Forgot your password?

Comment: Re:GoG on linux (was Re:What kind?) (Score 1) 65

by TheRaven64 (#46831115) Attached to: <em>The Witcher 3</em> and Projekt Red's DRM-Free Stand

Most of their Mac games use DOSBox or WINE, so it probably wasn't too much effort for them to get Linux support working for most of them. Even before they announced Mac support, I ran quite a few of their games with WINE and DOSBox on OS X (their older games use DOSBox on Windows too), but it's a lot less hassle to get their configs (although they tend to be quite pessimistic about visual quality, and you can improve some of the older adventure games a lot by changing the scaling mode to hq3x in the DOSBox config that they ship).

I'm very happy with GOG - there are typically 5-10 games on my shelf that I haven't got around to playing yet. I got The Witcher 1 and 2 as a bundle and enjoyed them both, although I enjoyed the first one a lot more. They're DRM-free and let you redownload games, often with significant updates (e.g. I bought Dungeon Keeper, and they later added the expansion pack. FTL is now FTL: Advanced Edition).

Comment: Re:Security by Obscurity? (Score 1) 83

by TheRaven64 (#46831057) Attached to: OpenSSL: the New Face of Technology Monoculture
No, he's talking about mitigation, which is a well-known security practice. It's not about obscurity - you can have two or more open source implementations, but it's then harder for the same bug to be in both or all.

To give a concrete example, take a look at the DNS root zone servers operated by Verisign. They run a 50:50 mix of Linux and FreeBSD and increasingly a mix of BIND and Unbound. They use a userspace network stack on some and the system network stack on others. If someone wants to take out the root zone, they need to find exploits for each of these systems. A bug that lets you remotely crash a FreeBSD box likely won't affect Linux and vice versa. That gives them a little bit more time to find the fix (they also massively overprovision, so if someone does take out all of the Linux systems then the FreeBSD ones can still handle the load, and vice versa). If someone finds a bug in BIND then the Unbound servers will be fine.

If your web site were running a mixture of OpenSSL and something else, then it would be relatively easy to turn off the servers running OpenSSL as soon as the vulnerability is disclosed and only put them back online when they've been audited for compromises. Of course, it depends a bit on what your threat model is. If a single machine being compromised is a game-over problem, then you're better off with a monoculture (at your organisation, at least). If having all (or a large fraction) compromised is a problem, but individual compromises are fine, then it's better to have diversity.

Comment: Re:Apples and oranges (Score 1) 83

by TheRaven64 (#46831031) Attached to: OpenSSL: the New Face of Technology Monoculture
The problems with OpenSSL aren't actually in the crypto parts. libcrypto is pretty solid, although the APIs could do with a bit of work. The real problems are in the higher layers. In the case of heartbleed, it was a higher-level protocol layered on top of SSL and implemented poorly. It was made worse by the hand-rolled allocator, which is also part of libssl (not libcrypto).

Comment: Re:Is anyone surprised? (Score 1) 83

by TheRaven64 (#46830969) Attached to: OpenSSL: the New Face of Technology Monoculture
OpenSSL is quite shockingly bad code. We often use it as a test case for analysis tools, because if you can trace the execution flow in OpenSSL enough to do something useful, then you can do pretty much anything. Everything is accessed via so many layers of indirection that it's almost impossible to statically work out what the code flow is. It also uses a crazy tri-state return pattern, where (I think - I've possibly misremembered the exact mapping) a positive value indicates success, zero indicates failure, and negative indicates unusual failure, so people often do == 0 to check for error and are then vulnerable. The core APIs provide the building blocks of common tasks, but no high-level abstractions of the things that people actually want to do, so anyone using it directly is likely to have problems (e.g. it doesn't do certificate verification automatically).

The API is widely cited in API security papers as an example of something that could have been intentionally designed to cause users to introduce vulnerabilities. The problem is that the core crypto routines are well written and audited and no one wants to rewrite them, because the odds of getting them wrong are very high. The real need is to rip them out and put them in a new library with a new API. Apple did this with CommonCrypto and the new wrapper framework whose name escapes me (it integrates nicely with libdispatch), but unfortunately they managed to add some of their own bugs...

Comment: Re:What?? (Score 1) 72

by TheRaven64 (#46830929) Attached to: WhatsApp Is Well On Its Way To A Billion Users

If by 'any deal' you mean 'any contract' then they generally do come with either unlimited texting or quite a lot, but that's not true for pre-paid plans, which have made up the majority of the market for the last few years. I'm currently with Three, and they charge 3p/min for calls, 2p/min for texts and 1p/min for data - I'd have to spend a lot of time on the phone to come close to the cost of the cheapest contract plan, so they really only make sense for people who use their phone for business, or who haven't worked out that the 'free' phone that they get is really a loan at 50+% APR to buy a phone. For 2p, I can have one SMS or 2MB of data. The latter is enough to keep an IM connection open all day, so I can see the attraction of things like WhatsApp, especially since you can switch to the desktop version whenever you find the keyboard too limiting.

And that's not counting the fact that you can use WiFi when you're somewhere where roaming is expensive, which is the only reason I still have a SIP client installed on my phone: It's cheaper for me to make calls to the UK from the UK over the mobile network, but when I'm abroad (outside one of Three's Feel at Home countries) it's often a lot cheaper to use SIP. Sending text messages abroad is very expensive, but using WiFi is usually free.

Comment: Re:What?? (Score 1) 72

by TheRaven64 (#46830899) Attached to: WhatsApp Is Well On Its Way To A Billion Users
No prepaid plans in the UK come with unlimited texting. You can generally buy a bundle that includes it, but a bundle that provides more data than it's easy to use on a smartphone (without tethering) is generally cheaper and allows you to use email and the web as well as IM apps. I generally pay £1-2/month, and it costs as much in terms of data to have an entire day of IM connectivity as it does to send one SMS.

Comment: Re:Wrong battle. (Score 1) 240

by Sycraft-fu (#46829897) Attached to: F.C.C., In Net Neutrality Turnaround, Plans To Allow Fast Lane

There's a lot of politics and BS involved, right of way costs and such. Also issues of older infrastructure. The US had widespread cable and phone back before many countries, and as such there is this lethargy with companies to just try and use what's already there rather than put in all new stuff that works better.

However one thing to be careful of when you look at your Internet is how the backhaul is. Something I've observed with a number of the "really fast, no limits, very cheap," networks is that they are basically a big WAN. They don't have the backhaul to the rest of the Internet to maintain those speeds. So big speeds to your neighbours, and your ISP, but not so much to the world.

If you do speeds tests, make sure you test to something not on your ISP, and a decent bit away. That gives you a more realistic speed test. Good internet in the US tends to be fast too all places like that.

For example I pay $100 per month (about 72 Euro) for 150mbit/20mbit Internet, with burst speeds up to 180mbit. Testing to a server in town here, I get that, actually a little over, 183mbit. Testing to a different provider in another state, about 550km away, I get 175mbit. Testing to yet another provider across the country, around 3000km away, I get 140mbit. So I get the speed promised, to a diverse amount of networks. The backhaul is there to support my connection. That is part of the cost.

Not saying it isn't for yours, just check if you want to compare it to US Internet. I've seen more than a few cases where big numbers to the home aren't backed up by big pipes to the Internet. So the speedtest server at your ISP gives you amazing numbers, but one on a different datacenter a few hundred klicks away is much slower.

Comment: Re:Those guys want pork funds too? (Score 1) 140

by garyebickford (#46828885) Attached to: Asteroid Impacts Bigger Risk Than Thought

I will add that their numbers look different from work I've seen before, and use a more ambitious methodology than I would use. They want to run the entire launch using the magnetic system. This has some serious issues that make it harder IMHO - not that I know much. I believe it would be much easier to justify, finance, and build a system that replaces most or all of the first stage, which is where about 90% of the mass and propellant is spent. Just getting to Mach 5 uses up to 90% of the required fuel at present. It would also eliminate the entire cost of the first stage, replacing it with the cost of electricity, plus wear and tear on the magnetic launch carrier (which could be re-used.)

This approach would not require the high 30G acceleration (which eliminates use for living things) nor the super-long 130km launch track of the MagLaunch system. It would be cheaper and easier to build. This would be a 5G to 10G system with a 50KM track, going up the Andes at the Equator to an elevation of as much over 14,000 feet as can be arranged, with a 5km/s exit velocity if I recall correctly - this would require some work to make a vehicle that could survive such high speeds at relatively low altitudes. At 14,000 feet the air pressure is about 1/2 STP, and at 28,000 it's about 1/4 but there's no satisfactory location that goes to 28,000 feet. But this is getting into highly speculative numbers.

Comment: Re:Those guys want pork funds too? (Score 1) 140

by garyebickford (#46828767) Attached to: Asteroid Impacts Bigger Risk Than Thought

Interesting, thanks. I wasn't aware of these folks, and I'm pretty sure the rest of my partners in Space Finance Group aren't either. We have run several successful Kickstarter projects, including for the National Space Society and The Liftport Group (Michael Laine of Liftport is one of the partners in SFG). We recently completed the rewrite of a business plan and 'pitch deck' for another space launch company. We are also working on equity funding mechanisms for space development, although we're not quite ready to 'go live' with that.

So if these folks are for real, we might be able help them get where they want to go! I'll be contacting them. If anything pans out, you'll be able to say, "I helped them get there." :)

My personal opinion:, while the more 'standard' methods like SpaceX, XCor, Virgin, Blue Origin, and the many more exotic projects like Skylon, etc. (too many to list) are important and will be essential for at least the next 10-20 years, IMHO magnetic launch technology has the best long term potential for reducing costs. I don't think the "Gen 2" version that these folks propose will happen within 100 years if ever. That level of exotic engineering requires a long, long evolution to get there. But a successful Gen 1 system is buildable "today" - by which I mean the engineering will take six to 10 years, and construction another six to 10! This is in the same funding range, again, as the LHC, or the Burj Khalifa - or the various sports-festival boondoggles of late. (These mag-launch folks estimate $20, which may be a better number - I haven't finished reading their material.) So it is in the range of the financial capability of many nations, especially if a few get together.

IIRC Brazil is spending about $6 billion by themselves to host the FIFA World Cup - imagine if they invested that $6 billion as one third of a joint venture space launch system that reduced the cost to LEO from $10K-$20K per pound to even $100 per pound. They could charge $1000 per pound and still be inundated with demand. Their investment could pay for itself in a few years and build a permanent employment base and probably hundreds of spinoff high tech industry facilities, instead of being a sunk cost for a few hours of football fun!

Comment: Re:Those guys want pork funds too? (Score 1) 140

by garyebickford (#46825727) Attached to: Asteroid Impacts Bigger Risk Than Thought

Let's promote the installation of a 5G-capable magnetic launcher (coilgun tech) that goes up the Andes in Ecuador! A 50 mile launcher using a tube that is evacuated of most of its air could replace most or all of the first stage of rockets going to LEO, cutting the cost of launch by 2/3. The technology and project scale are in the same ballpark / order of magnitude as the LHC, and would permanently alter the economics of space development. The last time an equivalent system was thoroughly studied was in the 1970s AFAICT, long before a number of major enabling technologies were mature enough - large superconducting magnets, various materials, control systems, etc.

Comment: Re:Difference between erratic & erotic (Score 1) 535

by Jeremiah Cornelius (#46825359) Attached to: The US Public's Erratic Acceptance of Science

Gut bacteria and virus have both been implicated in "mental" illness. Look up "Toxoplasmosis".

There's a reductionist orthodoxy, which views man as a brain on a stick - or a monkey driving a robot. Transplant the monkey in a new robot, and you have the same being. Only it's just not true.

Your entire nervous system is an extended "brain", in some regards. The entire "Me" that we have is a hive, and a colony of interdependence. Without getting all speculative or "holistic" examine mitochondria, for Pete's sake!

For the geek set: Luke is as much a manifestation of his midichloreans as he is a history of brain impulses. Put his brain in C3PO and you don't get Luke+Life Extension. You get a limited Luke simulacrum, able to replay Luke memory without new Luke experience or interaction. Plop his brain into Han Solo's body, and he will not be Luke anymore - He may be surprisingly like Han, with amnesia.

Comment: Re:Scalia is jumping the shark. (Score 2) 407

by Mr. Slippery (#46823217) Attached to: Supreme Court OKs Stop and Search Based On Anonymous 911 Tips

Is Scalia seriously suggesting police can act on a tip only after proving that tipster is telling the truth?

As much as I hate to find myself anywhere near Scalia (through he's joined here by Ginsburg, Sotomayor, and Kagan), police can legitimately act on a tip only after proving that a tipster is *likely* to be telling the truth. In this case, after following the car for five minutes and not seeing anything that gave them suspicion that the driver was drunk, there's no way that they could have reasonable suspicion this guy was a drunk driver. Given the documented existence of SWATing, anonymous tips cannot be considered credible grounds for intrusion into a person's liberty.

Interestingly, in this case the tip was not anonymous, but that fact wasn't brought up in the original prosecution and so the tip is dealt with as anonymous.

Lucky for Scalia most progressives still believe in elections, democracy, rule of law and that SCOTUS interpretation of the constitution is the only legal interpretation.

Really? You believe that most progressives believe that in 1857, no person of African descent could be a citizen of a state, despite zero evidence for this decision in the text of the Constitution? And that in 1896, states could comply with the equal protection clause via "separate but equal" bullshit? Well, it does seem that "progressive" has been defined downwards since Obama came into office.

Human rights, democracy, the rule of law, and SCOTUS decisions, are areas that overlap sometimes but not always. Genuine progressives put human rights before the others.

Comment: Re:openWRT runs, without wireless (Score 1) 109

by TheRaven64 (#46821465) Attached to: WRT54G Successor Falls Flat On Promises

The last time I bought a dedicated device like this, I got a PC Engines WRAP, which is similar to the boards that Soekris sells. For about £100, I got a 266MHz AMD Geode (x86) CPU, a board that could boot from a CF card, and had 3 wired sockets and 2 miniPCI slots (with an 802.11g card in one), a metal case and a couple of antennae. That was quite a few (actually, almost ten) years ago.

The first search result has a similar kit for £139, which is a bit more, but if you shop around you can probably get it for cheaper. That includes a 500MHz x86 CPU and 256MB of RAM, so it will happily run most stock *NIX distributions, or something firewall-centric like pfSense.

Numeric stability is probably not all that important when you're guessing.