Excuse me if I'm a little slow today - are you being sarcastic?
1. Hard core pornography has as much to do with sex as it's commonly practiced as the Star Wars movies have to do with what NASA is doing. 2. Which European country airs hard core porn on prime time TV? 3. This may come as a shock to you, but six year olds know they have genitals. 4. Do you really think that answering a child's innocent question that might bring up a subject with sexual connotations is equivalent to sitting them in front of a TV showing hard core pornography?
a) who says electrical engineers / connector designers are not perverted?
Let that be a letton to y'all, folks: If your kid asks you a simple question, that has a perfectly simple answer, and the only answer you can provide is "ummm... ahhh", your kid is going to grow up into someone who thinks that the mechanics of human sexual behavior is "perverted".
An aiborne, highly infectious AIDS variant would be a problem, because it might take years for people to realize that the infection is taking place, since it takes so long for the symptoms to show. By then, it might be too late.
Can a 2GHz PC with only 128MB RAM really compare with a 600MHz PC with 1GB RAM?
Of course not. My rule of thumb is to knock off enough MHz from the CPU you think would be cool to have, to cover the cost of doubling (or more) the amount of RAM. For common tasks, this makes a huge difference in performance. That's the advice I give to everybody who makes the mistake of asking me, and then they look at me funny.
I wonder if this is some screwy cost-saving measure?
Gee, I have no idea! But I have a gut feeling that it is.
Your point is valid - I forgot about the stupid amounts of RAM manufacturers ship their low-cost machines with.
Or, rephrased, with a measure of good manners: Today's computers are fast enough for average home use. Not just some computers - everything you're likely to buy new is going to get the job done.
That's funny - I've usually seen red PCB used for prototype boards during development, where the obvious difference in color made it obvious that you shouldn't ship them to customers, or use them for anything important.
Everybody I've talked to about FF was completely appreciative of the CG.
Maybe you should ask more people. I found FF almost impossible to watch, because of the animation. It had portions where the animation was unbelievably good (probably due to the use of motion capture), and then the character's next movement would be stiff and unnatural, only to go back to being very life like the next second. The transitions were obvious, and very distracting.
The rendering quality was just as spotty - the hair was as close to perfect as you can get, but the clothes looked like rubber sheets. Hmmm... Rubber...
All in all, I found it to be a tour de force of technology, but it failed to present a coherent artistic vision. Movies like Shrek and Toy Story did much better in that respect.
Thanks for the information. If nothing else, this discussion shows that the problem reported in the article is more application specific than the author would have you believe it is.
This kind of exploit should be documented and understood by application programmers, of course. It's in the same class of bugs as using strcpy() on arbitrary user input. If you interview someone for a programming position, and they can't tell you why that's a bad idea, you should be worried.
You missed the point, I'm afraid. Once the data has been copied into the exploited app's address space, nothing the developer does can secure it 100%. The described exploits relies on two properties of the Win32 API:
1) It lets you copy arbitrary data into another process. 2) It lets you force another process to jump to an arbitrary address by faking a WM_TIME message. It's actually the default window procedure that does this.
So, in theory, there should be a certain class of applications that would allow you to inject an exploit into their address space, using WM_COPYDATA, and then jump to that data (from another thread, possibly, introducing the delicate timing issues), and executing it. Note that this can be done before the application code gets a chance to look at the WM_COPYDATA message.
Upon closer reading of the WM_TIMER message documentation, several things come to mind that could make this attack less problematic. The OS could filter all WM_TIMER messages, and discard the ones whose LParam doesn't contain an address that was previously registered as a timer callback.
Actually, with careful timing, you might be able to pull this attack off on an app that doesn't have ANY windows. If the application in question makes use of the WM_COPYDATA message, this might prove to be trivial. Even if it isn't, you can still map arbitrary data into an application's memory space using WM_COPYDATA.
I suspect that most people will be turned off of these tools because installing them involves recompiling their copy of GCC. If didstributions started packaging patched copies of GCC, this may change.
True, but searching freshmeat for "profiler" doesn't bring up your project. OProfile does show up, though, so I guess most people don't go any further.
I've never heard of tsprof until I read your post here. Maybe that's part of your problem. When I searched Google for 'Linux profiler', It didn't show up in the first fifty results or so. This means I wouldn't have found it had I been looking for a profiler right now. Maybe the text on your web page should include the word "profiler"? I would assume that most people looking for a profiler would search for it by that name.
You could try getting more people to link to your web page, or find other ways to get the word out. Unfortunately, you have pretty tough competition, and you can't beat their price. I don't know what you've done to market tsprof, but it was probably not enough, or it was done the wrong way.
Your Flat profile window looks awsome, by the way. Would have been cool if you colored it using only 4 colors, though...
Slashdot Mirror
You're absolutely right.
"Why does your graphics card have so much..."
Is probably better.
Excuse me if I'm a little slow today - are you being sarcastic?
1. Hard core pornography has as much to do with sex as it's commonly practiced as the Star Wars movies have to do with what NASA is doing.
2. Which European country airs hard core porn on prime time TV?
3. This may come as a shock to you, but six year olds know they have genitals.
4. Do you really think that answering a child's innocent question that might bring up a subject with sexual connotations is equivalent to sitting them in front of a TV showing hard core pornography?
a) who says electrical engineers / connector designers are not perverted?
Let that be a letton to y'all, folks: If your kid asks you a simple question, that has a perfectly simple answer, and the only answer you can provide is "ummm... ahhh", your kid is going to grow up into someone who thinks that the mechanics of human sexual behavior is "perverted".
An aiborne, highly infectious AIDS variant would be a problem, because it might take years for people to realize that the infection is taking place, since it takes so long for the symptoms to show. By then, it might be too late.
Can a 2GHz PC with only 128MB RAM really compare with a 600MHz PC with 1GB RAM?
Of course not. My rule of thumb is to knock off enough MHz from the CPU you think would be cool to have, to cover the cost of doubling (or more) the amount of RAM. For common tasks, this makes a huge difference in performance. That's the advice I give to everybody who makes the mistake of asking me, and then they look at me funny.
I wonder if this is some screwy cost-saving measure?
Gee, I have no idea! But I have a gut feeling that it is.
Your point is valid - I forgot about the stupid amounts of RAM manufacturers ship their low-cost machines with.
Or, rephrased, with a measure of good manners: Today's computers are fast enough for average home use. Not just some computers - everything you're likely to buy new is going to get the job done.
Does that really surprise anybody?
This was invented in Israel, which has a long, sunny and dry summer. Winter's aren't that nuch different.
Opensource wireless hackers, are you working on this?
*Yawn*
No, we're not. Can I go back to sleep now?
Also, the red PCB is nice
That's funny - I've usually seen red PCB used for prototype boards during development, where the obvious difference in color made it obvious that you shouldn't ship them to customers, or use them for anything important.
There's a first time for everything.
Next thing you know, we'll Slashdot Mike Keneally's site.
The internet is full of heart breaking tales of failure. Here's another one, if you enjoy this sort of thing.
So what if you've never heard of the guy. He still failed miserably, if spectacualrly.
Everybody I've talked to about FF was completely appreciative of the CG.
Maybe you should ask more people. I found FF almost impossible to watch, because of the animation. It had portions where the animation was unbelievably good (probably due to the use of motion capture), and then the character's next movement would be stiff and unnatural, only to go back to being very life like the next second. The transitions were obvious, and very distracting.
The rendering quality was just as spotty - the hair was as close to perfect as you can get, but the clothes looked like rubber sheets. Hmmm... Rubber...
All in all, I found it to be a tour de force of technology, but it failed to present a coherent artistic vision. Movies like Shrek and Toy Story did much better in that respect.
Thanks for the information. If nothing else, this discussion shows that the problem reported in the article is more application specific than the author would have you believe it is.
This kind of exploit should be documented and understood by application programmers, of course. It's in the same class of bugs as using strcpy() on arbitrary user input. If you interview someone for a programming position, and they can't tell you why that's a bad idea, you should be worried.
Not really - in some cases (subclassed windows, for example), a control's window procedure might want to trap a message, and then re send it.
You missed the point, I'm afraid. Once the data has been copied into the exploited app's address space, nothing the developer does can secure it 100%. The described exploits relies on two properties of the Win32 API:
1) It lets you copy arbitrary data into another process.
2) It lets you force another process to jump to an arbitrary address by faking a WM_TIME message. It's actually the default window procedure that does this.
So, in theory, there should be a certain class of applications that would allow you to inject an exploit into their address space, using WM_COPYDATA, and then jump to that data (from another thread, possibly, introducing the delicate timing issues), and executing it. Note that this can be done before the application code gets a chance to look at the WM_COPYDATA message.
Upon closer reading of the WM_TIMER message documentation, several things come to mind that could make this attack less problematic. The OS could filter all WM_TIMER messages, and discard the ones whose LParam doesn't contain an address that was previously registered as a timer callback.
Actually, with careful timing, you might be able to pull this attack off on an app that doesn't have ANY windows. If the application in question makes use of the WM_COPYDATA message, this might prove to be trivial. Even if it isn't, you can still map arbitrary data into an application's memory space using WM_COPYDATA.
Here's the WM_COPYDATA documentation. Read it and tremble in fear.
I suspect that most people will be turned off of these tools because installing them involves recompiling their copy of GCC. If didstributions started packaging patched copies of GCC, this may change.
I don't know whether it's a classic (probably not), but http://egoboo.sourceforge.net has a 3D nethack inspired game that looks pretty good.
That's good to know. Those things used to be more expansive.
FPGAs are reprogrammable.
Not by end users. I suspect that the equipment to reprogram them costs more than an xbox
Idiot.
Love your sig.
True, but searching freshmeat for "profiler" doesn't bring up your project. OProfile does show up, though, so I guess most people don't go any further.
They sell them at a loss, but make up for it in volume.
I've never heard of tsprof until I read your post here. Maybe that's part of your problem. When I searched Google for 'Linux profiler', It didn't show up in the first fifty results or so. This means I wouldn't have found it had I been looking for a profiler right now. Maybe the text on your web page should include the word "profiler"? I would assume that most people looking for a profiler would search for it by that name.
You could try getting more people to link to your web page, or find other ways to get the word out. Unfortunately, you have pretty tough competition, and you can't beat their price. I don't know what you've done to market tsprof, but it was probably not enough, or it was done the wrong way.
Your Flat profile window looks awsome, by the way. Would have been cool if you colored it using only 4 colors, though...
Good luck!
...Or maybe you'll work for McD's because you never bothered mastering your native language?