A lot of datacenters don't allow camera's inside for security reasons. Just think about financial institutions, government contractors, or other businesses that deal with sensitive info. They don't want people taking snapshots of what kind of hardware is installed or what the physical security is like.
I'm not telling anyone how to spend their money. This company won't get my money because what they sell has no value to me. I do find it hard to understand why others find value in what they are selling beyond the novelty of it all.
Can I host their data someplace else? Is it really my data then? If I'm fed up can I leave with my data? The answer to all of these is no. They've built a closed system where people give them money for nothing really at all and you trade this nothing for real world money. The value is nothing. You get to host their data on their server and that's about it. The only people that can really use this data is other players of the game though.
By the way, what are you paying for when you pay your TV bill?
Personally, I don't pay for TV. Generally, you pay for entertainment. Really, I understand that this game is just entertainment. If that's how you like to choose to spend your money, meh, who the hell am I to tell you how to do it?
Let's not loose sight of what this game is doing and why people, like me, are confounded by this:
0xad98b497
That. That is what this game is selling you. Data. No tangable property. Nothing physical, just data. Now the supposed 'value' to these bits is that they represent something in the game world. Now, the game world itself is intangable. So they are selling data that they keep in a database for an intangable world that they created. Here: 0x89bc82f4, $50 for it. I've just created some 'data' in a storage place and it has value to me because I say so and I created it. Wouldn't you like to buy my value for this data? Be the first, think of the investment, going fast, must buy!!
Now, I've read some of the other posts and people have argued that everybody is spending 'virtual' money (meaning the money in your bank account is not 'real') on intangable products such as programs, mp3s, jpegs, etc. The problem is that the value for any of these is still based in the real world. For jpegs, mp3s, or other media, you're not paying for the data, you're paying for the content of the data. The data is just the distribution method. Whether it's on CD, tape, or vinyl, the music from a song was created by an artist and that is what is valuable and what you are paying for. For a program you are paying for a programmers skill (if you can't make it yourself) or their time. The money in your bank is backed by the govenment that runs your country and is linked to tangable products (gold I believe for most countries). For this game though, what are you paying for? Data points in a database that have somehow been 'given' to you. Can I take them home? Can I print them out? Can I save them to my computer? Can I change them?
...The proper thing to do is always pass on correctly-formed input...
That's what this attack exploits: two interpretations of what is 'correctly-formed input'. The cache/proxy looks at the request and says "yep looks good" and sends it on. It sees valid input. The workstation, on the other hand, takes the same request and sees something different, hence the exploit. It won't make a difference if the cache/proxy rewrites it or not, because it will simply repeat the attack to the workstation. If you mean that the proxy should translate the initial input into something it considers valid output then you run into slews of bugs trying to decide what the client was really trying to say (which could also be exploited).
Slashdot Mirror
A lot of datacenters don't allow camera's inside for security reasons. Just think about financial institutions, government contractors, or other businesses that deal with sensitive info. They don't want people taking snapshots of what kind of hardware is installed or what the physical security is like.
I'm not telling anyone how to spend their money. This company won't get my money because what they sell has no value to me. I do find it hard to understand why others find value in what they are selling beyond the novelty of it all.
Can I host their data someplace else? Is it really my data then? If I'm fed up can I leave with my data? The answer to all of these is no. They've built a closed system where people give them money for nothing really at all and you trade this nothing for real world money. The value is nothing. You get to host their data on their server and that's about it. The only people that can really use this data is other players of the game though.
By the way, what are you paying for when you pay your TV bill?
Personally, I don't pay for TV. Generally, you pay for entertainment. Really, I understand that this game is just entertainment. If that's how you like to choose to spend your money, meh, who the hell am I to tell you how to do it?
Now, I've read some of the other posts and people have argued that everybody is spending 'virtual' money (meaning the money in your bank account is not 'real') on intangable products such as programs, mp3s, jpegs, etc. The problem is that the value for any of these is still based in the real world. For jpegs, mp3s, or other media, you're not paying for the data, you're paying for the content of the data. The data is just the distribution method. Whether it's on CD, tape, or vinyl, the music from a song was created by an artist and that is what is valuable and what you are paying for. For a program you are paying for a programmers skill (if you can't make it yourself) or their time. The money in your bank is backed by the govenment that runs your country and is linked to tangable products (gold I believe for most countries). For this game though, what are you paying for? Data points in a database that have somehow been 'given' to you. Can I take them home? Can I print them out? Can I save them to my computer? Can I change them?
...The proper thing to do is always pass on correctly-formed input...
That's what this attack exploits: two interpretations of what is 'correctly-formed input'. The cache/proxy looks at the request and says "yep looks good" and sends it on. It sees valid input. The workstation, on the other hand, takes the same request and sees something different, hence the exploit. It won't make a difference if the cache/proxy rewrites it or not, because it will simply repeat the attack to the workstation. If you mean that the proxy should translate the initial input into something it considers valid output then you run into slews of bugs trying to decide what the client was really trying to say (which could also be exploited).