If you, like a lot of other players, get fed up because because you don't know chess openings, check out fischerrandom chess. It's a variant of normal chess designed by bobby fischer (often thought of as the greatest chess player of all time (I disagree, but...)).
Appending the classpath was unintuitive. I had to add a variable in a pref somewhere and then reference it in my.classpath file in the project. WTF?
Try right clicking on the Java Project, and selection Properties. There should be a Java Build Path option allowing you to add stuff to your.classpath file with a GUI, if that makes you feel better.
I agree, it has potential, but I'm afraid of how it would be massacered to fit the screen. Maybe it could fit in a 3 hour movie. All 4 books might even make a good 3-5 season TV show. But I'd worry about budget problems, as some of the scenes could be expensive to do well.
I wish there was more substantial information with those links. Ah well, I'm guessing that nothing will ever come of it, or not for a while.
The Endymion books probably would transfer better, but those books weren't as good IMHO. Although I'd like to see the Temple in the Sky and some of the Shrike/Nemes battles. The first two books should be made into movies first so you can properly appreciate the second two.
It would be really hard to make the first book into a movie. I thought about maybe having segments 15-20 minutes long for each character's story, and then additional time for current events. That sounds ok, but will probably end up being long, inconsistant(sp?), and boring.
Perhaps a mini-series type thing would be better. But it'd have to be damned well done to make it worth while.
If something does get made, some of the imagery could be incrediably powerful. If done in a properly artistic style, The Shrike with the Tree of Thorns in the background would be amazing to see.
Speaking of the Hyperion Cantos, does anyone else think that they'd make a great set of movies? I can't be the only one who thinks so. I guess some of it would be hard to shoot, and of course a lot of it would have to be cut to fit the 2 hour time limit. But still, the Shrike is sooo badass.
If you consider a safe to be secure, even when its location is known, then it really isn't security through obscurity. Don't get me wrong, the fact that its location is unknown helps. Keeping something secret can help, but only if it would be secure even if it wasn't a secret. An example of this is the RSA-like encyption that the NSA developed years before it was discovered by the public.
Then I hear "it was cracked by a team" or "it took 4 days." This lessens the impact and makes it appear as if RSA is still very secure.
When an application that uses RSA (or any other "real encryption") is cracked, it is due to an implementation flaw (bad random number generator, etc), and not a bad algorithm. To my knowledge no one has yet been able to find a fast way to factor the product of two large prime numbers.
I believe it is a huge flaw to think RSA will keep you safe because it is well known and peer-reviewed. It may be secure from those script kiddie attacks, which would only install an IRC bot or maybe erase your hard drives. It is not secure if you ever run into someone with a strong motivation to get into your system. The same strong motivation that was able to break the such-and-such encryption in only so many days.
If someone is that motivated to break into my system, I certainly want to protect my data with a well known encryption scheme. If they are skilled enough to quickly factor the product of two large prime numbers, they certainly can break Joe Bob's Super Good Encryption Scheme (TM).
I feel a big part of this debate is people have some sort of urge or agenda to make all software open. If "security through obscurity is bad" really means "proprietary software vs. open software" then we should skip the debate about security and look at facts about software methods producing secure software.
I was not thinking of software at all, only algorithms. I do agree with you, and your examples, that open souce software is not inherently more secure.
One big difference between open encryption schemes, and OSS, is that even though they are both open to review, you usually see encryption getting more "professional" scrutiny. This is probably because once published, it remains stable, instead of constantly shifty like OSS. Also, if you don't feel that an algorithm has been reviewed enough, you can always use one of the older, better reviewed methods!
Then I hear "it was cracked by a team" or "it took 4 days." This lessens the impact and makes it appear as if RSA is still very secure.
When an application that uses RSA (or any other "real encryption") is cracked, it is due to an implementation flaw (bad random number generator, etc), and not a bad algorithm. To my knowledge no one has yet been able to find a fast way to factor the product of two large prime numbers.
I believe it is a huge flaw to think RSA will keep you safe because it is well known and peer-reviewed. It may be secure from those script kiddie attacks, which would only install an IRC bot or maybe erase your hard drives. It is not secure if you ever run into someone with a strong motivation to get into your system. The same strong motivation that was able to break the such-and-such encryption in only so many days.
If someone is that motivated to break into my system, I certainly want to protect my data with a well known encryption scheme. If they are skilled enough to quickly factor the product of two large prime numbers, they certainly can break Joe Bob's Super Good Encryption Scheme (TM). The only disadvantage I can see to using RSA instead of JBSGES, is that they have somewhat of a head start with RSA, in that they know what they have to do. With JBSGES, they have to figure out what it does, which might actually take awhile, but once they figure it out, the chances are it won't be as robust as RSA.
Also, note that I could write my own implementation of RSA, that wouldn't use headers or any other information to give out the fact that it's RSA. This takes away any advantage that JBSGES might ever have had.
I feel a big part of this debate is people have some sort of urge or agenda to make all software open. If "security through obscurity is bad" really means "proprietary software vs. open software" then we should skip the debate about security and look at facts about software methods producing secure software.
I was not thinking of software at all, only algorithms. I do agree with you, and your examples, that open souce software is not inherently more secure.
One big difference between open encryption schemes, and OSS, is that even though they are both open to review, you usually see encryption getting more "professional" scrutiny. This is probably because once published, it remains stable, instead of constantly shifty like OSS. Also, if you don't feel that an algorithm has been reviewed enough, you can always use one of the older, better reviewed methods!
regards,
garc
Hmm, when I think of "Security through Obscurity", I tend to think of it in a different way than thought of above. I think of it as keeping the method used to encrypt/secure/hide something secret, thinking that because the method is secret it is secure.
For example, say I develop a new top secret encryption scheme, called Rot-13. I tell no one of how it works. Since I am not a professional cryptographer, the chances are my algorithm is not cryptographically sound. So it is only secure as long as its method is secret. Once the secret is out, its security is gone. This is security through obscurity.
An example of the opposite would be RSA. The algorithm is well known, therefore with peer review, it is thought of as secure. Even though I know how RSA works, I'm still unlikely to be able to crack it if used properly.
After the large amount of IIS exploits, a co-worker and I wanted to switch some webservers from IIS to apache. The servers ran some weird custom collection of perl scripts and JSPs. When we did the apache install, we expected it to pretty much work out of the box. It didn't.
After some investigation, we found that the perl scripts had a line in it like
do something.pl
where something.pl was in the parent directory. This seemed to be fine for IIS, but not for apache. Also we noticed some oddities about environment variables after perl execs in apache. We didn't have the time to resolve these issues (mostly b/c the app was sloppily written) so we switched back to IIS.
So, if an app is sloppily written and deployed on IIS, it might be somewhat of a pain to export to apache. Just a word of warning.
I think that this is the same thing that you said:
From my experience, they don't allow you to sell a shrink wrapped product with the wrapping removed. If It's stlil in its 100% original packaging, you can resell it on ebay.
(Hands up all who know where the first NATO battle was fought, in the current conflict, in
Afghanistan? You didn't even know there -had- been one? Wow, talk about being kept
up-to-date!)
Could you post a link? I know that I, as a less informed american, would love to see the information.
Typically you need to be the copyright holder to make a complaint, although in some occasions (RTLinux), the FSF handled it with holding the copyright.
Now that it has been discovered that they use glibc, the FSF can begin action.
In recent news, Slashdot editors are the first to discover that gall bladders are actually tumors. Not only are they world class spellers, but also medical researchers.
I'm all for giving him a fair trial if he continues to be the primary suspect. Of course if we have absolutly no evidence, or reason to believe that he was involved, then he should be left alone.
I'm not assuming any ulterior motives to why Afghanistan doesn't want to extradite him. You are very possibly correct that it may be because he wouldn't recieve a fair trial. I doubt very much that he would.
But if we do have actual evidence, and it turns out he was quite possibly involved, how do we handle it? That is that question I am aiming at.
And it just baffles me, I have no idea. The best thing I can think of is to perform the trial in Afghanistan with an American muslim prosecuting (Assuming of course thats how the trials there work, I am ignorant in that respect). Would we have reason to doubt the impartiality of Afghanistanians as much as we do Americans?
Those are deffinately some very relative fears that you listed. I am very afraid of those also.
But the right to privacy through encyption is just one very small aspect of freedom. If we give that up, when do we stop? Where do we draw the line and say that "Ah hah, now we have the perfect amount of freedom, and just the right amount of protection from Terrorists"? I'm afraid that once we get the ball rolling, it will be hard to stop.
Hmmm, that is interesting. I was completely unaware of that, thank you.
Do you think they might agree to hold a trial for him if it was conducted entirely by muslims, but with American (or non-Islamic) laws? Or no? Maybe we could use a foreign Muslim lawyer and Jury.
What is their legal system like? I have no idea about Islamic laws, would an Afghanistanian trial most likely be fair?
Even if every Muslim hates Americans (something which I entirely doubt), I still wouldn't want to kill any of them.
I wouldn't want to prove their false beliefs (About us hating them) correct by killing them indescrimately.
Garc
Re:Tracking encrypted communications
on
A New Kind of War
·
· Score: 1
Ah, that is an interesting assumption. I don't think it would hold up well in a court though. There would probably be a lot of reasonable doubt. Hopefully they'd have more corroborating evidence.
I've been thinking a lot along these lines lately, and trying to discuss this with my friends. My stance is nearly exactly the same as yours, I see this as a police action, not a war. I also don't want to see us be wontonly violent to afghan citizens just to capture bin laden.
The people I talk with though still want to see bin laden "brought to justice", I always try to get them to say "brought to trial" instead, they rarely do. I agree that he should be tried for crimes he allegedly committed. What I don't know is how do we go about doing that? What methods do we use to extradite him? Or do we allow another country (afghanastan, or maybe someplace else even) to run the trial, to allow for less (or more?) bias.
And if we can't extradite bin Laden without violence, is it worth it to kill civillians just to send a message that terrorism is bad and will not be tolerated? Will not being forceful and violent send the opposite message, that terrorism against the US won't come back to bite you?
How should our country handle this? I'd love to see a high moral ground taken, but I don't see a solution that fits the problems.
Slashdot Mirror
They do not. The profile is the reason my family switched back to netflix after leaving them for Blockbuster.
If you, like a lot of other players, get fed up because because you don't know chess openings, check out fischerrandom chess. It's a variant of normal chess designed by bobby fischer (often thought of as the greatest chess player of all time (I disagree, but...)).
http://www.chessvariants.com/diffsetup.dir/fischer .html
Since the game starts at a somewhat random position, pre-definied and known openings aren't an advantage.
regards,
garc
Try right clicking on the Java Project, and selection Properties. There should be a Java Build Path option allowing you to add stuff to your .classpath file with a GUI, if that makes you feel better.
regards,
garc
I agree, it has potential, but I'm afraid of how it would be massacered to fit the screen. Maybe it could fit in a 3 hour movie. All 4 books might even make a good 3-5 season TV show. But I'd worry about budget problems, as some of the scenes could be expensive to do well.
I wish there was more substantial information with those links. Ah well, I'm guessing that nothing will ever come of it, or not for a while.
regards,
garc
The Endymion books probably would transfer better, but those books weren't as good IMHO. Although I'd like to see the Temple in the Sky and some of the Shrike/Nemes battles. The first two books should be made into movies first so you can properly appreciate the second two.
It would be really hard to make the first book into a movie. I thought about maybe having segments 15-20 minutes long for each character's story, and then additional time for current events. That sounds ok, but will probably end up being long, inconsistant(sp?), and boring.
Perhaps a mini-series type thing would be better. But it'd have to be damned well done to make it worth while.
If something does get made, some of the imagery could be incrediably powerful. If done in a properly artistic style, The Shrike with the Tree of Thorns in the background would be amazing to see.
garc
Speaking of the Hyperion Cantos, does anyone else think that they'd make a great set of movies? I can't be the only one who thinks so. I guess some of it would be hard to shoot, and of course a lot of it would have to be cut to fit the 2 hour time limit. But still, the Shrike is sooo badass.
garc
If you consider a safe to be secure, even when its location is known, then it really isn't security through obscurity. Don't get me wrong, the fact that its location is unknown helps. Keeping something secret can help, but only if it would be secure even if it wasn't a secret. An example of this is the RSA-like encyption that the NSA developed years before it was discovered by the public.
regards,
garc
When an application that uses RSA (or any other "real encryption") is cracked, it is due to an implementation flaw (bad random number generator, etc), and not a bad algorithm. To my knowledge no one has yet been able to find a fast way to factor the product of two large prime numbers.
If someone is that motivated to break into my system, I certainly want to protect my data with a well known encryption scheme. If they are skilled enough to quickly factor the product of two large prime numbers, they certainly can break Joe Bob's Super Good Encryption Scheme (TM).
I was not thinking of software at all, only algorithms. I do agree with you, and your examples, that open souce software is not inherently more secure.
One big difference between open encryption schemes, and OSS, is that even though they are both open to review, you usually see encryption getting more "professional" scrutiny. This is probably because once published, it remains stable, instead of constantly shifty like OSS. Also, if you don't feel that an algorithm has been reviewed enough, you can always use one of the older, better reviewed methods!
regards,
garc
When an application that uses RSA (or any other "real encryption") is cracked, it is due to an implementation flaw (bad random number generator, etc), and not a bad algorithm. To my knowledge no one has yet been able to find a fast way to factor the product of two large prime numbers.
If someone is that motivated to break into my system, I certainly want to protect my data with a well known encryption scheme. If they are skilled enough to quickly factor the product of two large prime numbers, they certainly can break Joe Bob's Super Good Encryption Scheme (TM). The only disadvantage I can see to using RSA instead of JBSGES, is that they have somewhat of a head start with RSA, in that they know what they have to do. With JBSGES, they have to figure out what it does, which might actually take awhile, but once they figure it out, the chances are it won't be as robust as RSA.
Also, note that I could write my own implementation of RSA, that wouldn't use headers or any other information to give out the fact that it's RSA. This takes away any advantage that JBSGES might ever have had.
I was not thinking of software at all, only algorithms. I do agree with you, and your examples, that open souce software is not inherently more secure.
One big difference between open encryption schemes, and OSS, is that even though they are both open to review, you usually see encryption getting more "professional" scrutiny. This is probably because once published, it remains stable, instead of constantly shifty like OSS. Also, if you don't feel that an algorithm has been reviewed enough, you can always use one of the older, better reviewed methods! regards,
garc
Hmm, when I think of "Security through Obscurity", I tend to think of it in a different way than thought of above. I think of it as keeping the method used to encrypt/secure/hide something secret, thinking that because the method is secret it is secure.
For example, say I develop a new top secret encryption scheme, called Rot-13. I tell no one of how it works. Since I am not a professional cryptographer, the chances are my algorithm is not cryptographically sound. So it is only secure as long as its method is secret. Once the secret is out, its security is gone. This is security through obscurity.
An example of the opposite would be RSA. The algorithm is well known, therefore with peer review, it is thought of as secure. Even though I know how RSA works, I'm still unlikely to be able to crack it if used properly.
regards,
garc
I believe that is can use the old VAJ repository, but I don't know why anyone would want to do that.
garc
After the large amount of IIS exploits, a co-worker and I wanted to switch some webservers from IIS to apache. The servers ran some weird custom collection of perl scripts and JSPs. When we did the apache install, we expected it to pretty much work out of the box. It didn't.
After some investigation, we found that the perl scripts had a line in it like
where something.pl was in the parent directory. This seemed to be fine for IIS, but not for apache. Also we noticed some oddities about environment variables after perl execs in apache. We didn't have the time to resolve these issues (mostly b/c the app was sloppily written) so we switched back to IIS.So, if an app is sloppily written and deployed on IIS, it might be somewhat of a pain to export to apache. Just a word of warning.
garc
I think that this is the same thing that you said:
From my experience, they don't allow you to sell a shrink wrapped product with the wrapping removed. If It's stlil in its 100% original packaging, you can resell it on ebay.
garc
Could you post a link? I know that I, as a less informed american, would love to see the information.
Thanks,
garc
He left. He's over at k5 now.
Garc
Typically you need to be the copyright holder to make a complaint, although in some occasions (RTLinux), the FSF handled it with holding the copyright.
Now that it has been discovered that they use glibc, the FSF can begin action.
garc
In recent news, Slashdot editors are the first to discover that gall bladders are actually tumors. Not only are they world class spellers, but also medical researchers.
Garc
Have any of you ever used fair share? I hear numerous good things about it, but have never tried it. Is there a linux client?
garc
I'm all for giving him a fair trial if he continues to be the primary suspect. Of course if we have absolutly no evidence, or reason to believe that he was involved, then he should be left alone.
I'm not assuming any ulterior motives to why Afghanistan doesn't want to extradite him. You are very possibly correct that it may be because he wouldn't recieve a fair trial. I doubt very much that he would.
But if we do have actual evidence, and it turns out he was quite possibly involved, how do we handle it? That is that question I am aiming at.
And it just baffles me, I have no idea. The best thing I can think of is to perform the trial in Afghanistan with an American muslim prosecuting (Assuming of course thats how the trials there work, I am ignorant in that respect). Would we have reason to doubt the impartiality of Afghanistanians as much as we do Americans?
garc
I fear that you are a better man than most Americans.
garc
Those are deffinately some very relative fears that you listed. I am very afraid of those also.
But the right to privacy through encyption is just one very small aspect of freedom. If we give that up, when do we stop? Where do we draw the line and say that "Ah hah, now we have the perfect amount of freedom, and just the right amount of protection from Terrorists"? I'm afraid that once we get the ball rolling, it will be hard to stop.
garc
Hmmm, that is interesting. I was completely unaware of that, thank you.
Do you think they might agree to hold a trial for him if it was conducted entirely by muslims, but with American (or non-Islamic) laws? Or no? Maybe we could use a foreign Muslim lawyer and Jury.
What is their legal system like? I have no idea about Islamic laws, would an Afghanistanian trial most likely be fair?
garc
Even if every Muslim hates Americans (something which I entirely doubt), I still wouldn't want to kill any of them.
I wouldn't want to prove their false beliefs (About us hating them) correct by killing them indescrimately.
Garc
Ah, that is an interesting assumption. I don't think it would hold up well in a court though. There would probably be a lot of reasonable doubt. Hopefully they'd have more corroborating evidence.
garc
I've been thinking a lot along these lines lately, and trying to discuss this with my friends. My stance is nearly exactly the same as yours, I see this as a police action, not a war. I also don't want to see us be wontonly violent to afghan citizens just to capture bin laden.
The people I talk with though still want to see bin laden "brought to justice", I always try to get them to say "brought to trial" instead, they rarely do. I agree that he should be tried for crimes he allegedly committed. What I don't know is how do we go about doing that? What methods do we use to extradite him? Or do we allow another country (afghanastan, or maybe someplace else even) to run the trial, to allow for less (or more?) bias.
And if we can't extradite bin Laden without violence, is it worth it to kill civillians just to send a message that terrorism is bad and will not be tolerated? Will not being forceful and violent send the opposite message, that terrorism against the US won't come back to bite you?
How should our country handle this? I'd love to see a high moral ground taken, but I don't see a solution that fits the problems.
Any ideas or insight would be appreciated.
garc