Press releases make me giggle uncontrollably
on
DOOM III This Summer
·
· Score: 1
"This summer we're sending game fans on a first-class trip to Mars -- with a layover in Hell," said Todd Hollenshead, CEO, id Software.
Tee hee hee hee hee hee hee hee!
Honestly, I don't see how anyone could say that with a straight face. That quote makes it sound like id is producing a parody of survival horror or something. (Which would admittedly be pretty cool, if that was what they were up to.)
I bet it's a new console! I bet it's a handheld with three screens! And they're all holographic! (Sega has been sitting on the technology for years!) And it's backwards compatible with the Dreamcast and the Sega CD and the XBOX!
Here's another one: They're releasing an online version of Segagaga, and basing all of their business decisions off of the actions of the best players.
Actually, you were. Woz's BASIC was known as "Integer BASIC" and wasn't all that widely used once Microsoft's Applesoft BASIC (now with floating point!) came along.
Microsoft got its start writing BASIC interpreters. Bill Gates created one for the Altair, which he charged for, and which was widely pirated. Setting the tone for the rest of his career, he lashed out with a scathing open letter to computer hobbyists, saying that quality software couldn't possibly be created without sinking a significant amount of money into it.
And I realize after the fact that I didn't really talk about your post at all, so I will quickly remedy this:
What is the problem here? The problem here is that the application thinks indentation is one thing and the user thinks it is another. The application thinks spaces, tabs, and explicitly aligned text are different. The user thinks it lines up, therefore it works.
The solution? Certainly not to disable indentation! You *do* need to worry about people aligning things with spaces; this is easy for a human to do, and difficult for a computer. Allow the user a sane mental model.
(Pet peeve: Editors which differentiate between tabs and spaces. FUCK THAT. Pick one spacing representation to present to the user.)
Okay, so let's solve this fucker. We have two seperate things: Spatially aligned text, and spaces. The user sees: spaces. If we want to seperate these things in the user's mind, how about some sort of visual indicator? How about this: if the user has carefully aligned two lines in a row with spaces, decide that they might want the whole paragraph aligned?
Better yet, how about a word processor which is aware of the semantics of paragraphs, and allows you to mess with them? Right-click somewhere in the paragraph, click "Indent", and poof! Like fucking magic! It's really not that hard to determine where paragraphs are. Drag them around, toss them into columns, whatever. Bundle the thing with popular STANDARD formatting layouts for essays and screenplays and shit. If you can follow the Chicago Manual of Style without breaking a sweat in a word processor, then fuck yes, bring that shit on.
See, that's a _task_. Spacing is a _feature_. What I really want is something where I don't care about formatting until I do. And once I do, it should be dead simple to change. Seperate the content from the form.
No, no, no, no, no. No. Do *not* restrict the user. There is nothing more frustrating to Aunt Joe User than a computer saying they can't do something.
Here:
GOOD UI DESIGN IS TASK BASED, NOT FEATURE BASED.
There! That's the whole secret! All that cool functionality you've written in software DOES NOT LINE UP ONE-TO-ONE WITH YOUR INTERFACE. There may be awesome, supremely powerful, thoroughly cool things you can do with your back-end. If they don't line up with what the user actually wants to do with your program, TOO BAD. Bury it in a menu someplace if you really need to scratch that itch. To cure cancer in your text editor, go to the Tools menu, click Options->Advanced, bring up the Diseases pane, then check the "Cure Cancer" box. Don't put it with all the important window managing shit. If curing cancer is so awesome, it should be in its own damned tool. Your user is there to edit text, not play fucking towers of hanoi.
There's this delicate balance, see, this eternal compromise, between power and usability. You want a powerful search tool? Geeks say, "Use regular expressions!" Users say, "I just want this to work." Enlightened developers say, "This is a hard problem."
Christ, use a Mac sometime. Notice how few options are given in preference windows, and yet how useful they all are. This is because they don't correspond to features. Notice how iTunes has a glowing "Burn CD" button in a prominent position.
Make your program do things that help the user solve the problem they want to solve. Make it do them all easily, in a straightforward and non-constraining manner. Then get someone to shoot you when you're done.
Holy shit, that was the most patronizing interview I've ever read in my life. It's like the interviewer thought he was talking to an eight-year-old. You can just see him reaching over and mussing the poor guy's hair. Do journalists really call pro baseball players "slugger" and "champ" to their faces?
If this is a shining example of the media holding up gaming as a reasonable and normal pastime...
I mean, "fiddling with joysticks." God. You don't see interviews like, "I hear you like to play poker with your friends. How long have you been 'shuffling' 'decks of cards', slugger?" Or, "We figure a tough guy like you always picks the thimble when he plays Monopoly, eh, champ?"
Linux as an RTOS? Yes.
Most commercial RTOSes? No.
In any system that does more than one task, you are likely going to want a more important task to pre-empt a less important one. And for that, you need a pre-emptive scheduler. You also need communication between tasks. And that's it. Many RTOSes barely go beyond this. If they do, it's simply by providing reference drivers, example bootstrapping code, support for various boards, etc.
Linux as an RTOS? I've been investigating this for my thesis; it's not bad, so long as you don't use the Linux end of things. Basically, RTLinux and RTAI are their own RTOSes that happen to run the Linux kernel as a low-priority, pre-emptible task. That way, if you do run apache on your toaster, at least your temperature sensor gets first crack at the CPU. But this means you can't make any Linux calls from hard realtime space.
The appeal? Hardware support. Not even the crazy USB webcam example, but simple things like flash chips. I can either choose my hardware on the basis of what my RTOS vendor supports, or write my own damn drivers at tremendous cost. In the case of Linux, it's got plenty of drivers. Most of them are terrible hack jobs, but they're written and for the most part, they work. Cheap, fast, and good, pick all three.
Of course, hard realtime hardware support in Linux is significantly more lacking. But it's mostly not needed anyway.
Actually, RTLinux is basically its own OS which runs the Linux kernel as a pre-emptible low-priority task, so that non-realtime tasks in the system can take advantage of Linux's rich API.
An RTOS is certainly not only about the scheduler, it's about the entire system acting in an entirely deterministic manner, timewise. The Linux kernel simply does not do this. It's not designed to. It's designed for better performance in the average, desktop user case. A PC user isn't generally going to notice a few extra random milliseconds of latency. A hard realtime system very well might.
I shall now define, for your enlightenment, the Three Stages Of Funny, scientifically determined using state-of-the-art anus-extraction technology.
Stage One: Quoting In-Jokes
Everyone loves a good in-joke. They're hilarious to everyone who has shared the experience which spawned it, and incomprehensible to anyone who hasn't. Making pop-culture references is a particular form of in-joke which takes advantage of the fact that a much larger proportion of people are in on the joke. Unfortunately, this has the negative consequence that, within a large group of people, there are going to be many for whom the in-joke has already died, was never funny in the first place, etc. Eventually, this leads to...
Stage 2: Whining About Overused In-Jokes
Eventually, if you hear "We are the knights who say ni!" enough times, it's just not funny anymore. And you just keep hearing it, perpetuated among people who think it is. Eventually you begin to feel that such people are clearly braindead, to find such tired, overused humour funny. Don't they have the creativity to come up with their own jokes? Eventually, a person in Stage 2 will attempt to turn their bitterness into humour. Look how stupid these people are with their overdone jokes! Check out all this cliched, hackneyed humour, masquerading as originality! How wonderful it is to have an ironic distance from all of that!
Unfortunately, it usually takes far too long for a person in Stage 2 to realize that this subversive, ironic humour that they felt was so unique is still an in-joke; one meant for the people who have experienced an oversaturation of unoriginal humour. And that this joke is just as tired. After reaching enlightenment, such a person will attempt to struggle towards...
Stage 3: Actually Being Funny
This is left as an exercise to the reader. (Oh, drat, Stage 1 humour! Retreat!)
The Nintendo DS will have wireless multiplayer! And instant messaging! And a stylus, and handwriting recognition!
And of course, backwards-compatibility with the Gamecube, with the second screen acting as connected GBA! (Why do you think they made the Gamecube discs so small?)
Also, they are porting the three Zelda games created for the Philips CD-I to the DS, and releasing them exclusively, one-game-per-box, with new systems!
The OS is going to be an open-source BSD variant!
It'll have a built-in hard drive like an iPod, and the games will be distributed from wireless point-of-sale terminals in stores!
It actually has seven screens! Nintendo's just fucking with you!
Anonymous sources from Nintendo tell me that it comes with its own remote-controlled robot with speech recognition! Nintendo feels this provides "unique game design opportunities."
The Nintendo DS will give you the power to fly! Like Superman!
And this problem doesn't exist with non-open source code how?
A hax0r who wants to r3wt your b4wx has got his priorities seriously fucked up if he open-sources his trojan. Who is going to release the source of something which acts maliciously? Eventually someone is going to read that code and figure out what's going on. Then slashdot gets alerted, and the entire open source community starts yelling at them, no matter how obscure the piece of code may be. Who would take that kind of risk?
Solution? Don't run untrusted binaries, or compile untrusted code. Ever. The end.
Allow me to summarize, because apparently no one can be bothered to RTFA, or at least more than the front page of the site.
- The writeup of this article is horribly out of sync from what the page is actually saying. The method advocated is literally an encrypted message, being sent by attempting connections on closed ports. This message contains the IP of the computer which the user wants to allow access to. So no, you can't just sniff and repeat the sequence -- not only may the encrypted message be different every time, but it doesn't have your IP address in it anyway.
- There are all sorts of interesting layers which are suggested to add on top of this. For example -- having ports on which access attempts are ignored. Since the point of encryption is to make things look like noise, add some actual noise as well. Implemented properly (and with some fairly thorough theoretical grounding, one would hope), this is yet another layer of "password" -- knowing where the holes are. Even implemented incorrectly, it would take quite a number of sniffed legitimate connections before a cracker could properly infer where the holes are. A lot more secure than WEP =]
- In a nutshell -- port knocking adds several layers of "password" before you even get down to the services you're already currently trusting. And it is extremely difficult to detect that these even exist.
Here's where I see it falling down -- there's just way too many complicated "passwords" to conceivably remember. You've got your private key for encrypting your knock (the page talked a lot about one-time pads, though never gave any indication of how you would securely obtain such a thing remotely), you've got the allowable port ranges (was it 618-724,864-885,915-1012 or 619-724,864-885,915-1012? -- more "guessable" port ranges are more cryptographically vulnerable!) -- it's not like you're going to be able to use this to log in and check your email from an internet cafe. At best, you've got all this stuff in an encrypted, inaccessible file on your laptop. And if someone sets you up the bomb on that front -- keystroke/memory logger, whatever -- the whole thing is just as buggered as if you were telnetting in.
So, in summation: This idea does, in fact, add another layer of fairly strong security. It even has the potential to add a bunch of layers of even stronger security. However, on a practical level, it may end up being more than one may realistically be able to use in anything but its most basic form. But, on the plus side, its most basic form is likely monumentally difficult to create a buffer-overflow exploit for.
Really, now. My stuff isn't in/home, and it doesn't run X, so it's not UNIX? What are you smoking?
Oh no! It's not exactly Linux! How confusing!
Do you know why the shared library tool wasn't there? Perhaps because MacOS X uses a much more flexible dynamic library format which allows it to work well with Objective-C. Since ObjC is what MacOS X's GUI is built on, it was kind of in their best interests to use a shared library format that wasn't outright hostile to OO. Chances are, the "proprietary Apple utility" was something from Mach that's entirely open source.
I like this: "Someone, someday, *will* invest the time to figure out the environment." Like no one actually knows how OS X works! Christ, it's only been out for nearly 3 years!
So, what you are saying is this:
1. I don't understand how this crazy MacOS X stuff works.
2. Therefore, the only security it could have is from people not understanding how it works.
Ignoring the fact that my grandmother could figure out how to encrypt her home directory under MacOS X. And automatic software updates containing security patches are unobtrusive and painless.
Is there an element of "Not many people will break into Macs because there aren't all that many Macs"? Sure. But it's not like a base install of MacOS X has a telnet daemon running or anything. "Security by not allowing remote access by default" is actually not a bad start.
Of course it's more noticible. The game listens to input twice as much, so it's that much more responsive. It's not your eye that's noticing, it's your fingers.
Slashdot Mirror
Yeah, 1.5gb is hardly enough for anybody...
Honestly, I don't see how anyone could say that with a straight face. That quote makes it sound like id is producing a parody of survival horror or something. (Which would admittedly be pretty cool, if that was what they were up to.)
Here's another one: They're releasing an online version of Segagaga, and basing all of their business decisions off of the actions of the best players.
Microsoft got its start writing BASIC interpreters. Bill Gates created one for the Altair, which he charged for, and which was widely pirated. Setting the tone for the rest of his career, he lashed out with a scathing open letter to computer hobbyists, saying that quality software couldn't possibly be created without sinking a significant amount of money into it.
Deja vu, eh? Helps to know your history.
What is the problem here? The problem here is that the application thinks indentation is one thing and the user thinks it is another. The application thinks spaces, tabs, and explicitly aligned text are different. The user thinks it lines up, therefore it works.
The solution? Certainly not to disable indentation! You *do* need to worry about people aligning things with spaces; this is easy for a human to do, and difficult for a computer. Allow the user a sane mental model.
(Pet peeve: Editors which differentiate between tabs and spaces. FUCK THAT. Pick one spacing representation to present to the user.)
Okay, so let's solve this fucker. We have two seperate things: Spatially aligned text, and spaces. The user sees: spaces. If we want to seperate these things in the user's mind, how about some sort of visual indicator? How about this: if the user has carefully aligned two lines in a row with spaces, decide that they might want the whole paragraph aligned?
Better yet, how about a word processor which is aware of the semantics of paragraphs, and allows you to mess with them? Right-click somewhere in the paragraph, click "Indent", and poof! Like fucking magic! It's really not that hard to determine where paragraphs are. Drag them around, toss them into columns, whatever. Bundle the thing with popular STANDARD formatting layouts for essays and screenplays and shit. If you can follow the Chicago Manual of Style without breaking a sweat in a word processor, then fuck yes, bring that shit on.
See, that's a _task_. Spacing is a _feature_. What I really want is something where I don't care about formatting until I do. And once I do, it should be dead simple to change. Seperate the content from the form.
There, how's that sound?
Here: GOOD UI DESIGN IS TASK BASED, NOT FEATURE BASED.
There! That's the whole secret! All that cool functionality you've written in software DOES NOT LINE UP ONE-TO-ONE WITH YOUR INTERFACE. There may be awesome, supremely powerful, thoroughly cool things you can do with your back-end. If they don't line up with what the user actually wants to do with your program, TOO BAD. Bury it in a menu someplace if you really need to scratch that itch. To cure cancer in your text editor, go to the Tools menu, click Options->Advanced, bring up the Diseases pane, then check the "Cure Cancer" box. Don't put it with all the important window managing shit. If curing cancer is so awesome, it should be in its own damned tool. Your user is there to edit text, not play fucking towers of hanoi.
There's this delicate balance, see, this eternal compromise, between power and usability. You want a powerful search tool? Geeks say, "Use regular expressions!" Users say, "I just want this to work." Enlightened developers say, "This is a hard problem."
Christ, use a Mac sometime. Notice how few options are given in preference windows, and yet how useful they all are. This is because they don't correspond to features. Notice how iTunes has a glowing "Burn CD" button in a prominent position.
Make your program do things that help the user solve the problem they want to solve. Make it do them all easily, in a straightforward and non-constraining manner. Then get someone to shoot you when you're done.
Sound difficult? It is!
Just like the N-Gage!
If this is a shining example of the media holding up gaming as a reasonable and normal pastime...
I mean, "fiddling with joysticks." God. You don't see interviews like, "I hear you like to play poker with your friends. How long have you been 'shuffling' 'decks of cards', slugger?" Or, "We figure a tough guy like you always picks the thimble when he plays Monopoly, eh, champ?"
Linux as an RTOS? Yes.
Most commercial RTOSes? No.
In any system that does more than one task, you are likely going to want a more important task to pre-empt a less important one. And for that, you need a pre-emptive scheduler. You also need communication between tasks. And that's it. Many RTOSes barely go beyond this. If they do, it's simply by providing reference drivers, example bootstrapping code, support for various boards, etc.
Linux as an RTOS? I've been investigating this for my thesis; it's not bad, so long as you don't use the Linux end of things. Basically, RTLinux and RTAI are their own RTOSes that happen to run the Linux kernel as a low-priority, pre-emptible task. That way, if you do run apache on your toaster, at least your temperature sensor gets first crack at the CPU. But this means you can't make any Linux calls from hard realtime space.
The appeal? Hardware support. Not even the crazy USB webcam example, but simple things like flash chips. I can either choose my hardware on the basis of what my RTOS vendor supports, or write my own damn drivers at tremendous cost. In the case of Linux, it's got plenty of drivers. Most of them are terrible hack jobs, but they're written and for the most part, they work. Cheap, fast, and good, pick all three.
Of course, hard realtime hardware support in Linux is significantly more lacking. But it's mostly not needed anyway.
An RTOS is certainly not only about the scheduler, it's about the entire system acting in an entirely deterministic manner, timewise. The Linux kernel simply does not do this. It's not designed to. It's designed for better performance in the average, desktop user case. A PC user isn't generally going to notice a few extra random milliseconds of latency. A hard realtime system very well might.
Stage One: Quoting In-Jokes
Everyone loves a good in-joke. They're hilarious to everyone who has shared the experience which spawned it, and incomprehensible to anyone who hasn't. Making pop-culture references is a particular form of in-joke which takes advantage of the fact that a much larger proportion of people are in on the joke. Unfortunately, this has the negative consequence that, within a large group of people, there are going to be many for whom the in-joke has already died, was never funny in the first place, etc. Eventually, this leads to...
Stage 2: Whining About Overused In-Jokes
Eventually, if you hear "We are the knights who say ni!" enough times, it's just not funny anymore. And you just keep hearing it, perpetuated among people who think it is. Eventually you begin to feel that such people are clearly braindead, to find such tired, overused humour funny. Don't they have the creativity to come up with their own jokes? Eventually, a person in Stage 2 will attempt to turn their bitterness into humour. Look how stupid these people are with their overdone jokes! Check out all this cliched, hackneyed humour, masquerading as originality! How wonderful it is to have an ironic distance from all of that!
Unfortunately, it usually takes far too long for a person in Stage 2 to realize that this subversive, ironic humour that they felt was so unique is still an in-joke; one meant for the people who have experienced an oversaturation of unoriginal humour. And that this joke is just as tired. After reaching enlightenment, such a person will attempt to struggle towards...
Stage 3: Actually Being Funny
This is left as an exercise to the reader. (Oh, drat, Stage 1 humour! Retreat!)
The Nintendo DS will have wireless multiplayer! And instant messaging! And a stylus, and handwriting recognition!
And of course, backwards-compatibility with the Gamecube, with the second screen acting as connected GBA! (Why do you think they made the Gamecube discs so small?)
Also, they are porting the three Zelda games created for the Philips CD-I to the DS, and releasing them exclusively, one-game-per-box, with new systems!
The OS is going to be an open-source BSD variant!
It'll have a built-in hard drive like an iPod, and the games will be distributed from wireless point-of-sale terminals in stores!
It actually has seven screens! Nintendo's just fucking with you!
Anonymous sources from Nintendo tell me that it comes with its own remote-controlled robot with speech recognition! Nintendo feels this provides "unique game design opportunities."
The Nintendo DS will give you the power to fly! Like Superman!
Imagine a Beowulf cluster of these!
A hax0r who wants to r3wt your b4wx has got his priorities seriously fucked up if he open-sources his trojan. Who is going to release the source of something which acts maliciously? Eventually someone is going to read that code and figure out what's going on. Then slashdot gets alerted, and the entire open source community starts yelling at them, no matter how obscure the piece of code may be. Who would take that kind of risk?
Solution? Don't run untrusted binaries, or compile untrusted code. Ever. The end.
And, as we all know, the only people who should be allowed to have programming jobs are Americans!
- The writeup of this article is horribly out of sync from what the page is actually saying. The method advocated is literally an encrypted message, being sent by attempting connections on closed ports. This message contains the IP of the computer which the user wants to allow access to. So no, you can't just sniff and repeat the sequence -- not only may the encrypted message be different every time, but it doesn't have your IP address in it anyway.
- There are all sorts of interesting layers which are suggested to add on top of this. For example -- having ports on which access attempts are ignored. Since the point of encryption is to make things look like noise, add some actual noise as well. Implemented properly (and with some fairly thorough theoretical grounding, one would hope), this is yet another layer of "password" -- knowing where the holes are. Even implemented incorrectly, it would take quite a number of sniffed legitimate connections before a cracker could properly infer where the holes are. A lot more secure than WEP =]
- In a nutshell -- port knocking adds several layers of "password" before you even get down to the services you're already currently trusting. And it is extremely difficult to detect that these even exist.
Here's where I see it falling down -- there's just way too many complicated "passwords" to conceivably remember. You've got your private key for encrypting your knock (the page talked a lot about one-time pads, though never gave any indication of how you would securely obtain such a thing remotely), you've got the allowable port ranges (was it 618-724,864-885,915-1012 or 619-724,864-885,915-1012? -- more "guessable" port ranges are more cryptographically vulnerable!) -- it's not like you're going to be able to use this to log in and check your email from an internet cafe. At best, you've got all this stuff in an encrypted, inaccessible file on your laptop. And if someone sets you up the bomb on that front -- keystroke/memory logger, whatever -- the whole thing is just as buggered as if you were telnetting in.
So, in summation: This idea does, in fact, add another layer of fairly strong security. It even has the potential to add a bunch of layers of even stronger security. However, on a practical level, it may end up being more than one may realistically be able to use in anything but its most basic form. But, on the plus side, its most basic form is likely monumentally difficult to create a buffer-overflow exploit for.
Oh no! It's not exactly Linux! How confusing!
Do you know why the shared library tool wasn't there? Perhaps because MacOS X uses a much more flexible dynamic library format which allows it to work well with Objective-C. Since ObjC is what MacOS X's GUI is built on, it was kind of in their best interests to use a shared library format that wasn't outright hostile to OO. Chances are, the "proprietary Apple utility" was something from Mach that's entirely open source.
I like this: "Someone, someday, *will* invest the time to figure out the environment." Like no one actually knows how OS X works! Christ, it's only been out for nearly 3 years!
So, what you are saying is this:
1. I don't understand how this crazy MacOS X stuff works.
2. Therefore, the only security it could have is from people not understanding how it works.
Ignoring the fact that my grandmother could figure out how to encrypt her home directory under MacOS X. And automatic software updates containing security patches are unobtrusive and painless.
Is there an element of "Not many people will break into Macs because there aren't all that many Macs"? Sure. But it's not like a base install of MacOS X has a telnet daemon running or anything. "Security by not allowing remote access by default" is actually not a bad start.
Of course it's more noticible. The game listens to input twice as much, so it's that much more responsive. It's not your eye that's noticing, it's your fingers.