Gen 2 NB 0.97 is up

Discussion in 'Ruins of Alph' started by Pocket, Jan 16, 2009.

  1. highstakespkmn

    highstakespkmn

    Joined:
    Jul 20, 2008
    Messages:
    173
    get out gsc team and fight get out gsc team and fight get out gsc team and fight get out gsc team and fight get out gsc team and fight get out gsc team and fight get out gsc team and fight get out gsc team and fight
  2. kd24

    kd24 people be stoopid
    is a Pokemon Researcheris a Site Staff Alumnusis a Forum Moderator Alumnusis a Smogon IRC SOp Alumnusis a Smogon Media Contributor Alumnusis a Tiering Contributor Alumnusis a Contributor Alumnusis a Battle Server Moderator Alumnus

    Joined:
    Dec 21, 2007
    Messages:
    5,240
    bob snapped me like a twig in rby but you know what i came pretty close in gsc and we didnt do a rse battle i think but we all know who would win that (me)
  3. highstakespkmn

    highstakespkmn

    Joined:
    Jul 20, 2008
    Messages:
    173
    oh this one noob found my weak with 2 consecutive critical hits (he needed both)

    it was my first loss in GSC in ages. I AM PISSED AND MUST TAKE ANGER OUT ON NEAREST NOOBATTLER.
  4. ABC-Trainer

    ABC-Trainer

    Joined:
    Mar 6, 2005
    Messages:
    2,292
  5. david stone

    david stone Fast-moving, smart, sexy and alarming.
    is a Site Staff Alumnusis a Smogon IRC AOp Alumnusis a Programmer Alumnusis a Super Moderator Alumnusis a Researcher Alumnusis a Contributor Alumnusis a Battle Server Moderator Alumnus

    Joined:
    Aug 3, 2005
    Messages:
    5,150
    I was using that as an example of open encryption. Everyone who has the desire to learn how WPA2 works can. It's an open specification.

    When the guys who came up with AES (Advanced Encryption Standard) were looking for the method of encryption to use, one of the requirements is that it not be a trade secret / closed source. The cipher chosen, Rijndael, has articles explaining absolutely everything in it.

    Or, more topically, consider TLS (Transport Layer Security, formerly SSL, Secure Sockets Layer. This is what you're using when your browser says "https://..." instead of just "http://..."). It's a method of creating secure communication from endpoint to endpoint such that no one (not even your ISP) is able to view the contents of your message (unless one of the endpoints is compromised, for instance, with a virus).

    Why does this matter?

    http://en.wikipedia.org/wiki/Transport_Layer_Security#How_it_works

    TLS is an open protocol. Why this is all relevant to my previous post is simple:

    "A method of encryption that requires people to not understand it for it to work is a poor method of encryption."

    You're relying on security through obscurity rather than security through secure mechanisms. This is the point I was making. A truly secure system isn't broken by source code leaks.

    There is no way for anything to be guaranteed secure. Security isn't a final product so much as an ongoing process. You don't put something out and say "This is secure!". You make things as secure as possible, and then fix flaws as they're found. It's like what Moltke the Elder said: "No battle plan survives contact with the enemy.".

    How do you identify a flood, though? So you block X number of concurrent connection attempts. They do a Distributed Denial of Service attack to go around any filtering by IP or SID by having the attack come from several computers all around the globe. So you implement some heuristic to determine spam (tons of people sending the same message is probably spam), so they write a better spam bot. You find a way to counter that and they abuse your method of establishing a connection to take down your server with the extra processor overhead associated with powerful spam-detection heuristics. It's a constant cat-and-mouse game, you can't just say "OK we've solved security.".

    My idea of security isn't that it only works when people are doing what's expected. The point of a secure program is to take into account the fringe cases where people are stretching the program to its limits.
  6. green_flash

    green_flash

    Joined:
    Jul 20, 2006
    Messages:
    176
    they didn't fix in-game bugs, though =(
  7. White Base

    White Base

    Joined:
    Oct 23, 2008
    Messages:
    13
    Also I remember AA had a log of all the netbattle bugs while the archive was still around, (of like ancient threads), but now that it is gone I don't know what the bugs are, besides stuff like Sub blocking spin when it isn't supposed to and Blaze kick burns fires, if you happen to have a bug-log that would be much appreciated.

    Also if I misunderstood you in any way feel free to correct me.
  8. Lutra

    Lutra

    Joined:
    Apr 3, 2007
    Messages:
    131
    I'm not sure if Sand Veil works, it certainly doesn't on Dugtrio.
  9. david stone

    david stone Fast-moving, smart, sexy and alarming.
    is a Site Staff Alumnusis a Smogon IRC AOp Alumnusis a Programmer Alumnusis a Super Moderator Alumnusis a Researcher Alumnusis a Contributor Alumnusis a Battle Server Moderator Alumnus

    Joined:
    Aug 3, 2005
    Messages:
    5,150
    Here is a list of NB bugs that I maintained for a while (although there are several others, I don't know what they are because we stopped using that thread when we stopped using NetBattle):

    http://www.smogon.com/forums/showthread.php?t=11965

    "0.9.7 release notes:
    - Servers can't be crashed any more;"



    I personally can never trust the security of any program I am unable to audit.
  10. White Base

    White Base

    Joined:
    Oct 23, 2008
    Messages:
    13
    This is a lie, since the source code was made public, if anyone has the time to crack the encryption then the same problem will occur.

    Also thank you very, very, very much for the bug log.
  11. Life

    Life

    Joined:
    Jul 13, 2005
    Messages:
    1,346
  12. david stone

    david stone Fast-moving, smart, sexy and alarming.
    is a Site Staff Alumnusis a Smogon IRC AOp Alumnusis a Programmer Alumnusis a Super Moderator Alumnusis a Researcher Alumnusis a Contributor Alumnusis a Battle Server Moderator Alumnus

    Joined:
    Aug 3, 2005
    Messages:
    5,150
    People have yet to crack Rijndael, and the fundamentals of that system have been known for hundreds of years. (AES winner = Rijndael)

    "AES is the first publicly accessible and open cipher approved by the NSA for top secret information (see Security of AES, below)."

    I said earlier that the specification is completely open: here is an implementation of Rijndael in C, C++, C# / .NET, Delphi, Erlang, Flash, Java, Javascript, LISP, Perl, and PHP. Take your pick of how like to see it written out and take a crack at it.

    http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Implementations

    If you don't like Rijndael, how about Blowfish, Twofish (the updated version of Blowfish), or Serpent? Serpent was the second-place cipher in the AES competition, and as such, is also public domain. Blowfish and Twofish are public domain as well (Twofish was yet another one of the five AES finalists). Serpent is actually thought to be more secure than Rijndael, but the difference in security is the difference in "takes the life of the Universe to crack" vs. "takes several lives of the Universe to crack", and Serpent is slower.

    These are all good enough security for the U.S. government, and they are all open specification.

    I disagree with your assumption that leaks in code are the cause of security flaws, unless the code itself has holes to be exploited. My point is that if the source is closed, no one can know that

    a) there are no accidental flaws left behind (fewer eyes reading the source, and the people reading it are the people writing it, so they're more likely to look over the mistakes because they are the same people who made them), and

    b) there are no back doors in the code.

    Even if the program is written in a language I don't know (for instance, Ruby), if I so desired I could some day learn that language and then read the code myself to check for either of these security holes. Alternately, I could find a trusted friend who is familiar with the language and have them check it out for me. Either way, I don't have to trust every developer out there with my security. I don't know any of the NB programmers, so I have no particular reason to trust them; in fact, even if I did know the developers personally, I'd still want to be able to audit code.

    There are many examples in which the most secure programs are the open programs. Firefox is more secure than IE, Linux is more secure than Windows, TrueCrypt is more secure than whatever alternatives there are to that. I actually cannot think of a single case in which closed programming has been more secure than open programming. Even in the case of closed-source programming, the actual security mechanisms are usually published.

    (06:27:23 PM) Colin: all of the actual security algorithms those nonfree programs use are usually published
    (06:27:28 PM) Colin: even Microsoft publishes its security algorithms
    (06:27:45 PM) Colin: nonfree programs do tend to be less secure, but it's more because of coding errors and other oversights due to fewer people reviewing it
    (06:28:04 PM) Colin: all big software companies publish papers on their security algorithms though
    (06:28:09 PM) Colin: since they recognise the value of that
    (06:28:52 PM) Colin: e.g. the Microsoft research journal

Users Viewing Thread (Users: 0, Guests: 0)