Do you think there is ever a case for software being closed-source?
The example that comes to mind is that of an online game where the server sends information to the client that the client needs to display in a very particular way, but which if displayed by a modified client in some other way to a player might confer that player an advantage. (e.g. a cloaking device which shows up in bright colors instead of nearly transparent). I've never been able to figure out a mechanism that would prevent this kind of cheating that didn't at some point rely on preventing impersonation of an unmodified client - in other words that didn't ultimately rely on security through obscurity. In this situation it seems that a closed-source solution would actually be the only (admittedly imperfect, but better than nothing) defence against cheaters.
RAM == Random Access Memory. This stuff is random access, and looks like memory to me. It's also solid-state, fast, and magnetic. So MRAM seems a perfectly reasonable acronym. What's the problem?
Here we go again...we had to steal one to crack the code...blah blah blah.
Stealing the machine is the equivalent of being told the encryption algorithm. Like any secure system, the security does not rest in keeping the algorithm secret, but in keeping the keys secret. Look at modern encryption methods, the algorithms are widely published, but they are still very hard to break. Enigma is the same. The team that broke it were geniuses.
I've noticed a few comments now about how cracking the 3-rotor Enigma can't have been hard because we stole one to play with. All having an Enigma tells you is the algorithm, it doesn't tell you keys. Like most good encryption methods, Enigma's security doesn't rest in the algorithm, but in the keys. For example, everybody knows the Blowfish or RSA algorithms (or can look then up on the net), but that doesn't mean they are insecure because deciphering a message is still a very hard problem.
The Station-X guys were geniuses because they found ways to discover the keys used for messages by examining ciphertext, and hence recover the plaintext.
Of course, that didn't stop my government hounding Alan Turing after the war for being a homosexual, quite probably leading to his eventual suicide.
Why then, would anyone choose the x-box over a computer, since the games for the x-box and the computer will be so similar
Ah, but will they be similar? I agree that from a technical point of view it will be easier to port PC games to or from the XBox than other consoles, but that doesn't necessarily imply that this is what most game developers will do.
Fact is that consoles and PC are generally suited to different types of games (with some overlap, of course) - and it's not really anything to do with the technology. The PC environment has the user sitting on his/her own, close to a high resolution display, with a mouse and keyboard. The console has one or more users sitting in the same room, some distance from a low resolution display, with a gamepad. It makes sense that different games are suited to the different situations.
Many PlayStation owners are also PC owners. I assume that the same would apply to XBox owners. The question is not how XBox compares to a PC, but how XBox compares to other game consoles.
By the way, did you hear why they are using Intel chips rather than Athlons? Intel is giving MS the chips for free. AMD wouldn't give the chips away.
I assume you're referring to the quote from an AMD exec saying something along the lines of "we weren't prepared to give our chips away". I don't imagine that this means that Intel is literally giving away their chips, but more that they came down to a very low price that AMD couldn't afford to match.
Root exploits tend to get closed, pronto. Whilst newbies wouldn't check to see if a program installed itself suid root, experienced users would, and would let the world know if a paint program from www.reallycoolsoftware.com was installing itself suid root for no good reason. So propagation by infecting system software would be pretty damn difficult.
Of course, experienced users don't just blindly run whatever executable attachments arrive in their email either. Newbies and the less computer literate, OTOH just think "Cool! VIRUS.EXE, wonder what that does...".
Right now, Linux hasn't suffered to anything like the same extent as Windows because a far higher proportion of Linux users are clueful enough to take reasonable care of their system. If Linux gains mainstream consumer acceptance, the average expertise of the userbase will go down, and viruses will find it easier to propagate.
By porting the player to Linux, they help keep Windows Media alive. Since they're probably not planning to port the server anytime soon, that seems like a pretty good motive to me.
Who determines the boundaries for anything we do? Who says "we're going to make it illegal to steal things, or kill people"? Society does. In other words, we all do. If we, collectively, think there should be a law about something, then we use democracy to either directly or indirectly (via a politician) vote for it.
I personally happen to think that making it illegal to incite people to commit crimes is a perfectly reasonable curtailment of free speech.
There is a difference between expressing a distasteful racial view and actually inciting crime.
Whoah, hang on a second. Freedom is okay, up to a point. The point is generally the point at which you might start infringing the freedom of others. This principle is the basis for many laws. For example, if I were to shoot you, then I might infringe your freedom to continue breathing; therefore society, quite reasonably, decides to make it illegal, even though this does actually reduce my freedom to some degree (I am no longer free to shoot you).
Similarly, society thinks that inciting people to commit crimes is also a freedom we should curtail. Again, this seems pretty reasonable to me. Free speech, like any other freedom, needs to operate within boundaries.
Some of the more extreme racist material does incite people to commit some pretty horrific crimes. I think society would be failing to protect the freedom of its citizens if it didn't try to curtail it.
A program started by ANY user can do anything it wants on that system
Er, no. There might be many problems with NT/Win2K, but this isn't one of them. What a program is allowed to do depends on the permissions it has - if I'm a regular user then I certainly can't go poking around in bits of the system that don't belong to me.
Now, it is possible that there may be a bug which allows a malicious program to circumvent this security, but it's certainly not a property of the system design.
There are two deals available, you can contract or be permanent. Contractors get paid more than permanent employees, but permanents get stock benefits.
Now, it looks as though contractors are (in effect) asking to be allowed to change which deal they chose retrospectively. So, by the same token, if the stock tanks, should permanents be allowed to retrospectively change their deal to get cash instead of worthless stock options? No, didn't think so.
You could argue that the contractors didn't have the option to be permanent employees, but that's not really the point. They almost certainly had the option to be permanent employees somewhere. Furthermore, so what if a company employs the bulk of its staff as contractors - market forces should mean that it has to offer compensation packages viewed as equivalent to its competitors or it won't attract good staff.
Hang on a second. Contractors typically get paid more in basic salary than their permanent equivalents. They get paid more because they don't get benefits that are open to permanents (healthcare, stock schemes, whatever). I know many contractors at various companies, including MS, that have been offered permanent positions but turned them down because they prefer the flexibility of contracting.
When you sign a contract, you see the work that you're going to do, and you see what compensation you'll be given for doing it. If you don't like the deal, then don't sign it!
If PS2 is a failure, then it could hurt Sony a lot (unless the reason it's a failure is that everyone keeps buying PS1 and PS1 games). Over 50% of Sony profit derives from their PlayStation business. So yes, they would still be profitable if PS2 tanked, but the hit would certainly be big enough to radically impact the stock price.
And Inprise/Borland thought they were getting valid data before slashdot linked? Wow. Anyone who believes that self-selecting polls ever give valid results needs help.
The fundamental measure of security is "how hard is this to break?", expressed in terms of how long it takes to compromise given X resources.
The reason why we think security through obscurity is bad is because, by this metric, it takes very little time to break. With security through obscurity you're not up against the combinatorics of a secure key, but merely have the time taken to disassemble, reverse engineer, or otherwise unobscure the protocol. What's worse is that, unlike security residing in a key, once you've broken an obscured protocol once, you can usually use the same solution again and again for other instances of the same protocol.
Security through obscurity therefore gives you some small fixed 'amount' of security, which is insufficient to repel a concerted attack, and is dwarfed by the security provided by a disclosed system where the security resides in some set of keys.
However, the Quake problem presents us with a challenge. There doesn't appear to be a disclosed protocol which deals with the problem (at least, none has been suggested). In other words, the 'amount' of security provided by a disclosed solution in this case is zero. We then have to look at other options. Surveying the field, it looks like obscurity is the only proposed mechansim that provides a non-zero amount of security.
We should feel uneasy about this, but that shouldn't prevent us from making the pragmatic decision. If you're writing a multiplayer game, and need security against cheating, you may have to rely on obscurity. To suggest otherwise, without proposing a disclosed solution which works in practice, is IMHO irrational zealotry.
So, what you're saying it that it's fine to fuck up a perfectly good game, because in doing so you further the glorious Open Source movement? I guess that's a marginally defensible position (and is bound to attract lots of karma), but isn't it at least as reasonable to say "gee, y'know what, maybe there are some things that just shouldn't be Open Source".
Look at it this way: I've not seen any practical solutions proposed that don't ultimately rely on security through obscurity. Perhaps this is because of something fundamental about the problem that only permits such solutions. If this is the case, then you might as well have the most obscure obscurity you can lay your hands on. Which means closed source.
Incidentally, I really hope I'm wrong (I'm working on a network game myself and I'm bashing up against this very problem), and if anyone comes up with a solution that doesn't rely on security through obscurity then I'm sure there would be lots of us that would love to hear about it. Until then, it looks like closed source is the way to go.
It's just software. Ultimately, even if every computer in the world spontaneously combusted tomorrow, we'd still find a way to survive. However, if the environment gets screwed up too badly then it may not be possible at all.
You seem to believe that rainforest logging or chemical dumping is some localised problem that only effects this group of people, or that patch of ecology. The truth is that these problems can affect everyone in the world, including the vast majority of people who have never even seen a computer, let alone been forced to use Office. What's worse is that the effects may be impossible to reverse, however much economic effort is expended.
Furthermore, my original point was just to provide an example of something that was morally worse than working for MS. I'd reckoned without the rabid/. mentality that loading anthrax into Scud missiles (or whatever - it's just an example) is a more acceptable occupation than working for Bill.
I'm just pointing out that the cries of "resign!" are really rather glib. Very easy to say "I wouldn't take the money" when it's not actually being offered to you. Very easy to take the high moral ground when it's not actually you on the spot.
I've quit my job because I didn't believe in the company I was working for anymore (I even took a paycut to do it), and yes, I felt better too. But at the same time, I'm honest enough to admit that if someone had offered me a couple million dollars to stay then I would have done.
Does that mean I'd do anything for money? Of course not! Does it make me human? Yup.
Easy to say if you're not stock-optioned to the hilt. A couple of million dollars worth of stock options, especially if you have dependents, is quite something to just throw away. It's not even as though MS is the most evil corporation on the planet - plenty of chemical companies, or rainforest loggers that are IMHO far worse (and they all have IT departments).
Last I checked, people were already suing parents (at least in the US). IIRC the parents of one of the victims of one of the recent high-school shootings (how depressing is that sentance?) is suing the parents of one of the perpetrators. It's a development I find somewhat distasteful, but that's a whole other discussion.
With everyone whining about the smooth scrolling in IE (someone even using Tweak UI to kill it) I think I should probably mention that if you go to the Tools/Internet Options... menu you can turn it off.
The anticompetitive hardware that would prevent this would attract farrrrrr too much legal/PR flack that MS doesn't need for any reason.
Why? It's just like Sony, Sega, or Nintendo. They have hardware that prevents you running unauthorised software, and they don't seem to have run into the legal/PR flack you suggest.
I'm sure there will be hardware protection against running unauthorised software, if only to provide a reasonable anti-piracy measure (something games publishers take very seriously). Piracy is much worse on a PC than consoles, at least partly because to defeat console copy-protection you have to do something to the physical device, whereas defeating PC copy-protection can be done entirely in software. So MS would be crazy not to have hardware protection.
It's also perfectly spinnable to say that ordinary apps (i.e. games) are prevented from hitting the relevant parts of the disk (like the bootsector) in order to prevent errant apps trashing consumers devices. Et voila! No way to install another OS. All with perfectly reasonable explanations.
Interesting to apply this exact argument to Microsoft. Just as RedHat execs have a legal and moral duty to maximise the RedHat stock price, so do execs at MS. Looks like they're doing a pretty good job...
If you don't like the end result, blame capitalism, not an individual company.
Slashdot Mirror
The example that comes to mind is that of an online game where the server sends information to the client that the client needs to display in a very particular way, but which if displayed by a modified client in some other way to a player might confer that player an advantage. (e.g. a cloaking device which shows up in bright colors instead of nearly transparent). I've never been able to figure out a mechanism that would prevent this kind of cheating that didn't at some point rely on preventing impersonation of an unmodified client - in other words that didn't ultimately rely on security through obscurity. In this situation it seems that a closed-source solution would actually be the only (admittedly imperfect, but better than nothing) defence against cheaters.
RAM == Random Access Memory. This stuff is random access, and looks like memory to me. It's also solid-state, fast, and magnetic. So MRAM seems a perfectly reasonable acronym. What's the problem?
Stealing the machine is the equivalent of being told the encryption algorithm. Like any secure system, the security does not rest in keeping the algorithm secret, but in keeping the keys secret. Look at modern encryption methods, the algorithms are widely published, but they are still very hard to break. Enigma is the same. The team that broke it were geniuses.
The Station-X guys were geniuses because they found ways to discover the keys used for messages by examining ciphertext, and hence recover the plaintext.
Of course, that didn't stop my government hounding Alan Turing after the war for being a homosexual, quite probably leading to his eventual suicide.
Ah, but will they be similar? I agree that from a technical point of view it will be easier to port PC games to or from the XBox than other consoles, but that doesn't necessarily imply that this is what most game developers will do.
Fact is that consoles and PC are generally suited to different types of games (with some overlap, of course) - and it's not really anything to do with the technology. The PC environment has the user sitting on his/her own, close to a high resolution display, with a mouse and keyboard. The console has one or more users sitting in the same room, some distance from a low resolution display, with a gamepad. It makes sense that different games are suited to the different situations.
Many PlayStation owners are also PC owners. I assume that the same would apply to XBox owners. The question is not how XBox compares to a PC, but how XBox compares to other game consoles.
I assume you're referring to the quote from an AMD exec saying something along the lines of "we weren't prepared to give our chips away". I don't imagine that this means that Intel is literally giving away their chips, but more that they came down to a very low price that AMD couldn't afford to match.
Of course, experienced users don't just blindly run whatever executable attachments arrive in their email either. Newbies and the less computer literate, OTOH just think "Cool! VIRUS.EXE, wonder what that does...".
Right now, Linux hasn't suffered to anything like the same extent as Windows because a far higher proportion of Linux users are clueful enough to take reasonable care of their system. If Linux gains mainstream consumer acceptance, the average expertise of the userbase will go down, and viruses will find it easier to propagate.
By porting the player to Linux, they help keep Windows Media alive. Since they're probably not planning to port the server anytime soon, that seems like a pretty good motive to me.
Who determines the boundaries for anything we do? Who says "we're going to make it illegal to steal things, or kill people"? Society does. In other words, we all do. If we, collectively, think there should be a law about something, then we use democracy to either directly or indirectly (via a politician) vote for it.
I personally happen to think that making it illegal to incite people to commit crimes is a perfectly reasonable curtailment of free speech.
There is a difference between expressing a distasteful racial view and actually inciting crime.
Whoah, hang on a second. Freedom is okay, up to a point. The point is generally the point at which you might start infringing the freedom of others. This principle is the basis for many laws. For example, if I were to shoot you, then I might infringe your freedom to continue breathing; therefore society, quite reasonably, decides to make it illegal, even though this does actually reduce my freedom to some degree (I am no longer free to shoot you).
Similarly, society thinks that inciting people to commit crimes is also a freedom we should curtail. Again, this seems pretty reasonable to me. Free speech, like any other freedom, needs to operate within boundaries.
Some of the more extreme racist material does incite people to commit some pretty horrific crimes. I think society would be failing to protect the freedom of its citizens if it didn't try to curtail it.
A program started by ANY user can do anything it wants on that system
Er, no. There might be many problems with NT/Win2K, but this isn't one of them. What a program is allowed to do depends on the permissions it has - if I'm a regular user then I certainly can't go poking around in bits of the system that don't belong to me.
Now, it is possible that there may be a bug which allows a malicious program to circumvent this security, but it's certainly not a property of the system design.
Sigh. Notice how I said profit not income? Games account for roughly half the profit.
There are two deals available, you can contract or be permanent. Contractors get paid more than permanent employees, but permanents get stock benefits.
Now, it looks as though contractors are (in effect) asking to be allowed to change which deal they chose retrospectively. So, by the same token, if the stock tanks, should permanents be allowed to retrospectively change their deal to get cash instead of worthless stock options? No, didn't think so.
You could argue that the contractors didn't have the option to be permanent employees, but that's not really the point. They almost certainly had the option to be permanent employees somewhere. Furthermore, so what if a company employs the bulk of its staff as contractors - market forces should mean that it has to offer compensation packages viewed as equivalent to its competitors or it won't attract good staff.
Hang on a second. Contractors typically get paid more in basic salary than their permanent equivalents. They get paid more because they don't get benefits that are open to permanents (healthcare, stock schemes, whatever). I know many contractors at various companies, including MS, that have been offered permanent positions but turned them down because they prefer the flexibility of contracting.
When you sign a contract, you see the work that you're going to do, and you see what compensation you'll be given for doing it. If you don't like the deal, then don't sign it!
If PS2 is a failure, then it could hurt Sony a lot (unless the reason it's a failure is that everyone keeps buying PS1 and PS1 games). Over 50% of Sony profit derives from their PlayStation business. So yes, they would still be profitable if PS2 tanked, but the hit would certainly be big enough to radically impact the stock price.
And Inprise/Borland thought they were getting valid data before slashdot linked? Wow. Anyone who believes that self-selecting polls ever give valid results needs help.
The fundamental measure of security is "how hard is this to break?", expressed in terms of how long it takes to compromise given X resources.
The reason why we think security through obscurity is bad is because, by this metric, it takes very little time to break. With security through obscurity you're not up against the combinatorics of a secure key, but merely have the time taken to disassemble, reverse engineer, or otherwise unobscure the protocol. What's worse is that, unlike security residing in a key, once you've broken an obscured protocol once, you can usually use the same solution again and again for other instances of the same protocol.
Security through obscurity therefore gives you some small fixed 'amount' of security, which is insufficient to repel a concerted attack, and is dwarfed by the security provided by a disclosed system where the security resides in some set of keys.
However, the Quake problem presents us with a challenge. There doesn't appear to be a disclosed protocol which deals with the problem (at least, none has been suggested). In other words, the 'amount' of security provided by a disclosed solution in this case is zero. We then have to look at other options. Surveying the field, it looks like obscurity is the only proposed mechansim that provides a non-zero amount of security.
We should feel uneasy about this, but that shouldn't prevent us from making the pragmatic decision. If you're writing a multiplayer game, and need security against cheating, you may have to rely on obscurity. To suggest otherwise, without proposing a disclosed solution which works in practice, is IMHO irrational zealotry.
So, what you're saying it that it's fine to fuck up a perfectly good game, because in doing so you further the glorious Open Source movement? I guess that's a marginally defensible position (and is bound to attract lots of karma), but isn't it at least as reasonable to say "gee, y'know what, maybe there are some things that just shouldn't be Open Source".
Look at it this way: I've not seen any practical solutions proposed that don't ultimately rely on security through obscurity. Perhaps this is because of something fundamental about the problem that only permits such solutions. If this is the case, then you might as well have the most obscure obscurity you can lay your hands on. Which means closed source.
Incidentally, I really hope I'm wrong (I'm working on a network game myself and I'm bashing up against this very problem), and if anyone comes up with a solution that doesn't rely on security through obscurity then I'm sure there would be lots of us that would love to hear about it. Until then, it looks like closed source is the way to go.
It's just software. Ultimately, even if every computer in the world spontaneously combusted tomorrow, we'd still find a way to survive. However, if the environment gets screwed up too badly then it may not be possible at all.
/. mentality that loading anthrax into Scud missiles (or whatever - it's just an example) is a more acceptable occupation than working for Bill.
You seem to believe that rainforest logging or chemical dumping is some localised problem that only effects this group of people, or that patch of ecology. The truth is that these problems can affect everyone in the world, including the vast majority of people who have never even seen a computer, let alone been forced to use Office. What's worse is that the effects may be impossible to reverse, however much economic effort is expended.
Furthermore, my original point was just to provide an example of something that was morally worse than working for MS. I'd reckoned without the rabid
I'm just pointing out that the cries of "resign!" are really rather glib. Very easy to say "I wouldn't take the money" when it's not actually being offered to you. Very easy to take the high moral ground when it's not actually you on the spot.
I've quit my job because I didn't believe in the company I was working for anymore (I even took a paycut to do it), and yes, I felt better too. But at the same time, I'm honest enough to admit that if someone had offered me a couple million dollars to stay then I would have done.
Does that mean I'd do anything for money? Of course not! Does it make me human? Yup.
Easy to say if you're not stock-optioned to the hilt. A couple of million dollars worth of stock options, especially if you have dependents, is quite something to just throw away. It's not even as though MS is the most evil corporation on the planet - plenty of chemical companies, or rainforest loggers that are IMHO far worse (and they all have IT departments).
That's like suing parents
Last I checked, people were already suing parents (at least in the US). IIRC the parents of one of the victims of one of the recent high-school shootings (how depressing is that sentance?) is suing the parents of one of the perpetrators. It's a development I find somewhat distasteful, but that's a whole other discussion.
With everyone whining about the smooth scrolling in IE (someone even using Tweak UI to kill it) I think I should probably mention that if you go to the Tools/Internet Options... menu you can turn it off.
The anticompetitive hardware that would prevent this would attract farrrrrr too much legal/PR flack that MS doesn't need for any reason.
Why? It's just like Sony, Sega, or Nintendo. They have hardware that prevents you running unauthorised software, and they don't seem to have run into the legal/PR flack you suggest.
I'm sure there will be hardware protection against running unauthorised software, if only to provide a reasonable anti-piracy measure (something games publishers take very seriously). Piracy is much worse on a PC than consoles, at least partly because to defeat console copy-protection you have to do something to the physical device, whereas defeating PC copy-protection can be done entirely in software. So MS would be crazy not to have hardware protection.
It's also perfectly spinnable to say that ordinary apps (i.e. games) are prevented from hitting the relevant parts of the disk (like the bootsector) in order to prevent errant apps trashing consumers devices. Et voila! No way to install another OS. All with perfectly reasonable explanations.
Interesting to apply this exact argument to Microsoft. Just as RedHat execs have a legal and moral duty to maximise the RedHat stock price, so do execs at MS. Looks like they're doing a pretty good job...
If you don't like the end result, blame capitalism, not an individual company.