My point was that it was similar to what security experts have been saying about the TSA - if a terrorist gets caught trying to smuggle a gun onto a plane, the penalty is high, they'll go to prison - there doesn't need to be a 100% success rate for detecting that to be an effective deterrent. However, if they get caught smuggling in a lighter and 500ml of petrol, they just chuck it in a bin and they get to try again - the TSA have to be 100% effective.
My concern was that it's a similar situation with closed v open source; if someone working for a closed software company puts malicious code into a project and they get caught, they lose their job and face legal action, difficulties finding employment in the future etc. There doesn't need to be 100% detection for it to be an effective deterrent. However, if someone wants to contribute a malicious patch to an open source project, if they get caught they can just set up a new persona and try again - there has to be 100% accuracy in detection of malicious code, and the various C obsfucation contests show that's not an easy task.
As with anything, it's an issue of trust. As Jesus_666 says below, since only trusted people will have direct write access to the code repository, they'll be ones who have invested a lot of time and effort contributing to the project in the past, and that would hopefully be a high-enough barrier to entry.
However, I think the danger in the open source community is that we might get complacent; as more people move to use open source software, the incentive and payoff for investing the time to breach the trust barrier of certain projects may reach the point where we shouldn't ignore the threat. Indeed, I worry that that point may already be here.
And we're not talking about someone breaching the codebase for the kernel, or Firefox or OpenOffice, although the risk for those is still there. I'm more concerned about peripheral projects which have more access than they should, such as google gadgets, or firefox or jquery plugins - get a couple of lines into the right place and you can hijack the browser. I'm sure there are similar weaknesses in other applications.
I guess what I'm saying is that the risks are real, and I can understand where the OPs manager is coming from. Although clearly extreme and I don't agree with the opinion that no open source project can be trusted, I can't help feeling that we arrogantly dismiss the risk altogether at our peril.
Forgive me if I'm being stupid, but this is actually something I worry about. I'm a heavy user of open source, but surely it is true that "anybody can change the source of a project, submit it, and you never know what kind of compiled binary you're going to get" - isn't that kinda the point of open source? And we just hope that someone else notices if the changes are bad?
I know this sounds like I'm trolling, but I'm not - it's a serious question. How do you know you can trust open source projects? I've always assumed that large projects - particularly linux distros and their package repositories - have some kind of QA and code audit system in place, but how do they work? Are a couple of naughty obsfucated lines really going to get caught?
Sure, many eyes on the source code and all that, and there would be the same risk from employees at closed source organisations - only difference being it's easier to get to work on an open source project, and if you get caught adding bad code, you don't lose your job.
This sort of thing is becoming an even bigger problem with the web in general; facebook apps, igoogle gadgets, even things like firefox and jquery plugins - the more I think about it, the more paranoid I become.
What processes are in place to protect users from malicious code?
They're just spamming everyone. However, I'd guess it's pretty easy for someone as large as gmail to filter - there are only a handful of compromised domains that it's serving on.
Does anyone know if the site itself exploits any browser loopholes? The descriptions all say you have to download an executable, but I'm surprised they haven't put some exploits in there for drive-by attacks.
Systems like that also do all the hard work for you - which is great if you know what you're doing, but otherwise when you run into a real problem, or if Plesk goes wrong, you have no idea what to do next.
I agree with the original comment of "dont", as far as setting up your own server at least.
Don't, because the market is full of bedroom hosts who don't know what they're doing.
Don't, because unless you're going into it seriously (and by that I mean investing time and money heavily, hiring enough staff to provide 24/7 support and decent SLAs, and charging appropriately serious money), the margins have to be so low to be competitive that you're losing money when the customer submits more than one ticket a year. Which they will do, because they've come to you, which means they don't know what they're doing.
But most of all, don't, because if you have to ask how to do it, you shouldn't be doing it. You really can't be going into this if you have so little understanding of the issues involved in running a server and the associated services that you need to ask. It's not fair on your paying customers, because when they have a problem, you won't be able to help.
If you want to resell space, do just that - go find a company dedicated to selling reseller accounts. They will give you a whitelabel reseller account and look after all the server issues themselves, leaving you free to pimp out the space.
If you do, just make sure you have an exit strategy, tied to some kind of dead mans switch (even if it's just leaving details with a friend) - I've heard of far too many resellers disappearing, leaving the customers unable to get access to their sites, and the resellers in a difficult position as they should have no direct contact with the end customers.
The olympics games are supposed to be about what the human body can do, not what the human body can do when given an edge - be it through steroids or bionic limbs.
I think an interesting question is why is this chap the current champion at the paralympics - would he still be at the top without his special legs?
I say start up a third olympics, where anything goes - let's see what the human body can do when pumped up on steroids and fitted with the finest bionics money can buy.
Wiki's That should be "Wikis"; you just wrote "Wiki is are great resources". As a general rule, you only need the apostrophe when you're cutting out words or denoting posession. There are many exceptions, but that's a good place to start.
I agree with that, but I've seen a lot of interesting pages that get deleted just for the sake of "Oh, it's not of interest to a wide enough audience" etc. That's absurd - it's not as if each new page costs a significant amount of money to maintain, and who is in a position to decide that anyway? Besides, look at how many pages on obscure sci-fi characters there are, and then tell me that's of relevance to a wide audience...
If it's advertising or devoid of information, delete. Otherwise, live and let live - surely more information has to be better.
Yes and no. Look at the thousands of diseases that have drugs for cure and prevention. Things like cancer and HIV are insanely complicated to treat, not least because we don't fully understand how they work yet.
What is true is that most big drug companies will not develop drugs for small groups because they want a good profit, but then that's why there are some companies who specialise in those kinds of treatments. Niche markets and all that.
And if there's one thing that nationalisation should show us, it's that it doesn't work. People in government writing the cheques miss a few 0s off the end because they want to go to war, they push the organisation in the direction of short-term big headlines, management still take their big bonuses, and it's the people doing the work at the front who get shafted - and go off to work in the private sector where their skills are appreciated.
Yes, I should have been clearer; I meant it cost millions to get the drug to market.
You also have to bear in mind all of the drugs that cost millions but that fail in the last stage of trials and never make it to market. Although that's probably offset a bit by the drugs they do get to market that have unexpected side effects, like avastin or viagra. Hehe, the look on parents' faces when you tell them you want to give their new-born baby viagra...
Drugs cost millions to develop, take years to get to market, so the companies need their IP protection to get their money back and turn a profit. They're businesses, not charities.
I agree that it feels wrong that there are people dying because they can't afford the drugs, but the fact is that the drugs wouldn't exist if it wasn't for the extortionate prices - it wouldn't be worth the drug companies' time.
Yes it can, but as other posters have commented, the main problem seems to be that the games are region coded, so the only option is to find a copy in the same region.
Not necessarily - apparently it has also been banned in Ireland, and things aren't looking good for Australia or Germany (there's a surprise). Still, bless the Netherlands - everything's legal there.
And as I understand it, although EU shops may ship the game to other EU countries, it would be illegal to sell it to someone in the UK - so I'm guessing they won't. Think the only option is to go over there and bring a copy back.
The ban will serve its purpose - adults who go on holiday should still be able to get hold of it, but it will be out of general circulation and children will be protected from the corrupting influences of the game, leaving them safe to go mug, steal and murder based solely on their own imaginations, as it was in the before time, in the long long ago. Balance is restored.
Interesting! But that's the other question - how am I going to get it into the country? As I understand it, it's illegal for a company in Belgium to post it to me, so I guess I'd have to go over there to get it. Mmm, that, some Belgian chocolate and some sight-seeing - sounds like it'd be worth a weekend away:)
I'm in the UK and I was quite looking forward to this game coming out on the Wii. So, when I first heard the news of the banning, I thought that I could pick just one up when I'm in the US next month, but of course there's the NTSC - PAL issue.
Perhaps I could go over to France and pick up a PAL copy there, but would everything in the game be in French? Perhaps you're right - if the UK market is illegal, will they even produce a PAL version in English? Or is Australia PAL rather than NTSC?
It all seems to be rather unclear at the moment. At some point I definitely heard that friend codes would be different for each game, although the fact:rumour ratio is anyone's guess. Mario Strikers apparently creates a friend code that is tied to your Mii - one friend code per Mii that would work across all games would be great, but the Strikers dev team apparently said that that is not the case, it's just how they are doing it.
We'll probably just have to wait and see, but if Strikers are making it up as they go along, it doesn't sound like there's a standardised system for managing friend codes, or at least not for tying your code to a Mii/Wii. Without that, I hold little hope for anything other than the absurd situation of having a different code for every game. They obviously thought it was a good idea for the DS...
I've moved to the other side of the country to my friends, so for me it's either AI or online. I realise Sports is free, but just find it surprising that in these days of broadband that games like Wii Sports, Play or Rayman Rabbits aren't internet enabled. And frustrating that it takes 3 e-mails, writing 16 digit codes on bits of paper, and that classic "No, we both have to type in the other's friend code first" conversation to get hooked up to a friend's Wii, only to find all I can do is see his crappy Miis. Great. It's ICQ all over again, only without the directory service or any tangible benefit at the end of it. And then we'll have to do it all over again for each and every online game we get. Woo. Guess I'm just too used to PC gaming.
True, and I wish that would be done, but I'm guessing there was a reason (other than laziness) that the Wii didn't ship with it like that in the first place.
Security, piracy and locking out homebrew are a possibility, although they do seem a little unlikely seeing as you can transfer to and from it anyway. Access speed might be a factor, but seems even less likely - I'm sure it's faster than the interfaces the VC games ran over originally. Of course, they may have just designed it that way so that they could sell an extra hard drive add-on 6 months later...
The only other thing I can think of is that Nintendo is trying their hardest, for whatever Uwe Boll-style reason, to get the Wii to fail. They certainly seem to hell-bent on squandering and sabotaging every opportunity they get - friend codes, lack of online games (Wii Sports - what a waste), no online community features (why did they discard the idea of a Mii-based PS3-style home?), overpriced vc with no demos (yet) or descriptions for anyone who didn't get the chance to try them out the first time, lack of video support, locking out homebrew, etc etc. Yes, I'm sure there are good reasons for all these things, but I don't care - watching what they do really does sometimes just piss me off.
Slashdot Mirror
It's is "it is". I believe you meant to use the possessive form, which would be "its".
My point was that it was similar to what security experts have been saying about the TSA - if a terrorist gets caught trying to smuggle a gun onto a plane, the penalty is high, they'll go to prison - there doesn't need to be a 100% success rate for detecting that to be an effective deterrent. However, if they get caught smuggling in a lighter and 500ml of petrol, they just chuck it in a bin and they get to try again - the TSA have to be 100% effective.
My concern was that it's a similar situation with closed v open source; if someone working for a closed software company puts malicious code into a project and they get caught, they lose their job and face legal action, difficulties finding employment in the future etc. There doesn't need to be 100% detection for it to be an effective deterrent. However, if someone wants to contribute a malicious patch to an open source project, if they get caught they can just set up a new persona and try again - there has to be 100% accuracy in detection of malicious code, and the various C obsfucation contests show that's not an easy task.
As with anything, it's an issue of trust. As Jesus_666 says below, since only trusted people will have direct write access to the code repository, they'll be ones who have invested a lot of time and effort contributing to the project in the past, and that would hopefully be a high-enough barrier to entry.
However, I think the danger in the open source community is that we might get complacent; as more people move to use open source software, the incentive and payoff for investing the time to breach the trust barrier of certain projects may reach the point where we shouldn't ignore the threat. Indeed, I worry that that point may already be here.
And we're not talking about someone breaching the codebase for the kernel, or Firefox or OpenOffice, although the risk for those is still there. I'm more concerned about peripheral projects which have more access than they should, such as google gadgets, or firefox or jquery plugins - get a couple of lines into the right place and you can hijack the browser. I'm sure there are similar weaknesses in other applications.
I guess what I'm saying is that the risks are real, and I can understand where the OPs manager is coming from. Although clearly extreme and I don't agree with the opinion that no open source project can be trusted, I can't help feeling that we arrogantly dismiss the risk altogether at our peril.
Forgive me if I'm being stupid, but this is actually something I worry about. I'm a heavy user of open source, but surely it is true that "anybody can change the source of a project, submit it, and you never know what kind of compiled binary you're going to get" - isn't that kinda the point of open source? And we just hope that someone else notices if the changes are bad?
I know this sounds like I'm trolling, but I'm not - it's a serious question. How do you know you can trust open source projects? I've always assumed that large projects - particularly linux distros and their package repositories - have some kind of QA and code audit system in place, but how do they work? Are a couple of naughty obsfucated lines really going to get caught?
Sure, many eyes on the source code and all that, and there would be the same risk from employees at closed source organisations - only difference being it's easier to get to work on an open source project, and if you get caught adding bad code, you don't lose your job.
This sort of thing is becoming an even bigger problem with the web in general; facebook apps, igoogle gadgets, even things like firefox and jquery plugins - the more I think about it, the more paranoid I become.
What processes are in place to protect users from malicious code?
This is the funniest post I have seen on slashdot lately. Possibly ever.
Why do I never have mod points when I need them?
They're just spamming everyone. However, I'd guess it's pretty easy for someone as large as gmail to filter - there are only a handful of compromised domains that it's serving on.
Does anyone know if the site itself exploits any browser loopholes? The descriptions all say you have to download an executable, but I'm surprised they haven't put some exploits in there for drive-by attacks.
The underpants gnomes look upon you with disgust.
Systems like that also do all the hard work for you - which is great if you know what you're doing, but otherwise when you run into a real problem, or if Plesk goes wrong, you have no idea what to do next.
I agree with the original comment of "dont", as far as setting up your own server at least.
Don't, because the market is full of bedroom hosts who don't know what they're doing.
Don't, because unless you're going into it seriously (and by that I mean investing time and money heavily, hiring enough staff to provide 24/7 support and decent SLAs, and charging appropriately serious money), the margins have to be so low to be competitive that you're losing money when the customer submits more than one ticket a year. Which they will do, because they've come to you, which means they don't know what they're doing.
But most of all, don't, because if you have to ask how to do it, you shouldn't be doing it. You really can't be going into this if you have so little understanding of the issues involved in running a server and the associated services that you need to ask. It's not fair on your paying customers, because when they have a problem, you won't be able to help.
If you want to resell space, do just that - go find a company dedicated to selling reseller accounts. They will give you a whitelabel reseller account and look after all the server issues themselves, leaving you free to pimp out the space.
If you do, just make sure you have an exit strategy, tied to some kind of dead mans switch (even if it's just leaving details with a friend) - I've heard of far too many resellers disappearing, leaving the customers unable to get access to their sites, and the resellers in a difficult position as they should have no direct contact with the end customers.
The olympics games are supposed to be about what the human body can do, not what the human body can do when given an edge - be it through steroids or bionic limbs. I think an interesting question is why is this chap the current champion at the paralympics - would he still be at the top without his special legs? I say start up a third olympics, where anything goes - let's see what the human body can do when pumped up on steroids and fitted with the finest bionics money can buy.
I agree with that, but I've seen a lot of interesting pages that get deleted just for the sake of "Oh, it's not of interest to a wide enough audience" etc. That's absurd - it's not as if each new page costs a significant amount of money to maintain, and who is in a position to decide that anyway? Besides, look at how many pages on obscure sci-fi characters there are, and then tell me that's of relevance to a wide audience...
If it's advertising or devoid of information, delete. Otherwise, live and let live - surely more information has to be better.
Yes and no. Look at the thousands of diseases that have drugs for cure and prevention. Things like cancer and HIV are insanely complicated to treat, not least because we don't fully understand how they work yet.
What is true is that most big drug companies will not develop drugs for small groups because they want a good profit, but then that's why there are some companies who specialise in those kinds of treatments. Niche markets and all that.
And if there's one thing that nationalisation should show us, it's that it doesn't work. People in government writing the cheques miss a few 0s off the end because they want to go to war, they push the organisation in the direction of short-term big headlines, management still take their big bonuses, and it's the people doing the work at the front who get shafted - and go off to work in the private sector where their skills are appreciated.
Yes, I should have been clearer; I meant it cost millions to get the drug to market. You also have to bear in mind all of the drugs that cost millions but that fail in the last stage of trials and never make it to market. Although that's probably offset a bit by the drugs they do get to market that have unexpected side effects, like avastin or viagra. Hehe, the look on parents' faces when you tell them you want to give their new-born baby viagra...
Drugs cost millions to develop, take years to get to market, so the companies need their IP protection to get their money back and turn a profit. They're businesses, not charities.
I agree that it feels wrong that there are people dying because they can't afford the drugs, but the fact is that the drugs wouldn't exist if it wasn't for the extortionate prices - it wouldn't be worth the drug companies' time.
And oh look, Office 2007 isn't supported. Neither is CS3.
Maybe next time.
Now all I need is for Microsoft to release Office for linux, and I can ditch Windows for good! Oh, right.
Adobe CS3 wouldn't go amiss either, but I doubt we'll see that happening any time soon.
Your ideas are intriguing to me and I wish to subscribe to your newsletter.
Yes it can, but as other posters have commented, the main problem seems to be that the games are region coded, so the only option is to find a copy in the same region.
Not necessarily - apparently it has also been banned in Ireland, and things aren't looking good for Australia or Germany (there's a surprise). Still, bless the Netherlands - everything's legal there.
And as I understand it, although EU shops may ship the game to other EU countries, it would be illegal to sell it to someone in the UK - so I'm guessing they won't. Think the only option is to go over there and bring a copy back.
The ban will serve its purpose - adults who go on holiday should still be able to get hold of it, but it will be out of general circulation and children will be protected from the corrupting influences of the game, leaving them safe to go mug, steal and murder based solely on their own imaginations, as it was in the before time, in the long long ago. Balance is restored.
Interesting! But that's the other question - how am I going to get it into the country? As I understand it, it's illegal for a company in Belgium to post it to me, so I guess I'd have to go over there to get it. Mmm, that, some Belgian chocolate and some sight-seeing - sounds like it'd be worth a weekend away :)
I'm in the UK and I was quite looking forward to this game coming out on the Wii. So, when I first heard the news of the banning, I thought that I could pick just one up when I'm in the US next month, but of course there's the NTSC - PAL issue.
Perhaps I could go over to France and pick up a PAL copy there, but would everything in the game be in French? Perhaps you're right - if the UK market is illegal, will they even produce a PAL version in English? Or is Australia PAL rather than NTSC?
After a recent reinstall of steam, I was reading through the news archives - when episode 1 came out, they promised episode 2 in 6 months time.
Think it's just TF2 and portal that have pushed the schedule back and back. Still, reckon it will be worth the wait when it arrives.
Afair, it's literally just a short sequel. As you enjoyed HL2, it's probably worth getting for a few hours of extra gameplay and story.
It all seems to be rather unclear at the moment. At some point I definitely heard that friend codes would be different for each game, although the fact:rumour ratio is anyone's guess. Mario Strikers apparently creates a friend code that is tied to your Mii - one friend code per Mii that would work across all games would be great, but the Strikers dev team apparently said that that is not the case, it's just how they are doing it.
We'll probably just have to wait and see, but if Strikers are making it up as they go along, it doesn't sound like there's a standardised system for managing friend codes, or at least not for tying your code to a Mii/Wii. Without that, I hold little hope for anything other than the absurd situation of having a different code for every game. They obviously thought it was a good idea for the DS...
I've moved to the other side of the country to my friends, so for me it's either AI or online. I realise Sports is free, but just find it surprising that in these days of broadband that games like Wii Sports, Play or Rayman Rabbits aren't internet enabled. And frustrating that it takes 3 e-mails, writing 16 digit codes on bits of paper, and that classic "No, we both have to type in the other's friend code first" conversation to get hooked up to a friend's Wii, only to find all I can do is see his crappy Miis. Great. It's ICQ all over again, only without the directory service or any tangible benefit at the end of it. And then we'll have to do it all over again for each and every online game we get. Woo. Guess I'm just too used to PC gaming.
True, and I wish that would be done, but I'm guessing there was a reason (other than laziness) that the Wii didn't ship with it like that in the first place.
Security, piracy and locking out homebrew are a possibility, although they do seem a little unlikely seeing as you can transfer to and from it anyway. Access speed might be a factor, but seems even less likely - I'm sure it's faster than the interfaces the VC games ran over originally. Of course, they may have just designed it that way so that they could sell an extra hard drive add-on 6 months later...
The only other thing I can think of is that Nintendo is trying their hardest, for whatever Uwe Boll-style reason, to get the Wii to fail. They certainly seem to hell-bent on squandering and sabotaging every opportunity they get - friend codes, lack of online games (Wii Sports - what a waste), no online community features (why did they discard the idea of a Mii-based PS3-style home?), overpriced vc with no demos (yet) or descriptions for anyone who didn't get the chance to try them out the first time, lack of video support, locking out homebrew, etc etc. Yes, I'm sure there are good reasons for all these things, but I don't care - watching what they do really does sometimes just piss me off.