've seen any wow pvp you know it consists of a lot of jumping around and running through each other to try to get behind the other player. Also several abilities need to be used with very tight timings, there is the gcd to take care of etc. etc. etc.
.NET or Java and designed to run within a sandbox.
Indeed, this is the problem that means the client has to be trusted to some extent.
A few years ago I had an idea for a cheat prevention system that would allow the client to be trusted without forcing Warden/VAC/Punkbuster-style spyware on the player. Instead of sending a cheat detection program to each player, why not send part of the game: say, the part that enforces the rules on the client, and communicates with the server? Like Warden, this could be generated randomly for each connection to make reverse engineering difficult (and also obfuscate the network protocol).
Arbitrary code would still be being sent to each player, so bot authors would still probably cry "rootkit". But at least the code wouldn't need to do any spying outside of the game itself. The code could even be written in
I doubt I will ever get the chance to develop my idea, particularly as trusted computing is going to obsolete this type of technology in the next ten years, so it's now in the public domain. Criticise away!
The purpose of Warden is not just to detect cheats but also automated players ("bots").
Bot prevention is an extremely hard problem. Warden gives Blizzard a way to send arbitrary code to the player's computer in order to carry out any "test for a bot" that they like. If the set of available tests were restricted to a defined interface, then bot authors would be able to fake the test results, and according to TFA, this is actually what happened: "previously, roughly 318 permutations of Warden existed per patch". Presumably the bot code would detect which version of Warden was in use, and use the appropriate Warden-faking code for that version.
Now, many more permutations exist, so this type of attack is much more difficult. I find it particularly interesting to point out that Warden doesn't actually have any new capabilities: it has always had the ability to accept arbitrary code from Blizzard, and all that has happened here is that Blizzard have made their "test for a bot" more difficult to fake.
Steam games have "Valve Anti-Cheat" (VAC), which is similar in principle to the Blizzard Warden. Other games use Punkbuster, which uses the same strategy to detect cheats. All of these programs scan your machine's memory and look for the signatures of known cheats. The mechanism used to carry out the scanning and report the results is deliberately obfuscated to make it difficult to reverse engineer the process and send fake results. All three of these programs are spyware. But you agree to the use of each within the EULA of whatever game you are playing.
Warden has always had the ability to be updated with arbitrary code as you play. The observations of this article are nothing new: Blizzard has always been able to access files on your computer, just by sending the appropriate program to Warden. It seems that they have recently been sending more complex programs, generated for each client, so the current generation of programs that spy on Warden no longer work. The arms race continues.
Can you backup Wii games to a memory card or hard drive? The T&C for the shop on my Wii says that games have to be saved in the built-in Flash memory, and are tied to that Wii. (Although I can redownload a game if I delete it.)