Re:Use of Proprietary Encryption - Bad once again
on
QNX Crypt Cracked
·
· Score: 1
Uhm, actually the source that was used for the QNX crypt() function was open source, public-domain actually. It was taken from a freely available source at the time. So, all the things you complaining about are incorrect.
Bottom line is that when QNX 4 was first available there were export restrictions on DES. If you do your homework, all the major Unix vendors had to deal with export restrictions to other countries and were even prevented from selling systems to some countries. QNX was never tied to the sale of hardware, so it was much more difficult to control in that aspect. Their decision (at the time) was the correct decision. It's just too bad that they didn't have anyone skilled enough at crypto to validate the algorithm. All things said, that damned thing has been in use for 10 years, and this is the first time that anyone has ever attempted to hack/crack it.
Hmmm... major QNX/Linux announcement... you mean other than QSSL joining the RT Linux committee? (Since that has already been announced on the QNX Homepage
Re:QNX doesn't care about security.
on
QNX Crypt Cracked
·
· Score: 1
QNX does care about security, their model is identical to that of other Unix OS's. What is different is their network model. QNX's FLEET network links all machines into a virtual machine. As was already mentioned, it's "clustering" is native, when you write an application for QNX it's inherently network enabled, in fact if your appliation wants to determine if it is running in a network environment, it takes additional code & effort. It has always been a distributed realtime operating system.
The embedded realtime product is QNX/Neutrino. That isn't to say that QNX 4 isn't embeddable, it is (I've done it, so has Netpliance) but that QNX/NTO is far better at embedded than QNX4.
This is no big deal. QNX with their legendary response & technical support had already fixed login and the/etc/shadow file on qnx.com before the end of the day when the code was released. They even found (and fixed) a bug in the decrypt source that was posted. The fix is in QA right now and should be available soon.
This crypt() was only ever used for the login password encryption. There are no appliations that I am aware of that ever used the crypt() from QSSL for anything else.
Huh? What commercials? Up here in Canada the damned CRTC rules that if a canadian station is broadcasting the same show, that your cable company has to air their coverage on the US station. So, a local station was rebroadcasting the ABC coverage, the only change the local station made was to insert local/canadian commercials, and the cable company slapped that over the ABC channel. Bloody CRTC they do this all the time... same with The Simpsons, Futurama, X-Files, and too many other shows to mention.
More lines of code does notmake better code. I can crank out a more lines of code just by screwing with whitespace and the formatting as I did in the above example.
Slashdot Mirror
Bottom line is that when QNX 4 was first available there were export restrictions on DES. If you do your homework, all the major Unix vendors had to deal with export restrictions to other countries and were even prevented from selling systems to some countries. QNX was never tied to the sale of hardware, so it was much more difficult to control in that aspect. Their decision (at the time) was the correct decision. It's just too bad that they didn't have anyone skilled enough at crypto to validate the algorithm. All things said, that damned thing has been in use for 10 years, and this is the first time that anyone has ever attempted to hack/crack it.
Hmmm... major QNX/Linux announcement... you mean other than QSSL joining the RT Linux committee? (Since that has already been announced on the QNX Homepage
The embedded realtime product is QNX/Neutrino. That isn't to say that QNX 4 isn't embeddable, it is (I've done it, so has Netpliance) but that QNX/NTO is far better at embedded than QNX4.
This crypt() was only ever used for the login password encryption. There are no appliations that I am aware of that ever used the crypt() from QSSL for anything else.
Huh? What commercials? Up here in Canada the damned CRTC rules that if a canadian station is broadcasting the same show, that your cable company has to air their coverage on the US station. So, a local station was rebroadcasting the ABC coverage, the only change the local station made was to insert local/canadian commercials, and the cable company slapped that over the ABC channel.
Bloody CRTC they do this all the time... same with The Simpsons, Futurama, X-Files, and too many other shows to mention.
LOC is a metric that is meaningless, the only folks that use it are the idiots in management that don't understand SFA about code.
Which is better code?
main( int argc, char **argv )
{
int i, x;
for( i = 0 ; i x = ( 80 - strlen( argv[i] ) ) / 2;
printf( "%*.*s%s\n", x, x, "", argv[i] );
}
}
main(
int argc,
char **argv[]
)
{
int i;
int x;
int n;
for( ; ; ;
i = 0
i i = i + 1
)
{
x = strlen( argv[i] );
x = 80 - x;
x = x / 2;
for(
n = 0
n &nt; x
n = n + 1
)
{
printf( " " );
}
printf( "%s", argv[i] );
}
}
More lines of code does not make better code. I can crank out a more lines of code just by screwing with whitespace and the formatting as I did in the above example.