On Mon, Apr 12, 1999 at 09:30:12PM -0500, Amy and Shane Sanford wrote:
> A easy way with any OS that has some sort of easy batch file support (such
> as the flavors of Windows & from what I remember Unix). Have the Prime
> program download the files to the current directory (maybe a self
> executable zip file). Then execute the download. The download will unzip
> all the files including a batch file which when launched will replace the
> nessecary files with the new ones. The orginal prime program then would
> launch the batch file (maybe with a execution delay of 2 seconds) then
> close itself (and unload any .dlls if nessecary). The Batch file then
> takes over with the file updates, cleans up the mess, and then launches the
> new prime program before it closes.
The problem really is NOT solving the technical problem of how to
update the program on the fly. That's a bit challenging, sure, but
it's really not all that hard.
The real problem is ensuring that this scheme is secure. When there's
no human being in the loop, the system becomes ripe for abuse. For
example, I could use established DNS poisoning attacks to redirect
ftp.mersenne.org (or wherever the software is automatically downloaded
from) to a host of my choosing, and provide malicious software there
posing as an "update" to the mersenne software. Then your computer
would happily dowload and install my evil program!
Any automatic executable download system is suceptible to this problem
in some form or another, unless it provides some form of cryptographic
signature or other verifiability check. But doing things like that
runs afoul of the US government's medieval crypto policy.
Now, providing a method for one person to automatically update a bunch
of remote computers they control is something else entirely, and that
does not have the same security implications. For example, Aaron
Blosser installed prime95 on 3000 (or so) Windows computers from his
desktop, using remote administration software. I've done similar
things on Solaris (Unix) here at school, to run Distributed.net's
client software.
Anyways, what does this have to do with Mersenne primes?
-andy
--
Andy Isaacson [EMAIL PROTECTED] [EMAIL PROTECTED] Fight Spam, join CAUCE:
http://www.csl.mtu.edu/~adisaacs/ http://www.cauce.org/
________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
