Compute closure on the set of variables not affecting the results of the computation (return values) in each function. Discard these variables.
Compute closure on the set of functions not affecting the results of computations in main. Discard these functions.
Rename all variables in each function to a (remembering prior names), and rename all functions to b (also remembering). Strip all space, comments and operators from each line of the function. Sort the remaining lines by length, with the longest line first. Restore original variable and function names. Substitute a-z for each variable by when it is first referenced.
Perform a similar sort/rename for function names based on the length of each function and rearrange the functions A-Z, from most complex to least complex.
Now sort each line in the file in ASCII order, stripping duplicates.
This should match the most complex parts of the logic with no respect to variable/function names, redundant computation or choice of operators.
You can subdivide the problem into overlapping buckets based on length of the hash, and compare only programs of similar distilled complexity.
To get a reasonably good metric, one still needs to compute 'sedit' distance, allowing for swapping of two lines, swapping of two characters, insertion and deletion of a character, for each pair of hashes, in each bucket.
I just don't see a better hashing than this, please post one if you know of it.
Actually a license saying "We will eat your third born son" is perfectly legal to create and sign, just completely unenforceable.
It's standard practice to include a clause in contracts stating that if any single part of the contract is held unenforceable, the rest of the contract remains (or alternatively dissolves the whole contract).
So one could conceivably have a functioning, legal contract stating that another party may consume their third born son.
Thus the way to attack these licenses is to attack the offending portions as illegal, unconstitutional, or unenforceable; attacking the principal of click-through licenses is unlikely to yield much. It's not possible to give up rights to jury trial in many states, and thus unenforceable.
About the searching of premises clause, this is interesting, because if prevented from searching the premises, Borland can not determine whether or not the license is still being used, and thus can not determine whether or not they have a right to search the premises. Sort of a chicken and egg problem there.
Strength in numbers for DDOS usually comes from a few small subnets with large numbers of machines, like university campus networks. Typically, you will only see a few hundred entry networks, for an actively launched large scale DOS attack, although passive attacks like code red would obviously defeat the DDOS detection.
A solution to the DOS problem was posed at the Adelaide IETF meeting a couple years ago. Basically, some small percentage of packets randomly selected get ICMP notices from routers, with last and next hop information, that is forwarded to the destination. So if you are getting a large number of packets from a single source, you get proportionally more of these packets, and can use a heuristical engine to model the source, even for DDOS problems. This allows you to trace back to the offending network/ISP and shut off the DOS
Why did no one do this? It requires changes to router firmware, I'm not sure about Cisco firmware upgrades, but I thought they were at least possible. Besides, they could use this as a selling point and declare their old routers obsolete.
Admittedly, the model breaks down under MPLS, since it is difficult to track the cloud, but you can at least track entrance and exit points from the cloud.
whois 'google*' lists 50 records, including GOOGLE.COM, GOOGLE.NET, GOOGLE.ORG, GOOGLE4SEX.COM, GOOGLEA.COM, GOOGLEBAY.COM, many of which are blatantly for sale.
This really is such a bad idea it's not even funny. Who can afford to have insecure software and jack up their prices to pay for it? Certainly not any small growing shop. The cost of one serious incident could easily put a small company out of business. And this is supposed to make software more secure by turning it over to large corporate entities, many of whom have dubious track records on security?
You get not what you pay for, but what you sign for in your support contract. If you don't dictate the terms of the contract, then vote with your money on a vendors security record.
I'm sorry, but the article referenced seems to imply that it would be legal and ethical to pass laws restricting or eliminating proprietary software licenses. This is totally and absolutely wrong. The copyright owner is the sole person able to determine the conditions of use of the work. To remove this principle eliminates the foundation for the free software movement.
I advocate whatever license you should choose. Personally, I like the BSD license, and dislike the GPL. But if you can only choose from a set of pre-determined licenses, do you really think the GPL is going to be a choice? There are too many vested commercial interests that want the GPL license to go away.
Yes, of course OOPLs can solve engineering problems. Does that mean you need to use it to solve engineering problems, or that it is always the best solution? No, in fact a lot of time it is unwieldy to design an object framework, and it complicates the problem. If there is a clear objectification of the problem, an OOPL would be a good choice.
Languages are just a toolbox - pick the right tool for the problem. People too often jump on the newest hyped language and think it will make everything easier and better.
After re-reading this article several times, I still find it hard to believe. The writer is complaining that his company can't use a business VPN on a residential cable line. While I'm sorry - that is why they offer business services.
This is really akin to zoning in the real-estate market. I don't want businesses in my residential area, and I don't really want a home in a commercial zone. And I really don't want businesses taking up my already clogged network pipe.
It seems there is too much of a whine/complain culture around here - maybe we are all too spoiled from getting free stuff while.com's were a sure thing. So tell your company to cough up the dough and get a business line. If they are having trouble paying that, maybe you should look at another company, since your salary may be next.
Please read this article with the same grain of salt you would read a Linux advocacy article from the CEO of RedHat.
One should always be aware of any vested interest or bias of opinion from a news source. There are very few truly impartial third parties. The fact that the party in question here is Microsoft makes me question the motiviation no more than any other party.
It may very well encourage companies to sue - this is usually the default knee jerk reaction management will take. The designers of this software were very clever to make it parody - there is legal precedent protecting parodies of a work, as it constitutes free speech. This means they can justifiably have siginificant non-infringing use of trademarks and copyrighted material.
Not just foreign cuisines - Cajun food as well has the same element. Beef brisquet is probably the least expensive and least desired cut of beef. Catfish are bottom feeders, and crawfish live in mud. Years ago, noone but the poor would touch these foods before they suddenly became fashionable.
I think you've got a point there. Perhaps it is the lack of plentiful and high quality ingredients that forced these cuisines to take unique creative directions. Making the best with what little you have is certainly better than mediocrity with plenty.
What is Iron chef American? Hamburgers and hot dogs? Why not iron chef Cajun instead? All "American" food is really mostly Italian and French anyways. I certainly don't think the Iron chef is going to be slow roasting a turkey on a spit.
The fact is, the port that a service, or group of services is running on, does not matter. What matters in the syntax and semantics of the messages exchanged between the client and server. A modern firewall needs to be intelligent enough to interpret the syntax and semantics of requests before allowing them to pass.
Until recently, most hacking attacks and defense mechanisms have focused mostly on syntactic attacks (buffer overflows and parsing induced logic errors being the most relevant attacks; sandboxes and ruleset based detection being the most relevant defenses). These types of attacks are easy for firewalls to understand and defend against.
The type of attacks that are not easy to defend against are semantic attacks. These attacks depend on behaviors not specified explicitly by any type of protocol operation, but by the side effects of those operations on complex software systems. An example of this would be a site allowing FTP uploads, with a daemon periodically scanning the incoming directory. Suppose a specially formed filename could be used to attack the scanning daemon - there is nothing suspicious about this at the syntactic level, and firewalls would be none the wiser.
Any protocol designed to have side effects on the server, where custom server applications may depend on and use the results of those side effects is vulnerable to these types of attacks. SOAP is one way of doing this, but is no different than the HTTP POST method - both provide the same inherent danger.
Don't get me wrong - I agree that separating services by port is a good idea. It's just not enough. Modern firewalls can selectively filter out HTTP requests based on regular expression matches in the header fields - this is all you need to stop something like SOAP from being accessible through a firewall. Establishing different levels of permission for any object protocol through HTTP is left as an exercise to the reader.
Slashdot Mirror
Compute closure on the set of variables not affecting the results of the computation (return values) in each function. Discard these variables.
Compute closure on the set of functions not affecting the results of computations in main. Discard these functions.
Rename all variables in each function to a (remembering prior names), and rename all functions to b (also remembering). Strip all space, comments and operators from each line of the function. Sort the remaining lines by length, with the longest line first. Restore original variable and function names. Substitute a-z for each variable by when it is first referenced.
Perform a similar sort/rename for function names based on the length of each function and rearrange the functions A-Z, from most complex to least complex.
Now sort each line in the file in ASCII order, stripping duplicates.
This should match the most complex parts of the logic with no respect to variable/function names, redundant computation or choice of operators.
You can subdivide the problem into overlapping buckets based on length of the hash, and compare only programs of similar distilled complexity.
To get a reasonably good metric, one still needs to compute 'sedit' distance, allowing for swapping of two lines, swapping of two characters, insertion and deletion of a character, for each pair of hashes, in each bucket.
I just don't see a better hashing than this, please post one if you know of it.
Actually a license saying "We will eat your third born son" is perfectly legal to create and sign, just completely unenforceable.
It's standard practice to include a clause in contracts stating that if any single part of the contract is held unenforceable, the rest of the contract remains (or alternatively dissolves the whole contract).
So one could conceivably have a functioning, legal contract stating that another party may consume their third born son.
Thus the way to attack these licenses is to attack the offending portions as illegal, unconstitutional, or unenforceable; attacking the principal of click-through licenses is unlikely to yield much. It's not possible to give up rights to jury trial in many states, and thus unenforceable.
About the searching of premises clause, this is interesting, because if prevented from searching the premises, Borland can not determine whether or not the license is still being used, and thus can not determine whether or not they have a right to search the premises. Sort of a chicken and egg problem there.
Try this
Strength in numbers for DDOS usually comes from a few small subnets with large numbers of machines, like university campus networks. Typically, you will only see a few hundred entry networks, for an actively launched large scale DOS attack, although passive attacks like code red would obviously defeat the DDOS detection.
A solution to the DOS problem was posed at the Adelaide IETF meeting a couple years ago. Basically, some small percentage of packets randomly selected get ICMP notices from routers, with last and next hop information, that is forwarded to the destination. So if you are getting a large number of packets from a single source, you get proportionally more of these packets, and can use a heuristical engine to model the source, even for DDOS problems. This allows you to trace back to the offending network/ISP and shut off the DOS
Why did no one do this? It requires changes to router firmware, I'm not sure about Cisco firmware upgrades, but I thought they were at least possible. Besides, they could use this as a selling point and declare their old routers obsolete.
Admittedly, the model breaks down under MPLS, since it is difficult to track the cloud, but you can at least track entrance and exit points from the cloud.
whois 'google*' lists 50 records, including GOOGLE.COM, GOOGLE.NET, GOOGLE.ORG, GOOGLE4SEX.COM, GOOGLEA.COM, GOOGLEBAY.COM, many of which are blatantly for sale.
This really is such a bad idea it's not even funny. Who can afford to have insecure software and jack up their prices to pay for it? Certainly not any small growing shop. The cost of one serious incident could easily put a small company out of business. And this is supposed to make software more secure by turning it over to large corporate entities, many of whom have dubious track records on security?
You get not what you pay for, but what you sign for in your support contract. If you don't dictate the terms of the contract, then vote with your money on a vendors security record.
I'm sorry, but the article referenced seems to imply that it would be legal and ethical to pass laws restricting or eliminating proprietary software licenses. This is totally and absolutely wrong. The copyright owner is the sole person able to determine the conditions of use of the work. To remove this principle eliminates the foundation for the free software movement.
I advocate whatever license you should choose. Personally, I like the BSD license, and dislike the GPL. But if you can only choose from a set of pre-determined licenses, do you really think the GPL is going to be a choice? There are too many vested commercial interests that want the GPL license to go away.
Yes, of course OOPLs can solve engineering problems. Does that mean you need to use it to solve engineering problems, or that it is always the best solution? No, in fact a lot of time it is unwieldy to design an object framework, and it complicates the problem. If there is a clear objectification of the problem, an OOPL would be a good choice.
Languages are just a toolbox - pick the right tool for the problem. People too often jump on the newest hyped language and think it will make everything easier and better.
1) Identify common functionality.
2) Encapsulate in libraries
3) Be sure to extract enough generality that you don't have special case functions
4) Don't extract so much generality that functional interfaces become unwieldy.
5) Write everything in the same language.
6) Find any complex pieces or algorithms. If they can be simplified or re-written, do it. If not, save it so you don't need to debug it again.
7) Throw everything else away.
After re-reading this article several times, I still find it hard to believe. The writer is complaining that his company can't use a business VPN on a residential cable line. While I'm sorry - that is why they offer business services.
.com's were a sure thing. So tell your company to cough up the dough and get a business line. If they are having trouble paying that, maybe you should look at another company, since your salary may be next.
This is really akin to zoning in the real-estate market. I don't want businesses in my residential area, and I don't really want a home in a commercial zone. And I really don't want businesses taking up my already clogged network pipe.
It seems there is too much of a whine/complain culture around here - maybe we are all too spoiled from getting free stuff while
Please read this article with the same grain of salt you would read a Linux advocacy article from the CEO of RedHat.
One should always be aware of any vested interest or bias of opinion from a news source. There are very few truly impartial third parties. The fact that the party in question here is Microsoft makes me question the motiviation no more than any other party.
It may very well encourage companies to sue - this is usually the default knee jerk reaction management will take. The designers of this software were very clever to make it parody - there is legal precedent protecting parodies of a work, as it constitutes free speech. This means they can justifiably have siginificant non-infringing use of trademarks and copyrighted material.
Not just foreign cuisines - Cajun food as well has the same element. Beef brisquet is probably the least expensive and least desired cut of beef. Catfish are bottom feeders, and crawfish live in mud. Years ago, noone but the poor would touch these foods before they suddenly became fashionable.
I think you've got a point there. Perhaps it is the lack of plentiful and high quality ingredients that forced these cuisines to take unique creative directions. Making the best with what little you have is certainly better than mediocrity with plenty.
What is Iron chef American? Hamburgers and hot dogs? Why not iron chef Cajun instead? All "American" food is really mostly Italian and French anyways. I certainly don't think the Iron chef is going to be slow roasting a turkey on a spit.
The fact is, the port that a service, or group of services is running on, does not matter. What matters in the syntax and semantics of the messages exchanged between the client and server. A modern firewall needs to be intelligent enough to interpret the syntax and semantics of requests before allowing them to pass.
Until recently, most hacking attacks and defense mechanisms have focused mostly on syntactic attacks (buffer overflows and parsing induced logic errors being the most relevant attacks; sandboxes and ruleset based detection being the most relevant defenses). These types of attacks are easy for firewalls to understand and defend against.
The type of attacks that are not easy to defend against are semantic attacks. These attacks depend on behaviors not specified explicitly by any type of protocol operation, but by the side effects of those operations on complex software systems. An example of this would be a site allowing FTP uploads, with a daemon periodically scanning the incoming directory. Suppose a specially formed filename could be used to attack the scanning daemon - there is nothing suspicious about this at the syntactic level, and firewalls would be none the wiser.
Any protocol designed to have side effects on the server, where custom server applications may depend on and use the results of those side effects is vulnerable to these types of attacks. SOAP is one way of doing this, but is no different than the HTTP POST method - both provide the same inherent danger.
Don't get me wrong - I agree that separating services by port is a good idea. It's just not enough. Modern firewalls can selectively filter out HTTP requests based on regular expression matches in the header fields - this is all you need to stop something like SOAP from being accessible through a firewall. Establishing different levels of permission for any object protocol through HTTP is left as an exercise to the reader.
Hey, now I can play air guitar and have it control a MIDI instrument!
Well, since the US goverment considers cryptography a munition, doesn't that mean it's protected by the 2nd amendment?