How do you know which of your CDs have this protection until you buy them?? A particular CD might be re-released with protection, and we would have no idea, unless we happen to hear about it online. Where is the list of known cactus CDs so people can avoid them? In the present situation, this technology will thrive, because the more people hate it, the more the RIAA will love and support it. And we, being addicted to music, will just keep buying it.
...for a number between 3 and 10 that's divisible by 3 and prime.
Show your boss a list, with what they do and don't offer. But you're not going to get all those things in a language that is widely-used.
By the way, I happen to like the way Java and C# do things with no multiple inheritance. Instead, you use interfaces, and you end up avoiding a lot of potential headaches. GC handles memory for you, etc, you have a modern, rich library of tools included, etc.
I do think it's wrong to take the image and use it for your own purposes. However, you allude to a much better solution than taking it to court. A server can simply verify that the referring page is the correct one and reject the request otherwise.
Re:interpretation is the only way to guarantee saf
on
Bill Joy's Takes on C#
·
· Score: 2
Java's code does run on hardware.
The Java compiler compiles it to byte code. Then at run-time the JIT (just-in-time compiler) available on many Java platforms compiles the byte code to native code.
C# does the same thing. It compiles to a byte code called MSIL, and then at run-time it gets JITed to native code. And, just like Java, a C# app that you run from the web gets run in a sandbox to protect the user from malicious code.
How do you handle the existing Active X and put that in a box?
They are in a sort of box. If you don't want ActiveX controls on the web to run, turn them off. But even by default, you won't even have the option to run an ActiveX control unless it has a secure digital certificate telling you where it came from.
Should you: trick them into thinking it's local code via a dialog?
Such a dialog wouldn't be very effective. The program would have to convince the user to dig into the system's system security policy settings and change them. But even in Java, if you can convince users to do that, you've got them.
trick the VM into thinking its local code?
To change its status from untrusted to trusted, your code would need to get outside the sandbox. But if it can get outside the sandbox, maybe it doesn't need to convince the VM after all...
exploit the requirement for the 'unsafe' flag in order to run unsafe code?
If the VM sees unsafe instructions in the wrong context, it will not let the code run. The unsafe flag doesn't matter.
Java has many of the same potential vulnerabilities. Java, like C# has trusted and untrusted modes. The real risk in untrusted mode is that someone will mess up the files on your disk. But, in both languages, this will not happen unless code finds a way out of the sandbox. The advantage of Java is that it has been around longer; it is a more mature platform with a larger installed base. The advantage of C# is they could learn from Java's experience in making something with a lot of the same advantages, but with more flexibility.
Here is what you agree to (among other things) in the Terms of Service:
"You agree to indemnify and hold us. . . harmless from any claim, demand,loss and damage whatsoever including reasonable attorneys' fees, made by any third party due to or arising out of your use of the Product, your connection to the Product, your breach/violation of the TOS, or your breach/violation of any rights of another or any existing laws (local, state, national and/or international) whatsoever."
(abridged, emphasis added)
In other words: you could get busted for this, and that's your problem. In fact, if someone (MPAA, government) sues us because you have been using this service, you get to pay our attorney's fees.
Most Outlook viruses don't exploit low-level coding errors, they exploit the high-level error of allowing arbitrary foreign executables free access to the system.
However, if you have used Office XP, you will notice that it prevents you from executing attachments, by default.
One company creates a legal document that it sends out to millions of people and requires them to accept to use its service.
The same company therefore has the resources to make the legal document really, really, long and complicated and incomprensible by the average reader. The amount of obfuscation is purely up to the company.
Millions of people do not have the same time to devote to deciphering the said document. Even though each of us may care a lot about these issues, there is a limit to our individual intelligence and/or patience.
Why does congress have to bow to corporations so readily? Think: Campaign finance. Corporations can donate unlimited amounts of money to political parties as long as it is "soft money." In recent years, the parties have learned to skirt the rules and really use this money to win elections. The more this corporate money becomes essential to winning elections, the more politicians will be bowing to every whim of the big corporations.
As long as there is no campaign finance reform, the RIAA, MPAA, copyright holders, and others will continue to buy your rights away.
And here's my reply (which you should also mod as offtopic and redundant, because it is offtopic and because the same idea was stated in the Slashdot article that was about encryption):
If instead of 100,000,000 people sending non-back-doored encrypted messages, only 500 people are sending them, how would you rate the FBI/NSA/CIA's relative ability to investigate these individuals for threats of terrorism? In scenario 2, when they see a message using unapproved encryption, they can choose to look into it.
Now to respond to the responses I am bound to get about this:
The U.S. can't control the world's communications, blah, blah, blah.
Yes, but the can pass laws (enforce? maybe...) about communications that enter or leave the country.
Big brother is out to get us...
My post was not intended to address this issue. You might want to post to the article on this subject to avoid getting modded as offtopic like this post is going to be.
Bin Laden doesn't even live in the U.S.
Yes, but many of his contacts and co-conspirators live in or visit the U.S. in the process of doing his work.
Yeah, but what about steganography, culling, or some other way of achieving confidentiality and hiding/avoiding encryption?
This is probably the most interesting sort of reply. However, you might consider posting it to
the article on the subject.
Now moderators, please do the right thing and mod us down.
More to the point how do you distinguish such a communication between terrorists from the same communication between members of an advertising agency?
How have they managed to thwart so many previous terrorism attempts? We forget the unsuccessful attacks because no lives are lost, no terrible pictures broadcast. Just one or a few people being arrested and a few comments in passing. Our anti-terrorism organisations are quite good at what they do. This time, unfortunately, the combination of encryption, steganography, and strictly minimal communication was enough to get past the usual interception methods.
I think the biggest problem would be the sheer number of servers out there run by different people.
What if someone pretended to convert the image twice, and then embedded data anyway. Yeah, you might be able to keep secret messages of your server, but making this a general feature of the web would be next to impossible.
There was, save the existence of airplanes, no technology whatsoever in Tuesday's attacks.
How do you coordinate those efforts without communication technology? The government frustrated similar terrorist efforts on more than one occasion (including New Year's Eve) by being able to intercept and decrypt their communications. So, yes, if you forget that the point of encryption is being able to communicate, then you might have some kind of point. But communication is needed. How do you say, you get on this flight, watch out for this, the president is likely going to be here, oh wait, this flight was delayed or canceled, reschedule this thing a week later, wait, they seem to suspect us, call everything off until two months from now. How do people in remote locations give each other the kind of encouragement and coordination necessary to hijack four planes at once for suicide missions, if there isn't communications technology? The media has reported that steganography has become a central part of Bin Laden's "terrorist training camps." Authorities believe that terrorists have been using images on porn and other sites to hide encrypted messages. A better question to ask is:
Does curbing encryption work in spite of the steganographic techniques they have been using? But the technology issue can't just be tossed aside. It is key to the actions of modern terrorists.
Slashdot Mirror
How do you know which of your CDs have this protection until you buy them?? A particular CD might be re-released with protection, and we would have no idea, unless we happen to hear about it online. Where is the list of known cactus CDs so people can avoid them? In the present situation, this technology will thrive, because the more people hate it, the more the RIAA will love and support it. And we, being addicted to music, will just keep buying it.
Hmmm. C# also has everything mentioned except multiple inheritance, so make that "Only two languages."
Of course, C++ has everything but garbage collection. Make that "Only three languages."
But I'm sure I missed a few.
...for a number between 3 and 10 that's divisible by 3 and prime.
Show your boss a list, with what they do and don't offer. But you're not going to get all those things in a language that is widely-used.
By the way, I happen to like the way Java and C# do things with no multiple inheritance. Instead, you use interfaces, and you end up avoiding a lot of potential headaches. GC handles memory for you, etc, you have a modern, rich library of tools included, etc.
I do think it's wrong to take the image and use it for your own purposes. However, you allude to a much better solution than taking it to court. A server can simply verify that the referring page is the correct one and reject the request otherwise.
Java's code does run on hardware.
The Java compiler compiles it to byte code. Then at run-time the JIT (just-in-time compiler) available on many Java platforms compiles the byte code to native code.
C# does the same thing. It compiles to a byte code called MSIL, and then at run-time it gets JITed to native code. And, just like Java, a C# app that you run from the web gets run in a sandbox to protect the user from malicious code.
How do you handle the existing Active X and put that in a box?
They are in a sort of box. If you don't want ActiveX controls on the web to run, turn them off. But even by default, you won't even have the option to run an ActiveX control unless it has a secure digital certificate telling you where it came from.
Should you: trick them into thinking it's local code via a dialog?
Such a dialog wouldn't be very effective. The program would have to convince the user to dig into the system's system security policy settings and change them. But even in Java, if you can convince users to do that, you've got them.
trick the VM into thinking its local code?
To change its status from untrusted to trusted, your code would need to get outside the sandbox. But if it can get outside the sandbox, maybe it doesn't need to convince the VM after all...
exploit the requirement for the 'unsafe' flag in order to run unsafe code?
If the VM sees unsafe instructions in the wrong context, it will not let the code run. The unsafe flag doesn't matter.
Java has many of the same potential vulnerabilities. Java, like C# has trusted and untrusted modes. The real risk in untrusted mode is that someone will mess up the files on your disk. But, in both languages, this will not happen unless code finds a way out of the sandbox. The advantage of Java is that it has been around longer; it is a more mature platform with a larger installed base. The advantage of C# is they could learn from Java's experience in making something with a lot of the same advantages, but with more flexibility.
Dr. Strangelove lives!
From the intro page:
.NET Framework.
Terrarium is a multiplayer ecosystem game developed using the
It will probably give you some ideas on how to implement this kind of thing.
Caveat emptor,
Here is what you agree to (among other things) in the Terms of Service:
"You agree to indemnify and hold us. . . harmless from any claim, demand,loss and damage whatsoever including reasonable attorneys' fees, made by any third party due to or arising out of your use of the Product, your connection to the Product, your breach/violation of the TOS, or your breach/violation of any rights of another or any existing laws (local, state, national and/or international) whatsoever."
(abridged, emphasis added)
In other words: you could get busted for this, and that's your problem. In fact, if someone (MPAA, government) sues us because you have been using this service, you get to pay our attorney's fees.
Now if you could rig up a system to turn those AOL CDs into energy, then we might have a perpetual source of energy.
Most Outlook viruses don't exploit low-level coding errors, they exploit the high-level error of allowing arbitrary foreign executables free access to the system.
However, if you have used Office XP, you will notice that it prevents you from executing attachments, by default.
One company creates a legal document that it sends out to millions of people and requires them to accept to use its service.
The same company therefore has the resources to make the legal document really, really, long and complicated and incomprensible by the average reader. The amount of obfuscation is purely up to the company.
Millions of people do not have the same time to devote to deciphering the said document. Even though each of us may care a lot about these issues, there is a limit to our individual intelligence and/or patience.
As long as there is no campaign finance reform, the RIAA, MPAA, copyright holders, and others will continue to buy your rights away.
...and after you drop it, it does a realistic simulation of a robot crashing into the ground and breaking into a thousand pieces.
Just imagine...
a Beow...
oh wait. Never mind.
Oops. That was an anti-Slashdot post. Here: Microsoft Sucks!
This is Slashdot. Only anti-Microsoft posts are allowed.
Have you ever programmed with swing? It's just painful.
Redundant=2 Offtopic=3
And here's my reply (which you should also mod as offtopic and redundant, because it is offtopic and because the same idea was stated in the Slashdot article that was about encryption):
If instead of 100,000,000 people sending non-back-doored encrypted messages, only 500 people are sending them, how would you rate the FBI/NSA/CIA's relative ability to investigate these individuals for threats of terrorism? In scenario 2, when they see a message using unapproved encryption, they can choose to look into it.
Now to respond to the responses I am bound to get about this:
The U.S. can't control the world's communications, blah, blah, blah.
Yes, but the can pass laws (enforce? maybe...) about communications that enter or leave the country.
Big brother is out to get us...
My post was not intended to address this issue. You might want to post to the article on this subject to avoid getting modded as offtopic like this post is going to be.
Bin Laden doesn't even live in the U.S.
Yes, but many of his contacts and co-conspirators live in or visit the U.S. in the process of doing his work.
Yeah, but what about steganography, culling, or some other way of achieving confidentiality and hiding/avoiding encryption?
This is probably the most interesting sort of reply. However, you might consider posting it to
the article on the subject.
Now moderators, please do the right thing and mod us down.
No proof. Just pretty good evidence. Go read the news.
More to the point how do you distinguish such a communication between terrorists from the same communication between members of an advertising agency?
How have they managed to thwart so many previous terrorism attempts? We forget the unsuccessful attacks because no lives are lost, no terrible pictures broadcast. Just one or a few people being arrested and a few comments in passing. Our anti-terrorism organisations are quite good at what they do. This time, unfortunately, the combination of encryption, steganography, and strictly minimal communication was enough to get past the usual interception methods.
Interesting idea.
I think the biggest problem would be the sheer number of servers out there run by different people.
What if someone pretended to convert the image twice, and then embedded data anyway. Yeah, you might be able to keep secret messages of your server, but making this a general feature of the web would be next to impossible.
There was, save the existence of airplanes, no technology whatsoever in Tuesday's attacks.
How do you coordinate those efforts without communication technology? The government frustrated similar terrorist efforts on more than one occasion (including New Year's Eve) by being able to intercept and decrypt their communications. So, yes, if you forget that the point of encryption is being able to communicate, then you might have some kind of point. But communication is needed. How do you say, you get on this flight, watch out for this, the president is likely going to be here, oh wait, this flight was delayed or canceled, reschedule this thing a week later, wait, they seem to suspect us, call everything off until two months from now. How do people in remote locations give each other the kind of encouragement and coordination necessary to hijack four planes at once for suicide missions, if there isn't communications technology? The media has reported that steganography has become a central part of Bin Laden's "terrorist training camps." Authorities believe that terrorists have been using images on porn and other sites to hide encrypted messages. A better question to ask is:
Does curbing encryption work in spite of the steganographic techniques they have been using? But the technology issue can't just be tossed aside. It is key to the actions of modern terrorists.