The cited post focuses on the question of generating multiple messages that have the same hash, but it does NOT take into account the question of that message being specific in meaning.
This is the type of horror story I'd like to avoid. I can see Joe Dipstick setting himself up as a mirror site for something, adding nasty bits to it, and then altering the files to collide with the official hash on the official site. You download the project, you MD5, you SHA1, you compare, and everything looks kosher; you do the configure-make dance, and you fire it up to do its nasty deeds. This is the kind of thing that worries the hell out of big corporations, and I'd like to ensure that this is still not a realistic scenario.
So we're not talking about "generate X messages that have the same hash under both SHA1 and MD5". We're talking about "generate X messages that have THIS hash under SHA1 and THAT hash under MD5". It's not "go out and run into a car", it's "go out and run into Brad Pitt's car". Add the second hash, and you're talking about "go run into Brad Pitt's car until you can bounce off and run into Sylvester Stallone's car, too". I don't think it's hard to see why this would have a vastly different probability than "run into one car, then bounce off and hit another".
The birthday attack *relies* on the condition that what the hash IS doesn't matter, you simply want a hash collision. That sort of theoretical exercise is great for designing hash functions, but it just plain doesn't interact with the real world very well. What good does it do me to have two *random* messages with the same SHA1 and MD5? If I change them, they won't. It might prove that SHA1 and MD5 need to be replaced by a better hash algorithm, if only to make the math geeks happy, but it certainly doesn't prove that they're completely insecure and nobody should use them.
If you can't explain why, I must assume your response is ill-considered.
The chance of two independent events coinciding is the same as the chance of one times the chance of the second. The major question is whether an MD5 and a SHA1 are in fact independent.
I've wondered this myself. Theoretically, if you MD5 a file *and* SHA1 a file, the complexity of matching both hashes is 288 bits. Basically, given a standard distribution, 1 out of every 2^128 files will match the MD5 of your file... and 1 out of every 2^160 of those will match the SHA1. (1/2^128)/2^160 = 1/2^288.
I'd really like to know if this interpretation is flawed. Even when hash algorithms are broken, if you parallelise them, you can still get enough bits of security to work. It seems to me that you would have to MD5 the file, generate a collision, SHA1 the file, generate a collision, and then check to see if your MD5 still matches.
I miss the BBS days when "GMA16(S32|(R1P180))" did the job. The resolution of modern access specifiers is simply ridiculous; it's either so generic as to be effectively useless, or it's so limited as to be *actually* useless.
I should build something to fix that. Telegard ACS codes are probably a bit too terse these days, but I could probably come up with something comparable.
Drupal used to have this feature where you could click on things to edit their styles, but they took it out. If they've put it back, Drupal is just too cool for words.
If they haven't, Drupal still has its own built-in forum system. This places it in pretty sparse company, with the only other decent package being Land Down Under, to my knowledge.
Drupal is, as I recall, significantly more secure than LDU. However, where Drupal fails me is in its security *flexibility*; I'm looking for something with very low-level access control, along the lines of "this forum is open to registered members who are male, over the age of 16, and have either purchased an access level of 32 *or* been members for at least six months and uploaded more than two megs of approved files". So far, there's no such thing, so I'm just rolling my own and writing custom SQL queries to support the level of access I want.
> If you want permadeath to work, you > need to change the goals of the MMORPG.
Oh no, a smart person.;)
Permadeath doesn't work because currently, nothing in any MMOG is really a *challenge*. It's all a number of arbitrary signs that say "you must be this tall to adventure here". The major advance of MMOGs so far has been to arrange the signs more sensibly, so you don't have the two foot section immediately adjacent to the six-five section, and to make them more clear to the player. But the signs still work the same way: if you have a high enough level and good enough equipment, you can collect the rewards in these rooms. If you don't, you can't, and you will almost certainly be killed.
Permadeath takes tall players and makes them short. Unfortunately, having been short *before* doesn't make growing any easier. It doesn't matter how good a PLAYER you are, *all* of the ability to enter an area and claim its rewards resides in your character and equipment. We need to shift a lot of this onto the player, so entering an area and claiming its contents is something that can be done with any combination of level, equipment, and skill that exceeds a certain threshold.
So if I understand this correctly, Yahoo and Google are not donating the use of equipment at their own data centers, they're donating hardware that Wikipedia will install and integrate at a data center of their choice.
This seems to present EVEN LESS of a problem. I can see how Google or Yahoo might be in an unfair bargaining position if they had their own MIS people standing over the server and saying "do what we say or we unplug it", but if they don't, aren't they in pretty much the same position as anyone else? I simply don't see any serious leverage in a sponsor's position. At worst, Yahoo and Google get some good PR when certain people don't think they deserve it. What's the big deal?
> Advertising is not an industry known > for it's string ethical stance
I wonder why?
"Hey," says the advertiser, "we'll give you free internet service if you use our special browser that shows you ads."
"Why, that *is* a good deal," says the consumer, who signs a contract and gets online with the free account.
Then he runs off and downloads a program that hides the ads, so he doesn't have to see them. Now he's got free internet service at the advertiser's expense, but the advertiser isn't getting to advertise.
Eventually, the people who buy the ads realise they don't get any business through this advertiser, and they go to another one. The advertiser loses all his sponsors, can't afford to continue providing internet connections, and shuts down.
"Hey!" shouts the user. "We had a DEAL, scumbag."
Ethics, like morals, are a luxury. You have them when you can afford to have them. When times get rough, ethics start getting fuzzy, and eventually they disappear altogether. So the advertiser has few if any ethics, because he cannot afford them.
But what's the user's excuse? He signed a contract and took his share of the bargain, but wouldn't honor his own obligations.
"Of course not," scoffs the user. "It was an obligation to an *advertiser*. Advertisers are scum, and have no ethics, and never keep their word. So it's *okay* to lie to them, and cheat them, and steal from them."
> I'm an uneducated simpleton because > I've never played GTA?
No, but I propose that you *might* learn something useful and positive from GTA. There *might* be a baby in that bathwater. Perhaps you should check before throwing it out.
> Seriously, why shouldn't parents know and > control what their kids are buying?
They should, and in that order. If you have never played GTA, you do not know enough about it to control your children's access to it appropriately, so you shouldn't try to control it until you *do* know enough about it.
Once you've played it, you can make an informed decision. Or, on the other hand, you can trust people like Senator Clinton to know their way around videogames... and as long as we're dreaming, maybe you'd like a pony, too.
Most parents are too bound up in the controlling to spend much time on the knowing, which is basically the blind leading the naked. Sure, children are vulnerable, but the willfully ignorant aren't exactly qualified to protect them.
I don't particularly have any concerns about vulnerability. In my experience, OpenOffice freezes the X session so frequently, you're not going to open any document you don't absolutely HAVE to open.
My concern is primarily that so many Linux users have had a false sense of security instilled by the repetition of "Linux isn't vulnerable to virus infection". This makes them *more* vulnerable when a vulnerability pops up, and there's no way to be sure how MUCH more vulnerable. The human element is always the weakest link.
There's one basic incontrovertible fact. If you do not expose your child to something, the child is incapable of learning anything from it.
And that's why we want to censor things and protect children: we are afraid they will learn the wrong thing. We trade the possibility of learning the wrong thing for the certainty of learning nothing at all.
But we also have a very broad definition of "the wrong thing". The wrong thing is "anything I don't want you to learn yet". And what we don't want our children to learn is primarily the things that we would be uncomfortable explaining.
When you come down to it, we're not censoring for the children. We're censoring for our own personal comfort. The children aren't even part of the equation. So we don't really *care* if it makes them a little stupider and less capable. It's not about them, it's about us, and our comfort level with the subject matter... which is why complaints about this sort of thing are just fundamentally offensive to me.
So pardon me if I don't jump on this particular bandwagon. You know what we really need? Parents who give a shit about their children. Every minute you spend out there trying to protect your children from the evil nasty videogames is a minute you COULD spend *with* them, and with enough of those... why, they wouldn't even need videogames.
> Any OS is "difficult to learn" > to a complete newbie.
However, Linux frequently puts the user in positions where something very technical needs to be done. I frequently find that when I load or create a document in OpenOffice, my X session will freeze. Then I need to flip over to a shell prompt, login again, and kill the X server. If I didn't know what I was doing, how would you explain this process? Is this a reasonable thing to expect someone to do on a regular basis?
That's where things fall apart with Linux as a desktop OS. Windows, on the other hand, just works. You can treat it like a black box, because that's what it is. The answer to everything that might go wrong is "reboot". Most of the time, that resolves the problem and you can get on with your work. It's like having one big button that says "FIX".
You can scoff all you like at this dumbed-down interface, but it's very attractive to people who neither know nor care what the button actually does.
> the in-fighting between the various > Linux distro fanboys needs to be put > aside
This stems from the UNIX culture's general tendency to attach emotional values to technical concepts, which was charming and amusing when we were all able to tell the difference, but we're losing that with the mad rush of new initiates into our camp. Even OSI seems unable to distinguish the philosophy of free redistribution from the technical merits of transparent development, which is distinctly damaging to the open source platform.
Not only do I agree 100% with this statement, but I'll actually put my name on it.
The problem with open source projects is not a problem with the open source philosophy, it's that any idiot can start an open source project. There's no easy way to tell the difference between a project from a reputable developer and a project from a dumbass. It's as bad as buying music... you KNOW 99% of the CDs you see on the shelf are garbage, but *which* 99%? I just want to grab a CD and go, not do a bunch of research.
> what is the virtue of making it open > source in the freedome sense at all?
Theoretically, having the source *available* is what open source is REALLY about. All the technical benefits of open source come from a large community of users and developers examining the source code -- what OSI calls "massive peer review". This is good, and it's never anything *but* good.
Exclusive redistribution rights, on the other hand, have a significant value. Giving those away is painful for a traditional company, because you can concoct any number of horror stories about what might happen. Someone might, for example, write a virus into your code and stick it on a public server -- getting your product and your company blamed for the virus.
Most of those horror stories disappear if you can stipulate that no matter where you get the product, you will get the *same* product the company originally produced. So by requiring P3 redistribution, a lot of companies who might otherwise keep their source code proprietary can be persuaded that the glass is a lot more than half full.
There is really no technical downside to P3 in comparison to a project fork, and there might actually be several benefits.
I think there's one major faction which isn't covered by GPL and BSD, where people don't want their software redistributed in modified form. OSI recognises this and provides for it by allowing licenses which require redistribution to be in P3 format (Pristine Plus Patches), but there's no real consensus on one license that covers this need.
There are a lot of companies who agree completely with the idea of releasing source code, but really dislike the "unrestricted redistribution" thing. A solid industry-standard P3 license would alleviate some of their fears, and could get more projects out there in the open source world.
Was the GameShark an expected upgrade? It plugged into a standard control port and used the standard interfaces, but Sony eventually answered InterAct's continued refusal to "play ball" by removing the port.
> Is there a way for a startup video game > development firm to break into the industry > anymore?
Depends on the industry. If you just want to make games, http://www.garagegames.com/ is a decent place to start. If you want to make *console* games, or PC games that debut at E3, you will need someone willing to put up millions of dollars for the project.
In order to get those people interested in your project, you will of course need a game that looks like it will *make* millions of dollars in profit for those people.
I usually find that people wanting to get into the game industry are missing the single most important thing they need: a GAME. Go build a game. Without that, you're not going anywhere.
Edited pages are very different from *new* pages. I think it's pretty obvious to everyone involved that withholding edits to existing pages has the problems you describe, and that any such request is effectively a demand that Wikipedia stop working. But why would it be a problem for Yahoo or Google to withhold a *new* page for some time? Don't they already get a guaranteed first crack at indexing edited content, just because it's on their servers?
> I'd imagine fixed hardware that can be > upgradable, but for which a switch can > turn off the upgrades. For instance, > that's why there's an A20 gate on the PC.
No it isn't. The A20 gate is on the PC because starting with the 286 processor, an old technique for "wrapping around" system memory didn't work the same way. In other words, an *expected* condition caused *older* software not to work. What I'm talking about here is an *unexpected* condition that causes *current* software not to work.
The simple fact that it is an unexpected condition invalidates any concept that you can build a switch to turn it on and off. Otherwise, Sony could simply turn off mod chips to prevent game piracy.
> What if, for example, Google got to > see new articles immediately, but the > rest of us had to wait for a few > minutes, or even hours?
I don't see why this is a problem. In the printing press era, sponsors get to see the completed work months before the rest of the world does. Is it that terrible when they get, say, a day? How is this different from a moderated newsgroup, where the "powers that be" get to individually examine and approve every message before the subscribers?
I'm not talking about new fixed platforms, I'm talking about hardware alterations to the existing platform that destroy its "fixed" nature. Without a restricted bootloader, you essentially guarantee that someone is going to open up the system, and that leads to the loss of a fixed hardware platform.
You may, for example, upgrade your console's memory only to find that most games on the market are designed to handle exactly the number of bits necessary to cover the console's address range. As soon as something gets loaded outside that range, these games can't figure out how to access it, and instead access whatever garbage is addressed by the lower-order bits.
Which is, of course, the console manufacturer's fault... as far as the ignorant public is concerned.;)
Maybe this will make my Tivo smarter about recording programs. Right now, if we tell TiVo not to record something on a season pass, we have to go into the TiVo and tell it to record later when the same show plays again. But some shows have no descriptions, so we can't tell which of the upcoming episodes is the one we want to record.
However, TiVo might be able to distinguish between them using some kind of internal identifier. If it was smart, it would respond to "don't record now" by rescheduling the recording for the next time the same episode was on. I'd like to see it get smart.
> shall those advantages be forever > segregated in the marketplace?
I think openness naturally kills the fixed hardware advantage, because as soon as you open up the software side to all manner of hackery, you inevitably find something for which the provided hardware is inadequate. This creates a need, the market perceives that need, and new hardware is produced to remedy the situation.
> PS1 digital controller through an EMS > USB2 adapter works wonderfully.
I haven't tried any of the console controller adapters. I probably should.
> do you have any tips for a shareware > developer to market a game to publishers > with console contracts?
I've never had any luck "marketing" anything to the game industry; they get a lot of marketing hype, and they tend to be turned off by it. Just hang around the same places they do, make intelligent conversation, and occasionally mention your latest ideas; if they're *good* ideas, the interest comes to you, and you don't have to expend a lot of energy generating it.
YMMV, of course. I seem to have extraordinary luck meeting "names" online, but it's not anything I do consciously.
> Has the glut of Win32 compatible > games tarnished the reputation of > the console called "PC running > Windows XP"?
Yes. There are a lot of people saying the PC is "dead" as a gaming platform because individual PC differences cause unpredictable errors and give certain people unfair advantages, when the *real* culprit is bad programming. (Or bad design. It's hard to get a good gamepad for a PC, I've found.)
> In general, console makers don't > even want to talk to startups.
In general, startups are composed of people who honestly don't know what the hell they're doing. Demonstrate otherwise, and console manufacturers get very interested in talking things over with you.
It's all politics. If you can't play the political game, you need someone in your startup who knows what he's about -- i.e. he's in the credits of a game worth playing. Or, on the other hand, just go XBox instead... Microsoft will happily jump into bed with more or less anyone that doesn't seem TOO profoundly retarded.
First, the reputation of a console can be seriously tarnished if it has a market glut of crappy games. They're worried that eight million bad developers will release eight million pieces of garbage, and people will be unable to find the good games without having to struggle through several bad ones.
Second... and probably more importantly... Sony makes a boatload of money off their developers right now, and if they open up development some of those developers will jump ship and go it alone. The little guys who have no infrastructure of their own will stay on, but the big boys will undoubtedly try to cut Sony out of the picture. That threatens to leave Sony with all their high-maintenance problem children, while the cash cows move on to greener pastures.
Publicly, Sony is more likely to concentrate on describing the first reason than the second.
Slashdot Mirror
This is not even remotely the same question.
The cited post focuses on the question of generating multiple messages that have the same hash, but it does NOT take into account the question of that message being specific in meaning.
This is the type of horror story I'd like to avoid. I can see Joe Dipstick setting himself up as a mirror site for something, adding nasty bits to it, and then altering the files to collide with the official hash on the official site. You download the project, you MD5, you SHA1, you compare, and everything looks kosher; you do the configure-make dance, and you fire it up to do its nasty deeds. This is the kind of thing that worries the hell out of big corporations, and I'd like to ensure that this is still not a realistic scenario.
So we're not talking about "generate X messages that have the same hash under both SHA1 and MD5". We're talking about "generate X messages that have THIS hash under SHA1 and THAT hash under MD5". It's not "go out and run into a car", it's "go out and run into Brad Pitt's car". Add the second hash, and you're talking about "go run into Brad Pitt's car until you can bounce off and run into Sylvester Stallone's car, too". I don't think it's hard to see why this would have a vastly different probability than "run into one car, then bounce off and hit another".
The birthday attack *relies* on the condition that what the hash IS doesn't matter, you simply want a hash collision. That sort of theoretical exercise is great for designing hash functions, but it just plain doesn't interact with the real world very well. What good does it do me to have two *random* messages with the same SHA1 and MD5? If I change them, they won't. It might prove that SHA1 and MD5 need to be replaced by a better hash algorithm, if only to make the math geeks happy, but it certainly doesn't prove that they're completely insecure and nobody should use them.
If you can't explain why, I must assume your response is ill-considered.
The chance of two independent events coinciding is the same as the chance of one times the chance of the second. The major question is whether an MD5 and a SHA1 are in fact independent.
I've wondered this myself. Theoretically, if you MD5 a file *and* SHA1 a file, the complexity of matching both hashes is 288 bits. Basically, given a standard distribution, 1 out of every 2^128 files will match the MD5 of your file... and 1 out of every 2^160 of those will match the SHA1. (1/2^128)/2^160 = 1/2^288.
I'd really like to know if this interpretation is flawed. Even when hash algorithms are broken, if you parallelise them, you can still get enough bits of security to work. It seems to me that you would have to MD5 the file, generate a collision, SHA1 the file, generate a collision, and then check to see if your MD5 still matches.
I miss the BBS days when "GMA16(S32|(R1P180))" did the job. The resolution of modern access specifiers is simply ridiculous; it's either so generic as to be effectively useless, or it's so limited as to be *actually* useless.
I should build something to fix that. Telegard ACS codes are probably a bit too terse these days, but I could probably come up with something comparable.
Drupal used to have this feature where you could click on things to edit their styles, but they took it out. If they've put it back, Drupal is just too cool for words.
If they haven't, Drupal still has its own built-in forum system. This places it in pretty sparse company, with the only other decent package being Land Down Under, to my knowledge.
Drupal is, as I recall, significantly more secure than LDU. However, where Drupal fails me is in its security *flexibility*; I'm looking for something with very low-level access control, along the lines of "this forum is open to registered members who are male, over the age of 16, and have either purchased an access level of 32 *or* been members for at least six months and uploaded more than two megs of approved files". So far, there's no such thing, so I'm just rolling my own and writing custom SQL queries to support the level of access I want.
> If you want permadeath to work, you
;)
> need to change the goals of the MMORPG.
Oh no, a smart person.
Permadeath doesn't work because currently, nothing in any MMOG is really a *challenge*. It's all a number of arbitrary signs that say "you must be this tall to adventure here". The major advance of MMOGs so far has been to arrange the signs more sensibly, so you don't have the two foot section immediately adjacent to the six-five section, and to make them more clear to the player. But the signs still work the same way: if you have a high enough level and good enough equipment, you can collect the rewards in these rooms. If you don't, you can't, and you will almost certainly be killed.
Permadeath takes tall players and makes them short. Unfortunately, having been short *before* doesn't make growing any easier. It doesn't matter how good a PLAYER you are, *all* of the ability to enter an area and claim its rewards resides in your character and equipment. We need to shift a lot of this onto the player, so entering an area and claiming its contents is something that can be done with any combination of level, equipment, and skill that exceeds a certain threshold.
> served on the equipment donated
So if I understand this correctly, Yahoo and Google are not donating the use of equipment at their own data centers, they're donating hardware that Wikipedia will install and integrate at a data center of their choice.
This seems to present EVEN LESS of a problem. I can see how Google or Yahoo might be in an unfair bargaining position if they had their own MIS people standing over the server and saying "do what we say or we unplug it", but if they don't, aren't they in pretty much the same position as anyone else? I simply don't see any serious leverage in a sponsor's position. At worst, Yahoo and Google get some good PR when certain people don't think they deserve it. What's the big deal?
> Advertising is not an industry known
> for it's string ethical stance
I wonder why?
"Hey," says the advertiser, "we'll give you free internet service if you use our special browser that shows you ads."
"Why, that *is* a good deal," says the consumer, who signs a contract and gets online with the free account.
Then he runs off and downloads a program that hides the ads, so he doesn't have to see them. Now he's got free internet service at the advertiser's expense, but the advertiser isn't getting to advertise.
Eventually, the people who buy the ads realise they don't get any business through this advertiser, and they go to another one. The advertiser loses all his sponsors, can't afford to continue providing internet connections, and shuts down.
"Hey!" shouts the user. "We had a DEAL, scumbag."
Ethics, like morals, are a luxury. You have them when you can afford to have them. When times get rough, ethics start getting fuzzy, and eventually they disappear altogether. So the advertiser has few if any ethics, because he cannot afford them.
But what's the user's excuse? He signed a contract and took his share of the bargain, but wouldn't honor his own obligations.
"Of course not," scoffs the user. "It was an obligation to an *advertiser*. Advertisers are scum, and have no ethics, and never keep their word. So it's *okay* to lie to them, and cheat them, and steal from them."
Self-fulfilling prophecy, ne-c'est pas?
> I'm an uneducated simpleton because
> I've never played GTA?
No, but I propose that you *might* learn something useful and positive from GTA. There *might* be a baby in that bathwater. Perhaps you should check before throwing it out.
> Seriously, why shouldn't parents know and
> control what their kids are buying?
They should, and in that order. If you have never played GTA, you do not know enough about it to control your children's access to it appropriately, so you shouldn't try to control it until you *do* know enough about it.
Once you've played it, you can make an informed decision. Or, on the other hand, you can trust people like Senator Clinton to know their way around videogames... and as long as we're dreaming, maybe you'd like a pony, too.
Most parents are too bound up in the controlling to spend much time on the knowing, which is basically the blind leading the naked. Sure, children are vulnerable, but the willfully ignorant aren't exactly qualified to protect them.
I don't particularly have any concerns about vulnerability. In my experience, OpenOffice freezes the X session so frequently, you're not going to open any document you don't absolutely HAVE to open.
My concern is primarily that so many Linux users have had a false sense of security instilled by the repetition of "Linux isn't vulnerable to virus infection". This makes them *more* vulnerable when a vulnerability pops up, and there's no way to be sure how MUCH more vulnerable. The human element is always the weakest link.
There's one basic incontrovertible fact. If you do not expose your child to something, the child is incapable of learning anything from it.
And that's why we want to censor things and protect children: we are afraid they will learn the wrong thing. We trade the possibility of learning the wrong thing for the certainty of learning nothing at all.
But we also have a very broad definition of "the wrong thing". The wrong thing is "anything I don't want you to learn yet". And what we don't want our children to learn is primarily the things that we would be uncomfortable explaining.
When you come down to it, we're not censoring for the children. We're censoring for our own personal comfort. The children aren't even part of the equation. So we don't really *care* if it makes them a little stupider and less capable. It's not about them, it's about us, and our comfort level with the subject matter... which is why complaints about this sort of thing are just fundamentally offensive to me.
So pardon me if I don't jump on this particular bandwagon. You know what we really need? Parents who give a shit about their children. Every minute you spend out there trying to protect your children from the evil nasty videogames is a minute you COULD spend *with* them, and with enough of those... why, they wouldn't even need videogames.
> Any OS is "difficult to learn"
> to a complete newbie.
However, Linux frequently puts the user in positions where something very technical needs to be done. I frequently find that when I load or create a document in OpenOffice, my X session will freeze. Then I need to flip over to a shell prompt, login again, and kill the X server. If I didn't know what I was doing, how would you explain this process? Is this a reasonable thing to expect someone to do on a regular basis?
That's where things fall apart with Linux as a desktop OS. Windows, on the other hand, just works. You can treat it like a black box, because that's what it is. The answer to everything that might go wrong is "reboot". Most of the time, that resolves the problem and you can get on with your work. It's like having one big button that says "FIX".
You can scoff all you like at this dumbed-down interface, but it's very attractive to people who neither know nor care what the button actually does.
> the in-fighting between the various
> Linux distro fanboys needs to be put
> aside
This stems from the UNIX culture's general tendency to attach emotional values to technical concepts, which was charming and amusing when we were all able to tell the difference, but we're losing that with the mad rush of new initiates into our camp. Even OSI seems unable to distinguish the philosophy of free redistribution from the technical merits of transparent development, which is distinctly damaging to the open source platform.
Conclusion: in college, being gay is cool. [GDR]
Not only do I agree 100% with this statement, but I'll actually put my name on it.
The problem with open source projects is not a problem with the open source philosophy, it's that any idiot can start an open source project. There's no easy way to tell the difference between a project from a reputable developer and a project from a dumbass. It's as bad as buying music... you KNOW 99% of the CDs you see on the shelf are garbage, but *which* 99%? I just want to grab a CD and go, not do a bunch of research.
> what is the virtue of making it open
> source in the freedome sense at all?
Theoretically, having the source *available* is what open source is REALLY about. All the technical benefits of open source come from a large community of users and developers examining the source code -- what OSI calls "massive peer review". This is good, and it's never anything *but* good.
Exclusive redistribution rights, on the other hand, have a significant value. Giving those away is painful for a traditional company, because you can concoct any number of horror stories about what might happen. Someone might, for example, write a virus into your code and stick it on a public server -- getting your product and your company blamed for the virus.
Most of those horror stories disappear if you can stipulate that no matter where you get the product, you will get the *same* product the company originally produced. So by requiring P3 redistribution, a lot of companies who might otherwise keep their source code proprietary can be persuaded that the glass is a lot more than half full.
There is really no technical downside to P3 in comparison to a project fork, and there might actually be several benefits.
I think there's one major faction which isn't covered by GPL and BSD, where people don't want their software redistributed in modified form. OSI recognises this and provides for it by allowing licenses which require redistribution to be in P3 format (Pristine Plus Patches), but there's no real consensus on one license that covers this need.
There are a lot of companies who agree completely with the idea of releasing source code, but really dislike the "unrestricted redistribution" thing. A solid industry-standard P3 license would alleviate some of their fears, and could get more projects out there in the open source world.
> Not all upgrades are unexpected.
Was the GameShark an expected upgrade? It plugged into a standard control port and used the standard interfaces, but Sony eventually answered InterAct's continued refusal to "play ball" by removing the port.
> Is there a way for a startup video game
> development firm to break into the industry
> anymore?
Depends on the industry. If you just want to make games, http://www.garagegames.com/ is a decent place to start. If you want to make *console* games, or PC games that debut at E3, you will need someone willing to put up millions of dollars for the project.
In order to get those people interested in your project, you will of course need a game that looks like it will *make* millions of dollars in profit for those people.
I usually find that people wanting to get into the game industry are missing the single most important thing they need: a GAME. Go build a game. Without that, you're not going anywhere.
Edited pages are very different from *new* pages. I think it's pretty obvious to everyone involved that withholding edits to existing pages has the problems you describe, and that any such request is effectively a demand that Wikipedia stop working. But why would it be a problem for Yahoo or Google to withhold a *new* page for some time? Don't they already get a guaranteed first crack at indexing edited content, just because it's on their servers?
> I'd imagine fixed hardware that can be
> upgradable, but for which a switch can
> turn off the upgrades. For instance,
> that's why there's an A20 gate on the PC.
No it isn't. The A20 gate is on the PC because starting with the 286 processor, an old technique for "wrapping around" system memory didn't work the same way. In other words, an *expected* condition caused *older* software not to work. What I'm talking about here is an *unexpected* condition that causes *current* software not to work.
The simple fact that it is an unexpected condition invalidates any concept that you can build a switch to turn it on and off. Otherwise, Sony could simply turn off mod chips to prevent game piracy.
> What if, for example, Google got to
> see new articles immediately, but the
> rest of us had to wait for a few
> minutes, or even hours?
I don't see why this is a problem. In the printing press era, sponsors get to see the completed work months before the rest of the world does. Is it that terrible when they get, say, a day? How is this different from a moderated newsgroup, where the "powers that be" get to individually examine and approve every message before the subscribers?
I'm not talking about new fixed platforms, I'm talking about hardware alterations to the existing platform that destroy its "fixed" nature. Without a restricted bootloader, you essentially guarantee that someone is going to open up the system, and that leads to the loss of a fixed hardware platform.
;)
You may, for example, upgrade your console's memory only to find that most games on the market are designed to handle exactly the number of bits necessary to cover the console's address range. As soon as something gets loaded outside that range, these games can't figure out how to access it, and instead access whatever garbage is addressed by the lower-order bits.
Which is, of course, the console manufacturer's fault... as far as the ignorant public is concerned.
Maybe this will make my Tivo smarter about recording programs. Right now, if we tell TiVo not to record something on a season pass, we have to go into the TiVo and tell it to record later when the same show plays again. But some shows have no descriptions, so we can't tell which of the upcoming episodes is the one we want to record.
However, TiVo might be able to distinguish between them using some kind of internal identifier. If it was smart, it would respond to "don't record now" by rescheduling the recording for the next time the same episode was on. I'd like to see it get smart.
> shall those advantages be forever
> segregated in the marketplace?
I think openness naturally kills the fixed hardware advantage, because as soon as you open up the software side to all manner of hackery, you inevitably find something for which the provided hardware is inadequate. This creates a need, the market perceives that need, and new hardware is produced to remedy the situation.
> PS1 digital controller through an EMS
> USB2 adapter works wonderfully.
I haven't tried any of the console controller adapters. I probably should.
> do you have any tips for a shareware
> developer to market a game to publishers
> with console contracts?
I've never had any luck "marketing" anything to the game industry; they get a lot of marketing hype, and they tend to be turned off by it. Just hang around the same places they do, make intelligent conversation, and occasionally mention your latest ideas; if they're *good* ideas, the interest comes to you, and you don't have to expend a lot of energy generating it.
YMMV, of course. I seem to have extraordinary luck meeting "names" online, but it's not anything I do consciously.
> Has the glut of Win32 compatible
> games tarnished the reputation of
> the console called "PC running
> Windows XP"?
Yes. There are a lot of people saying the PC is "dead" as a gaming platform because individual PC differences cause unpredictable errors and give certain people unfair advantages, when the *real* culprit is bad programming. (Or bad design. It's hard to get a good gamepad for a PC, I've found.)
> In general, console makers don't
> even want to talk to startups.
In general, startups are composed of people who honestly don't know what the hell they're doing. Demonstrate otherwise, and console manufacturers get very interested in talking things over with you.
It's all politics. If you can't play the political game, you need someone in your startup who knows what he's about -- i.e. he's in the credits of a game worth playing. Or, on the other hand, just go XBox instead... Microsoft will happily jump into bed with more or less anyone that doesn't seem TOO profoundly retarded.
Sony's real concern is double-sided.
First, the reputation of a console can be seriously tarnished if it has a market glut of crappy games. They're worried that eight million bad developers will release eight million pieces of garbage, and people will be unable to find the good games without having to struggle through several bad ones.
Second... and probably more importantly... Sony makes a boatload of money off their developers right now, and if they open up development some of those developers will jump ship and go it alone. The little guys who have no infrastructure of their own will stay on, but the big boys will undoubtedly try to cut Sony out of the picture. That threatens to leave Sony with all their high-maintenance problem children, while the cash cows move on to greener pastures.
Publicly, Sony is more likely to concentrate on describing the first reason than the second.