Please create an account to participate in the Slashdot moderation system


Forgot your password?

Treading the Fuzzy Line Between Game Cloning and Theft 235

eldavojohn writes "Ars analyzes some knockoffs and near-knockoffs in the gaming world that led to problems with the original developers. Jenova Chen, creator of Flower and flOw, discusses how he feels about the clones made of his games. Chen reveals his true feelings about the takedown of Aquatica (a flOw knockoff): 'What bothers me the most is that because of my own overreaction, I might have created a lot of inconvenience to the creator of Aquatica and interrupted his game-making. He is clearly talented, and certainly a fan of flOw. I hope he can continue creating video games, but with his own design.' The article also notes the apparent similarities between Zynga's Cafe World and Playfish's Restaurant City (the two most popular Facebook games). Is that cloning or theft? Should clones be welcomed or abhorred?"

Comment Re:Buy a Pre (Score 2, Interesting) 684

T-Mobile eventually intentionally put a stop to unsigned clients

Rubbish. I don't know what you're doing wrong, but I use an AT&T-branded Blackberry 8310 with my T-mobile account. T-mobile doesn't have a 8310, so I can assure you that T-mobile not only allows "unsigned clients" (whatever the fuck that means; unlocked? different vendor-id?), but their telephone support helped me do it.

Comment Re:dunno exactly (Score 1) 173

LLVM can (and is) used to subvert the GCC's GPL by making it possible to "compile" C code into closed-source proprietary bytecodes. See "Alchemy" for an example of Adobe being an immoral slimeball.

I'd like to add a slimeball exception to software I've written, preventing Adobe from benefitting, and yet I can't bring myself to be immoral just to combat immorality.

Comment Re:Portability.. (Score 1) 173

But you are advocating if I am reading you correctly 'to hell with other compilers use gcc4 it is the rocking best one out there'.

Then work on your reading comprehension. I said no such thing.

I said it isn't obvious that supporting other compilers was a good thing, and that it seemed obvious that actively supporting other compilers (i.e. "more work") had some serious costs that were being underepresented.

Re-read my post. Nowhere did I suggest anyone stop doing what they were doing.

Comment Re:Portability.. (Score 4, Insightful) 173

GCC is a great compiler, but relying on it excessively is a bad thing for the quality of kernel code ... it is simply healthy for the kernel to be compilable across more compilers.

Prove it.

The opposite (relying on GCC is a good thing for code quality) seems obvious to me. The intersection of GCC and ICC is smaller than GCC, so I would assume that targetting something big would afford greater flexibility in expression. As a result, the code would be cleaner, and easier to read.

Targetting only the intersection of ICC and GCC may result in compromises that confuse or complicate certain algorithms.

Some examples from the linked application include:

  • removing static from definitions
  • disabling a lot of branch prediction optimizations
  • statically linking closed-source code
  • tainting the kernel making debugging harder

I cannot fathom why anyone would think these things are "good" or "healthy", and hope you can defend this non-obvious and unsubstantiated claim.

(some of us still remember the gcc->pgcc->egcs->gcc debarcle).

When pgcc showed up, it caused lots of stability problems, and there were major distribution releases that made operating a stable Linux system very difficult: 2.96 sucked badly.

The fact that gcc2 still outperforms gcc4 in a wide variety of scenarios is evidence this wasn't good for technical reasons, and llvm may prove RMS's "political" hesitations right after all.

I'm not saying gcc4 isn't better overall, and I'm not saying we're not better for being here. I'm saying it's not as clear as you suggest.


Belkin's President Apologizes For Faked Reviews 137

remove office writes "After I wrote about how Belkin's sales rep Mike Bayard had been paying for fake reviews of his company's products using Mechanical Turk, hundreds of readers across the Web expressed their outrage. As a result of the online outcry, Belkin's president Mark Reynoso has issued a statement apologizing and saying that 'this is an isolated incident' and that 'Belkin does not participate in, nor does it endorse, unethical practices like this.' Amazon moved swiftly to remove several reviews on Belkin products it believed were fraudulent. But now fresh evidence of astroturfing has surfaced, by the same Belkin executive."

Comment Re:So you think RSA is broken? (Score 1) 179

Oh, you actually want to read them? I thought you just wanted me to prove my cred.

I didn't doubt you went to school, or were completing a graduate level program on cryptography.

I doubted your competence, because you missed something I thought was obvious, and I am not a cryptographer.

That said, you mentioned you were working on identity systems, and I am interested in that. I want to say I do not seriously assume that your lack of experience with a particular kind of vulnerability assessment translates to a lack of competence in other things, and I apologize for my statement to the contrary on that subject.

I look forward to reading these papers after the holidays...

Comment Re:So you think RSA is broken? (Score 1) 179

Of course. It's just that this is 6-7 orders of magnitude easier than breaking RSA, even against a relatively hard target.

No. It's however hard breaking RSA is plus 6-7 orders of magnitude easier because you still need to break RSA.

Signings shouldn't help the attacker unless your hash is broken... it probably takes a worse break than the current ones against MD5 and SHA1, as well.

That's not true. doi:10.1016/S1007-0214(05)70121-8 for example on weak-key attacks against digital signature systems.

they [the banks] can upgrade much more easily than DNSSEC if RSA-1024 falls.

Sort-of. SSLv2 has been considered obsolete for a long time, but it took new PCI-compliance procedures to really shake it out of a lot of organizations I've worked with.

Upgrading is hard. Saying upgrading HTTPS's RSA-1024 is "easier" than upgrading DNSSEC is patently meaningless: We're not really talking about upgrading, we're talking about replacement.

There are still sites without MX records and still new FTP clients being made. I consider the proponents of DNSSEC and IPV6 similarly incompetent largely because they have spent so little time exploring how to replace our existing crap.

DNSCurve is primarily an exercise in supplanting the existing system; that's what the entire system is built on, *how do we get security*, not how do we build the most secure system, or the best system by any technical measure.

You probably want to avoid them anyway... I'm a grad student so I don't design very practical stuff

Implementations are uninteresting. Where are these identity schemes published?


Australia To Block BitTorrent 674

Kevin 7Kbps writes "Censorship Minister Stephen Conroy announced today that the Australian Internet Filters will be extended to block peer-to-peer traffic, saying, 'Technology that filters peer-to-peer and BitTorrent traffic does exist and it is anticipated that the effectiveness of this will be tested in the live pilot trial.' This dashes hopes that Conroy's Labor party had realised filtering could be politically costly at the next election and were about to back down. The filters were supposed to begin live trials on Christmas Eve, but two ISPs who volunteered have still not been contacted by Conroy's office, who advised, 'The department is still evaluating applications that were put forward for participation in that pilot.' Three days hardly seems enough time to reconfigure a national network."

Comment Re:So you think RSA is broken? (Score 1) 179

What the hell are you blathering on about?

As is common for crypto protocols, if the RSA key in HTTPS is broken, a man in the middle can mess with the protocol in real time.

No it can't. You still need a way to get the packets to the man in the middle, and a way to get the packets where they don't belong.

DNS, using UDP, offers no such protection.

Secondly, DNSSEC uses the RSA key for a long time, and clients can get lots of signings to launch offline attacks. This attack doesn't work on HTTPS, which uses RSA to only sign/encrypt a session key. It doesn't work on DNSCurve either.

All other things being equal, that answers mmell's question: Why is RSA safer for bank transactions than for DNSSEC?

How the hell can anyone be as fucking numb as you are to these two very simple things and still "be a cryptographer"?

I call shenanigans! If you're actually paid to design cryptosystems, let me know which ones so I can avoid them.

Slashdot Top Deals