The Red Team is favored by everyone to win, but is it really winning? What they have done is constructed an amazingly accurate and detailed map of every last bit of topography, down to the size of a big rock, of the region the race is going to be in. Their on-board sensors and navigation equipment doesn't have to do much sensing and navigation at all; they will get a foot-by-foot map of where they should be going. This doesn't strike me as "autonomous". It strikes me as just another version of remote control. Their victory will be an impressive technical feat but it certainly isn't the same as having a vehicle that you can plop down on unknown rugged terrain (be it a war zone or the surface of Mars) and have it get around on its own.
I will be more impressed if the autonomous motorcycle makes it ten miles than I will be for Red Team to win the whole thing, because at least this bike is fully autonomous and has some radical new ideas going into it, instead of just tons of resources and brute-force mapping.
The Octagon houses, domes, all kinds of shapes have been tried, but when it comes down to it, plain old right-angle planes are what really work. You can bolt things to them, modify them, cut passages through them, and make additions to them more easily than any other shape. I agree, cubes and rectangles are boring, but alas, they are what seem to work the best for real living.
If you want to see some beautiful uses of curves and non-right-angles in architecture, check out the Walt Disney Concert Hall in LA. It is truly beautiful, and the kind of thing which could not possibly have been built even 15 years ago because the computer modeling technology wasn't there. But that is a place you go to spend a few hours once a month, not to live there, and it was built with plenty of open space around it, not packed in like a house.
But I think this house-creating technology is cool and I'm sure it will find uses in more spread-out areas where there is room to be creative.
Porn moves technology forward. Who would pay $2,000 for a VCR when there are no movies to rent? Guys who want to watch videos in their own homes. Who would put up with expensive ISPs, difficult modems and slow computers? Guys who want to see porn on their computers. The future is wireless porn according to Larry Flynt.
It is a great market for testing many things because it is such a commoditized and competitive market. The material is all the same boring stuff, so they need to explore new ways to market it. Is there a porn version of Netflix yet? Who is going to be the first in wireless porn?
These companies need to do anything they can do to get more mobile data use out of their networks, hardware and software. Margins on voice traffic are dropping and will continue to drop, hastened by VoIP, so how to make up for lost revenue? Pretty soon a large chunk of high-margin international calling traffic will be VoIP, which basically means flat rate, which means... no more big bucks for ATT, etc. By selling new services, like wireless data the carriers can save themselves (they hope). Another problem for Nokia and friends is that handsets are starting to be manufactured in China, and Nokia will not be able to build plain old voice handsets at competitive prices, so it needs to get away from the commoditized market of voice handsets, which means it needs better entertainment abilities, which means wireless data. A TLD could really fit into that. The wireless web has great potential but consumer awareness is poor, because there aren't any good ways for consumers to identify mobile content and there aren't any easy ways for websites to produce mobile content without learning a bunch of new technologies. Well, there are some ways to do it now...
I don't know what you mean by that. I did not copy that from anywhere. I wish I had copied that from somewhere, though, because that would mean that more people are thinking along similar lines and perhaps we would end up having some more secure software and people's attitudes about accepting broken software would change. There is one place I have seen that expresses something similar, though: the old "if cars were like software" or "if airplanes were like software" posts, where they say that if airplanes worked like software, they would crash all the time for no reason, etc. And that's right! And we don't accept it in cars or airplanes and we shouldn't accept it in software, either, because we don't need to.
If you can find out where I allegedly copied that from, please let me know, because that means I must have some telepathic power I'm not aware of, and I would certainly be curious about that.
We must not accept this
on
Security Warrior
·
· Score: 2, Interesting
For as long as I can remember, everyone has been saying that computer security flaws are inevitable. Somehow they are part of the "laws of physics" of the computer world and we must learn to live with them. This thought pattern is out of date and is holding us back from having secure systems. We have accepted this idea of inevitability of security problems just like we used to accept the inevitability of cars leaking oil or that certain medical conditions were incurable.
Computer security problems almost always fall into a few well-known (beaten to death is more accurate) patterns. One such pattern is the "buffer overflow attack". Why does anyone accept this? There is absolutely no reason for modern software to be subject to buffer overflows. We have languages like Java which run everything within a protected virtual machine and don't use buffers. We can design CPUs which allow sections of memory to be marked "execute only, don't write". We can use safe string libraries instead of creaky old standard lib. And yet I still hear people saying that buffer overflows are a given.
I am tired of doing searches and finding the top twenty results all by the same company that has learned how to spam the rankings. You click on one of them and guess what, they don't even have the keyword you were searching for. For example, try a Google search on "ringtones" and the top hits are all the same company in the UK. Search for a specific ringtone you are looking for, and you'll get that same company, even if it doesn't have what you're looking for.
Paid placement would cure this problem. The company that thinks it has the best stuff and is willing to pay for that will get to the top. Right now, Google determines placement by a variety of factors, the most important of which is "voting with links". Switching to paid placement or inclusion is "voting with bucks". Ultimately there is no ideal method of determining placement but "voting with bucks" is not such a bad way to go. Hopefully it will take out many of the spamming sites.
Remember when the MS Matrix trailer was shown at that conference, with Steve-o, and Agent Smith saying, "Write a device driver and recompile the kernel"? I'm wondering if someone high up over there has seen the Matrices a few too many times...
WAP is not dead, far from it. There are more WAP browsers in the world today than there are PCs. Some people say that WAP browsers will be replaced by mobile IE or mobile Opera, but this is also not true. Those browsers will only be on larger phones and anyway, the typical HTML page does not look good from those browsers. Most people still want cheaper, smaller phones, and those will only work with WAP. WAP was designed for mobile use, and HTML was designed for... well, I'm not sure. It was more of an accident then a design.
One thing holding WAP back has been that it is technically difficult to create a WAP site and it is very difficult to do device detection, which is essential for WAP. However, Wireless-Enabled Hosting makes it much easier.
Btw, you can go to http://chiralsoftware.net from either your web browser or your WAP browser. One URL, one set of files works on both types of devices.
As our favorite British commedy group says "I'm not dead yet!"
One and only one: JIT compilation. For example, when Sun's JVM executes Java bytecode, certain portions of it may get compiled to native machine language and then run. In fact, Sun's compiler has a technology called HotSpot which is supposed to dynamically optimize some of this machine code as it runs. Certainly JIT compilation has big benefits. I believe that perl/parrot will be doing that. How much benefit HotSpot has in the real world, I'm not sure, but it is a cool trick.
And all of these are cases of an executing piece of code dynamically creating and executing another piece of code which is exactly what happens in a buffer overflow situation.
However, the number of programs that have a legitimate need to do this is tiny. I'm not sure how this chip will accomdoate those. There may need to be some kind of OS-layer thing with code that is trusted. Maybe the JVM itself could switch modes, so that only when it is actively attempting to write code would that feature be allowed. There are definitely work-arounds to allow JIT to continue working.
As for copy protection, given a choice between having a system which is secure for me and a system which is secure for them, I'll take the system which is secure for me. What about you?
Remember back in the 60s and before, all cars leaked oil? People just accepted, "Cars leak oil." They didn't realize that it didn't have to be that way.
Then the Japanese started making cars that didn't leak oil. Now, no one would accept a car that leaks oil. People have realized that cars don't have to leak and we shouldn't accept it.
It's the same thing with buffer overflows. People now have this attitude "well, there's nothing you can do. Just write code really carefully. Anyone who makes buffer overflows in his code is just a sloppy coder!"
Nothing could be further from the truth. There is no way anyone can code a large project in plain old C and not make buffer overflows. Look at OpenBSD, who are masters of secure C. They still have buffer problems.
And yet, there is absolutely no reason for code to have any buffer overflows! There are programatic tools, such as virtuams machines (think JVM) and safe libraries which mean that programmers never have to manipulate buffers in unsafe ways.
Putting in hardware-level support for this would be fantastic. It is time for people to change their attitude about what they accept in computers. Crashes and security holes are not inherent aspects of software. Mistakes are inherent in writing code, but these mistakes don't always need to have such disasterous consequences.
Scientists observe for the millionth time the Slashdot Effect ripping apart a perfectly good website. "If this were a black hole ripping apart a star, it would be astonishing, but unfortunately, this happens every day," one frustrated website operator said.
I imagine the big one is patents. All large companies like Sun have cross-licensing agreements with all the other large companies in the areas they work in. All of these companies have hundred or thousands of patents, and they all know that fighting over patents in court is not the way they want to spend their resources, so they cross-license. Sun's lawyers have probably said (correctly) that some aspects of Java may be protected by some of these patents. There is a lot of innovative computer science going on in Java: virtual machines, JIT compilers, the HotSpot optimizer, and many others. By licensing something under the GPL, the licensor also grants royalty-free patent use, which Sun can't necessarily do because of cross licensing. So it's a mess. I believe the same issue affected BeOS.
Similar issues apply to copyrights. I assume there are portions of the Java implementation which are copyrighted from other companies which have licensed to Sun, but do you think these agreements are compatible with Sun putting something out under GPL or BSD? I wouldn't think so.
All of this is a bummer, to put it one way. I can think of some awesome projects to do with Java. How about a TRUE Java Desktop, where we take just enough of the Linux kernel to boot, and rewrite most of the system (device drivers and all) in Java and run the JVM essentially on the "bare metal" with all the apps in Java? That would be awesome, but impossible unless the JVM is Open Source.
Ah, and this brings me to MONO, a project which is a tragedy because it is walking into a big trap called "patents".
The right thing to do is to put the effort into gcj and Kaffe to bring them up to commercial usability. I really think it is time to abandon C/C++ for writing apps. We could debate this all day long (ok, on/., we could debate it until the heat death of the Universe) but the fact is that C++ is a pain to work in and lacks the safety features of Java. I would love to see Open Source development shift to Java. I am scared of Open Source development shifting to MONO/C# because I know that it's a trap.
It would be the best thing for Java to do what Linus has done with Linux: Set it free, but maintain control by having a trademark. That really is a great use of the idea of a brand and trademark.
However, I would not be surprised if Sun is reluctant to do this because of software patent problems. Their lawyers might be telling them that it's impossible.
Their smartphone browser is definitely showing up in the logs. Also, their regular desktop browser can display WAP, so they get it both ways: WAP on the desktop, HTML on mobiles. Of course, there is only so much that can be done to transform HTML content.
What if a) the SCO case is composed primarily of "dark matter" and b) dark matter is what is holding the universe together and c) the SCO case crumbles? What would happen to the universe?
especially manuals for commercial products. Manuals are full of information and are in some ways "ads" for a company's products. Chiral Software's manual for its WAP server software is licensed under the Creative Commons system.
Will this lead to anything useful or is it just "cool that they made it open source"?
Also, are there terms of use for viewing the code? If so, anyone who is interested in developing for other FOSS video projects (VideoGimp, etc) should understand the terms of use before looking at any of this source code. It would be terrible if a bunch of developers looked at this code, went on to do amazing (but unrelated) things with VideoGimp and a few years down the line we get an eerie feeling of deja-vu.
Some posters have suggested sniffing as a way to get through a port knocking defense. That is true, but what if the "knock" pattern changed in some pseudo-random way and the same knock could never be used twice? Think s/key. Then even sniffers wouldn't know what to do. Sometime when I have time I'm also going to write a PAM module for Cryptocard authentication for SSH to provide two-factor authentication, too.
I think this whole idea is a cool technique. It isn't the same as security through obscurity because the security still relies in a key. It is more like "network protocol steganography" actually.
I'm sure many of us are saying "finally" about many features: AMD-64 and generics being the big ones. My big FINALLY is that it finally supports WBMP in the image IO framework. Also improvements in sound and startup speed.
Slashdot Mirror
I will be more impressed if the autonomous motorcycle makes it ten miles than I will be for Red Team to win the whole thing, because at least this bike is fully autonomous and has some radical new ideas going into it, instead of just tons of resources and brute-force mapping.
----------
Host your WAP site, automatically
If you want to see some beautiful uses of curves and non-right-angles in architecture, check out the Walt Disney Concert Hall in LA. It is truly beautiful, and the kind of thing which could not possibly have been built even 15 years ago because the computer modeling technology wasn't there. But that is a place you go to spend a few hours once a month, not to live there, and it was built with plenty of open space around it, not packed in like a house.
But I think this house-creating technology is cool and I'm sure it will find uses in more spread-out areas where there is room to be creative.
The logical next step is P2P architecture, right?
----------
Make a WAP site with WAP hosting
It is a great market for testing many things because it is such a commoditized and competitive market. The material is all the same boring stuff, so they need to explore new ways to market it. Is there a porn version of Netflix yet? Who is going to be the first in wireless porn?
--------
Create a WAP server
These companies need to do anything they can do to get more mobile data use out of their networks, hardware and software. Margins on voice traffic are dropping and will continue to drop, hastened by VoIP, so how to make up for lost revenue? Pretty soon a large chunk of high-margin international calling traffic will be VoIP, which basically means flat rate, which means... no more big bucks for ATT, etc. By selling new services, like wireless data the carriers can save themselves (they hope). Another problem for Nokia and friends is that handsets are starting to be manufactured in China, and Nokia will not be able to build plain old voice handsets at competitive prices, so it needs to get away from the commoditized market of voice handsets, which means it needs better entertainment abilities, which means wireless data. A TLD could really fit into that. The wireless web has great potential but consumer awareness is poor, because there aren't any good ways for consumers to identify mobile content and there aren't any easy ways for websites to produce mobile content without learning a bunch of new technologies. Well, there are some ways to do it now...
Is it too late for me to enter my Roomba?
If you can find out where I allegedly copied that from, please let me know, because that means I must have some telepathic power I'm not aware of, and I would certainly be curious about that.
Computer security problems almost always fall into a few well-known (beaten to death is more accurate) patterns. One such pattern is the "buffer overflow attack". Why does anyone accept this? There is absolutely no reason for modern software to be subject to buffer overflows. We have languages like Java which run everything within a protected virtual machine and don't use buffers. We can design CPUs which allow sections of memory to be marked "execute only, don't write". We can use safe string libraries instead of creaky old standard lib. And yet I still hear people saying that buffer overflows are a given.
Same with root escalations. For years we have had ideas of how to have systems that are compartmented and don't have root. In the Unix world, we have the idiocy of "trusted ports" (ports I could go on and on. The only reason why computers are so insecure is because we have accepted that they are and decided to live with it. This is just wrong.
--------
Create your own WAP site, or become a Wireless-Enabled Hosting(tm) provider
--------
Do you have Wireless-Enabled Hosting(tm)?
Paid placement would cure this problem. The company that thinks it has the best stuff and is willing to pay for that will get to the top. Right now, Google determines placement by a variety of factors, the most important of which is "voting with links". Switching to paid placement or inclusion is "voting with bucks". Ultimately there is no ideal method of determining placement but "voting with bucks" is not such a bad way to go. Hopefully it will take out many of the spamming sites.
-------
Is your hosting company wireless-enabled?
-------
Create a WAP server
------
Wireless-Enabled Hosting(tm)
One thing holding WAP back has been that it is technically difficult to create a WAP site and it is very difficult to do device detection, which is essential for WAP. However, Wireless-Enabled Hosting makes it much easier.
Btw, you can go to http://chiralsoftware.net from either your web browser or your WAP browser. One URL, one set of files works on both types of devices.
As our favorite British commedy group says "I'm not dead yet!"
And all of these are cases of an executing piece of code dynamically creating and executing another piece of code which is exactly what happens in a buffer overflow situation.
However, the number of programs that have a legitimate need to do this is tiny. I'm not sure how this chip will accomdoate those. There may need to be some kind of OS-layer thing with code that is trusted. Maybe the JVM itself could switch modes, so that only when it is actively attempting to write code would that feature be allowed. There are definitely work-arounds to allow JIT to continue working.
As for copy protection, given a choice between having a system which is secure for me and a system which is secure for them, I'll take the system which is secure for me. What about you?
-------
Create a WAP hosting service
Then the Japanese started making cars that didn't leak oil. Now, no one would accept a car that leaks oil. People have realized that cars don't have to leak and we shouldn't accept it.
It's the same thing with buffer overflows. People now have this attitude "well, there's nothing you can do. Just write code really carefully. Anyone who makes buffer overflows in his code is just a sloppy coder!"
Nothing could be further from the truth. There is no way anyone can code a large project in plain old C and not make buffer overflows. Look at OpenBSD, who are masters of secure C. They still have buffer problems.
And yet, there is absolutely no reason for code to have any buffer overflows! There are programatic tools, such as virtuams machines (think JVM) and safe libraries which mean that programmers never have to manipulate buffers in unsafe ways.
Putting in hardware-level support for this would be fantastic. It is time for people to change their attitude about what they accept in computers. Crashes and security holes are not inherent aspects of software. Mistakes are inherent in writing code, but these mistakes don't always need to have such disasterous consequences.
---------
Create a WAP server
Could someone mirror pages before aiming the unammed predatory slashdot effect at PHP pages?
---------
Create a WAP server
-----
Create a WAP server
Similar issues apply to copyrights. I assume there are portions of the Java implementation which are copyrighted from other companies which have licensed to Sun, but do you think these agreements are compatible with Sun putting something out under GPL or BSD? I wouldn't think so.
All of this is a bummer, to put it one way. I can think of some awesome projects to do with Java. How about a TRUE Java Desktop, where we take just enough of the Linux kernel to boot, and rewrite most of the system (device drivers and all) in Java and run the JVM essentially on the "bare metal" with all the apps in Java? That would be awesome, but impossible unless the JVM is Open Source.
Ah, and this brings me to MONO, a project which is a tragedy because it is walking into a big trap called "patents".
The right thing to do is to put the effort into gcj and Kaffe to bring them up to commercial usability. I really think it is time to abandon C/C++ for writing apps. We could debate this all day long (ok, on /., we could debate it until the heat death of the Universe) but the fact is that C++ is a pain to work in and lacks the safety features of Java. I would love to see Open Source development shift to Java. I am scared of Open Source development shifting to MONO/C# because I know that it's a trap.
-------
Create a WAP server
However, I would not be surprised if Sun is reluctant to do this because of software patent problems. Their lawyers might be telling them that it's impossible.
------
Create a WAP server
I've never heard of "sandbag architecture". It must be something that Sun came up with to compete with .NET?
----
Create a WAP server
---------
Create a WAP server now
------------
Create a WAP server
especially manuals for commercial products. Manuals are full of information and are in some ways "ads" for a company's products. Chiral Software's manual for its WAP server software is licensed under the Creative Commons system.
Also, are there terms of use for viewing the code? If so, anyone who is interested in developing for other FOSS video projects (VideoGimp, etc) should understand the terms of use before looking at any of this source code. It would be terrible if a bunch of developers looked at this code, went on to do amazing (but unrelated) things with VideoGimp and a few years down the line we get an eerie feeling of deja-vu.
----------
Create a WAP server today.
I think this whole idea is a cool technique. It isn't the same as security through obscurity because the security still relies in a key. It is more like "network protocol steganography" actually.
---------
Create a WAP server now
This release is fantastic. Java keeps on growing.
-----------
Create a WAP server now