DOCSLIB.ORG

December 2011 (PDF)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
December 2011 (PDF) The Danger of Unrandomized Code EDWARD J. SCHWARTZ Of Headless User Accounts and Restricted Shells JAN SCHAUMANN DevOps from a Sysadmin Perspective PATRICK DEBOIS Conference Reports from the 20th USENIX Security DECEMBER 2011 VOL. 36, NO. 6 Symposium, CSET, HotSec, and more UPCOMING EVENTS 10th USENIX Conference on File and Storage 4th USENIX Workshop on Hot Topics in Technologies (FAST ’12) Parallelism (HotPar ’12) SPONSORED BY USENIX IN COOPERATION WITH ACM SIGOPS SPONSORED BY USENIX IN COOPERATION WITH ACM SIGMETRICS, ACM SIGSOFT, ACM SIGOPS, ACM SIGARCH, AND ACM SIGPLAN February 14–17, 2012, San Jose, CA, USA June 7–8, 2012, Berkeley, CA, USA http://www.usenix.org/fast12 http://www.usenix.org/hotpar12 In Cooperation: EuroSys 2012 Paper registration due: January 24, 2012 SPONSORED BY ACM SIGOPS IN COOPERATION WITH USENIX 2012 USENIX Federated Conferences Week April 10–13, 2012, Bern, Switzerland June 12–15, 2012, Boston, MA, USA http://eurosys2012.unibe.ch 2012 USENIX Annual Technical Conference 2nd USENIX Workshop on Hot Topics in Man- (USENIX ATC ’12) agement of Internet, Cloud, and Enterprise June 13–15, 2012 Networks and Services (Hot-ICE ’12) http://www.usenix.org/atc12 CO-LOCATED WITH NSDI ’12 Paper titles and abstracts due: January 10, 2012 April 24, 2012, San Jose, CA, USA 3rd USENIX Conference on Web Application http://www.usenix.org/hotice12 Development (WebApps ’12) Paper registration due: January 6, 2012 June 13–14, 2012 http://www.usenix.org/webapps12 5th USENIX Workshop on Large-Scale Exploits Submissions due: January 23, 2012 and Emergent Threats (LEET ’12) CO-LOCATED WITH NSDI ’12 4th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud ’12) April 24, 2012, San Jose, CA, USA http://www.usenix.org/leet12 4th USENIX Workshop on Hot Topics in Storage Submissions due: February 13, 2012 and File Systems (HotStorage ’12) 9th USENIX Symposium on Networked Systems 21st USENIX Security Symposium Design and Implementation (NSDI ’12) (USENIX Security ’12) SPONSORED BY USENIX IN COOPERATION WITH ACM SIGCOMM AND August 6–10, 2012, Bellevue, WA, USA ACM SIGOPS April 25–27, 2012, San Jose, CA, USA 10th USENIX Symposium on Operating Systems http://www.usenix.org/nsdi12 Design and Implementation (OSDI ’12) October 8–10, 2012, Hollywood, CA, USA In Cooperation: 5th Annual International http://www.usenix.org/osdi12 Systems and Storage Conference (SYSTOR 2012) Submissions due: May 3, 2012 IN COOPERATION WITH ACM SIGOPS (PENDING) AND USENIX June 4–6, 2012, Haifa, Israel 26th Large Installation System Administration http://www.research.ibm.com/haifa/conferences/ Conference (LISA ’12) systor2012 December 9–14, 2012, San Diego, CA, USA FOR A COMPLETE LIST OF ALL USENIX AND USENIX CO-SPONSORED EVENTS, SEE HTTP://WWW.USENIX.ORG/EVENTS EDITOR Rik Farrow [email protected] MANAGING EDITOR Jane-Ellen Long [email protected] DECEMBER 2011, VOL. 36, NO. 6 COPY EDITOR Steve Gilmartin [email protected] OPINION Musings RIK FARROW . 2 PRODUCTION Arnold Gatilao SECURITY Casey Henderson Jane-Ellen Long The Danger of Unrandomized Code EDWARD J. SCHWARTZ . 7 Exploit Programming: From Buffer Overflows to “Weird Machines” and Theory of TYPESETTER Star Type Computation SERGEY BRATUS, MICHAEL E. LOCASTO, MEREDITH L. PATTERSON, [email protected] LEN SASSAMAN, AND ANNA SHUBINA . 13 USENIX ASSOCIATION The Halting Problems of Network Stack Insecurity LEN SASSAMAN, MEREDITH L. 2560 Ninth Street, Suite 215, PATTERSON, SERGEY BRATUS, AND ANNA SHUBINA . 22 Berkeley, California 94710 Phone: (510) 528-8649 SYSADMIN FAX: (510) 548-5738 Beyond the Basics of HTTPS Serving ADAM LANGLEY . 33 http://www.usenix.org Of Headless User Accounts and Restricted Shells JAN SCHAUMANN . 38 http://www.sage.org DevOps from a Sysadmin Perspective PATRICK DEBOIS . 45 ;login: is the official magazine of the USENIX Association. ;login: (ISSN 1044-6397) COLUMNS is published bi-monthly by the USENIX Practical Perl Tools: From the Editor DAVID N. BLANK-EDELMAN . 48 Association, 2560 Ninth Street, Suite 215, DAVE JOSEPHSEN Berkeley, CA 94710. iVoyeur: Changing the Game . 54 /dev/random ROBERT G. FERRELL . 58 $90 of each member’s annual dues is for a subscription to ;login:. Subscriptions for BOOKS nonmembers are $125 per year. Periodicals postage paid at Berkeley, CA, Book Reviews ELIZABETH ZWICKY, WITH SAM STOVER . 61 and additional offices. USENIX NOTES POSTMASTER: Send address changes to 2012 Election for the USENIX Board of Directors ALVA L. COUCH . 64 ;login:, USENIX Association, 2560 Ninth Street, Suite 215, Berkeley, CA 94710. USENIX Remembers Dennis Ritchie (1941–2011) . 65 USA Team Wins Big at International Programming Competition BRIAN DEAN . 65 ©2011 USENIX Association USENIX is a registered trademark of the Thanks to Our Volunteers . 66 USENIX Association. Many of the designa- tions used by manufacturers and sellers CONFERENCES to distinguish their products are claimed 20th USENIX Security Symposium . 68 as trademarks. USENIX acknowledges all 4th Workshop on Cyber Security Experimentation and Test . 97 trademarks herein. Where those designa- tions appear in this publication and USENIX USENIX Workshop on Free and Open Communications on the Internet . .. 104 is aware of a trademark claim, the designa- 5th USENIX Workshop on Offensive Technologies . 106 tions have been printed in caps or initial caps. 2nd USENIX Workshop on Health Security and Privacy . 111 6th USENIX Workshop on Hot Topics in Security . 120 Musings RIK FARROWOPINION Rik is the editor of ;login:. The latest effort to improve computer and network security has been for the US [email protected] Congress to pass new laws . Currently proposed laws will increase penalties for attackers, including the perhaps misguided hackers who point out easy-to-find flaws in public servers, to the point of treating them like racketeers . The real culprits, the companies who leave treasure troves of information with real worth easily accessible, will be encouraged to do better . I think there are better solutions . And for a change, this issue actually includes an article that points the way for- ward to improving network security . I have whined way too often about how bad things are, giving the appearance that I’m terribly depressed, so I am happy to pre- sent something much more useful than more complaints about the state of things . The Exploit Issue The first three articles in this issue deal with exploits, the methods used for attacking server and client software . You might not think that reading more about exploits will result in techniques for preventing them, but please give us a moment of your time . We begin with an article by Ed Schwartz . Ed presented a paper at USENIX Secu- rity ’11 on Q [1], software that finds short code segments that can be used in one type of exploit . I wanted Ed to write for ;login: because he did an outstanding job of explaining return-oriented programming (ROP) during his Security presentation . Ed’s excellent article starts by explaining how different exploits work, two of the current countermeasures, and why they do not always succeed . He also provides a first-rate discussion of both past and current methods for taking control of the flow of execution, then executing the code of the attacker’s choice . As Ed writes, “At a high level, all control flow exploits have two components: a computation and a control hijack . The computation specifies what the attacker wants the exploit to do . For example, the computation might create a shell for the attacker, or create a back-door account . A typical computation is to spawn a shell by including execut- able machine code called shellcode ”. And as Ed has pointed out, the attacker wants to do something that the target software was neither designed nor written to do . Instead, the attacker needs to use existing mechanisms in the software, and its supporting libraries, to do something completely unexpected . Next, the paper by Sergey Bratus and his co-authors ties in quite beautifully with Ed’s article . I first met Sergey Bratus during WOOT ’11, where he was explaining 2 ;login: VOL. 36, NO. 6 how code found in every Linux executable actually includes a complete Turing machine that can be abused [2] . Sergey called this code, and examples like it, weird machines, and I find I like this terminology . A weird machine provides an attacker with the ability to execute his own code, completely contrary to the intentions of the software’s designers . Yet these weird machines must be present for this to work . And we have hundreds, if not thousands, of existing exploits that prove that these weird machines actually exist . Sergey also acted as the point person for the third article in this collection . He had to, because its lead author, Len Sassaman, died this summer, before the article was proposed . Len, his wife, Meredith Patterson, and others had been working on a paper that looked at exploits in a different light . What makes exploits work, besides having weird machines to run them on, are the inputs to those weird machines . The authors’ proposition was that every program that accepts inputs has its own input language . If that input language reaches beyond a minimal level of complex- ity, it is impossible to prove that the program that parses the input language will behave as expected . Instead, the program will be one of the weird machines that run exploits for attackers . The Sassaman proposal has its basis in formal language theory, where a program’s input forms the language and the program includes the parser for this language . We are all familiar with this concept, whether we have written programs or simply entered command lines with options . The options make up the input language, and the program must include a parser that interprets that input language . This example may sound too simple, but there have been command-line programs that were exploitable .
Load more

Recommended publications
  • Watson Daniel.Pdf (5.294Mb)
    Source Code Stylometry and Authorship Attribution for Open Source by Daniel Watson A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Master of Mathematics in Computer Science Waterloo, Ontario, Canada, 2019 c Daniel Watson 2019 Author's Declaration I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Abstract Public software repositories such as GitHub make transparent the development history of an open source software system. Source code commits, discussions about new features and bugs, and code reviews are stored and carefully attributed to the appropriate developers. However, sometimes governments may seek to analyze these repositories, to identify citi- zens who contribute to projects they disapprove of, such as those involving cryptography or social media. While developers who seek anonymity may contribute under assumed identi- ties, their body of public work may be characteristic enough to betray who they really are. The ability to contribute anonymously to public bodies of knowledge is extremely impor- tant to the future of technological and intellectual freedoms. Just as in security hacking, the only way to protect vulnerable individuals is by demonstrating the means and strength of available attacks so that those concerned may know of the need and develop the means to protect themselves. In this work, we present a method to de-anonymize source code contributors based on the authors' intrinsic programming style.
    [Show full text]
  • Security Applications of Formal Language Theory
    Dartmouth College Dartmouth Digital Commons Computer Science Technical Reports Computer Science 11-25-2011 Security Applications of Formal Language Theory Len Sassaman Dartmouth College Meredith L. Patterson Dartmouth College Sergey Bratus Dartmouth College Michael E. Locasto Dartmouth College Anna Shubina Dartmouth College Follow this and additional works at: https://digitalcommons.dartmouth.edu/cs_tr Part of the Computer Sciences Commons Dartmouth Digital Commons Citation Sassaman, Len; Patterson, Meredith L.; Bratus, Sergey; Locasto, Michael E.; and Shubina, Anna, "Security Applications of Formal Language Theory" (2011). Computer Science Technical Report TR2011-709. https://digitalcommons.dartmouth.edu/cs_tr/335 This Technical Report is brought to you for free and open access by the Computer Science at Dartmouth Digital Commons. It has been accepted for inclusion in Computer Science Technical Reports by an authorized administrator of Dartmouth Digital Commons. For more information, please contact [email protected]. Security Applications of Formal Language Theory Dartmouth Computer Science Technical Report TR2011-709 Len Sassaman, Meredith L. Patterson, Sergey Bratus, Michael E. Locasto, Anna Shubina November 25, 2011 Abstract We present an approach to improving the security of complex, composed systems based on formal language theory, and show how this approach leads to advances in input validation, security modeling, attack surface reduction, and ultimately, software design and programming methodology. We cite examples based on real-world security flaws in common protocols representing different classes of protocol complexity. We also introduce a formalization of an exploit development technique, the parse tree differential attack, made possible by our conception of the role of formal grammars in security. These insights make possible future advances in software auditing techniques applicable to static and dynamic binary analysis, fuzzing, and general reverse-engineering and exploit development.
    [Show full text]
  • Code Hunt: Experience with Coding Contests at Scale
    Code Hunt: Experience with Coding Contests at Scale Judith Bishop R. Nigel Horspool Tao Xie Nikolai Tillmann, Microsoft Research University of Victoria University of Illinois at Jonathan de Halleux Redmond, WA, USA Victoria, BC, Canada Urbana-Champaign Microsoft Research [email protected] [email protected] IL, USA Redmond, WA, USA [email protected] nikolait, [email protected] Abstract—Mastering a complex skill like programming takes Code Hunt adds another dimension – that of puzzles. It is with many hours. In order to encourage students to put in these hours, these ideas in mind that we conceived Code Hunt, a game for we built Code Hunt, a game that enables players to program coding against the computer by solving a sequence of puzzles against the computer with clues provided as unit tests. The game of increasing complexity. Code Hunt is unique among coding has become very popular and we are now running worldwide systems and among games in that it combines the elements of contests where students have a fixed amount of time to solve a set of puzzles. This paper describes Code Hunt and the contest both to produce just what we need to get students to put in those experience it offers. We then show some early results that hours of practice to hone their programming skills. Along the demonstrate how Code Hunt can accurately discriminate between way, they also learn to understand testing, since the game is good and bad coders. The challenges of creating and selecting based on unit tests. Code Hunt has been used by over 50,000 puzzles for contests are covered.
    [Show full text]
  • Curriculum Vitae
    Curriculum Vitae Jakub Pachocki [email protected] Work experience 2016 { present Harvard School of Engineering and Applied Sciences Postdoctoral Fellow Education 2013 { 2016 Carnegie Mellon University PhD in Computer Science Thesis: Graphs and Beyond: Faster Algorithms for High Dimen- sional Convex Optimization Advisor: Gary Miller 2010 { 2013 University of Warsaw Bachelor's Degree in Computer Science Publications author names in alphabetical order • M. Cohen, Y. T. Lee, G. Miller, J. Pachocki and A. Sidford. Geometric Median in Nearly Linear Time. 48th Annual Symposium on the Theory of Computing (STOC 2016). • A. Ene, G. Miller, J. Pachocki and A. Sidford. Routing under Balance. 48th Annual Symposium on the Theory of Computing (STOC 2016). • M. Cygan, F. Fomin, A. Golovnev, A. Kulikov, I. Mihajlin, J. Pachocki and A. Soca la. Tight bounds for graph homomorphism and subgraph isomorphism. 27th Annual Symposium on Discrete Algorithms (SODA 2016). • M. Cohen, C. Musco and J. Pachocki. Online Row Sampling. 19th In- ternational Workshop on Approximation Algorithms for Combinatorial Optimization Problems (APPROX 2016). • M. Mitzenmacher, J. Pachocki, R. Peng, C. E. Tsourakakis and S. C. Xu. Scalable Large Near-Clique Detection in Large-Scale Networks via Sampling. 21th International Conference on Knowledge Discovery and Data Mining (KDD 2015). • M. Cohen, G. Miller, R. Kyng, J. Pachocki,p R. Peng, A. Rao and S. C. Xu. Solving SDD Systems in Nearly O(m log n) Time. 46th Annual Symposium on the Theory of Computing (STOC 2014). • M. Cygan, J. Pachocki, A. Socala. The Hardness of Subgraph Isomor- phism. arXiv preprint, 2015. • M. Cohen, G. Miller, J.
    [Show full text]
  • Latexsample-Thesis
    INTEGRAL ESTIMATION IN QUANTUM PHYSICS by Jane Doe A dissertation submitted to the faculty of The University of Utah in partial fulfillment of the requirements for the degree of Doctor of Philosophy Department of Mathematics The University of Utah May 2016 Copyright c Jane Doe 2016 All Rights Reserved The University of Utah Graduate School STATEMENT OF DISSERTATION APPROVAL The dissertation of Jane Doe has been approved by the following supervisory committee members: Cornelius L´anczos , Chair(s) 17 Feb 2016 Date Approved Hans Bethe , Member 17 Feb 2016 Date Approved Niels Bohr , Member 17 Feb 2016 Date Approved Max Born , Member 17 Feb 2016 Date Approved Paul A. M. Dirac , Member 17 Feb 2016 Date Approved by Petrus Marcus Aurelius Featherstone-Hough , Chair/Dean of the Department/College/School of Mathematics and by Alice B. Toklas , Dean of The Graduate School. ABSTRACT Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
    [Show full text]
  • 321444 1 En Bookbackmatter 533..564
    Index 1 Abdominal aortic aneurysm, 123 10,000 Year Clock, 126 Abraham, 55, 92, 122 127.0.0.1, 100 Abrahamic religion, 53, 71, 73 Abundance, 483 2 Academy award, 80, 94 2001: A Space Odyssey, 154, 493 Academy of Philadelphia, 30 2004 Vital Progress Summit, 482 Accelerated Math, 385 2008 U.S. Presidential Election, 257 Access point, 306 2011 Egyptian revolution, 35 ACE. See artificial conversational entity 2011 State of the Union Address, 4 Acquired immune deficiency syndrome, 135, 2012 Black Hat security conference, 27 156 2012 U.S. Presidential Election, 257 Acxiom, 244 2014 Lok Sabha election, 256 Adam, 57, 121, 122 2016 Google I/O, 13, 155 Adams, Douglas, 95, 169 2016 State of the Union, 28 Adam Smith Institute, 493 2045 Initiative, 167 ADD. See Attention-Deficit Disorder 24 (TV Series), 66 Ad extension, 230 2M Companies, 118 Ad group, 219 Adiabatic quantum optimization, 170 3 Adichie, Chimamanda Ngozi, 21 3D bioprinting, 152 Adobe, 30 3M Cloud Library, 327 Adonis, 84 Adultery, 85, 89 4 Advanced Research Projects Agency Network, 401K, 57 38 42, 169 Advice to a Young Tradesman, 128 42-line Bible, 169 Adwaita, 131 AdWords campaign, 214 6 Affordable Care Act, 140 68th Street School, 358 Afghan Peace Volunteers, 22 Africa, 20 9 AGI. See Artificial General Intelligence 9/11 terrorist attacks, 69 Aging, 153 Aging disease, 118 A Aging process, 131 Aalborg University, 89 Agora (film), 65 Aaron Diamond AIDS Research Center, 135 Agriculture, 402 AbbVie, 118 Ahmad, Wasil, 66 ABC 20/20, 79 AI. See artificial intelligence © Springer Science+Business Media New York 2016 533 N.
    [Show full text]
  • Pipenightdreams Osgcal-Doc Mumudvb Mpg123-Alsa Tbb
    pipenightdreams osgcal-doc mumudvb mpg123-alsa tbb-examples libgammu4-dbg gcc-4.1-doc snort-rules-default davical cutmp3 libevolution5.0-cil aspell-am python-gobject-doc openoffice.org-l10n-mn libc6-xen xserver-xorg trophy-data t38modem pioneers-console libnb-platform10-java libgtkglext1-ruby libboost-wave1.39-dev drgenius bfbtester libchromexvmcpro1 isdnutils-xtools ubuntuone-client openoffice.org2-math openoffice.org-l10n-lt lsb-cxx-ia32 kdeartwork-emoticons-kde4 wmpuzzle trafshow python-plplot lx-gdb link-monitor-applet libscm-dev liblog-agent-logger-perl libccrtp-doc libclass-throwable-perl kde-i18n-csb jack-jconv hamradio-menus coinor-libvol-doc msx-emulator bitbake nabi language-pack-gnome-zh libpaperg popularity-contest xracer-tools xfont-nexus opendrim-lmp-baseserver libvorbisfile-ruby liblinebreak-doc libgfcui-2.0-0c2a-dbg libblacs-mpi-dev dict-freedict-spa-eng blender-ogrexml aspell-da x11-apps openoffice.org-l10n-lv openoffice.org-l10n-nl pnmtopng libodbcinstq1 libhsqldb-java-doc libmono-addins-gui0.2-cil sg3-utils linux-backports-modules-alsa-2.6.31-19-generic yorick-yeti-gsl python-pymssql plasma-widget-cpuload mcpp gpsim-lcd cl-csv libhtml-clean-perl asterisk-dbg apt-dater-dbg libgnome-mag1-dev language-pack-gnome-yo python-crypto svn-autoreleasedeb sugar-terminal-activity mii-diag maria-doc libplexus-component-api-java-doc libhugs-hgl-bundled libchipcard-libgwenhywfar47-plugins libghc6-random-dev freefem3d ezmlm cakephp-scripts aspell-ar ara-byte not+sparc openoffice.org-l10n-nn linux-backports-modules-karmic-generic-pae
    [Show full text]
  • Privacy Enhancing Technologies for the Internet III: Ten Years Later
    Privacy Enhancing Technologies for the Internet III: Ten Years Later Ian Goldberg David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON [email protected] 1 Introduction In 1997 with Wagner and Brewer, and again in 2002, we looked at the then-current state of privacy-enhancing technologies (PETs) for the Internet. [27, 26] Now, in 2007, we take a third look. Technologies to help users maintain their privacy online are as important today as ever before—if not more so. Identity theft is the fastest-growing crime in the US today [47] and it is all too easy for would-be identity thieves to harvest personal information from the online trails Internet users leave every day. Losses of large databases of personal information are an almost daily occurrence [2]; for example, retailers’ servers are penetrated [44], databases are traded between government and private companies [36] and laptops containing social security numbers are stolen [35]. In 1997, we discussed the dossier effect: all available information about a person gets cross-referenced, and the resulting dossier ends up being used for many purposes, lawful and not. This practice has expanded over the years; the companies that compile and sell these dossiers are known as data brokers. Choicepoint is a prime example—in 2005, this data broker sold dossiers on over 150,000 Americans to a group of criminals. [10] The PETs we discuss here give people a way to control how much of their personal information is revealed when they use the Internet. By controlling the spread of this information, they can limit the size of the data brokers’ dossiers about them.
    [Show full text]
  • Integral Estimation in Quantum Physics
    INTEGRAL ESTIMATION IN QUANTUM PHYSICS by Jane Doe A dissertation submitted to the faculty of The University of Utah in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Mathematical Physics Department of Mathematics The University of Utah May 2016 Copyright c Jane Doe 2016 All Rights Reserved The University of Utah Graduate School STATEMENT OF DISSERTATION APPROVAL The dissertation of Jane Doe has been approved by the following supervisory committee members: Cornelius L´anczos , Chair(s) 17 Feb 2016 Date Approved Hans Bethe , Member 17 Feb 2016 Date Approved Niels Bohr , Member 17 Feb 2016 Date Approved Max Born , Member 17 Feb 2016 Date Approved Paul A. M. Dirac , Member 17 Feb 2016 Date Approved by Petrus Marcus Aurelius Featherstone-Hough , Chair/Dean of the Department/College/School of Mathematics and by Alice B. Toklas , Dean of The Graduate School. ABSTRACT Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah. Blah blah blah blah blah blah blah blah blah blah blah blah blah blah blah.
    [Show full text]
  • Declaratively Solving Tricky Google Code Jam Problems with Prolog-Based Eclipse CLP System
    Declaratively solving tricky Google Code Jam problems with Prolog-based ECLiPSe CLP system Sergii Dymchenko Mariia Mykhailova Independent Researcher Independent Researcher [email protected] [email protected] ABSTRACT produces correct answers for all given test cases within a In this paper we demonstrate several examples of solving certain time limit (4 minutes for the \small" input and 8 challenging algorithmic problems from the Google Code Jam minutes for the \large" one). programming contest with the Prolog-based ECLiPSe sys- tem using declarative techniques: constraint logic program- GCJ competitors can use any freely available programming ming and linear (integer) programming. These problems language or system (including the ECLiPSe2 system de- were designed to be solved by inventing clever algorithms scribed in this paper). Most other competitions restrict par- and efficiently implementing them in a conventional imper- ticipants to a limited set of popular programming languages ative programming language, but we present relatively sim- (typically C++, Java, C#, Python). Many contestants par- ple declarative programs in ECLiPSe that are fast enough ticipate not only in GCJ, but also in other contests, and to find answers within the time limit imposed by the con- use the same language across all competitions. When the test rules. We claim that declarative programming with GCJ problem setters design the problems and evaluate their ECLiPSe is better suited for solving certain common kinds complexity, they keep in mind mostly this crowd of seasoned of programming problems offered in Google Code Jam than algorithmists. imperative programming. We show this by comparing the mental steps required to come up with both kinds of solu- We show that some GCJ problems that should be challeng- tions.
    [Show full text]
  • Email-Verschlüsselung Mit Gnu Privacy Guard
    Email‐Verschlüsselung mit Gnu Privacy Guard Inhaltsverzeichnis Email‐Verschlüsselung mit Gnu Privacy Guard ........................................................................ 1 Kryptographie ......................................................................................................................... 2 Geschichte der Kryptographie ................................................................................................. 3 Gnu Privacy Guard ( GnuPG) ................................................................................................... 5 Installation .............................................................................................................................. 7 Schlüsselpaar .......................................................................................................................... 8 Schlüssel auflisten ................................................................................................................ 8 “Fingerprint” anzeigen ......................................................................................................... 8 Schlüsselpaar erzeugen ....................................................................................................... 9 Schlüssel importieren ........................................................................................................ 11 Schlüssel exportieren ......................................................................................................... 11 Schlüssel signieren ............................................................................................................
    [Show full text]
  • Gnupg Características Cuestiones Legales
    GnuPg Características GnuPG en sí mismo es una utilidad de línea de comandos sin ninguna característica gráfica. Se trata del motor de cifrado, en sí mismo, que puede ser utilizado directamente desde la línea de comandos, desde programas (guiones) de shell (shell scripts) o por otros programas. Por lo tanto GnuPG puede ser considerado como un motor (backend) para otras aplicaciones. De todos modos, incluso si se utiliza desde la línea de comandos, proporciona toda la funcionalidad necesaria, lo que incluye un sistema interactivo de menús. El conjunto de órdenes de esta herramienta siempre será un superconjunto del que proporcione cualquier interfaz de usuario (frontend). • Reemplazo completo de PGP. • No utiliza algoritmos patentados. • Con licencia GPL, escrito desde cero. • Puede utilizarse como filtro. • Implementación completa de OpenPGP (vea RFC 2440 en RFC Editor ). • Funcionalidad mejorada con respecto a PGP y mejoras de seguridad con respecto a PGP 2. • Descifra y verifica mensajes de PGP 5, 6 y 7. • Soporta ElGamal, DSA, RSA, AES, 3DES, Blowfish, Twofish, CAST5, MD5, SHA-1, RIPE-MD-160 y TIGER. • Facilidad de implementación de nuevos algoritmos utilizando módulos. • Fuerza que el identificador de usuario (User ID) esté en un formato estándar. • Soporta fechas de caducidad de claves y firmas. • Soporta inglés, danés, holandés, esperanto, estonio, francés, alemán, japonés, italiano, polaco, portugués (brasileño), portugués (de Portugal), ruso, español, sueco y turco. • Sistema de ayuda en línea. • Receptores de mensajes anónimos, opcionalmente. • Soporte integrado para servidores de claves HKP (wwwkeys.pgp.net). • Limpia ficheros firmados con "firma en claro", que pueden ser procesados en lotes. • y muchas cosas más..
    [Show full text]