
Asteroids played on an Oscilloscope - Tek Contest - joeyhagedorn
http://bcove.me/ddch2up0
======
m0tive
Missleading website if you have NoScript. The video panel collapses completely
and it just looks like a link to vote in some pole...

~~~
marshray
Yeah. I usually don't even bother to enable script in cases like that.

My experience is that bad behavior without script is often a good indicator of
a lousy website. Even if it isn't, it gives me an excuse to weed out stuff
arbitrarily. There's obviously more stuff on the the web than there is time to
read it.

~~~
CamperBob
Why stop with Javascript, though? Why not refuse to render images, or videos,
or use any sort of plugin? For that matter, why not use Lynx?

I really do not understand the sort of Luddite motivations that drive someone
to disable Javascript. You're drawing an arbitrary line in the sand that cuts
you off from a great deal of perfectly legitimate functionality. Could you
explain exactly what you're gaining in return? Isn't this just another
incarnation of 1990s-era cookie paranoia?

It seems to me that if you use an up-to-date browser and an ounce of common
sense when you surf the Web, you have little to fear from Javascript. And if
you don't, no technological measures short of total disconnection will save
you from yourself.

~~~
marshray
_Why stop with Javascript, though? Why not refuse to render images, or videos,
or use any sort of plugin?_

Yes, I normally block videos and all plugins. I don't have to block images by
default any more, thankfully the obnoxious animated ones have mostly moved to
Flash.

Occasionally I'll switch browsers and permit specific youtube videos.

 _For that matter, why not use Lynx?_

My recollection is that Lynx does not support proportionally-spaced fonts or
images. If this is incorrect, I'll consider using it.

In fact, I do know someone who uses exclusively text-based browsers. She's
doing research on accessibility issues for the visually impaired.

 _I really do not understand the sort of Luddite motivations that drive
someone to disable Javascript._

Maybe if you didn't presume it to be a Luddite motivation, you'd have a chance
at understanding it.

 _You're drawing an arbitrary line in the sand that cuts you off from a great
deal of perfectly legitimate functionality. Could you explain exactly what
you're gaining in return?_

Well I will enable script for specific sites that I want to do business with.
But it's done intentionally and limited in scope. If the site requires scripts
from a bunch of shady domains and ad networks, I'm much less likely to do
business with them.

By aggressively disabling Javascript and not installing Flash I gain:

1\. Security: Less attack surface, less frequent patching, less risk of
getting pwned by drive-by malware. Fewer trusted domains in my page origin.

2\. Privacy: A lot of advertiser tracking stuff depends on script running in
your browser. Declining to run their script seems to cut down significantly on
the amount of personally-identifiable info you're constantly broadcasting as
you use the web.

3\. Faster page loading.

4\. Fewer advertisements, pop-overs, and other useless blinking crap in my
visual field detracting from the words and occasional image on the page which
convey 99% of the meaning.

5\. By avoiding proprietary plug-ins I follow open standard (w3c, IETF)
technologies. These are consistently winners in the long run.

6\. I learn a little about the mindset of the developer of the site. Take a
look at who's running script in your browser in news.ycombinator.com and
compare that to any of the Gawker media sites for example.

 _Isn't this just another incarnation of 1990s-era cookie paranoia?_

Similar in some ways, different in others. Cookies have some very similar
security properties to that of scripts WRT same-origin.

 _It seems to me that if you use an up-to-date browser and an ounce of common
sense when you surf the Web, you have little to fear from Javascript. And if
you don't, no technological measures short of total disconnection will save
you from yourself._

That's the "all or nothing, it's hopeless, give up" argument and yeah most
people _are_ willing to give up their security and privacy when you throw that
in their face.

But not me. I find it more interesting to learn something (e.g., what scripts
are being used where and why) than I really care to see yet another video on
the web (even if it does involve oscilloscopes).

~~~
CamperBob
_That's the "all or nothing, it's hopeless, give up" argument and yeah most
people are willing to give up their security and privacy when you throw that
in their face._

No, it was the "Use sound computing practices and you'll probably be OK, but
you could still be hit by a bus if you step outside and an asteroid if you
don't" argument. In other words, the same sort of compromise that we all make
every day when we interact with the world.

Thanks for the explanation; it does answer my questions. We probably won't be
able to find common ground, though -- I actually _prefer_ to see ads for
oscilloscopes and hosting services, rather than tampons and farm implements.

~~~
marshray
_No, it was the "Use sound computing practices and you'll probably be OK, but
you could still be hit by a bus if you step outside and an asteroid if you
don't" argument. In other words, the same sort of compromise that we all make
every day when we interact with the world._

What I hear you saying is that we all have to weigh risk vs. benefit as we
interact with the world. I certainly agree in principle, but maybe we don't
judge the sides the same way.

I saw one study claiming the _majority_ of PCs (59%) are pwned by malware.
This seemed to be a bit biased and non-scientific, but we know there are
multi-million node botnets so the actual number is quite high. So the
comparison isn't with the risk of getting hit by a bus, the baseline
expectation from the typical user behavior you advocate is to be compromised
periodically.

I work for a data security company by day and research that stuff at night
too. So I'm painfully aware that on any given day there are usually multiple
not-yet-patched vulnerabilities. Occasionally I have customer info on my
computer, info about not-yet-public vulnerabilities, or I just can't afford
the energy needed to clean up afterwards if I were to get pwned. I judge the
downside risk much higher than the upside.

So I mostly interact with the web with a browser Noscript mode, and even that
via a series of virtual machines and remote access that don't allow file or
clipboard sharing. It turns out that I liked the web better without the 2.0
anyway.

 _We probably won't be able to find common ground, though -- I actually prefer
to see ads for oscilloscopes and hosting services, rather than tampons and
farm implements._

Now if there were a way to allow only Oscilloscope Pr0n I'd be all over that.
I do in fact have DigiKey and Mouser whitelisted. :-)

~~~
CamperBob
_I certainly agree in principle, but maybe we don't judge the sides the same
way. ... I saw one study claiming the majority of PCs (59%) are pwned by
malware._

How many of those attacks came through Javascript, though? It would be
interesting if there were a public resource that keeps track of attack
vectors, so we could accurately assess the risks.

~~~
marshray
_How many of those attacks came through Javascript, though?_

The majority of the opportunistic drive-by web malware seems to depend on
script. Sometimes the vulnerability is in the Javascript interpreter itself,
sometimes the attacker wants to lightly obfuscate web sites and payloads from
scanners, and sometimes it seems the malware authors are just lousy web
designers using script gratuitously.

If you also eliminate Adobe products from your attack surface, you've bypassed
a _huge_ percentage of web malware.

Of course if you're the subject of a targeted attack then all bets are off.

 _It would be interesting if there were a public resource that keeps track of
attack vectors, so we could accurately assess the risks._

There are many, but for specific bugs they try to agree on at least the
central "CVE" number: <http://cve.mitre.org/>
[http://web.nvd.nist.gov/view/vuln/search-
results?query=javas...](http://web.nvd.nist.gov/view/vuln/search-
results?query=javascript) <http://www.kb.cert.org/vuls/>

For attack vectors in general, see:
<http://cwe.mitre.org/data/slices/2000.html> <http://cwe.mitre.org/>

------
endlessvoid94
It's pretty unfortunate that one of the leading videos is by a russian female
who doesn't really know what's going on. Asteroids on an oscilloscope is much
cooler than her.

~~~
joeyhagedorn
Thanks, I had a lot of fun making this. I think it might work better on an
analog scope rather than a digital sampling scope. There are a bunch of other
interesting videos on there as well.

~~~
blackguardx
Tektronix also used to make packaged CRT displays with X Y and Z (intensity)
BNC connector inputs.

------
jonpaul
Meta: why is his HN username green? Is it because it's a new account?

~~~
Groxx
Yep. I've only seen it on two people so far, both were 1 day (or less) old
accounts.

edit: just saw another. 2 days that time.

~~~
user24
funny though, as that's the only reason I clicked this article. I wonder if
the purpose is to encourage new accounts or warn people. Seems like bright
highlighting makes them more prominent and thus sends a message that they're
more interesting than the boring grey account names...

~~~
Groxx
Yeah, I expect more of a "warning" color for new users than for old-timers.
New users are more likely to be a problem than older ones, if only because
they're more likely to be spambots.

~~~
jamesbritt
Plus maybe people will cut them some slack, write a reply with some helpful
guidance instead of just down-voting if a comment seems inappropriate.

------
Vivtek
Well, technically Asteroids was _always_ played on an oscilloscope, of course.

~~~
joezydeco
Ahem, we prefer _vector monitor_ thankyouverymuch. =)

Actually the architecture of those old Atari vector games is pretty remarkable
given the technology at the time. You had a 6502 with the game logic,
generating a list of items to be drawn by a _second_ CPU, implemented entirely
in TTL with a custom opcode set of it's own. All in under 16K of object code.

<http://www.philpem.me.uk/elec/vecgen.pdf>

~~~
arethuza
Was that what was used for the Atari Star Wars arcade games of the mid 80s?

~~~
joezydeco
Yup. The color vector games had next generation set of hardware, but same
idea. The color was a neat hack by varying the intensity of the beam, hitting
differently colored phosphors layered on the inside of the glass.

~~~
msarnoff
The color/3D Atari vector games used the Analog Vector Generator, which used
op-amps to trace smooth lines of arbitrary length and angle on the screen. It
also seems to fall out of calibration as the years go on, which is why you see
a lot of Star Wars and Tempest machines with jittery images.

More information on the Atari vector hardware, written by one of the original
engineers, is here: <http://www.jmargolin.com/vgens/vgens.htm>

~~~
joezydeco
If you _really_ want to get esoteric and hackish, the Cinematronics vector
games of the era had NO microprocessors in them at all. It's all bit-sliced
TTL gates and EPROMs to hold the object code. Wrap your noggin around that
one.

~~~
arethuza
About the same time I was playing too much Atari Star Wars I was also using
HLH Orions on my CS course - the early models had bitslice based CPUs and had
user programmable microcode:

<http://en.wikipedia.org/wiki/HLH_Orion>

------
lutorm
Ah, this brings back memories! Back in... 1990? I was playing with a homebuilt
laser show like this, and also used the oscilloscope to test the output
without worrying about the resonance behavior of the mirrors. (Our mirrors
were connected to slaughtered speaker coils with hinges and had pretty
horrific frequency response.) The output was the sound outputs on my Amiga. I
never wrote asteroids for it, though... ;-)

~~~
marshray
I do love seeing old games but am not really seeing the vector display usage
as a terribly innovative hack.

Even very old scopes were designed with X-Y-Z inputs so they could be used to
do exactly this. They're simply being used as intended.

------
lutorm
Anyone remember the Vectrex?

~~~
marshray
I remember seeing a Tektronix vector display terminal being used as a front-
end to one of their flatbed pen plotters. They spoke the same language, so you
could preview your plot before wasting ink and paper on it.

That was cool!

