The old Javamex forum is shortly to be retired. A new Javamex forum has now been set up to take its place. From now on, if you wish to ask a question about Java or the Javamex web site, please do so on the new forum.
Note that you will need to re-register on the new forum.
Monday, April 16, 2012
New article: file system notifications
A new article has been added on file system notifications. The article explains how your Java app can ask the underlying O/S to be notified of modifications to files in particular directories, e.g. for monitoring log files, watching for files created by an external process, or files opened by your application.
The article also looks at some of the limitations and pitfalls of using Java's WatchService API.
The article also looks at some of the limitations and pitfalls of using Java's WatchService API.
Saturday, February 25, 2012
Win a £20 iTunes voucher
Wednesday, February 15, 2012
If we were to "fix" the Internet today, would we get it right?
Prof Alan Woodward of Surrey University presents an interesting viewpoint today on the state of our current Internet infrastructure. Practically all of the present "security" features were shoehorned in on top of an infrastructure that was never really designed with security in mind. With the benefit of hindsight, maybe what we need is simply a new infrastructure, designed from the ground up to meet our current needs and use, be that in terms of security or other features.
On the other hand, security isn't the only feature absent from basic Internet infrastructure because it was not thought of in the 1970s. It is probably for similar historical reasons that the Internet crosses many political boundaries that some of our current governments appear to wish it didn't cross.
So if we were to re-design the Internet today, some questions arise:
- the infrastructure that we have today met the needs and capabilities of the 1970s; how would we guarantee that a new infrastructure invented today wouldn't simply be reflecting the needs and capabilities of 2012? In 20 years time, would there be a similar conversation ("well, you see, quantum decryption wasn't a real threat back in the 2010s")?
- what would the political pressures be on an Internet infrastructure invented in 2012? How many back doors into the security features would governments try to force into the specification? How much pressure would there be for the application of content filters and bandwidth allocation to reflect the degree of bribery (sorry, "funding") provided by such-and-such corporation to the political parties involved in legislating the infrastructure?
We should also be careful not to mask political failure as being a purely technological problem. On some level, identity theft and other cybercrimes occur both because our technology permits it and because, one way or another, our political structures still leave the risk-benefit tradeoff stacked in favour of the criminals in question.
On the other hand, security isn't the only feature absent from basic Internet infrastructure because it was not thought of in the 1970s. It is probably for similar historical reasons that the Internet crosses many political boundaries that some of our current governments appear to wish it didn't cross.
So if we were to re-design the Internet today, some questions arise:
- the infrastructure that we have today met the needs and capabilities of the 1970s; how would we guarantee that a new infrastructure invented today wouldn't simply be reflecting the needs and capabilities of 2012? In 20 years time, would there be a similar conversation ("well, you see, quantum decryption wasn't a real threat back in the 2010s")?
- what would the political pressures be on an Internet infrastructure invented in 2012? How many back doors into the security features would governments try to force into the specification? How much pressure would there be for the application of content filters and bandwidth allocation to reflect the degree of bribery (sorry, "funding") provided by such-and-such corporation to the political parties involved in legislating the infrastructure?
We should also be careful not to mask political failure as being a purely technological problem. On some level, identity theft and other cybercrimes occur both because our technology permits it and because, one way or another, our political structures still leave the risk-benefit tradeoff stacked in favour of the criminals in question.
Wednesday, January 25, 2012
Symantec advise users to disable pcAnywhere
According to a white paper released by Symantec, the source code to various of its produces that hacker group Anonymous recently threatened to disclose was stolen in 2006, and users are advised to disable pcAnywhere until further notice. Specifically, the paper states:
"pcAnywhere is a product that allows for direct PC to PC communication and this does expose some risk if the compromised code is actually released."
This seems to imply that pcAnywhere is based on security through obscurity. (Presumably, the same security risk actually exists, albeit to a lesser extent, whether or not somebody releases the source code: whatever information is in the source code is in principle available by reverse engineering the compiled code.)
To me, the event underlines at least two lessons:
- this is precisely what may happen if you rely on security through obscurity
- if you have some security-sensitive source code stolen, "right now" would be a good time to review the stolen code, rather than 6 years later...
Or is there something about the content of the white paper and the incident in general that I'm misunderstanding?
"pcAnywhere is a product that allows for direct PC to PC communication and this does expose some risk if the compromised code is actually released."
This seems to imply that pcAnywhere is based on security through obscurity. (Presumably, the same security risk actually exists, albeit to a lesser extent, whether or not somebody releases the source code: whatever information is in the source code is in principle available by reverse engineering the compiled code.)
To me, the event underlines at least two lessons:
- this is precisely what may happen if you rely on security through obscurity
- if you have some security-sensitive source code stolen, "right now" would be a good time to review the stolen code, rather than 6 years later...
Or is there something about the content of the white paper and the incident in general that I'm misunderstanding?
Thursday, December 29, 2011
A copyright-obsessed French government gets a taste of its own medicine
As you might expect when your president is married to a singer, the French government takes a fairly totalitarian line on copyright. The infamous HADOPI law effectively enables citizens to be prohibited from contracting Internet access with an ISP on the basis of copyright infringement complaints, apparently with such complaints centering around access from a particular IP address.
So it would be slightly embarrassing if it turned out that IP addresses belonging to the president's official residence and a French government ministry turned up in a database of illegal downloads. Unfortunately, this is precisely what appears to have happened: records of apparently "illegal" downloads from the French Ministère de la Culture and Élysée (official presidential residence and offices) have turned up in the databases of YouHaveDownloaded.com, a site publishing records from (among other sources) various public BitTorrent servers.
So, should we conclude that a poverty-stricken Sarkozy has had to resort to using public resources to download illegal copies of his favourite flicks and tracks in these times of austerity? Should we now engage in month-long trial to determine whether we can prove beyond reasonable doubt that Mr Sarkozy did or did not download that dodgy low-quality MP4 of La Cage aux folles? Should the Élysée now spend public money on a lengthy witch-hunt to establish which petty office clerk or work experience temp is responsible for this shocking infringement of some random fat cat's right to stuff his coffers a little fuller?
Well, I would suggest not-- but that's the point. Hopefully this revelation may help the French government to understand people's concerns about the glib connection that they are insistent to draw between an IP address in a database and the download in question having definitely occurred under the actions of a particular person, and to weigh up the pros and cons of establishing totalitarian means in an attempt to enforce the practically unenforceable with arguable benefit to society.
Well, I would suggest not-- but that's the point. Hopefully this revelation may help the French government to understand people's concerns about the glib connection that they are insistent to draw between an IP address in a database and the download in question having definitely occurred under the actions of a particular person, and to weigh up the pros and cons of establishing totalitarian means in an attempt to enforce the practically unenforceable with arguable benefit to society.
Monday, December 19, 2011
Is copyright worth breaking the Internet over?
The truth is that for some time now, the Internet can no longer be relied on to fulfil its simple infrastructural purpose of delivering bytes from A to B unhindered when requested to do so. The appetite of the powers that be for intruding on their citizens' privacy on the one hand and for succumbing to capitalist pressures on the other make any Internet connection an increasingly noisy channel.
Lemley, Levine and Post now outline and give an enlightening critique of some recent and alarming steps being taken in their essay Don't Break the Internet. As an author, I completely sympathise with concerns about copyright, and I would possibly agree that the current process of having infringing material removed is insufficient-- whilst also suspecting that the impact of the "copyright problem" is massively overexaggerated. But as with traffic shaping measures (among others), it is particularly concerning to see proposals to allow fundamental pieces of infrastructure to be undermined almost on a whim. Is this really the most intelligent counter-measure to copyright infringement that we can think of?
Lemley, Levine and Post now outline and give an enlightening critique of some recent and alarming steps being taken in their essay Don't Break the Internet. As an author, I completely sympathise with concerns about copyright, and I would possibly agree that the current process of having infringing material removed is insufficient-- whilst also suspecting that the impact of the "copyright problem" is massively overexaggerated. But as with traffic shaping measures (among others), it is particularly concerning to see proposals to allow fundamental pieces of infrastructure to be undermined almost on a whim. Is this really the most intelligent counter-measure to copyright infringement that we can think of?
Subscribe to:
Posts (Atom)