A confused deputy attack

A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority. It is a specific type of privilege escalation. In information security, the confused deputy problem is often cited as an example of why capability-based security is important, as capability systems protect against this whereas ACL-based systems do not.

Confidence trick based scams are based on gaining the trust of a victim in order for an attacker to use them as a confused deputy. For example in Salting, an attacker presents a victim with what appears to be a mineral-rich mine. In this case an attacker is using a victim’s greed to persuade them to perform an action that the victim would not normally do.

When checking out at a grocery store, the cashier will scan the barcode of each item to determine the total cost. A thief could replace barcodes on his items with those of cheaper items. In this attack the cashier is a confused deputy that is using seemingly valid barcodes to determine the total cost.

A cross-site request forgery (CSRF) is an example of a confused deputy attack that uses the web browser to perform sensitive actions against a web application. A common form of this attack occurs when a web application uses a cookie to authenticate all requests transmitted by a browser. Using JavaScript an attacker can force a browser into transmitting authenticated HTTP requests.

The Samy computer worm used Cross-Site Scripting (XSS) to turn the browser’s authenticated MySpace session into a confused deputy. Using XSS the worm forced the browser into posting an executable copy of the worm as a MySpace message which was then viewed and executed by friends of the infected user.

Clickjacking is an attack where the user acts as the confused deputy. In this attack a user thinks they are harmlessly browsing a website (an attacker-controlled website) but they are in fact tricked into performing sensitive actions on another website.^[3]

An FTP bounce attack can allow an attacker to indirectly connect to TCP ports that the attacker’s machine has no access to, using a remote FTP server as the confused deputy.

Another example relates to personal firewall software. It can restrict internet access for specific applications. Some applications circumvent this by starting a browser with a specific URL. The browser has authority to open a network connection, even though the application does not. Firewall software can attempt to address this by prompting the user in cases where one program starts another which then accesses the network. However, the user frequently does not have sufficient information to determine whether such an access is legitimate—false positives are common, and there is a substantial risk that even sophisticated users will become habituated to clicking ‘OK’ to these prompts.^[4]

Not every program that misuses authority is a confused deputy. Sometimes misuse of authority is simply a result of a program error. The confused deputy problem occurs when the designation of an object is passed from one program to another, and the associated permission changes unintentionally, without any explicit action by either party. It is insidious because neither party did anything explicit to change the authority.

OpenBUGS

BUGS is a software package for performing Bayesian inference Using Gibbs Sampling. The user specifies a statistical model, of (almost) arbitrary complexity, by simply stating the relationships between related variables. The software includes an ‘expert system’, which determines an appropriate MCMC (Markov chain Monte Carlo) scheme (based on the Gibbs sampler) for analysing the specified model. The user then controls the execution of the scheme and is free to choose from a wide range of output types.

Versions…

There are two main versions of BUGS, namely WinBUGS and OpenBUGS. This site is dedicated to OpenBUGS, an open-source version of the package, on which all future development work will be focused. OpenBUGS, therefore, represents the future of the BUGS project. WinBUGS, on the other hand, is an established and stable, stand-alone version of the software, which will remain available but not further developed. The latest versions of OpenBUGS (from v3.0.7 onwards) have been designed to be at least as efficient and reliable as WinBUGS over a wide range of test applications. Please see here for more information on WinBUGS. OpenBUGS runs on x86 machines with MS Windows, Unix/Linux or Macintosh (using Wine).

Note that software exists to run OpenBUGS (and analyse its output) from within both R and SAS, amongst others.

For additional details on the differences between OpenBUGS and WinBUGS see the OpenVsWin manual page.

to read Excel files from R

Many solutions have been implemented to read Excel files from R: each one has advantages and disadvantages, so an universal solution is not available. Get an overview of all the solutions, allows the choice of the best solution case-by-case.

How to Open Folder Options in Windows 8.1

reshape2

Sean C. Anderson

October 19, 2013
An Introduction to reshape2
reshape2 is an R package written by Hadley Wickham that makes it easy to transform data between wide and long formats.

ggplot2

ggplot2 is a data visualization package for the statistical programming language R. Created by Hadley Wickham in 2005, ggplot2 is an implementation of Leland Wilkinson‘s Grammar of Graphics—a general scheme for data visualization which breaks up graphs into semantic components such as scales and layers. ggplot2 can serve as a replacement for the base graphics in R and contains a number of defaults for web and print display of common scales. Since 2005, ggplot2 has grown in use to become one of the most popular R packages.^[1]^[2] It is licensed under GNU GPL v2.^[3]

On 2 March 2012, ggplot2 version 0.9.0 was released with numerous changes to internal organization, scale construction and layers.^[4] An update dealing primarily with bug fixes was released on 9 May 2012, incrementing the version to 0.9.1.^[5]

On 25 February 2014, Hadley Wickham formally announced that “ggplot2 is shifting to maintenance mode. This means that we are no longer adding new features, but we will continue to fix major bugs, and consider new features submitted as pull requests. In recognition this significant milestone, the next version of ggplot2 will be 1.0.0”.^[6]

Solved game

From Wikipedia, the free encyclopedia

A solved game is a game whose outcome (win, lose, or draw) can be correctly predicted from any position, given that both players play perfectly. Games which have not been solved are said to be “unsolved”. Games for which only some positions have been solved are said to be “partially solved”. This article focuses on two-player games that have been solved.

A two-player game can be “solved” on several levels:^[1]^[2]

Ultra-weak

Prove whether the first player will win, lose, or draw from the initial position, given perfect play on both sides. This can be a non-constructive proof (possibly involving astrategy-stealing argument) that need not actually determine any moves of the perfect play.

Weak

Provide an algorithm that secures a win for one player, or a draw for either, against any possible moves by the opponent, from the beginning of the game. That is, produce at least one complete ideal game (all moves start to end) with proof that each move is optimal for the player making it. It does not necessarily mean a computer program using the solution will play optimally against an imperfect opponent. For example, the checkers program Chinook will never turn a drawn position into a losing position (since the weak solution of checkers proves that it is a draw), but it might possibly turn a winning position into a drawn position because Chinook does not expect the opponent to play a move that will not win but could possibly lose, and so it does not analyze such moves completely.

Strong

Provide an algorithm that can produce perfect play (moves) from any position, even if mistakes have already been made on one or both sides.

Despite the name, many game theorists believe that “ultra-weak” are the deepest, most interesting and valuable proofs. “Ultra-weak” proofs require a scholar to reason about the abstract properties of the game, and show how these properties lead to certain outcomes if perfect play is realized.^{[citation needed]}

By contrast, “strong” proofs often proceed by brute force — using a computer to exhaustively search a game tree to figure out what would happen if perfect play were realized. The resulting proof gives an optimal strategy for every possible position on the board. However, these proofs aren’t as helpful in understanding deeper reasons why some games are solvable as a draw, and other, seemingly very similar games are solvable as a win.

Given the rules of any two-person game with a finite number of positions, one can always trivially construct a minimax algorithm that would exhaustively traverse the game tree. However, since for many non-trivial games such an algorithm would require an infeasible amount of time to generate a move in a given position, a game is not considered to be solved weakly or strongly unless the algorithm can be run by existing hardware in a reasonable time. Many algorithms rely on a huge pre-generated database, and are effectively nothing more.

As an example of a strong solution, the game of tic-tac-toe is solvable as a draw for both players with perfect play (a result even manually determinable by schoolchildren). Games like nim also admit a rigorous analysis using combinatorial game theory.

Whether a game is solved is not necessarily the same as whether it remains interesting for humans to play. Even a strongly solved game can still be interesting if its solution is too complex to be memorized; conversely, a weakly solved game may lose its attraction if the winning strategy is simple enough to remember (e.g. Maharajah and the Sepoys). An ultra-weak solution (e.g. Chomp or Hex on a sufficiently large board) generally does not affect playability.

In non-perfect information games, one also has the notion of essentially weakly solved^[3]. A game is said to be essentially weakly solved if a human lifetime of play is not sufficient to establish with statistical significance that the strategy is not an exact solution. As an example, the poker variation heads-up limit Texas hold ’em have been essentially weakly solved by the poker bot Cepheus^[3]^[4]^[5].

Perfect play

In game theory, perfect play is the behavior or strategy of a player that leads to the best possible outcome for that player regardless of the response by the opponent. Based on the rules of a game, every possible final position can be evaluated (as a win, loss or draw). By backward reasoning, one can recursively evaluate a non-final position as identical to that of the position that is one move away and best valued for the player whose move it is. Thus a transition between positions can never result in a better evaluation for the moving player, and a perfect move in a position would be a transition between positions that are equally evaluated. As an example, a perfect player in a drawn position would always get a draw or win, never a loss. If there are multiple options with the same outcome, perfect play is sometimes considered the fastest method leading to a good result, or the slowest method leading to a bad result.

Perfect play can be generalized to non-perfect information games, as the strategy that would guarantee the highest minimal expected outcome regardless of the strategy of the opponent. As an example, the perfect strategy for Rock, Paper, Scissors would be to randomly choose each of the options with equal (1/3) probability. The disadvantage in this example is that this strategy will never exploit non-optimal strategies of the opponent, so the expected outcome of this strategy versus any strategy will always be equal to the minimal expected outcome.

Although the optimal strategy of a game may not (yet) be known, a game-playing computer might still benefit from solutions of the game from certain endgame positions (in the form of endgame tablebases), which will allow it to play perfectly after some point in the game. Computer chess programs are well known for doing this.

Solved games

Awari (a game of the Mancala family): The variant of Oware allowing game ending “grand slams” was strongly solved by Henri Bal and John Romein at the Vrije Universiteit in Amsterdam, Netherlands (2002). Either player can force the game into a draw.

Checkers: See “Draughts, English”

Chopsticks: The second player can always force a win.^[6]

Connect Four: Solved first by James D. Allen (Oct 1, 1988), and independently by Victor Allis (Oct 16, 1988).^[7] First player can force a win. Strongly solved by John Tromp’s 8-ply database^[8](Feb 4, 1995). Weakly solved for all boardsizes where width+height is at most 15^[7] (Feb 18, 2006).

Draughts, English (Checkers): This 8×8 variant of draughts was weakly solved on April 29, 2007 by the team of Jonathan Schaeffer, known for Chinook, the “World Man-Machine Checkers Champion“. From the standard starting position, both players can guarantee a draw with perfect play.^[9] Checkers is the largest game that has been solved to date, with a search space of 5×10²⁰.^[10] The number of calculations involved was 10¹⁴, which were done over a period of 18 years. The process involved from 200 desktop computers at its peak down to around 50.^[11]

The game of checkers has roughly 500 billion billion possible positions (5 × 1020). The task of solving the game, determining the final result in a game with no mistakes made by either player, is daunting. Since 1989, almost continuously, dozens of computers have been working on solving checkers, applying state-of-the-art artificial intelligence techniques to the proving process. This paper announces that checkers is now solved: Perfect play by both sides leads to a draw. This is the most challenging popular game to be solved to date, roughly one million times as complex as Connect Four. Artificial intelligence technology has been used to generate strong heuristic-based game-playing programs, such as Deep Blue for chess. Solving a game takes this to the next level by replacing the heuristics with perfection.

EPUB publishing

ton of different formats:

.aeh (used by Archos eReaders)
.lrx (used by Sony eReaders)
.ibooks (used by Apple eReaders)
.pkg (used by Newton eReaders)
.mobi (used by Amazon Kindle eReaders)
.epub (used by just about everyone else, including Barnes & Noble NOOK eReaders)

There are actually even more formats than those. That’s just a small sample. So, which one should you make?

Well, the only formats you need to create are EPUB and MOBI. Forget the others. EPUB is quickly becoming the industry standard and 90% of the eReaders on the market can open EPUB files. There is also a very simple conversion tool to change your EPUB into a MOBI. So, you really only need to make an EPUB, convert it to MOBI, and your book will be accessible on 99% of the eReaders out there, including NOOK and Kindle.

Build a digital book with EPUB

The open XML-based eBook format

Need to distribute documentation, create an eBook, or just archive your favorite blog posts? EPUB is an open specification for digital books based on familiar technologies like XML, CSS, and XHTML, and EPUB files can be read on portable e-ink devices, mobile phones, and desktop computers. This tutorial explains the EPUB format in detail, demonstrates EPUB validation using Java technology, and moves step-by-step through automating EPUB creation using DocBook and Python.

EPUB (short for electronic publication) is a free and open e-book standard by the International Digital Publishing Forum (IDPF). Files have the extension .epub.

Continue reading “EPUB publishing”

how to make an ebook cover

Book cover design is booming and even has its own awards. Design Observer promotes anannual award for book cover design with a 35-person judging panel! The traditional process of getting a book cover design can be extremely time-consuming and the result is often disappointing for the author. This is all changing with the digital age ushering in an era of author-led ebook publishing and with a little help from crowdsourcing.

For easy reference, take the shortcut:

How to Make a Book Cover in GIMP

Posted on March 8, 2010 by Joleene Naylor

“Design Your Own eBook Cover That Sells: The Complete Guide”

Find standard eBook cover size specifications. To start making the cover, open up a new project in Photoshop and implement the settings below. While these settings are standard, it would be helpful to learn the different sizes and formats for all online eBook publishers. Amazon Kindle’s recommended height and width is listed below.

Preset: Custom
Height and Width: 1600 px x 2400 px
{Amazon Kindle Recommended}: 1563 px x 2500 px
Resolution: 300 px/inch
Color: RGB
Background Color: Transparent

IObit Uninstaller 4

Uninstaller to Remove Plug-ins & Apps!

No More Leftovers with “Powerful Scan” and “File Shredder”
Remove Plug-ins to Boost Browser Speed and Secure Privacy
Remove Unwanted Programs and Toolbars Securely and Super Fast
Easy and FREE to Use Uninstaller

Free Download: V 4.1.5 | 16.29 MB; Supports Windows 2000/XP/Vista/7/8

8 Free Uninstallers: Best Free Software to Uninstall Programs

By Ishan Bansal on August 3, 2010