One method that is incredibly difficult to stop -- at least, sites are unwilling to do so -- is through timing the login page. By timing how long it takes to respond to an invalid login attempt (just use a bogus password), you can figure out if the username/email is valid at that site. Check out the paper on this called Exposing Private Information by Timing Web Applications at http://www.abortz.net/, which recently appeared at the IW3C2 World Wide Web conference this year.
Wrong. There is almost certainly a truth-telling mechanism for the search engine functionality. Truth-telling here means that the optimal behavior for a site to get hits is to tell the truth about the page's content (ie. no trickery). Of course, the mechanism would also almost certainly be very slow to run, but still...
"Monocultures" tend to be bad, but they don't have to be.
Except perhaps the FSF might have a _case_ against GPL violations, whereas the RIAA not only has no case, but they KNOW IT! Circumstantial evidence is not enough to prove a case.
Even though they don't really compete, if we go by presence alone, Cg wins. At SIGGRAPH 2002, I didn't even see a bit of RenderMonkey, but Cg was all over the place. NVIDIA even had free hands-on classes for building some simple shaders in Cg.
Re:I honestly can't figure out
on
What is .NET?
·
· Score: 1
Don't blame the languages when its the browsers themselves that can't agree on how to present their interfaces. JavaScript itself it standard, and the code will _run_ on every browser. The problem is in the objects that the browser presents to the JavaScript interpreter for interacting with the user. Without that, JavaScript can calculate to its heart's content and never be able to display a scrap of it.
How about producing anonymously a p2p app that allows users to communicate anonymously themselves. Kills two birds with one stone, and trust me, I'm working on this project right now...
If you read even more, you'll realize that a pattern has set in that favors that hackers. In the age of the F card, as DirecTV was replacing them with the new, "unhackable" H cards, the pirate world was shook. Everyone predicted the end. No one knew how to hack these new smart cards. DTV, content, finalized the switchover and turned off the old data stream. The next day, the first "H Hack" was released on the Internet. DTV has spent years hunting down hackers to no avail. This weekend's attack had been predicted, so no one was too surprised, only sad at the loss of a pirate TV. But the same pattern seems to be developing - for a while now the HU card has been under scrutiny to find a hack, but no such luck. But now, with DTV about complete the switchover to HU completely, the first "HU Hack" has appeared, only in commercial settings only. Likely, this card will not stand a concerted attack from the hacker community.
And the big unpublished fact of this attack was that, due to a form of recklessness and carelessness by DTV, the ECM hit not only hacked cards, but many valid H cards!
As long as one side is authenticated via public key crypto, a man in the middle attack is not possible, period. If the server's Diffie-Hellman half is signed, then either you have a clear, secure connection to the server at the end (assuming no man in the middle) or the man in the middle has a clear, secure connection, which he could have made anyway on his own. The server is never tricked into thinking an attacker is you, and you are never tricked into thinking an attacker is the server.
In other words, if one (or both) or the Diffie-Hellman halfs are signed, an attack against the secure channel will 1) fail or 2) be easily noticed by the victim - when his connection doesn't work.
Forget about author compensation: they aren't on the Mojo Nation network. What about the people who DO publish data. Are they going to publish good stuff if they is little chance of even breaking even!?!? The only reason Napster worked is because by default everyone published, and published for free (well, kinda). This system will probably die from starvation of data, as no one will publish.
Although it would generally benefit everyone, what exactly is the incentive for publishing data? It costs you 'Mojo', and you get nothing back for it because people download it from other users. Am I missing something here?
I think it's more conventionally known as a "secret sharing" algorithm, at least as far as Schneier is concerned. Except that in this use, the "secret" is not the important part, its the resistance to data loss that is key. This is very similar to a project I saw a while back (http://www.eleves.en s.fr:8080/home/madore/misc/freespeech.html) which does not provide the same resistance as Publius.
Most important about this alternative project mentioned above is that not only is no single server providing contraband data, no data on any server can be removed without possibly infringing on the 1st amendment rights of another individual. In the US, this means all data on the server is safe.
Although many of the points in the Anti-Mac paper are interesting and possibly good suggestions for the future of UI, I think that future is not all we need.
The way I see it, the integration of core components (like command-line utilities) that provide ultimate control with layers and layers of graphically/verbally controlled expert systems (like GUIs assisting common tasks) is what we really need. When we get to this point, operations take on a "minimal effort" state. For example: 1. You are setting up a report. You inform the computer of this and it pops up a window with common settings that are different from every report. (You've just saved a couple seconds to a minute of identifying and preparing commands) 2. You press a button to peel back the assistance and tweak a certain feature you know needs to be changed but isn't on the "easy" screen 3. You press preview to examine a page of the report and notice that the font of the header looks clunky. You go to the previous screen and peel back 2 layers more until you are at a tabbed screen with many commands. Find font settings for the header, change, preview, print.
Those layers are, as I see it, the easiest and possibly the best way of providing for the dichotomy of novice computer users and power users.
No Win9x/ME computer is really single-user when you drop it on the Internet. THAT'S your (and Microsoft's) problem: you don't seem to understand that the future is MORE connected, not less connected. Win9x/ME is fine if you can disconnect it from the world and go play Starcraft in a dark closet by yourself. And you wonder why there are so many hacks...;)
The incrediblely key word in your entire rant was "shouldn't". In theory, yes, Windows APIs are like a black box, and you don't need to know how they are implemented because their purpose is documented and correct. That you still believe this theory suggests you have not dealt enough with Win32 API programming.
As for Unix's use of the "filesystem", at least it has a central design! Windows APIs are rarely consistant and always changing. Every day I am reminded of the lack of foresight of the API programmers when I use...Ex() functions. In Unix, the filesystem is transformed into a global namespace that provides as much uniformity as you want.
I myself have never been able to kick Win32 for more than a week, however, when I am in an anti-Microsoft mood and boot to Linux, the beauty of it all is amazing. If not for a few problems (lack of web browser), I would certainly give up Windows completely.
Everyone on this forum seems to be misinterpreting the designed use for this system: It is not to keep information secret, and it is NOT effective against a secret police. It is, however, useful against a society, like in the US, where free speech is valued and, except in the rarest of circumstances, protected.
This system, by breaking down a message into shared pieces, would put the US government to a serious question if they wanted to take down some "objectionable" material, because if they took down the pads that made that message, they would be stomping on the free speech rights of all the other individuals who used one or more of those pads!
Slashdot Mirror
One method that is incredibly difficult to stop -- at least, sites are unwilling to do so -- is through timing the login page. By timing how long it takes to respond to an invalid login attempt (just use a bogus password), you can figure out if the username/email is valid at that site. Check out the paper on this called Exposing Private Information by Timing Web Applications at http://www.abortz.net/, which recently appeared at the IW3C2 World Wide Web conference this year.
Wrong. There is almost certainly a truth-telling mechanism for the search engine functionality. Truth-telling here means that the optimal behavior for a site to get hits is to tell the truth about the page's content (ie. no trickery). Of course, the mechanism would also almost certainly be very slow to run, but still...
"Monocultures" tend to be bad, but they don't have to be.
Except perhaps the FSF might have a _case_ against GPL violations, whereas the RIAA not only has no case, but they KNOW IT! Circumstantial evidence is not enough to prove a case.
Even though they don't really compete, if we go by presence alone, Cg wins. At SIGGRAPH 2002, I didn't even see a bit of RenderMonkey, but Cg was all over the place. NVIDIA even had free hands-on classes for building some simple shaders in Cg.
Don't blame the languages when its the browsers themselves that can't agree on how to present their interfaces. JavaScript itself it standard, and the code will _run_ on every browser. The problem is in the objects that the browser presents to the JavaScript interpreter for interacting with the user. Without that, JavaScript can calculate to its heart's content and never be able to display a scrap of it.
How about producing anonymously a p2p app that allows users to communicate anonymously themselves. Kills two birds with one stone, and trust me, I'm working on this project right now...
- Andrew
If you read even more, you'll realize that a pattern has set in that favors that hackers. In the age of the F card, as DirecTV was replacing them with the new, "unhackable" H cards, the pirate world was shook. Everyone predicted the end. No one knew how to hack these new smart cards. DTV, content, finalized the switchover and turned off the old data stream. The next day, the first "H Hack" was released on the Internet. DTV has spent years hunting down hackers to no avail. This weekend's attack had been predicted, so no one was too surprised, only sad at the loss of a pirate TV. But the same pattern seems to be developing - for a while now the HU card has been under scrutiny to find a hack, but no such luck. But now, with DTV about complete the switchover to HU completely, the first "HU Hack" has appeared, only in commercial settings only. Likely, this card will not stand a concerted attack from the hacker community.
And the big unpublished fact of this attack was that, due to a form of recklessness and carelessness by DTV, the ECM hit not only hacked cards, but many valid H cards!
As long as one side is authenticated via public key crypto, a man in the middle attack is not possible, period. If the server's Diffie-Hellman half is signed, then either you have a clear, secure connection to the server at the end (assuming no man in the middle) or the man in the middle has a clear, secure connection, which he could have made anyway on his own. The server is never tricked into thinking an attacker is you, and you are never tricked into thinking an attacker is the server.
In other words, if one (or both) or the Diffie-Hellman halfs are signed, an attack against the secure channel will 1) fail or 2) be easily noticed by the victim - when his connection doesn't work.
Forget about author compensation: they aren't on the Mojo Nation network. What about the people who DO publish data. Are they going to publish good stuff if they is little chance of even breaking even!?!? The only reason Napster worked is because by default everyone published, and published for free (well, kinda). This system will probably die from starvation of data, as no one will publish.
Although it would generally benefit everyone, what exactly is the incentive for publishing data? It costs you 'Mojo', and you get nothing back for it because people download it from other users. Am I missing something here?
I think it's more conventionally known as a "secret sharing" algorithm, at least as far as Schneier is concerned. Except that in this use, the "secret" is not the important part, its the resistance to data loss that is key. This is very similar to a project I saw a while back (http://www.eleves.en s.fr:8080/home/madore/misc/freespeech.html) which does not provide the same resistance as Publius.
Most important about this alternative project mentioned above is that not only is no single server providing contraband data, no data on any server can be removed without possibly infringing on the 1st amendment rights of another individual. In the US, this means all data on the server is safe.
Although many of the points in the Anti-Mac paper are interesting and possibly good suggestions for the future of UI, I think that future is not all we need.
The way I see it, the integration of core components (like command-line utilities) that provide ultimate control with layers and layers of graphically/verbally controlled expert systems (like GUIs assisting common tasks) is what we really need. When we get to this point, operations take on a "minimal effort" state. For example:
1. You are setting up a report. You inform the computer of this and it pops up a window with common settings that are different from every report. (You've just saved a couple seconds to a minute of identifying and preparing commands)
2. You press a button to peel back the assistance and tweak a certain feature you know needs to be changed but isn't on the "easy" screen
3. You press preview to examine a page of the report and notice that the font of the header looks clunky. You go to the previous screen and peel back 2 layers more until you are at a tabbed screen with many commands. Find font settings for the header, change, preview, print.
Those layers are, as I see it, the easiest and possibly the best way of providing for the dichotomy of novice computer users and power users.
No Win9x/ME computer is really single-user when you drop it on the Internet. THAT'S your (and Microsoft's) problem: you don't seem to understand that the future is MORE connected, not less connected. Win9x/ME is fine if you can disconnect it from the world and go play Starcraft in a dark closet by yourself. And you wonder why there are so many hacks... ;)
The incrediblely key word in your entire rant was "shouldn't". In theory, yes, Windows APIs are like a black box, and you don't need to know how they are implemented because their purpose is documented and correct. That you still believe this theory suggests you have not dealt enough with Win32 API programming.
...Ex() functions. In Unix, the filesystem is transformed into a global namespace that provides as much uniformity as you want.
As for Unix's use of the "filesystem", at least it has a central design! Windows APIs are rarely consistant and always changing. Every day I am reminded of the lack of foresight of the API programmers when I use
I myself have never been able to kick Win32 for more than a week, however, when I am in an anti-Microsoft mood and boot to Linux, the beauty of it all is amazing. If not for a few problems (lack of web browser), I would certainly give up Windows completely.
Everyone on this forum seems to be misinterpreting the designed use for this system: It is not to keep information secret, and it is NOT effective against a secret police. It is, however, useful against a society, like in the US, where free speech is valued and, except in the rarest of circumstances, protected.
This system, by breaking down a message into shared pieces, would put the US government to a serious question if they wanted to take down some "objectionable" material, because if they took down the pads that made that message, they would be stomping on the free speech rights of all the other individuals who used one or more of those pads!