The first problem is that Netscape's SecurityManager does not throw a SecurityExecption when the BOServerSocket constructor creates a java.net.ServerSocket. Here's the exception thrown in IE:
*******************************
com.ms.security.SecurityExceptionEx[BOServerSock et.]: cannot access 8080
at com/ms/security/permissions/NetIOPermission.check
at com/ms/security/PolicyEngine.deepCheck
at com/ms/security/PolicyEngine.checkPermission
at com/ms/security/StandardSecurityManager.chk
at com/ms/security/StandardSecurityManager.checkListe n
at java/net/ServerSocket.
at java/net/ServerSocket.
at BOServerSocket.
at BOHTTPD.init
at com/ms/applet/AppletPanel.securedCall0
at com/ms/applet/AppletPanel.securedCall
at com/ms/applet/AppletPanel.processSentEvent
at com/ms/applet/AppletPanel.processSentEvent
at com/ms/applet/AppletPanel.run
at java/lang/Thread.run
***********************************
After the ServerSocket is created, a SecurityException _is_ thrown whenever the BOServerSocket calls implAccept, but this Exception is easily caught. Also, by the time the Exception is thrown, the damage is already done. Here's the Exception:
************************************
netscape.security.AppletSecurityException: security.Couldn't connect to '127.0.0.1' with origin from '216.61.198.249'.
at java.lang.Throwable.(Compiled Code)
at java.lang.Exception.(Compiled Code)
at java.lang.RuntimeException.(Compiled Code)
at java.lang.SecurityException.(Compiled Code)
at netscape.security.AppletSecurityException.(Compile d Code)
at netscape.security.AppletSecurityException.(Compile d Code)
at netscape.security.AppletSecurity.checkConnect(Comp iled Code)
at netscape.security.AppletSecurity.checkConnect(Comp iled Code)
at netscape.security.AppletSecurity.checkConnect(Comp iled Code)
at netscape.security.AppletSecurity.checkAccept(Compi led Code)
at java.lang.SecurityManager.checkAccept(Compiled Code)
* at java.net.ServerSocket.implAccept(Compiled Code)
at BOServerSocket.accept_any(Compiled Code)
at BOHTTPD.run(Compiled Code) at java.lang.Thread.run(Compiled Code)
************************************
So, to recap: 1) Netscape does not throw a SecurityException when a ServerSocket is created in BOServerSocket., and 2) the connection is made by the time the exception is thrown in ServerSocket.implAccept().
#1 is Netscape's fault. They haven't implemented their security policies correctly, specifically that a ServerSocket can't listen on a port in an unsecure applet. #2 is definately Sun's fault because the SecurityException can easily be circumvented by overloading Socket.close().
I'm sorry, jamie, but your commentary is a prime example of trying to fit human behavior into an algorithm. Hate to break it to you, but the vast majority of people do not perform a cost/benefit analysis when they perform an action. In this case many people will buy the book because they like Stephen King. They don't mind giving King a dollar because they think he's a cool guy. That little factor called "emotion" will play a part in their decision. Hard to believe! And apparently hard for you to conceive...
Re:A GA or other evolving strategy will be good...
on
Rock-Paper-Scissors
·
· Score: 1
I frikkin hate it when I don't preview the comment...
The gene coding would be [List of opponent's last N moves][List of your last N moves][suggested move]
A GA or other evolving strategy will be good...
on
Rock-Paper-Scissors
·
· Score: 1
...to solve this problem, especially if other entries utilize a static approach. Check out section 1.9 of Melanie Mitchell's book _An_Introduction_to_Genetic_Algorithms (MIT Press) for an interesting discussion of a evolving solution to the prisoner's dilemma. The only problem is the time constraint.:-)
The gene coding could be something like this: where the lists consist of R|P|S for Rock|Paper|Scissors. This creates a gene space of 3^(2N+1) which isn't bad for small N. It could be made simpler if your own moves were left out of the gene space, but then you couldn't compensate for your opponent reacting to your own behavior.
It'd be fun to see if this could be written in under 40 lines too...
Ya, I know what you mean. My girlfriend, who was formerly completely computer phobic, flipped when she saw the Palm. Now it never leaves her purse. She memorized Grafiti in an hour. I was stunned...
"I fully intend to e-mail my representatives, and I hope they realize the important impact that Microsoft has had on the computing industry alone, and ALL the other industries as well."
Yep, but the misunderstanding has been moderated up by the oppressive liberatarian majority on this site. Ironic, no?
Re:Reversing cause and effect
on
LonelyNet
·
· Score: 1
Which is cause and which is effect?
After hearing about this on NPR, this was my first thought, especially after listening to an interview with the researcher. He seemed awfully biased towards the "internet seperates people" attitude. Hopefully the study results are phrased like, "there is a correlation with X probability between 'lonely' behavior and internet usage," but after listening to the researcher talk, I kinda doubt it...
...are definately the answer. Better yet, one could be built such that the data could be stored and retrieved without knowing where the data is going to or coming from. Consider this: a system gives you a list of files available and you send out a mobile agent to search for one. The file would be stored on multiple, redundant, randomly dispersed servers. Once the agent found the file it would travel to a few random servers to prevent any direct tracking, and would return to the source server of the query. (possibly dropping it's data package somewhere along the way, ensuring that highly queried data would be better distributed...)
The data retrieval process would be slow, but it would be completely anonymous and very fault tolerant...
What Cowpland said was, "Basically that means that someone under 18 can read the GPL licensing agreement, agree to the conditions, download the product and then not be bound by the terms and conditions of the contract." I interpret that as meaning that if someone under 18 downloaded a GPLed product they could do anything with it they please. They wouldn't have to follow the GPL at all! Talk about a hugh loophole...
I nearly had a fit of joy when I found this company's website: http://www.bitsandpieces.com. My favorite products are the mechanical puzzles: http://www.bitsandpieces.com/dept_main.asp?dept_id =5
Slashdot Mirror
Yeah, and the "The Desktop as Desk Top" part... Remember the evil CEO's desk?
What do you mean by a "randomization"?
//One line of code...
:-)
double r = Math.rand();
Or, you could use two lines of code to create an object of type java.util.Random, then call various methods to get randome sequences.
I'd like to see those 20 lines of code. Are you brave enough to post them?
Ya, isn't "Obfuscated Perl" a bit redundant?
This exploit is possible because of two factors.
k et.]: cannot access 8080
e n
e d Code)
e d Code)
p iled Code)
p iled Code)
p iled Code)
i led Code)
The first problem is that Netscape's SecurityManager does not throw a SecurityExecption when the BOServerSocket constructor creates a java.net.ServerSocket. Here's the exception thrown in IE:
*******************************
com.ms.security.SecurityExceptionEx[BOServerSoc
at com/ms/security/permissions/NetIOPermission.check
at com/ms/security/PolicyEngine.deepCheck
at com/ms/security/PolicyEngine.checkPermission
at com/ms/security/StandardSecurityManager.chk
at com/ms/security/StandardSecurityManager.checkList
at java/net/ServerSocket.
at java/net/ServerSocket.
at BOServerSocket.
at BOHTTPD.init
at com/ms/applet/AppletPanel.securedCall0
at com/ms/applet/AppletPanel.securedCall
at com/ms/applet/AppletPanel.processSentEvent
at com/ms/applet/AppletPanel.processSentEvent
at com/ms/applet/AppletPanel.run
at java/lang/Thread.run
***********************************
After the ServerSocket is created, a SecurityException _is_ thrown whenever the BOServerSocket calls implAccept, but this Exception is easily caught. Also, by the time the Exception is thrown, the damage is already done. Here's the Exception:
************************************
netscape.security.AppletSecurityException: security.Couldn't connect to '127.0.0.1' with origin from '216.61.198.249'.
at java.lang.Throwable.(Compiled Code)
at java.lang.Exception.(Compiled Code)
at java.lang.RuntimeException.(Compiled Code)
at java.lang.SecurityException.(Compiled Code)
at netscape.security.AppletSecurityException.(Compil
at netscape.security.AppletSecurityException.(Compil
at netscape.security.AppletSecurity.checkConnect(Com
at netscape.security.AppletSecurity.checkConnect(Com
at netscape.security.AppletSecurity.checkConnect(Com
at netscape.security.AppletSecurity.checkAccept(Comp
at java.lang.SecurityManager.checkAccept(Compiled Code)
* at java.net.ServerSocket.implAccept(Compiled Code)
at BOServerSocket.accept_any(Compiled Code)
at BOHTTPD.run(Compiled Code) at java.lang.Thread.run(Compiled Code)
************************************
So, to recap: 1) Netscape does not throw a SecurityException when a ServerSocket is created in BOServerSocket., and 2) the connection is made by the time the exception is thrown in ServerSocket.implAccept().
#1 is Netscape's fault. They haven't implemented their security policies correctly, specifically that a ServerSocket can't listen on a port in an unsecure applet. #2 is definately Sun's fault because the SecurityException can easily be circumvented by overloading Socket.close().
Bravo to the grey hat for finding this!
I'm sorry, jamie, but your commentary is a prime example of trying to fit human behavior into an algorithm. Hate to break it to you, but the vast majority of people do not perform a cost/benefit analysis when they perform an action. In this case many people will buy the book because they like Stephen King. They don't mind giving King a dollar because they think he's a cool guy. That little factor called "emotion" will play a part in their decision. Hard to believe! And apparently hard for you to conceive...
That's what this is for...
"We traced the source of this leak to a corporation called Napster." - Lars
Kinda like saying, "We traced the source of this leak to a corporation called Xerox."
Then would the Intel equation for God be a first release Pentium I dividing by 7?
A page is a file...
I frikkin hate it when I don't preview the comment...
The gene coding would be [List of opponent's last N moves][List of your last N moves][suggested move]
...to solve this problem, especially if other entries utilize a static approach. Check out section 1.9 of Melanie Mitchell's book _An_Introduction_to_Genetic_Algorithms (MIT Press) for an interesting discussion of a evolving solution to the prisoner's dilemma. The only problem is the time constraint. :-)
The gene coding could be something like this: where the lists consist of R|P|S for Rock|Paper|Scissors. This creates a gene space of 3^(2N+1) which isn't bad for small N. It could be made simpler if your own moves were left out of the gene space, but then you couldn't compensate for your opponent reacting to your own behavior.
It'd be fun to see if this could be written in under 40 lines too...
Ya, I know what you mean. My girlfriend, who was formerly completely computer phobic, flipped when she saw the Palm. Now it never leaves her purse. She memorized Grafiti in an hour. I was stunned...
Here's the link: http://java.sun.com/aboutJava/communityprocess/jsr /jsr_051_ioapis.html
...if everyone decided to counter sue...
"...electronic control will enable engines to change valve timing on the fly..."
Why, it's a run time optimizing just in time combustor!
You're really proving your "Rorschach blot" point...
"I fully intend to
e-mail my
representatives,
and I hope they
realize the
important impact
that Microsoft has
had on the
computing
industry alone,
and ALL the other
industries
as well."
If that ain't a joke, I don't know what is...
I think you may have misunderstood the post.
Yep, but the misunderstanding has been moderated up by the oppressive liberatarian majority on this site. Ironic, no?
Which is cause and which is effect?
After hearing about this on NPR, this was my first thought, especially after listening to an interview with the researcher. He seemed awfully biased towards the "internet seperates people" attitude. Hopefully the study results are phrased like, "there is a correlation with X probability between 'lonely' behavior and internet usage," but after listening to the researcher talk, I kinda doubt it...
What do you expect from a poster whose nick is "Kludge?"
Always work hourly, never work salary...
Always work hourly, never work salary...
Always work hourly, never work salary...
Naw. _Battlefield_Earth_ by L. Ron Hubbard has to be the worst. It's the only SF book I've put down without reading the whole thing.
...are definately the answer. Better yet, one could be built such that the data could be stored and retrieved without knowing where the data is going to or coming from. Consider this: a system gives you a list of files available and you send out a mobile agent to search for one. The file would be stored on multiple, redundant, randomly dispersed servers. Once the agent found the file it would travel to a few random servers to prevent any direct tracking, and would return to the source server of the query. (possibly dropping it's data package somewhere along the way, ensuring that highly queried data would be better distributed...)
The data retrieval process would be slow, but it would be completely anonymous and very fault tolerant...
What Cowpland said was, "Basically that means that someone under 18 can read the GPL licensing agreement, agree to the conditions, download the product and then not be bound by the terms and conditions of the contract." I interpret that as meaning that if someone under 18 downloaded a GPLed product they could do anything with it they please. They wouldn't have to follow the GPL at all! Talk about a hugh loophole...
I nearly had a fit of joy when I found this company's website: http://www.bitsandpieces.com. My favorite products are the mechanical puzzles: http://www.bitsandpieces.com/dept_main.asp?dept_id =5