And why would signing the code make it more secure?
You can know that it is an official binary and hasn't been tampered with. However, I can accomplish this without paying Verisign money using a standard fingerprint.
When you sign it with a Verisign certificate, the trust then moves up the chain. So, the question becomes, do I trust Verisign?
No.
In my opinion, this isn't even a problem. I make sure I download files for sources that I trust, and they make sure that those files remain clean as a matter of site security.
It all boils down to this:
1) Normal users don't care about signed code, as they happily click on "Yes, download this!" without bothering to check anything.
2) Power users can verify the integrity of their code without shelling out big bucks to Verisign.
I'm tired of all this TCO crap. I know that they are just doing it to offset some of the "studies" that Microsoft has funded, but I wish linux groups would focus on something else.
In fact, I wish Microsoft would focus on something else. It's funny, but *cost* isn't something that seems to be a strength of MS. They should focus on their strengths (like consistent interface that everyone knows, massive hardware support, number of applications available, good multimedia support, etc). They have a lot going for them. Why do they always focus on the thing that they don't have going for them!!!!
Why is it that the majority of managers have no clue how to solve the problems they are supposed to be working on. Why is it that a guy with a Marketing Degree is in charge of a team of programmers.
I wonder if it is just me finding lousy companies with no futures to work at, or if this is common.
That may be, but you'll notice Apple doesn't publish the source code to the graphics cards. IBM wouldn't be able to release it either (and you're not allowed to look at the code and then go and write something similar either).
I guess they could make a binary driver for it just like they do on x86 linux now though.
No, I'm pretty sure they don't do it legally. And since doing things illegally can get them in a lot of trouble, I don't think they do.
If they discover something suspicious, they turn it over to the FBI. The FBI is allowed to "spy" on US citizens when they follow the proper procedures.
Really, I wish people would appreciate what these organizations do instead of always bashing them. They keep us safe. Without them, I'm sure many really bad things would happen to us.
Just ask Osama and fanatics if they would like the FBI to butt out of their business and I'm sure they'd respond in the affirmative.
You're overreacting. This is not really that big of an inconvenience considering what they are protecting. It's not like they are tracking you at the grocery store (Walmart does that, not the gov't:).
If you work at a government installation, they are entitled to implement some security measures.
I work at a research foundation (affiliated with a state university) where they make satellites for NASA and have a few military contracts. In order to even qualify for the contracts the foundation has to meet certain security guidelines. After we pass the background check, we're hired, and given Photo ID cards with RFID's embedded in them which gives us access to the building.
The technology is used very responsibly. And I'm willing to let the government secure their assets with technology that is already commercially available and used by private companies.
Please tell us where you are getting your facts. I'm a little skeptical with your figures.
For example, from the Bureau of Labor Statistics, they claim that the unemployment rate is 5.5%. And as for adult workers:
In October, the unemployment rates for the major worker groups--adult men (4.9 percent), adult women (4.8 percent)
5.5% != 50%
Now I know you said full-time employment, but are there really that many part time jobs that adults work? Perhaps it's just different where I live, but usually teenagers work those jobs.
Housing costs have increased 170% in the last two years.
My housing costs have stayed the same for the past 2 years. Again, are these national statistics?
Before the moderators start painting you all noble for sticking up for the low-income wage earner (which I am, don't get me wrong. I make $10 as a Java developer, yay for student slave labor!) post where you get your numbers.
After all, 93.53% of all statistics are made up on the spot:).
After six months of use, the average fragmentation was under 1% for 5 different types of users. I know, I know, this is on a Mac. But I'm sure there are other modern file systems that don't fragment, such as ext3 or reiser. I just haven't looked it up.
I love hibernate! It's great. We also use Struts/Spring/Hibernate for our webapps, and it's been great developing it from scratch with these technologies.
The code is so much cleaner and more organized than the older java code we had.
Valve provides the download. Thus, you are getting the game from the provider, legally. You can back up your downloaded game files onto CD or DVD after you have finished downloading them.
I pre-downloaded the entire HL2 game before it came out. I only had to unlock the game the night it came out. Unlike Halo 2, where I stood in line for 2 hours.
You can see that they have 15 gigabits of bandwidth available to them. This page also has the nice side affect of being able to see if Steam is having difficulties. When it starts to max out it's bandwidth, you can know it's under stress.
Given the fact that Halo 2 is no where near the immersive experience that you get with Half-Life 2, I can forgive the load times. I'm sure the texture, lighting and physics data being loaded is much larger than anything halo 2 loads.
I was annoyed with Halo 2 when the bump mapping turns on and off during the cut scenes. And the ending was STUPID. Screw Microsoft. They took my favorite game company and turned them into a peice of crap.
No. I'd pretty much say it's very improbable. Maybe you could make your own authentication server, and fake that, but the HL and Source engines do hit calculations at the server level when you are playing multiplayer games (prevents some cheating on the client side).
Of course, since the old source is probably still floating around out on the internet somewhere, perhaps someone could use that illegally stolen source code to create a server without the authentication.
For those of you who don't know, anyone can host a game server. The multiplayer component of HL2 is Counterstrike:Source. Go and download the steam client, create a new user, and click on the "Play Games" button. You'll see at the bottom the option to download and install the dedicated server. This downloads the server and maps for online play. Fire this up, it contacts the steam authentication and listing servers, and you're all set to go. People start joining your server.
You host the game. Not Valve. Valve just has a nice way of keeping everything legitimate and giving you the ability to find games. They also lock people out that have abused the system (by cheating), which is nice, since who wants to play a game with cheaters.
As for your last comment: Yet. Most of us have a tale to tell about losing an important element of a game, like the ID#
This is the best thing yet about Steam. There is nothing to lose. The key is electronic, I just type in my username and password, and it lets me play. I can lose all of the disks that came with the full version, and still go and download it again and type in my username and password and it'll let me play.
Never will you lament the fact that you've lost your precious key, or the play CD necessary to get past the onerous CD protection got too scratched up to read.
Although Steam has some warts, it is a "good thing".
Stop posting flamebait. That is an outrageous statement that you made that "every single Bush supporter I know is stupid and/or delusional". I know many intelligent and wise people who voted for Bush.
When you make broad generalizations like that, you don't win any points.
I've never had a problem getting the songs off of my iPod, especially since I use iTunes to organize my music. The music is just stored in a hidden directory on the iPod, so all you have to do is copy that directory, and then tell iTunes (or any other good jukebox) to import a directory. Tada! Music transferred. It's not like Apple made it really difficult to remove it.
Well, on the flipside, I have an AMD 3000 and an MSI nForce 2 Ultra board and I haven't had a single problem that you mentioned. It works wonderfully in Windows and Linux (Linux finally got support for the on-board ethernet a little while ago with the forcedeth driver).
I've only tested it on a few linux distros though (RH9, FC1, FC2, Suse 8.2, 9.1, Ubuntu 4.10). The ethernet didn't work with 8.2 or RH9.
I have never experienced the sound problems you refer to. In fact, I think it sounds better than my roommate's expensive soundblaster card.
Weird, why would/. hide from the w3 validator? Except that their site doesn't conform.
But I went and validated it, and it really isn't that bad. It guesses that the document is HTML 3.2, but it has elements from 4 in it, so I revalidated it as 4.01 Transitional, and it had only 45 errors.
And it turned out that those errors were mainly because of the javascript used to generate the page (it threw out 20 errors because of a url that it was parsing, and shouldn't have been).
Overall, not bad, and it would probably only take them a day to clean it up. I wonder why they haven't yet.
I agree. I dislike the way valve provides absolutely no information about their game, everything is just a large rumormill. Have you ever gone to their website? There is absolutely no information about HL2 there.
So that is really what happened, they let all of the forums spread gossip about what is going to happen until we all have expectations that are blown out of proportion.
Slashdot Mirror
That's a great idea.
In fact, we could offer a way of only allowing the developers to verify the checksums to increase the trust rating on a file.
I'll think about a design and write something up. A standalone app and a firefox plugin that could verify downloads would be way sweet.
I'll put something up about the project. Contact me if you're interested in helping.
Hah, that's great! I wonder how many sites had to link that in order for the number one to be associated with that.
And why would signing the code make it more
secure?
You can know that it is an official binary and
hasn't been tampered with. However, I can
accomplish this without paying Verisign money
using a standard fingerprint.
When you sign it with a Verisign certificate, the
trust then moves up the chain. So, the question
becomes, do I trust Verisign?
No.
In my opinion, this isn't even a problem. I make
sure I download files for sources that I trust,
and they make sure that those files remain clean
as a matter of site security.
It all boils down to this:
1) Normal users don't care about signed code, as
they happily click on "Yes, download this!"
without bothering to check anything.
2) Power users can verify the integrity of their
code without shelling out big bucks to Verisign.
I'm tired of all this TCO crap. I know that they are just doing it to offset some of the "studies" that Microsoft has funded, but I wish linux groups would focus on something else.
In fact, I wish Microsoft would focus on something else. It's funny, but *cost* isn't something that seems to be a strength of MS. They should focus on their strengths (like consistent interface that everyone knows, massive hardware support, number of applications available, good multimedia support, etc). They have a lot going for them. Why do they always focus on the thing that they don't have going for them!!!!
--End rant.
How true! Funny and true :)
Why is it that the majority of managers have no clue how to solve the problems they are supposed to be working on. Why is it that a guy with a Marketing Degree is in charge of a team of programmers.
I wonder if it is just me finding lousy companies with no futures to work at, or if this is common.
IBM also makes the chipset for the PPC processor, so I don't see why they wouldn't also design the motherboard.
I hope you aren't serious. And if you are, go and read Groklaw a little bit. It's an eye opener.
IBM didn't steal any code from SysV, they paid AT&T a lot of money to have a perpetual license.
And, the code that is in question, IBM wrote. Just because SCO has a messed up idea what a "derivative" work is, doesn't mean that they are right.
That may be, but you'll notice Apple doesn't publish the source code to the graphics cards. IBM wouldn't be able to release it either (and you're not allowed to look at the code and then go and write something similar either).
I guess they could make a binary driver for it just like they do on x86 linux now though.
No, I'm pretty sure they don't do it legally. And since doing things illegally can get them in a lot of trouble, I don't think they do.
If they discover something suspicious, they turn it over to the FBI. The FBI is allowed to "spy" on US citizens when they follow the proper procedures.
Really, I wish people would appreciate what these organizations do instead of always bashing them. They keep us safe. Without them, I'm sure many really bad things would happen to us.
Just ask Osama and fanatics if they would like the FBI to butt out of their business and I'm sure they'd respond in the affirmative.
You're overreacting. This is not really that big of an inconvenience considering what they are protecting. It's not like they are tracking you at the grocery store (Walmart does that, not the gov't :).
If you work at a government installation, they are entitled to implement some security measures.
I work at a research foundation (affiliated with a state university) where they make satellites for NASA and have a few military contracts. In order to even qualify for the contracts the foundation has to meet certain security guidelines. After we pass the background check, we're hired, and given Photo ID cards with RFID's embedded in them which gives us access to the building.
The technology is used very responsibly. And I'm willing to let the government secure their assets with technology that is already commercially available and used by private companies.
We don't even need the government to fund this. I mean, Google is already planning a moonbase. I'm sure they could put up the prize money for this. ;)
I'm not living in my parents basement, nor have I for the past 4 years thank you.
True I live in an apartment and not in a house, but my housing has still not gone up.
For example, from the Bureau of Labor Statistics, they claim that the unemployment rate is 5.5%. And as for adult workers:
5.5% != 50%
Now I know you said full-time employment, but are there really that many part time jobs that adults work? Perhaps it's just different where I live, but usually teenagers work those jobs.
Housing costs have increased 170% in the last two years.
My housing costs have stayed the same for the past 2 years. Again, are these national statistics?
Before the moderators start painting you all noble for sticking up for the low-income wage earner (which I am, don't get me wrong. I make $10 as a Java developer, yay for student slave labor!) post where you get your numbers.
After all, 93.53% of all statistics are made up on the spot
You should take a look at HFS+ Fragmentation.
After six months of use, the average fragmentation was under 1% for 5 different types of users. I know, I know, this is on a Mac. But I'm sure there are other modern file systems that don't fragment, such as ext3 or reiser. I just haven't looked it up.
Apple registered the names of some other large cats including Lynx, Cougar, and Leopard.
I love hibernate! It's great. We also use Struts/Spring/Hibernate for our webapps, and it's been great developing it from scratch with these technologies.
The code is so much cleaner and more organized than the older java code we had.
Valve provides the download. Thus, you are getting the game from the provider, legally. You can back up your downloaded game files onto CD or DVD after you have finished downloading them.
I pre-downloaded the entire HL2 game before it came out. I only had to unlock the game the night it came out. Unlike Halo 2, where I stood in line for 2 hours.
If you go and check out:
The Steam status page
You can see that they have 15 gigabits of bandwidth available to them. This page also has the nice side affect of being able to see if Steam is having difficulties. When it starts to max out it's bandwidth, you can know it's under stress.
Given the fact that Halo 2 is no where near the immersive experience that you get with Half-Life 2, I can forgive the load times. I'm sure the texture, lighting and physics data being loaded is much larger than anything halo 2 loads.
I was annoyed with Halo 2 when the bump mapping turns on and off during the cut scenes. And the ending was STUPID. Screw Microsoft. They took my favorite game company and turned them into a peice of crap.
No. I'd pretty much say it's very improbable. Maybe you could make your own authentication server, and fake that, but the HL and Source engines do hit calculations at the server level when you are playing multiplayer games (prevents some cheating on the client side).
Of course, since the old source is probably still floating around out on the internet somewhere, perhaps someone could use that illegally stolen source code to create a server without the authentication.
For those of you who don't know, anyone can host a game server. The multiplayer component of HL2 is Counterstrike:Source. Go and download the steam client, create a new user, and click on the "Play Games" button. You'll see at the bottom the option to download and install the dedicated server. This downloads the server and maps for online play. Fire this up, it contacts the steam authentication and listing servers, and you're all set to go. People start joining your server.
You host the game. Not Valve. Valve just has a nice way of keeping everything legitimate and giving you the ability to find games. They also lock people out that have abused the system (by cheating), which is nice, since who wants to play a game with cheaters.
As for your last comment: Yet. Most of us have a tale to tell about losing an important element of a game, like the ID#
This is the best thing yet about Steam. There is nothing to lose. The key is electronic, I just type in my username and password, and it lets me play. I can lose all of the disks that came with the full version, and still go and download it again and type in my username and password and it'll let me play.
Never will you lament the fact that you've lost your precious key, or the play CD necessary to get past the onerous CD protection got too scratched up to read.
Although Steam has some warts, it is a "good thing".
Stop posting flamebait. That is an outrageous statement that you made that "every single Bush supporter I know is stupid and/or delusional". I know many intelligent and wise people who voted for Bush.
When you make broad generalizations like that, you don't win any points.
I've never had a problem getting the songs off of my iPod, especially since I use iTunes to organize my music. The music is just stored in a hidden directory on the iPod, so all you have to do is copy that directory, and then tell iTunes (or any other good jukebox) to import a directory. Tada! Music transferred. It's not like Apple made it really difficult to remove it.
Well, on the flipside, I have an AMD 3000 and an MSI nForce 2 Ultra board and I haven't had a single problem that you mentioned. It works wonderfully in Windows and Linux (Linux finally got support for the on-board ethernet a little while ago with the forcedeth driver).
I've only tested it on a few linux distros though (RH9, FC1, FC2, Suse 8.2, 9.1, Ubuntu 4.10). The ethernet didn't work with 8.2 or RH9.
I have never experienced the sound problems you refer to. In fact, I think it sounds better than my roommate's expensive soundblaster card.
Weird, why would /. hide from the w3 validator? Except that their site doesn't conform.
But I went and validated it, and it really isn't that bad. It guesses that the document is HTML 3.2, but it has elements from 4 in it, so I revalidated it as 4.01 Transitional, and it had only 45 errors.
And it turned out that those errors were mainly because of the javascript used to generate the page (it threw out 20 errors because of a url that it was parsing, and shouldn't have been).
Overall, not bad, and it would probably only take them a day to clean it up. I wonder why they haven't yet.
I agree. I dislike the way valve provides absolutely no information about their game, everything is just a large rumormill. Have you ever gone to their website? There is absolutely no information about HL2 there.
So that is really what happened, they let all of the forums spread gossip about what is going to happen until we all have expectations that are blown out of proportion.
installed a system-level DLL which that program can be using to look into forbidden files
Oh, I see what you mean. My mistake. That may be the case. I guess I could try by creating a severely limited account and seeing if it will install.