Oops, you're right. I must be thinking of something else. Ahh, here it is -- `securom loader'. This thing hides tools like daemon tools from things like SecuROM and Starforce, allowing one to use the game even without cracking it at all.
First of all making a 'cracked exe' is a lot more work than just stripping the copy protection, as the Starforce protection produces heavily modified and obfuscated binaries, this is why you practically don't see backup CD cracks or 'NoCDs' for Starforce protected discs.
I do see them. They just take a little longer to come out than cracks for other protection schemes, and not every game is cracked like this.
In any event, it's an arms war, and it's been going on for over 20 years. So far, I'm not predicting any winner, but the biggest loser so far has been the consumer (and the one who actually pays for the program, and gets it along with copy protection that makes his machine less stable, slower, and may not work on his hardware at all.)
we were quite disturbed to discover that the company that makes Starforce provided a working URL to a list of pirated GalCiv II torrents.
Well, if you actually read the URL, he's saying that `thousands of people are downloading the game from there', not `go here for a copy of the game' (though the end result is the same -- those who aren't smart enough to find torrent searches can just use the given URL, though the purprose of the URL was presumably to prove his point.)
And it is the most effective way to prove his point that I'm aware of, so I'd like to give the Starforce guy the benefit of the doubt (as odious as I find copy protection and DRM and similar things), even though he probably should have considered how his comment would be taken -- piracy of a program that's sold by somebody who is not their customer is NOT ANY OF HIS BUSINESS, even if it does suggest that his software is great or something (it's not, but I digress.) (And really, even if this were a customer of his, posting a link like this is bad form. A screen shot of how many people are involved in the torrent would have proven the point almost as well, and get him a lot less flak.
However, the point that he's trying to make is easily rebuffed by simply posting another link (or many other links) to software that was protected by Starforce and yet people are still downloading it, because the protection has been cracked, either via things like SecuROM or a cracked binary that removes the Starforce checks. Copy protection negatively affects those who paid for the software the most -- the pirates just emulate it, or use cracks to bypass it, so it doesn't really affect them at all.
Clever, but they probably fix over 100x that many bugs per year.
Sure, Microsoft software may have a repuation for being buggy, and it may even be deserved (or it may not -- I'm not getting into that here.) But considering just how many software packages they put out (Microsoft does far more than Windows and Office) even fixing millions of bugs/year wouldn't surprise me. And as for 3,000 bugs, I'm guessing that even one relatively simple Xbox game may have that many bugs created and then fixed in it's development cycle.
Also keep in mind that most bugs are very minor. This error message has a word mispelled? Bug. The documentation doesn't explain how to do something very well? Bug. For every critical bug that you hear about in the news, there's likely to be hundreds or thousands of minor bugs that are getting fixed that you never hear about, many of which are fixed before the product ever goes to market.
Now, perhaps you meant `3000 serious bugs', but the serious ones usually are fixed, but perhaps not as quickly as people would prefer...
You do know that a perfect analogy is, in fact, an identity, right?
Sure, but then it's not an analogy at all, since an analogy is a `similarity in some respects between things that are otherwise dissimilar' -- they have to be `otherwise dissimilar'.
The problem is that home security is very different from computer security, and so most analogies that people attempt to make confuse the issue more than they clarify it. The one made in this thread comparing a priviledge escalation to being locked in the basement was actually pretty good, but comparing it to somebody stealing something from your house was pretty bad. (Though it could be improved with little effort by replacing `stealing anything' with `altering a document locked in your safe.' Still not perfect, but far better.)
mekkab feels that analogies are a must, needed to simplify things. I tend to disagree in general, but do agree that sometimes they're useful, especially when broken down to their simplest level (like talking about a lock/key vs. talking about an entire house.)
The original test was equivalent to saying "I'll let a thief into my house. Let's see if he can steal anything!" Most houses don't have everything bolted down to the floor.
And as a reminder, the test allowed users into the box, and they then had to escalate their priviledges in order to alter the contents of the web site.
Specific problems with the analogy?
The attacker wasn't supposed to `steal' anything. He was supposed to change something that he did not originally have the needed priviledges to do.
He wasn't even a thief, or even a criminal, as he was invited to come in and do this.
The attacker wasn't challenged to alter (or steal) `anything' -- he was challenged to alter a specific thing, something that was believed to be well secured. The analogy could be improved by mentioning `stealing a paper in the locked safe in the house', but even that has many of the same flaws of the original analogy.
Unlike your typical house, properly secured *nix systems DO have everything `bolted down' (yes, it's an analogy, I know.) You should not be able to alter files that you do not own (unless they have permissive permissions, or there's some other mechanism to allow you to alter the file, of course), period.
The security model of a house is basically `crunchy on the outside, chewy on the inside' -- once you get past the outside security, there is no further security on the inside and you can do whatever you want. While many computer systems do have a somwhat similar security philosophy, *nix does allow you to give users shell access to your box and still keep them from doing certain things, and that is what the test was testing.
... and a house isn't even very `crunchy' on the outside. Most houses have windows, and a burgler can get into any house with a window using no special tools in a minute or two -- just break it. The reason that they don't do this more often is that it's likely to be noticed and bring a quick response, either from the police or a homeowner with a shotgun. Adding bars to your windows makes it more difficult to get in, but a few minutes with a socket set would get them removed.
Compare this to a computer, where an attacker may try to get access many *millions* of times (depends on how he's trying to get in) and unless there is some sort of intrusion detection system running, it's unlikely that anyobdy will notice, and even more unlikely that they'll notice quickly enough to do anything about it. He may also be able to attempt to break into thousands of computer systems simultaneously.
Generally breaking into a house (or a safe in the house, if you want to use a further analogy) involves doing damage to the house. Breaking into a computer system usually does no damage -- often it doesn't even leave any clues, beyond some possible log messages.
And then there's the danger to the attacker himself. In order to break into a house, your thief generally has to be physically present at the house, leaving himself open to arrest or getting shot. In contrast, a networked computer is almost always broken into from afar, with the attacker being safe in his house or cyber cafe. If he's extra paranoid, he's even bounced his connection through a few other machines in order to make himself hard to track down.
But yeah, other than that, the analogy holds VERY well. Uh-huh.
If you must make an analogy, don't even use a house. It's a public train station, with no police, and the attacker is challenged to write his name on a piece of paper. But the challenge is that the piece of paper is in a locked viewing cabinet behind bullet proof glass.
... and even this analogy has serious flaws. Here, the attacker has physical access and given enough time could do any number of things
The original test was equivalent to saying "I'll let a thief into my house. Let's see if he can steal anything!" Most houses don't have everything bolted down to the floor.
... and here, class, we have another example of where somebody made an ill-advised attempt at making an analogy of computer security to household security.
The two things are different. Very different. Quit trying to make analogies with them. Some attempts at home security/compute security analogies are better than others (and this one wasn't one of them), but they're almost always flawed in one way or another.
and of these three, I didn't play Sim City much, and didn't exactly play Tetris (Gameboy) because I've played Tetris on other platforms. Wizardry, on the other hand, was the first game I got for my Apple II and I played all the way through it and the first few expansions.
Considering how much I like RPG games, I'd have thought that there would be more overlap. But I guess it boils down to 1) me being in the US, and therefore mostly playing games popular over here, and 2) being a mostly PC gamer rather than a console gamer.
Though I have to wonder if we're talking about the same Wizardry game. The one I'm thinking of came out in 1981, not 1987. The wikipedia article talks about some Japanese console versions of the game, so maybe that's where the confusion comes from.
.....but more american's know the simpsons then they do they 1st ammendment to the US consititution.
Of course that was a really stupid, pointless and misleading study. I'm guessing that most Americans are aware that the Consitution gives them freedom of religion, freedom of speech/the press, freedom to have guns, the `right to remain silent' (from Miranda, but even that's based on the right to not have to incriminate yourself), the right to assemble and the right to a speedy trial. They may not be aware that these rights come from the Bill of Rights or which specific amendment they come from, but most people seem to be aware of having most of these rights, which is what matters. (Though the government certainly does seem to be busy degrading these rights.)
And besides, the idea of `knowing the Simpsons' was apparantly defined as `naming the five main characters' and the idea of `knowing the First Amendment' was defined as `knowing the five rights given there', which is hardly a fair comparison. I'm guessing that even most people who had just passed a college level American Government class would have a hard time accurately enumating the rights given in the First Amendment -- they'd probably be aware of all the rights, but might not be aware of exactly where they were listed.
Sort of. The moon does not create it's own light -- it merely reflect that it receives from the Sun, which apparantly is owned by Rupert. So it's probably just a matter of time before he goes after the Moon for appropriating his light without paying licensing fees.
(Yes, the vast majority of the light emitted by the Sun goes off into deep space and is effectively wasted, but any that is used, the rightful owner would certainly expect to be compensated for, and while he'd rather not litigate if he can avoid it, he certainly will to protect his property!)
(Dyson sphere coming soon! Sort of like DRM, but on a much larger scale.) Of course, even a Dyson sphere eventually has to have the same luminosity as the star inside of it (unless it wants to just get hotter and hotter) but it still represents the best possible means of extracting the full licensing potential of 0wning (with a zero) the Sun, short of unprofitable legal/cosmological issues like black holes.
but lame geeks such as myself and other/. readers have their POSTFIX servers set to deny emails that don't have any TO: or FROM: headers?
It's highly likely that most of the emails he's receiving DO have the To: and From: headers set properly. This comment is probably very close to the true source (if not the true idea of the source) of most of the messages he's been receiving. It could also come from java programs, where if you print an unitialized string it just prints the four characters n, u, l, l, or `null' (which strikes me as a poor way of handling it. Throwing an exception would be a lot smarter. But then again, I don't do much java.)
And really, what does this have to do with POSTFIX? (and why is it capitalized?) Most MTAs have similar options, and they're often (typically?) enabled by default here in 2006 thanks to the spammers, so `lame geeks' and big companies alike can benefit from them, clued or not!
The result was hundreds of tickets being issued to him, for various offenses (parking, speeding, etc.).
Clever. Of course, this could be used to his advantage too -- since there would be a flood of them, any tickets that he himself got would also say NONE, and so he could probably get the entire stack dismissed all at once, both the not-his ones and the really-his ones. (The court system is unlikely to expect him to pay for tickets that weren't issued to him, though they might make him jump through some pretty serious hoops to prove that she shouldn't have to.)
I'm not saying it would be worthwhile, but it's a possiblity...
Re:Three to four years?
on
Golf in Space
·
· Score: 1
Perhaps atmospheric drag is related to surface area.
Of course atmospheric drag is related to surface area. Perhaps I just didn't go into enough detail on the square-cube law...
If you take an object and double it's size in each dimension, it's surface area increases by a factor of four, but it's mass increases by a factor of eight. (Assuming that density remains a constant, of course.) Since atmospheric drag is roughly related to the surface area, this means that the drag will also increase by a factor of four (this is an approximation, but it's pretty good)... but since the mass has increased by a factor of eight, the deacceleration due to drag has slowed by 50%, and this more massive object will last roughly twice as long in orbit, all other factors being equal.
In short, as a rule of thumb, large things in a given orbit tend to last longer than small things, and the ISS is very large, and a golf ball is very small. Of course, the ISS is irregularly shaped, with large solar panels and such, and is probably largely empty (well, filled with air) so it's overall density will be low. On the other hand, the golf ball is relatively aerodynamic and probably very dense (with the radio gear really packed in there) so I guess that makes the difference...
Yes, I believe so. It wouldn't be the exact post, but with the same information.
Since I've probably written it several times in the last few years, I really should just write it once and put it aside and save myself the trouble of writing it up each time:)
The ball is expected to remain in orbit for three to four years.
Um, this doesn't sound right at all. It will be lauched from the ISS, with a speed almost identical to that of the ISS, so it'll basically be in the ISS's orbit (at least at first), just like Suitsat. But Suitsat is expected to burn up in less than six weeks -- and the golf ball is expected to last thirty times as long?
ISS loses about 2 KM of altitude per month if it doesn't use it's engines to gain some altitude (it's in a rather low orbit, so it does go through a tiny bit of our atmosphere, and this does slow it down) and if they ever did fail to gain altitude every few months, this drop would accelerate greatly as it got down more into our atmosphere. As a consequence of the square-cube law, smaller objects will generally drop even faster (because the ratio of surface area/mass increases as you get smaller, and so your deacceleration due to drag increases similarly.) Suitsat is probably a good deal less dense than a golf ball, and irregularly shaped, so it will certainly be much more draggy, and even though it's more massive I'd expect it to stay up for a shorter period of time, but even so... a factor of 30 difference in how long they stay up seems awfully high.
Three to four years sounds like about how long the ISS would stay up without any thrust, but maybe it's longer than that. And a golf ball is pretty good at slipping through the air (that's what the dimples are all about) so maybe it's will stay up so long just because of that.
Or maybe Pavel Vinogradov has one hell of a swinging arm...
Of course, `common sense' isn't really that common, among Mac or Windows users. This.exe/.sit file that somebody mailed me lets me play elf bowling? Give me some of that!
I take exception to this.
Well, of course you do! -- you cut out my next, very relevant sentence :
(Of course, I'm not sure that I'd argue that `don't click on strange things' qualifies as common sense... but it's certainly one of the first things you should learn, whatever your OS.)
i.e. I'm pretty much saying that this is a learned behavior, not common sense... but it's something you need to learn fast, or at least you'll need somebody around to rebuild your computer on a regular basis, or harden it first so that you can't really do anything to it on your own.
When a user downloads some random executable and runs it the OS should warn them it is an executable, but it should also quarantine that program in a VM or similarly restrict it.
Yes, in an ideal world that would be the case. Unfortunately, I know of no commonly used OS or browser that automatically provides this, so for now, people need to not run random executables that they come across. (And yes, I am aware that there are ways to `defang' them (including with programs like mime-defang), and there are various ways to make them look like `safe' items, even to the trained eye or to scanners.)
The situation you're referring to is partially here -- things like java, javascript and flash allow programs to run in a sandbox environment which has limited access to the computer outside the sandbox, and generally you're not asked if these should be executed -- they just are, unless you disable that form of program entirely. But as long as your computer is your computer (and not completely locked down so you can't do anything with it (like with an ATM, or a kiosk or an Xbox (yes, I know these can be hacked too)), there's likely to be some way that you can download an executable program and give it control of your computer. The browser and/or OS may throw up more and more WARNING! signs and barriers and such, but ultimately, there's going to be some way to do it. For example, without some way of doing this, we couldn't download and install Linux, of FreeBSD, or whatever else you want.
User education is important, but it should be a two hour course if users are given the proper tools
Even with the current state of software, two hours of education would be enough for 99% of the things a user would encounter, and is about 110 minutes more than many people seem to have gotten.
I know there used to be "special" CD-Rs for copying music (special only when looking at the price tag, mind you)
No, they weren't special `only when looking at the price tag'. They were special all the time -- just not very special. And at least here in the US, they're still available.
The audio CD-Rs have a bit set somewhere that audio equipment looks at before deciding if they'll record on this media. So if you have cd writer in your stereo, it probably will only work with audio CD-Rs. Of course, the audio CD-Rs cost more, and some equipment can be hacked to not require this bit to be set, or you can swap it with a data CD-R at the right time and things will work, etc.
The cd writer in your computer, on the other hand, has no such restriction, since it's meant to store data. Of course, you can also burn audio onto your data CD-R on your computer, and people do do this.
As for the law changing in Canada, I have no idea. In the US, I know that audio CD-Rs include a tax that goes to the RIAA or the artists or somebody, and data CD-Rs do not. More on the DAT tax here. (It's called the DAT tax because it was originally written for DAT (4mm tapes) and is probably the #1 reason why we don't have consumer DAT audio drives in our stereos now.)
In any event, when I'm at Frys and I see somebody pick up a batch of Audio CD-Rs, I'll often ask them if they're going to burn them on a stereo component or a computer, and 95% of the time, the answer is `computer'. And then I tell them that they don't need the expensive audio CD-Rs -- the data ones will work just as well.
The DAT tax does have one good benefit though. From the article above --
It explicitly makes it legal (or more precisely, non-actionable) for you to copy audio works for your own use ( section 1008). That's right, it is now perfectly legitimate for you to borrow the latest Madonna album from a friend and make yourself a copy, despite the copyright. Pretty neat, huh?
Of course, this page was written pre-DMCA. I've no idea if the law has changed since.
Except that common sense tells me not to apply Microsoft's patches immediately, so 1) and 2) are
mutually exclusive.
For Joe User, the best thing to do is to let Microsoft's patcher install patches when it wants to.
If you're the administrator of a company, testing patches on a sandbox isn't a bad idea before installing them on your critical server (but then again, if you're running Windows on a critical server, you're used to pain already) but if you're not one to explicitly test patches before installing them, you might as well install them as soon as Microsoft's tool wants to install them.
You really don't think Grandma tests her patches first, do you? (of course not. Though really, she has dialup, and the patch set will take 3.4 hours to download, so she just aborts it and they never get installed...)
Though really, common sense tells me not to run critical servers on Windows anyways. I'm guessing that other people have different versions of what constitutes `common sense'.
how does Apple deal with bugs in Mac OS 8 and Mac OS 9?
MacOS 9, I'm guessing they fix it.
MacOS 8, I don't know. My guess is that it's not supported anymore, so it doesn't get fixed.
As for Microsoft, they don't fix bugs in NT 4 and Windows 95 anymore. Windows 98 and ME will have their support dropped in five months, even though there's still *millions* of installed systems out there.
In any event, security is not based on the number of worms and/or viruses out there for a specific platform.
Plus, I know enough from running antivirus software on my Windows PC at work (which I would never DARE go without)
Odd. I'm mostly a *nix guy, but on the machines where I use Windows, both at home at at work, I don't run virus scanners at all (for the reasons you gave) unless forced on me (like on some work machines) and I haven't gotten hit with a virus since 1991.
that anitvirus software means a performance hit and less stability of the operating system.
Well, yes. But in theory the performance hit could be minimized, and the stability of the operating system should not be affected. In practice, this is not yet the case.
I think I'll just stick with common sense and Apple's frequent OS update patches.
Of course, this would be equally effective for Windows users. If Windows users 1) used common sense and 2) applied Microsoft's patches immediately, they would have very few problems as well. I'd also suggest that unless they know better (and most don't) they run whatever firewall Microsoft provides or use a firewall box (like a cable modem router) and that they use something like SpyBot.
Of course, `common sense' isn't really that common, among Mac or Windows users. This.exe/.sit file that somebody mailed me lets me play elf bowling? Give me some of that! (Of course, I'm not sure that I'd argue that `don't click on strange things' qualifies as common sense... but it's certainly one of the first things you should learn, whatever your OS.)
instead of a thumbstick controller on a gamepad, they don't include a thumb-sized trackball
I never found a trackball to be anywhere near as precise as a mouse. But that could just be due to a lack of practice with it. Certainly, trackballs are usually marketed as a replacement for a mouse, and while they're not very popular, some people seem to have good results with them.
Back to mice as a control device... I think back to Freelancer. Now, most space combat games have been best played with a joystick (with a hat if the game let you slide to the side like Descent did (and though you were underground, it still played like a space combat game)), but Freelancer was different. It let you control your spaceship with a mouse in a reasonable way in an arcade-like setting, and it was wonderful -- all because they decided that the weapons were on a controllable turret rather than just pointing straight ahead from your ship (and since your ship is massive, it can't be turned as quickly as your mouse moved.) It just worked...
It's a well-known fact that the Xbox and Xbox 360 excel at first-person shooters. This is no surprise, given the FPS-friendly controller design.
Eh?
I've been playing FPS games on PCs since The Catacomb Abyss came out. And I recently got an Xbox (the original) and have tried it for a while. And let me say that the Xbox does NOT excel at FPS games. It does OK, but it does NOT excel. Having two analog joysticks does work nicely in that it lets you run and shoot in different directions, which worked very nicely in MechAssault (which is a 3rd person shooter, but it's close), but it wasn't perfect.
Basically, the ideal contoller for a FPS is a mouse and keyboard. I'm aware of nothing better at this time, though the keyboard could be replaced with a better keypad of some sort. The mouse lets you zoom right in on a guy's face quickly and fill it full of lead (or plasma, rockets, etc.) To make controllers like the Xbox's work well with a FPS, generally they either add auto-aiming (you get close to a guy, and the target jumps right to him, like in MechAssault) or they slow the game down so quick aiming isn't so important. And head shots? Auto-aiming kind of defeats the purpose...
I haven't played the Xbox 360 so I can't really comment on it, but considering how similar the controller is, I doubt it's much better. On the plus side, the controllers are straight USB (the Xbox 1 also used USB, but with a custom connector) so maybe some games will actually support using a mouse and keyboard. I'm pretty sure the Dreamcast had some games that would support that...
Of course, on the other hand it's hard to play a mouse/keyboard game while siting on your couch....
Closed source is proven to be far more secure in the real world than source that has been picked through by numerous people.
OK, this is flamebait, but what the hell. It annoys me when people claim something is proven, without actually supplying any proof.
To be fair, a thought experiment rarely provides proof of anything. Yes, they're useful for figuring things out and demonstrating things, but they don't prove anything.
As for the `far more secure' claim, there is some truth to it. (Or were you saying that your comment was flamebait rather than the post you were replying to?) If you have a closed source project (and even an open source project may be similar), it probably has lots of bugs -- some you know about, many you don't. The source code may even be riddled with FIX THIS! BIG SECURITY HOLE! type comments. If the source gets out somehow, then people who go over this code may be looking for security holes to use against you and your customers. Which isn't automatically bad, but there's two differences between this model and the traditional open source model -- 1) nobody is supposed to have your source, so anybody who does is pretty much by definition `bad', and 2) bugs found are not likely to be reported back to you, so you can't go and fix them unless you're able to detect and analyze an exploit actually being used.
That said, the loss of your company's source code isn't as big a deal as some might think. Yes, depending on the software, crackers might interested in using it to find holes in your product. However, if your competitors are legitimate companies, they're not going to touch your source with a 10' pole. Even if they could learn all sorts of neat stuff from it, it could also easily lead to corporate ruination -- all it takes is one disgruntled employee to report it to you or the authorities and provide proof. And really, your software may already be out there -- it only takes one employee and a portable hard drive to take it all off site. (Of course, he'll have a hard time selling it for the reasons I gave above...)
That, and just having the source is not everything. Your company probably also provides support and professional services. For large projects, this is really important, and software that doesn't come with support often isn't very useful.
In any event, even if you do give out your source to this customer, a full code audit is not likely to happen. They'll use their automated tools, they'll look at key parts, but it's very unlikely that they'll have the resources or time to do a full audit like the OpenBSD team did when they forked from NetBSD -- instead, they're just looking for low lying fruit, and are likely to find only a small percentage of the bugs. On the other hand, they'll probably report what they find back to you so you can fix it.
But as for the dangers, for starters, make sure your legal team makes a iron-clad NDA for the other company to sign. If your company is too small to have a dedicated legal team, get a lawyer for this. Make sure that only a small group of people will have access to the code, and that it's deleted when it's done, with big penalties if this is not done. Perhaps the audit could be done on your premises, on your hardware, supervised by your employees?
bidi is not everything. If you have a 33k modem connection to a 256-node beowulf cluster, do you claim it's useless?
No, but it will be far less useful than the same cluster with several gigabit or faster connections, which would be far more appropriate for such a cluster.
In any event, your motherboard that has an unused (?) AGP port probably also has PCI ports. Since the only AGP cards that I've ever heard of have been graphics cards, and you need a fast connection to something, I'd suggest just using those PCI slots. If you want to use the AGP slot, you'll have to 1) design and build your card yourself from scratch, and 2) apparantly it'll be severely limited in the data rate back from the card to the computer.
Or to answer the original question, if you're not going to put a graphics card into that AGP slot, it's pretty much useless. Sure, it could be used for *something* if you were willing to design and build an appropriate card, and write drivers and such for it, but if you really need something fast (faster than standard PCI I guess), going PCI-E or 64 bit PCI would make a lot more sense.
There is no call for a complex filesystem just because you want to store large files. ext2 (and to some extent fat32) will do just fine
fat32 cannot handle files over 4 GB in size at all. That alone probably renders it totally unsuitable for this person's needs.
Beyond that, I'd say pretty much anything will work fine -- most of the optimizations found in filesystems are needed for lots of small files, not a few large files. For large files, the speeds they can be accessed by various filesystems are not likely to vary more than a few percent unless you let the files get fragmented (which probably isn't a big concern here.)
And you are right -- if something does go wrong, ext2 or ext3 will probably give you the most options for recovering it. NTFS probably has even more recovery options (and FAT even more, as mentioned), but I'm guessing the OS will be *nix. But really, if your goal is reliability, you don't want some esoteric filesystem that can recover from disk errors (because ultimately, none can, though I guess one could be designed to keep ECC codes on the same disk transparantly -- but I'm aware of no such filesystem existing) -- you want multiple copies of your data. Keeping 5-10% (or more) par2 files for your archive can help a lot in recovering it if your media goes partially bad, and having md5sums or CRC32s of all archived files can help determine if you did recover something accurately, but really there's little subsitute for multiple copies of important data in multiple geographical locations. (And no -- RAID is not a subsitute for backups, no matter how many mirrored drives you have. Not that I saw anybody suggest this yet, but it seems to always come up in response to questions like this, so consider this to be a premptive mention of that.)
Suppose you have a Netflix user who returns every movie he gets from Netflix the very next day -- he's a heavy user. Suppose this user lives in a city where Netflix also has a distribution center, so mail only takes one day back and forth. And suppose that Netflix wants to slow him down and reduce the number of movies he gets, because he's costing them money (being a heavy user.) One possible way to do this, one that's somewhat subtle if not done too often, is to send some of his movies from the center across the country, even though they're also available at the local center. That way, a movie will take 3-4 days to reach him rather than just one day. Each time a movie takes 4 days to reach him rather than one, that's one less movie he can rent that month.
You need to put some more thought into your conspiracies, dude.
You need to read more carefully, dude. I didn't say Netflix did this, only that they've been accused of it. (I personally think that if they have done it (and this is an if), they've not done it very often, at least not to me.)
But whether they've done it or not -- it still makes sense. Netflix does occasionally send movies from across the country -- this is a well known fact, and one that they've always admitted. If you want some obscure movie and Netflix only has two copies of it, it makes perfect sense that they may have to send it from Kalamazoo rather than your local city. But to actually prove that they do this intentionally when they don't have to, that would be tricky -- it would require that 1) they do it often, or 2) you have lots of data from lots of people, both heavy and light users, to analyze, or 3) have access to Netflix's inventory information. And as far as I know, nobody has shown that Netflix has done this, at least not in any very convincing manner.
Slashdot Mirror
In any event, it's an arms war, and it's been going on for over 20 years. So far, I'm not predicting any winner, but the biggest loser so far has been the consumer (and the one who actually pays for the program, and gets it along with copy protection that makes his machine less stable, slower, and may not work on his hardware at all.)
And it is the most effective way to prove his point that I'm aware of, so I'd like to give the Starforce guy the benefit of the doubt (as odious as I find copy protection and DRM and similar things), even though he probably should have considered how his comment would be taken -- piracy of a program that's sold by somebody who is not their customer is NOT ANY OF HIS BUSINESS, even if it does suggest that his software is great or something (it's not, but I digress.) (And really, even if this were a customer of his, posting a link like this is bad form. A screen shot of how many people are involved in the torrent would have proven the point almost as well, and get him a lot less flak.
However, the point that he's trying to make is easily rebuffed by simply posting another link (or many other links) to software that was protected by Starforce and yet people are still downloading it, because the protection has been cracked, either via things like SecuROM or a cracked binary that removes the Starforce checks. Copy protection negatively affects those who paid for the software the most -- the pirates just emulate it, or use cracks to bypass it, so it doesn't really affect them at all.
Sure, Microsoft software may have a repuation for being buggy, and it may even be deserved (or it may not -- I'm not getting into that here.) But considering just how many software packages they put out (Microsoft does far more than Windows and Office) even fixing millions of bugs/year wouldn't surprise me. And as for 3,000 bugs, I'm guessing that even one relatively simple Xbox game may have that many bugs created and then fixed in it's development cycle.
Also keep in mind that most bugs are very minor. This error message has a word mispelled? Bug. The documentation doesn't explain how to do something very well? Bug. For every critical bug that you hear about in the news, there's likely to be hundreds or thousands of minor bugs that are getting fixed that you never hear about, many of which are fixed before the product ever goes to market.
Now, perhaps you meant `3000 serious bugs', but the serious ones usually are fixed, but perhaps not as quickly as people would prefer ...
The problem is that home security is very different from computer security, and so most analogies that people attempt to make confuse the issue more than they clarify it. The one made in this thread comparing a priviledge escalation to being locked in the basement was actually pretty good, but comparing it to somebody stealing something from your house was pretty bad. (Though it could be improved with little effort by replacing `stealing anything' with `altering a document locked in your safe.' Still not perfect, but far better.)
mekkab feels that analogies are a must, needed to simplify things. I tend to disagree in general, but do agree that sometimes they're useful, especially when broken down to their simplest level (like talking about a lock/key vs. talking about an entire house.)
Ok, let's look analogy given :
And as a reminder, the test allowed users into the box, and they then had to escalate their priviledges in order to alter the contents of the web site.
Specific problems with the analogy?
Compare this to a computer, where an attacker may try to get access many *millions* of times (depends on how he's trying to get in) and unless there is some sort of intrusion detection system running, it's unlikely that anyobdy will notice, and even more unlikely that they'll notice quickly enough to do anything about it. He may also be able to attempt to break into thousands of computer systems simultaneously.
But yeah, other than that, the analogy holds VERY well. Uh-huh.
If you must make an analogy, don't even use a house. It's a public train station, with no police, and the attacker is challenged to write his name on a piece of paper. But the challenge is that the piece of paper is in a locked viewing cabinet behind bullet proof glass.
The two things are different. Very different. Quit trying to make analogies with them. Some attempts at home security/compute security analogies are better than others (and this one wasn't one of them), but they're almost always flawed in one way or another.
Considering how much I like RPG games, I'd have thought that there would be more overlap. But I guess it boils down to 1) me being in the US, and therefore mostly playing games popular over here, and 2) being a mostly PC gamer rather than a console gamer.
Though I have to wonder if we're talking about the same Wizardry game. The one I'm thinking of came out in 1981, not 1987. The wikipedia article talks about some Japanese console versions of the game, so maybe that's where the confusion comes from.
And besides, the idea of `knowing the Simpsons' was apparantly defined as `naming the five main characters' and the idea of `knowing the First Amendment' was defined as `knowing the five rights given there', which is hardly a fair comparison. I'm guessing that even most people who had just passed a college level American Government class would have a hard time accurately enumating the rights given in the First Amendment -- they'd probably be aware of all the rights, but might not be aware of exactly where they were listed.
(Yes, the vast majority of the light emitted by the Sun goes off into deep space and is effectively wasted, but any that is used, the rightful owner would certainly expect to be compensated for, and while he'd rather not litigate if he can avoid it, he certainly will to protect his property!)
(Dyson sphere coming soon! Sort of like DRM, but on a much larger scale.) Of course, even a Dyson sphere eventually has to have the same luminosity as the star inside of it (unless it wants to just get hotter and hotter) but it still represents the best possible means of extracting the full licensing potential of 0wning (with a zero) the Sun, short of unprofitable legal/cosmological issues like black holes.
And really, what does this have to do with POSTFIX? (and why is it capitalized?) Most MTAs have similar options, and they're often (typically?) enabled by default here in 2006 thanks to the spammers, so `lame geeks' and big companies alike can benefit from them, clued or not!
I'm not saying it would be worthwhile, but it's a possiblity ...
If you take an object and double it's size in each dimension, it's surface area increases by a factor of four, but it's mass increases by a factor of eight. (Assuming that density remains a constant, of course.) Since atmospheric drag is roughly related to the surface area, this means that the drag will also increase by a factor of four (this is an approximation, but it's pretty good) ... but since the mass has increased by a factor of eight, the deacceleration due to drag has slowed by 50%, and this more massive object will last roughly twice as long in orbit, all other factors being equal.
In short, as a rule of thumb, large things in a given orbit tend to last longer than small things, and the ISS is very large, and a golf ball is very small. Of course, the ISS is irregularly shaped, with large solar panels and such, and is probably largely empty (well, filled with air) so it's overall density will be low. On the other hand, the golf ball is relatively aerodynamic and probably very dense (with the radio gear really packed in there) so I guess that makes the difference ...
Since I've probably written it several times in the last few years, I really should just write it once and put it aside and save myself the trouble of writing it up each time :)
ISS loses about 2 KM of altitude per month if it doesn't use it's engines to gain some altitude (it's in a rather low orbit, so it does go through a tiny bit of our atmosphere, and this does slow it down) and if they ever did fail to gain altitude every few months, this drop would accelerate greatly as it got down more into our atmosphere. As a consequence of the square-cube law, smaller objects will generally drop even faster (because the ratio of surface area/mass increases as you get smaller, and so your deacceleration due to drag increases similarly.) Suitsat is probably a good deal less dense than a golf ball, and irregularly shaped, so it will certainly be much more draggy, and even though it's more massive I'd expect it to stay up for a shorter period of time, but even so ... a factor of 30 difference in how long they stay up seems awfully high.
Three to four years sounds like about how long the ISS would stay up without any thrust, but maybe it's longer than that. And a golf ball is pretty good at slipping through the air (that's what the dimples are all about) so maybe it's will stay up so long just because of that.
Or maybe Pavel Vinogradov has one hell of a swinging arm ...
The situation you're referring to is partially here -- things like java, javascript and flash allow programs to run in a sandbox environment which has limited access to the computer outside the sandbox, and generally you're not asked if these should be executed -- they just are, unless you disable that form of program entirely. But as long as your computer is your computer (and not completely locked down so you can't do anything with it (like with an ATM, or a kiosk or an Xbox (yes, I know these can be hacked too)), there's likely to be some way that you can download an executable program and give it control of your computer. The browser and/or OS may throw up more and more WARNING! signs and barriers and such, but ultimately, there's going to be some way to do it. For example, without some way of doing this, we couldn't download and install Linux, of FreeBSD, or whatever else you want.
Even with the current state of software, two hours of education would be enough for 99% of the things a user would encounter, and is about 110 minutes more than many people seem to have gotten.The audio CD-Rs have a bit set somewhere that audio equipment looks at before deciding if they'll record on this media. So if you have cd writer in your stereo, it probably will only work with audio CD-Rs. Of course, the audio CD-Rs cost more, and some equipment can be hacked to not require this bit to be set, or you can swap it with a data CD-R at the right time and things will work, etc.
The cd writer in your computer, on the other hand, has no such restriction, since it's meant to store data. Of course, you can also burn audio onto your data CD-R on your computer, and people do do this.
As for the law changing in Canada, I have no idea. In the US, I know that audio CD-Rs include a tax that goes to the RIAA or the artists or somebody, and data CD-Rs do not. More on the DAT tax here. (It's called the DAT tax because it was originally written for DAT (4mm tapes) and is probably the #1 reason why we don't have consumer DAT audio drives in our stereos now.)
In any event, when I'm at Frys and I see somebody pick up a batch of Audio CD-Rs, I'll often ask them if they're going to burn them on a stereo component or a computer, and 95% of the time, the answer is `computer'. And then I tell them that they don't need the expensive audio CD-Rs -- the data ones will work just as well.
The DAT tax does have one good benefit though. From the article above --
Of course, this page was written pre-DMCA. I've no idea if the law has changed since.If you're the administrator of a company, testing patches on a sandbox isn't a bad idea before installing them on your critical server (but then again, if you're running Windows on a critical server, you're used to pain already) but if you're not one to explicitly test patches before installing them, you might as well install them as soon as Microsoft's tool wants to install them.
You really don't think Grandma tests her patches first, do you? (of course not. Though really, she has dialup, and the patch set will take 3.4 hours to download, so she just aborts it and they never get installed ...)
Though really, common sense tells me not to run critical servers on Windows anyways. I'm guessing that other people have different versions of what constitutes `common sense'.
MacOS 8, I don't know. My guess is that it's not supported anymore, so it doesn't get fixed.
As for Microsoft, they don't fix bugs in NT 4 and Windows 95 anymore. Windows 98 and ME will have their support dropped in five months, even though there's still *millions* of installed systems out there.
In any event, security is not based on the number of worms and/or viruses out there for a specific platform.
Of course, `common sense' isn't really that common, among Mac or Windows users. This .exe/.sit file that somebody mailed me lets me play elf bowling? Give me some of that! (Of course, I'm not sure that I'd argue that `don't click on strange things' qualifies as common sense ... but it's certainly one of the first things you should learn, whatever your OS.)
Back to mice as a control device ... I think back to Freelancer. Now, most space combat games have been best played with a joystick (with a hat if the game let you slide to the side like Descent did (and though you were underground, it still played like a space combat game)), but Freelancer was different. It let you control your spaceship with a mouse in a reasonable way in an arcade-like setting, and it was wonderful -- all because they decided that the weapons were on a controllable turret rather than just pointing straight ahead from your ship (and since your ship is massive, it can't be turned as quickly as your mouse moved.) It just worked ...
I've been playing FPS games on PCs since The Catacomb Abyss came out. And I recently got an Xbox (the original) and have tried it for a while. And let me say that the Xbox does NOT excel at FPS games. It does OK, but it does NOT excel. Having two analog joysticks does work nicely in that it lets you run and shoot in different directions, which worked very nicely in MechAssault (which is a 3rd person shooter, but it's close), but it wasn't perfect.
Basically, the ideal contoller for a FPS is a mouse and keyboard. I'm aware of nothing better at this time, though the keyboard could be replaced with a better keypad of some sort. The mouse lets you zoom right in on a guy's face quickly and fill it full of lead (or plasma, rockets, etc.) To make controllers like the Xbox's work well with a FPS, generally they either add auto-aiming (you get close to a guy, and the target jumps right to him, like in MechAssault) or they slow the game down so quick aiming isn't so important. And head shots? Auto-aiming kind of defeats the purpose ...
I haven't played the Xbox 360 so I can't really comment on it, but considering how similar the controller is, I doubt it's much better. On the plus side, the controllers are straight USB (the Xbox 1 also used USB, but with a custom connector) so maybe some games will actually support using a mouse and keyboard. I'm pretty sure the Dreamcast had some games that would support that ...
Of course, on the other hand it's hard to play a mouse/keyboard game while siting on your couch. ...
As for the `far more secure' claim, there is some truth to it. (Or were you saying that your comment was flamebait rather than the post you were replying to?) If you have a closed source project (and even an open source project may be similar), it probably has lots of bugs -- some you know about, many you don't. The source code may even be riddled with FIX THIS! BIG SECURITY HOLE! type comments. If the source gets out somehow, then people who go over this code may be looking for security holes to use against you and your customers. Which isn't automatically bad, but there's two differences between this model and the traditional open source model -- 1) nobody is supposed to have your source, so anybody who does is pretty much by definition `bad', and 2) bugs found are not likely to be reported back to you, so you can't go and fix them unless you're able to detect and analyze an exploit actually being used.
That said, the loss of your company's source code isn't as big a deal as some might think. Yes, depending on the software, crackers might interested in using it to find holes in your product. However, if your competitors are legitimate companies, they're not going to touch your source with a 10' pole. Even if they could learn all sorts of neat stuff from it, it could also easily lead to corporate ruination -- all it takes is one disgruntled employee to report it to you or the authorities and provide proof. And really, your software may already be out there -- it only takes one employee and a portable hard drive to take it all off site. (Of course, he'll have a hard time selling it for the reasons I gave above ...)
That, and just having the source is not everything. Your company probably also provides support and professional services. For large projects, this is really important, and software that doesn't come with support often isn't very useful.
In any event, even if you do give out your source to this customer, a full code audit is not likely to happen. They'll use their automated tools, they'll look at key parts, but it's very unlikely that they'll have the resources or time to do a full audit like the OpenBSD team did when they forked from NetBSD -- instead, they're just looking for low lying fruit, and are likely to find only a small percentage of the bugs. On the other hand, they'll probably report what they find back to you so you can fix it.
But as for the dangers, for starters, make sure your legal team makes a iron-clad NDA for the other company to sign. If your company is too small to have a dedicated legal team, get a lawyer for this. Make sure that only a small group of people will have access to the code, and that it's deleted when it's done, with big penalties if this is not done. Perhaps the audit could be done on your premises, on your hardware, supervised by your employees?
In any event, your motherboard that has an unused (?) AGP port probably also has PCI ports. Since the only AGP cards that I've ever heard of have been graphics cards, and you need a fast connection to something, I'd suggest just using those PCI slots. If you want to use the AGP slot, you'll have to 1) design and build your card yourself from scratch, and 2) apparantly it'll be severely limited in the data rate back from the card to the computer.
Or to answer the original question, if you're not going to put a graphics card into that AGP slot, it's pretty much useless. Sure, it could be used for *something* if you were willing to design and build an appropriate card, and write drivers and such for it, but if you really need something fast (faster than standard PCI I guess), going PCI-E or 64 bit PCI would make a lot more sense.
Beyond that, I'd say pretty much anything will work fine -- most of the optimizations found in filesystems are needed for lots of small files, not a few large files. For large files, the speeds they can be accessed by various filesystems are not likely to vary more than a few percent unless you let the files get fragmented (which probably isn't a big concern here.)
And you are right -- if something does go wrong, ext2 or ext3 will probably give you the most options for recovering it. NTFS probably has even more recovery options (and FAT even more, as mentioned), but I'm guessing the OS will be *nix. But really, if your goal is reliability, you don't want some esoteric filesystem that can recover from disk errors (because ultimately, none can, though I guess one could be designed to keep ECC codes on the same disk transparantly -- but I'm aware of no such filesystem existing) -- you want multiple copies of your data. Keeping 5-10% (or more) par2 files for your archive can help a lot in recovering it if your media goes partially bad, and having md5sums or CRC32s of all archived files can help determine if you did recover something accurately, but really there's little subsitute for multiple copies of important data in multiple geographical locations. (And no -- RAID is not a subsitute for backups, no matter how many mirrored drives you have. Not that I saw anybody suggest this yet, but it seems to always come up in response to questions like this, so consider this to be a premptive mention of that.)
Suppose you have a Netflix user who returns every movie he gets from Netflix the very next day -- he's a heavy user. Suppose this user lives in a city where Netflix also has a distribution center, so mail only takes one day back and forth. And suppose that Netflix wants to slow him down and reduce the number of movies he gets, because he's costing them money (being a heavy user.) One possible way to do this, one that's somewhat subtle if not done too often, is to send some of his movies from the center across the country, even though they're also available at the local center. That way, a movie will take 3-4 days to reach him rather than just one day. Each time a movie takes 4 days to reach him rather than one, that's one less movie he can rent that month.
You need to read more carefully, dude. I didn't say Netflix did this, only that they've been accused of it. (I personally think that if they have done it (and this is an if), they've not done it very often, at least not to me.)But whether they've done it or not -- it still makes sense. Netflix does occasionally send movies from across the country -- this is a well known fact, and one that they've always admitted. If you want some obscure movie and Netflix only has two copies of it, it makes perfect sense that they may have to send it from Kalamazoo rather than your local city. But to actually prove that they do this intentionally when they don't have to, that would be tricky -- it would require that 1) they do it often, or 2) you have lots of data from lots of people, both heavy and light users, to analyze, or 3) have access to Netflix's inventory information. And as far as I know, nobody has shown that Netflix has done this, at least not in any very convincing manner.