FYI Walruscek, if you're talking about 213 we used moss. Similar idea, but I think it actually analyzed the code so simply renaming variables and moving code around wouldn't get you past the system.
The sports world in general is being marred by a drug controversy. There's a huge inquiry in the US about BALCO, a lab that allegedly distributed steroids to a lot of athletes. The type of steroid was THG, which was until recently undetectable in drug tests.
As far as cycling is concerned, the drug scandal revolves around EPO, which increases the amount of oxygen in the blood and boosts endurance. The scandal reached a peak in the late nineties when a LOT of riders tested positive, among them Richard Virenque. Just a couple of weeks ago former Tour champion Greg LeMond accused Lance Armstrong of using EPO. Although Lance has been forced to deflect doping accusations for a few years now, I don't think anyone as well known as LeMond had make such an accusation.
This is x86 specific since I'm talking about the stack frame and specific registers, etc. but can be "ported" to other architectures with similar ideas
This is an example of a trivial buffer overflow. These types of attacks happen due to the nature of the stack. All local variables are stored on the stack - along with the saved ebp AND the return address. strcpy doesn't do any sort of bounds checking on the buffers it is copying between. In this case, buf is filled with the first 5 A's, but then the other n-5 A's must go somewhere else as well. What will happen is that eventually the saved value of ebp will be corrupted and become 0x65656565 ("AAAA") and the RETURN ADDRESS (this is the location that will be jumped to upon exiting the function) will be corrupted and become 0x65656565 ("AAAA"). If the malicious user is crafty enough in the creation of the exploit string he will specify an actual address somewhere relatively close to the current buffer and to jump to. Since that memory will have been copied by the call to strcpy, after completing this function, the program will jump to the attackers code and happily execute it. Thus allowing arbitrary code to be executed.
For a more detailed explanation of how these things work check out "Smashing the Stack for Fun and Profit" in phrack #49. Actually, reading old phracks is a good way to get an idea about lots of different issues in security:)
Bill Simmons wrote about that night on SOSH in one of his columns on Page 2.
It's pretty amusing for a player of Schlling's caliber to be up late at night posting on boards that I frequent:-)
The single most important algorithm....EVER
on
Deep Algorithms?
·
· Score: 1
Seeing as to how I just had an Algorithms assignment due today and spent a decent chunk of time solving the following problem to produce an algorithm, I'm gonna say its important.:-)
Let G = (V,E) be a flow network with source s, sink t, and integer capacities. Suppose we are given a maximum flow in G.
Now suppose that the capacity of a single edge (u,v) in E is decreased by 1. Give an O(V + E) time algorithm to update the maximum flow.
Yup,/. does a movie review every Sunday morning (well, usually). Since Ebert's review comes out on what, Friday? That would be accurate. I think/. announced this whole Sunday morning movie review thing a while back, but I'm too lazy to look it up.
Oh and just to go with the flow, I hate Jon Katz, this isn't News for Nerds, blah blah jump on the bandwagon because karma is more valuable than my life) blah.
I can't really speak for other colleges, but here at CMU much of the work for our "core" programming courses is done in teams of up to 2. However, the vast majority of the students here are motivated enough to actually do work on the projects. I like working in small groups such as that because you have the opportunity to tackle problems that, although still small, are actually interesting and non-trivial. One example is creating a decent Othello player and entering it into a competition at the end of the project:-). If we were forced to work alone, one of two things would have happened; 1. The quality of the players would have been extremely low, or 2. This interesting (to most) project would have been replaced by something annoyingly simple.
Wow! Those guys make less than 20 bucks an hour?? I never would've guessed that. Oh wait...you were exaggerating with the "not even making twice what an intern at a Fortuen 500 makes." It all makes much more sense now.
Re:My take... (spoilage)
on
Review: A.I.
·
· Score: 1
I agree with you about the beings at the end of the film. To me it was clear that they were not aliens, especially when one of them made a comment along the lines of "He's unique. He has actually seen a real human." That line combined with the title of film and what appeared to be the circuitry inside of the beings led me to conclude that they were in fact robotic and not aliens. However, most of the people that I overheard coming out of the theater seemed to think they were aliens who had come and taken over the planet.
Well, the game overall wasn't too exciting. There were some exciting plays though. I'd also have to say that the 3D instant replay wasn't useless. When Jamal Lewis rushed to the corner for a touchdown and the Giants challenged the call, the best view was courtesy of the "useless" 3D instant replay. On a side note, everyone I was watching the game with and I thought that the 3D replay was pretty damn cool. Since we go to CMU, where the technology was developed, we are a bit partial, but I still say it was pretty damn cool.
I don't think this is a problem, since it actually involves competition, with the winner getting a prize. Sort of like a basketball tournament with a five dollar fee with the winner taking the pot. Actually, exactly like that. Also, I know that "pools" are legal (at least in Ohio) so long as the person in charge does not skim any money off of the top. One example of this would be a pool for the NCAA basketball tournament (fill out the brackets, the person who does best wins).
I disagree. Playing sports (at the appropriate level) teaches teamwork, and in what sounds like this kid's case, that there is always someone better than you. If the kid just sits in a room all day studying he won't learn these "life lessons" until it is too late. When I think about my childhood, I realize that I would never have learned these things unless I played sports.
Just my $.02
Well, I certainly find it interesting that Ohio is being considered a swing state. At least in the Cincinnati area (where I've lived my entire life) republicans have about 80% of all the public offices. On top of that, last time I checked we had a republican governor and two republican senators. The only reason John Glenn was in office for so long is because people liked him. Of course, the US house is 8 Democrats to 11 Republicans, but I still tend to think that Bush will take Ohio. Not that I'm happy about that, but its realistically what I think will happen.
_________
MJN222
Re:NBC's coverage sucks!
on
IT Olympics
·
· Score: 1
I'm not a fan of announcers in general, they just ramble on about things not even related to the event. Instead of bitching about it (which is a perfectly reasonable response), I press the nice little mute button, after all, that's what it's there for.
if you would have started playing just a week after the game was released (as in my case) you still would have no chance of catching up (getting on the ladder). A friend of mine started playing a character two months ago, and has put about an average of 6-8 hours per day into playing him on bnet and he's still 15 levels off of the ladder.
Somewhat OT, but relevant to many threads
on
Voteauction.com
·
· Score: 1
A lot of the threads that I've read have been filled with people complaining about not knowing where the candidates stand on the issues. Many of the candidates for the Presidency have responded to a questionarre here. This shows where many candidates stand on many different issues, and thus allows us, as voters, to make informed decisions.
I believe there is such a website that allows Presidential candidates to state where they stand on the issues ( > 20). I believe it is here. Unfortunately, none of the major candidates (Nader, Bush, Gore) have answered their questionarre, despite being asked to. That may have changed since I checked the site last.
This past year I was in a CS class in which we didn't concentrate on the AP exam (we have a separate AP class for that, which I took the year before). For about half of the semester we undertook a simple (relatively) project that consisted of making the game "Battleship" for the computer, making it Multiplayer, and putting it on the Internet for people to play. We only had 7 people in the class, and of those 7 only 3 or so were really interested in the project. The difficulty in the project centered around the fact that 6 of the 7 people were learning java, the language we were coding it in, at the same time. At the end of the project, which was aborted by the teacher since we were wasting too much time, we had a semi-functional server and a workable UI design on top of a fully functional client. This was also the first year the class was taught, so everyone was sort of testing the waters. What stopped us the most (outside of apathy on the part of some students) was that the specifications were changing quite frequently. Primarily because the people programming the server couldn't figure out how to do something, and our instructor would help them, but didn't (understandably) want to do all the coding for them. This lead to the requirements becoming constantly less and less complex.
To sum my experience up; whatever project you decide to do there are a few things that _must_ be done ahead of time. A working knowledge of the language the project is being coded in, a formal specification of the project that is rather difficult to change (unless absolutely necessary) and interest in the project are all very important to the success of the project.
Slashdot Mirror
FYI Walruscek, if you're talking about 213 we used moss. Similar idea, but I think it actually analyzed the code so simply renaming variables and moving code around wouldn't get you past the system.
Big Mike
As it clearly states in the article:
Dumbass
The sports world in general is being marred by a drug controversy. There's a huge inquiry in the US about BALCO, a lab that allegedly distributed steroids to a lot of athletes. The type of steroid was THG, which was until recently undetectable in drug tests.
As far as cycling is concerned, the drug scandal revolves around EPO, which increases the amount of oxygen in the blood and boosts endurance. The scandal reached a peak in the late nineties when a LOT of riders tested positive, among them Richard Virenque. Just a couple of weeks ago former Tour champion Greg LeMond accused Lance Armstrong of using EPO. Although Lance has been forced to deflect doping accusations for a few years now, I don't think anyone as well known as LeMond had make such an accusation.
This is x86 specific since I'm talking about the stack frame and specific registers, etc. but can be "ported" to other architectures with similar ideas
./foo AAAAAAAAAAAAAAAAAAAAAAAAAA
:)
:-P)
foo.c
#include <string.h>
int main(int argc, char *argv[])
{
char buf[5];
strcpy(buf, argv[1]);
return 0;
}
> make foo &&
This is an example of a trivial buffer overflow. These types of attacks happen due to the nature of the stack. All local variables are stored on the stack - along with the saved ebp AND the return address. strcpy doesn't do any sort of bounds checking on the buffers it is copying between. In this case, buf is filled with the first 5 A's, but then the other n-5 A's must go somewhere else as well. What will happen is that eventually the saved value of ebp will be corrupted and become 0x65656565 ("AAAA") and the RETURN ADDRESS (this is the location that will be jumped to upon exiting the function) will be corrupted and become 0x65656565 ("AAAA"). If the malicious user is crafty enough in the creation of the exploit string he will specify an actual address somewhere relatively close to the current buffer and to jump to. Since that memory will have been copied by the call to strcpy, after completing this function, the program will jump to the attackers code and happily execute it. Thus allowing arbitrary code to be executed.
For a more detailed explanation of how these things work check out "Smashing the Stack for Fun and Profit" in phrack #49. Actually, reading old phracks is a good way to get an idea about lots of different issues in security
You can also check out these slides from an introductory systems course at Carnegie Mellon University. (OK, its a shameless plug of sorts since I'm TAing it, but they actually are pretty good slides.
That board is Sons of Sam Horn.
:-)
Bill Simmons wrote about that night on SOSH in one of his columns on Page 2.
It's pretty amusing for a player of Schlling's caliber to be up late at night posting on boards that I frequent
Seeing as to how I just had an Algorithms assignment due today and spent a decent chunk of time solving the following problem to produce an algorithm, I'm gonna say its important. :-)
Let G = (V,E) be a flow network with source s, sink t, and integer capacities. Suppose we are given a maximum flow in G.
Now suppose that the capacity of a single edge (u,v) in E is decreased by 1. Give an O(V + E) time algorithm to update the maximum flow.
8-Bit Theater is really a great webcomic, if you haven't checked it out, then for the love of all things sacred, do it now.
Yup, /. does a movie review every Sunday morning (well, usually). Since Ebert's review comes out on what, Friday? That would be accurate. I think /. announced this whole Sunday morning movie review thing a while back, but I'm too lazy to look it up.
Oh and just to go with the flow, I hate Jon Katz, this isn't News for Nerds, blah blah jump on the bandwagon because karma is more valuable than my life) blah.
So what they are saying is that I shouldn't be citing slashdot for any of my papers?
I can't really speak for other colleges, but here at CMU much of the work for our "core" programming courses is done in teams of up to 2. However, the vast majority of the students here are motivated enough to actually do work on the projects. I like working in small groups such as that because you have the opportunity to tackle problems that, although still small, are actually interesting and non-trivial. One example is creating a decent Othello player and entering it into a competition at the end of the project :-). If we were forced to work alone, one of two things would have happened; 1. The quality of the players would have been extremely low, or 2. This interesting (to most) project would have been replaced by something annoyingly simple.
My prediction - RIAA sues Felten and co.
I believe the name of the gentleman who was flogged is Michael Fay. I could be wrong, so if someone else knows better, please correct me.
Wow! Those guys make less than 20 bucks an hour?? I never would've guessed that. Oh wait...you were exaggerating with the "not even making twice what an intern at a Fortuen 500 makes." It all makes much more sense now.
I agree with you about the beings at the end of the film. To me it was clear that they were not aliens, especially when one of them made a comment along the lines of "He's unique. He has actually seen a real human." That line combined with the title of film and what appeared to be the circuitry inside of the beings led me to conclude that they were in fact robotic and not aliens. However, most of the people that I overheard coming out of the theater seemed to think they were aliens who had come and taken over the planet.
Well, the game overall wasn't too exciting. There were some exciting plays though. I'd also have to say that the 3D instant replay wasn't useless. When Jamal Lewis rushed to the corner for a touchdown and the Giants challenged the call, the best view was courtesy of the "useless" 3D instant replay. On a side note, everyone I was watching the game with and I thought that the 3D replay was pretty damn cool. Since we go to CMU, where the technology was developed, we are a bit partial, but I still say it was pretty damn cool.
I think you mean affected, but I could be wrong.
Disclaimer: IANALBIPOOTV - (but i play one on tv)
I don't think this is a problem, since it actually involves competition, with the winner getting a prize. Sort of like a basketball tournament with a five dollar fee with the winner taking the pot. Actually, exactly like that. Also, I know that "pools" are legal (at least in Ohio) so long as the person in charge does not skim any money off of the top. One example of this would be a pool for the NCAA basketball tournament (fill out the brackets, the person who does best wins).
and remember...IANAL
I disagree. Playing sports (at the appropriate level) teaches teamwork, and in what sounds like this kid's case, that there is always someone better than you. If the kid just sits in a room all day studying he won't learn these "life lessons" until it is too late. When I think about my childhood, I realize that I would never have learned these things unless I played sports.
Just my $.02
That's what CNN is saying now. This is probably redundant, I'm sorry, it's late, I needed to post it though.
Well, I certainly find it interesting that Ohio is being considered a swing state. At least in the Cincinnati area (where I've lived my entire life) republicans have about 80% of all the public offices. On top of that, last time I checked we had a republican governor and two republican senators. The only reason John Glenn was in office for so long is because people liked him. Of course, the US house is 8 Democrats to 11 Republicans, but I still tend to think that Bush will take Ohio. Not that I'm happy about that, but its realistically what I think will happen.
_________
MJN222
I'm not a fan of announcers in general, they just ramble on about things not even related to the event. Instead of bitching about it (which is a perfectly reasonable response), I press the nice little mute button, after all, that's what it's there for.
if you would have started playing just a week after the game was released (as in my case) you still would have no chance of catching up (getting on the ladder). A friend of mine started playing a character two months ago, and has put about an average of 6-8 hours per day into playing him on bnet and he's still 15 levels off of the ladder.
A lot of the threads that I've read have been filled with people complaining about not knowing where the candidates stand on the issues. Many of the candidates for the Presidency have responded to a questionarre here. This shows where many candidates stand on many different issues, and thus allows us, as voters, to make informed decisions.
I believe there is such a website that allows Presidential candidates to state where they stand on the issues ( > 20). I believe it is here. Unfortunately, none of the major candidates (Nader, Bush, Gore) have answered their questionarre, despite being asked to. That may have changed since I checked the site last.
This past year I was in a CS class in which we didn't concentrate on the AP exam (we have a separate AP class for that, which I took the year before). For about half of the semester we undertook a simple (relatively) project that consisted of making the game "Battleship" for the computer, making it Multiplayer, and putting it on the Internet for people to play. We only had 7 people in the class, and of those 7 only 3 or so were really interested in the project. The difficulty in the project centered around the fact that 6 of the 7 people were learning java, the language we were coding it in, at the same time. At the end of the project, which was aborted by the teacher since we were wasting too much time, we had a semi-functional server and a workable UI design on top of a fully functional client. This was also the first year the class was taught, so everyone was sort of testing the waters. What stopped us the most (outside of apathy on the part of some students) was that the specifications were changing quite frequently. Primarily because the people programming the server couldn't figure out how to do something, and our instructor would help them, but didn't (understandably) want to do all the coding for them. This lead to the requirements becoming constantly less and less complex.
To sum my experience up; whatever project you decide to do there are a few things that _must_ be done ahead of time. A working knowledge of the language the project is being coded in, a formal specification of the project that is rather difficult to change (unless absolutely necessary) and interest in the project are all very important to the success of the project.