MSFT is not the only company that makes database software.
What locks people into MSFT products are stupid people who buy MSFT products. MSFT was fairly well known as a bully even five years ago [and longer]. I have a hard time believing that most small companies couldn't make the switch to a free platform [and choice of tools] in under five years.
But deciding to kill profiles because they don't fit _your_ design for what people can and cannot do is most definitely censorship.
This reminds me of the hamidi vs. intel case. Essentially Hamidi thought he had free reign to mailbomb Intel because it was his "free speech" right. Unfortunately he actually won that case [bloody EFF!].
This is no different. People abusing a service they don't pay for then claim "free speech". In the end *real* "free speech" claims will go undefended because everyone has a claim.
Not for nothing but RSA [which you cited] was not invented using some super cluster computer. In fact quite a few end user applications still have absolutely nothing todo with problems super computers solve.
For example, 5000 2Ghz processors still will not make my hard disk faster or my word processor more responsive. It won't help little suzy do her art homework nor johny pirate music on kazaa.
Not that cluster research isn't important. Just that clusters and single nodes solve different problems. I mean I think it's safe to say desktop knowledge has crept into cluster work and vice versa. So there isn't a single conclusion to be made. E.g. clusters are not required for single node development.
This is so blatantly lacking of facts it's worse than the worst post I've ever written.
When "prime generation" became a computing challenge [say when RSA came about] the algorithms all focused on how todo it on personal computers [or low end terminals]. In fact RSA was never geared to "massive super computers" at all.
And in fact desktop computers and super-computers solve VERY DIFFERENT problems.
Desktop computers allow AC asshats to reply with "can the manham" and others [such as me] todo work. Super computers allow people to run simulations that would otherwise take far too long on a desktop. I think I can safely bet that 99% of personal computer owners have no interest in simulating the weather over fiji for the next 80 years. But that is the sort of application a super computer would solve.
You're line of thinking is like drawing a connection between racing busses [the street kind] and muscle cars just because they're both vehicles. Makes no sense since they are meant for different problems [oddly enough, one for work and the other to make up for a small penis... hmm can the manham guy?]
I don't get what you are saying. Before my Athlon I owned a K6-2. Before that I owned a MII 300, before that a MI 166 and before that a 486SX.
Each time I bought a new computer it wasn't because I wanted to rival a local supercomputer. It was because newer technology existed that was faster than what I had. The newer processor allowed me todo more.
If AMD could make a 2400+ which generates half the heat I would use it. And such a decision would have nothing todo with the local super-computer capabilities.
That all being said a super-computer which uses off the shelf processors doesn't really "fuel" the science of electrical engineering. In fact of more importance in supercomputing would be reliability, uptime, maintaining sufficient inter-processor communication bandwidth, etc.
None of which I'll ever use in a desktop processor [perhaps for 50 years or so]. Even in this age of computing multi-processor desktop boxes are fairly rare.
So I think it's hard to say that the ability to cram more Xeons in a room really advances processor design. [or substitute another off the shelf processor].
Really? Could it be the hordes of invidual AMD processor owners as well?
I doubt the Athlon XP would be a processor of choice for many huge clusters. First off the processor is just too fucking hot. Second it uses a heck of a lot of power.
Definitely a really huge super-computer would be neat to have but honestly are they putting the ones we already have to good use?
From what I've heard [anecdotally] computers like the earth simulator go vastly under utilized for the most part.
So given that most nations [including the US] have budget problems specially concerning education couldn't people think of better uses for money?
And before anyone throws a "it's the technology of it" argument my way, I'd like to add that if anything I'd rather have the money spent on researching how to make high performance low power processors [and memory/etc] instead. E.g. an Athlon XP 2Ghz that runs at 15W would be wicked more impressive than a 50,000 processor super computer that runs a highly efficient idle loop 99% of the time.
Difference is it isn't the job of the school to protect criminal students from the law. It's the job of the schools to educate, stimulate and endorse educational activities [e.g. research grants, graduate work, etc...].
If johny-come-lately is downloading 3GB of mp3s a day between his bidnez classes and accidentally gets sued. All good for him. He can use his bidnez classes to get himself out of trouble.
I may be stubbord or arrogant from times to time but I fail to see what that thread proves. In fact in many posts I cite specific truisms. I'm fairly modest, e.g.
"True, but we know (or should I say 'they know') alot about various"
etc. etc.
If you think debating an issue is "one person being wrong and arrogant about it" you must be one hell of a genius or one hell of a push-over. Plus most discussions with Douglas go nowhere fast. He is slow to cite resources and quick to pass judgement. Normally he's right which makes it allright but I've been in a couple of debates which quickly turned ugly when he "called" the cards and had nothing to show for it.
BTW, I just pointed out above where you made claims that, among other things, "Of course anybody can make a cipher that is trivial breakable. But those that have survived all our known tests, are secure." This is a concrete instance of you "claiming that a cipher is almost certainly secure just because nobody has publicly proven it broken."
I guess you weren't following the thread that you yourself cited.
I was trying to point out that no push-button test for "secure" exists and that the only metric is empiracal data. If a cipher survives known attacks then it might as well be "secure" until new attacks are invented.
It's called an opinion. If yours differs great, why not debate it with me in sci.crypt [or private email] instead of bad mouthing every post I write?
You just made a false claim of fact, which I can disprove. True, it's an understandable one, since the post was from a couple of years ago. The question is now, are you capable of saying something like: "you're right, I'm wrong, I made that claim", or will you have to qualify it in weasel-words and insults?
I still believe what I said to be a reasonable philosophy. I mean if you cannot prove secure than FEAL-4 is just as secure as AES right? I mean "security" as a concept doesn't exist in your world since you cannot prove it!
Oh and if you think my ideas are so far fetched why did NIST adopt AES as a secure cipher. I don't see NIST's proof that AES is invulnerable to all attacks anywhere. Do you?
As for making mistakes with my life I'm fairly sure I'm destine to live on the streets the rest of my life. So I don't mind standing by my convictions.
BTW, why don't you make up a throw-away hotmail account and email me in private. I'd like to debate the issue with you and perhaps resolve this non=stop flamewar.
I just mean, in general, about being wrong. Such as that grammar business the other day, or claiming that a cipher is almost certainly secure just because nobody has publicly proven it broken.
First off, "in general" I'm not always wrong when I post in public. I do make mistakes [but/. can hardly count as a serious discussion forum] but you cannot sum up a persons entire existance to three posts or something.
Also what ciphers have I made that claim for? I'm rather certain whenever I do propose a cipher I make it very clear not to use it because it is new and untested by others. So I don't see where you come off writing that.
It seems in sci.crypt that most of the "hate" I get are from loud-mouth arrogant newbies who don't want to face reality.
I'd rather not contribute in a public forum under my real name than do so repeatedly and incorrectly, have my flaws pointed out, fail to acknolwedge them, and continue being wrong.
So you'd rather not try at all for fear of making a mistake. Hmm, and I'm the one with issues?
As for "making mistakes" you just made a mistake about me posting about ciphers. So should I now find out where you live and staple your post to your forehead too?
And finally as for replying to your posts, yeah they're annoying and piss me off but I honestly don't have anything better todo right now. Otherwise I wouldn't be on/.
Wrong about what?!??!?! His program does have a flaw!!!
Have I made mistakes before? Yes. Will I make mistakes again [hopefully not the same]? Yes.
But I think that can be said of everyone. So what is your fucking point? By "yuppy" I mean asshat who contributes shit all nothing to a conversation while trying to rag on anyone with two cents to contribute by attacking everything they say or do.
It's easy to be an armchair critic. Why not try to contribute stuff you pansy-ass little faggot AC posting piece of shit mother fucker!
And why not? If FSF starts supporting platform X and I donate money to further that cause they shouldn't pull support because it's a tuesday and it's the cause of the day. Otherwise they lose credibility. I mean what would I be donating too then?
Same thing when EFF defended Hamidi. He mailbombed intel and the EFF said that Intel shouldn't stretch the law to protect themselves [and why not it wouldn't have set any bad precedent other than making mailbombing a civil offense]
Despite what anyone thinks the FSF will survive even if the 2.4 is crippled. At the worse 2.4/2.5/2.6 would be recalled, the SMP code removed and re-written cleanhouse. There is more GNU software out there than just the kernel.
And before anyone mailbombs my house I too think SCO is full of shit and I hope the CEO dies in a violent car fire. I'm just saying that the FSF pulling support lowers their credibility.
But then people run your app and can get sploited [well sorta] just the same.
Also "secure coding" shouldn't be a separate process. It should be something you do always.
Like the constant 4096 in your recv is another "booboo". You should have used sizeof() for the buf. That way if you resize the buffer you don't have to search through the code for it.
Similarly whenever you receive a string you should always guarantee that the last byte is NULL. The simplest approach would be to recv sizeof() - 1 bytes and force the next byte read [using the return of recv] to zero.
Yeah but when you do anything to the codebase you have to test it out again [or at least responsible developers should]. At a minimum that would take a week or two for people to test the CVS. Then when you add it back you have to test it out again.
Also another argument is if one single SCO user donated to the FSF then the FSF should have no right whatsoever to pull SCO support.
Another argument [made by many others] is the FSF is all about the free speech issues. Removing support for political reasons sets a dangerous precedent.
GCC has enough problems on its own to work out. Adding the extra trouble of removing and adding SCO support isn't something they should add to the pile of things to fix.
Normally I would say "you're in public, suck it up". But what did most honest hard working teachers do to deserve this sort of attention.
From my experience in public schooling teachers by far have no more authority to discipline children for fear of the "avenging mother" syndrome.
If anything the teacher should be able to turn the camera on the students at will to show how "little johny" is actually a little loud mouth mother fucker.
Also whatever happend to just having the principle audit a few classes each semester? My schools did peer reviews where teachers would audit each other and I'd like to think it was positive for them.
We don't need to spend education money "spying" on our teachers. We need to spend it buying text books, library supplies and technology.
Um, neither usb or firewire are rated for the distances of ethernet [cat5]. I think *that* is the point. E.g. your computer in one room and the home stereo + tv + stuff in another.
Plus you can get 30ft of cat5 for about as much as 6ft of usb retail [sick!].:-)
Ok then Oracle or whatever.
MSFT is not the only company that makes database software.
What locks people into MSFT products are stupid people who buy MSFT products. MSFT was fairly well known as a bully even five years ago [and longer]. I have a hard time believing that most small companies couldn't make the switch to a free platform [and choice of tools] in under five years.
Tom
They can do that all they want.
....???
....
All they want is:
The Server OS market
FreeBSD.
The Database market
mysql
The Office market
openoffice
The Home PC market
Linux
The Handheld market
Linux, PalmOS
The Mobile market
Palm
The Game market
PS2, GC, GBA
The TV market
??? Um....
The Instant messaging market
gaim
The E-mail market
Mozilla, kmail,
Tom
But deciding to kill profiles because they don't fit _your_ design for what people can and cannot do is most definitely censorship.
This reminds me of the hamidi vs. intel case. Essentially Hamidi thought he had free reign to mailbomb Intel because it was his "free speech" right. Unfortunately he actually won that case [bloody EFF!].
This is no different. People abusing a service they don't pay for then claim "free speech". In the end *real* "free speech" claims will go undefended because everyone has a claim.
Tom
Not for nothing but RSA [which you cited] was not invented using some super cluster computer. In fact quite a few end user applications still have absolutely nothing todo with problems super computers solve.
For example, 5000 2Ghz processors still will not make my hard disk faster or my word processor more responsive. It won't help little suzy do her art homework nor johny pirate music on kazaa.
Not that cluster research isn't important. Just that clusters and single nodes solve different problems. I mean I think it's safe to say desktop knowledge has crept into cluster work and vice versa. So there isn't a single conclusion to be made. E.g. clusters are not required for single node development.
Tom
This is so blatantly lacking of facts it's worse than the worst post I've ever written.
When "prime generation" became a computing challenge [say when RSA came about] the algorithms all focused on how todo it on personal computers [or low end terminals]. In fact RSA was never geared to "massive super computers" at all.
And in fact desktop computers and super-computers solve VERY DIFFERENT problems.
Desktop computers allow AC asshats to reply with "can the manham" and others [such as me] todo work. Super computers allow people to run simulations that would otherwise take far too long on a desktop. I think I can safely bet that 99% of personal computer owners have no interest in simulating the weather over fiji for the next 80 years. But that is the sort of application a super computer would solve.
You're line of thinking is like drawing a connection between racing busses [the street kind] and muscle cars just because they're both vehicles. Makes no sense since they are meant for different problems [oddly enough, one for work and the other to make up for a small penis... hmm can the manham guy?]
Tom
I don't get what you are saying. Before my Athlon I owned a K6-2. Before that I owned a MII 300, before that a MI 166 and before that a 486SX.
Each time I bought a new computer it wasn't because I wanted to rival a local supercomputer. It was because newer technology existed that was faster than what I had. The newer processor allowed me todo more.
If AMD could make a 2400+ which generates half the heat I would use it. And such a decision would have nothing todo with the local super-computer capabilities.
That all being said a super-computer which uses off the shelf processors doesn't really "fuel" the science of electrical engineering. In fact of more importance in supercomputing would be reliability, uptime, maintaining sufficient inter-processor communication bandwidth, etc.
None of which I'll ever use in a desktop processor [perhaps for 50 years or so]. Even in this age of computing multi-processor desktop boxes are fairly rare.
So I think it's hard to say that the ability to cram more Xeons in a room really advances processor design. [or substitute another off the shelf processor].
Tom
Really? Could it be the hordes of invidual AMD processor owners as well?
I doubt the Athlon XP would be a processor of choice for many huge clusters. First off the processor is just too fucking hot. Second it uses a heck of a lot of power.
Tom
How so? I doubt AMD used a 10000 processor super-computer to design the Athlon processor.
Tom
Definitely a really huge super-computer would be neat to have but honestly are they putting the ones we already have to good use?
From what I've heard [anecdotally] computers like the earth simulator go vastly under utilized for the most part.
So given that most nations [including the US] have budget problems specially concerning education couldn't people think of better uses for money?
And before anyone throws a "it's the technology of it" argument my way, I'd like to add that if anything I'd rather have the money spent on researching how to make high performance low power processors [and memory/etc] instead. E.g. an Athlon XP 2Ghz that runs at 15W would be wicked more impressive than a 50,000 processor super computer that runs a highly efficient idle loop 99% of the time.
Tom
...he says as he posts as AC....
Why not though? I'd rather pay the school to maintain computer uptime than Kazaa downtime.
Tom
Difference is it isn't the job of the school to protect criminal students from the law. It's the job of the schools to educate, stimulate and endorse educational activities [e.g. research grants, graduate work, etc...].
If johny-come-lately is downloading 3GB of mp3s a day between his bidnez classes and accidentally gets sued. All good for him. He can use his bidnez classes to get himself out of trouble.
Tom
I may be stubbord or arrogant from times to time but I fail to see what that thread proves. In fact in many posts I cite specific truisms. I'm fairly modest, e.g.
"True, but we know (or should I say 'they know') alot about various"
etc. etc.
If you think debating an issue is "one person being wrong and arrogant about it" you must be one hell of a genius or one hell of a push-over. Plus most discussions with Douglas go nowhere fast. He is slow to cite resources and quick to pass judgement. Normally he's right which makes it allright but I've been in a couple of debates which quickly turned ugly when he "called" the cards and had nothing to show for it.
BTW, I just pointed out above where you made claims that, among other things, "Of course anybody can make a cipher that is trivial breakable. But those that have survived all our known tests, are secure." This is a concrete instance of you "claiming that a cipher is almost certainly secure just because nobody has publicly proven it broken."
I guess you weren't following the thread that you yourself cited.
I was trying to point out that no push-button test for "secure" exists and that the only metric is empiracal data. If a cipher survives known attacks then it might as well be "secure" until new attacks are invented.
It's called an opinion. If yours differs great, why not debate it with me in sci.crypt [or private email] instead of bad mouthing every post I write?
You just made a false claim of fact, which I can disprove. True, it's an understandable one, since the post was from a couple of years ago. The question is now, are you capable of saying something like: "you're right, I'm wrong, I made that claim", or will you have to qualify it in weasel-words and insults?
I still believe what I said to be a reasonable philosophy. I mean if you cannot prove secure than FEAL-4 is just as secure as AES right? I mean "security" as a concept doesn't exist in your world since you cannot prove it!
Oh and if you think my ideas are so far fetched why did NIST adopt AES as a secure cipher. I don't see NIST's proof that AES is invulnerable to all attacks anywhere. Do you?
As for making mistakes with my life I'm fairly sure I'm destine to live on the streets the rest of my life. So I don't mind standing by my convictions.
BTW, why don't you make up a throw-away hotmail account and email me in private. I'd like to debate the issue with you and perhaps resolve this non=stop flamewar.
Tom
I just mean, in general, about being wrong. Such as that grammar business the other day, or claiming that a cipher is almost certainly secure just because nobody has publicly proven it broken.
/. can hardly count as a serious discussion forum] but you cannot sum up a persons entire existance to three posts or something.
/.
First off, "in general" I'm not always wrong when I post in public. I do make mistakes [but
Also what ciphers have I made that claim for? I'm rather certain whenever I do propose a cipher I make it very clear not to use it because it is new and untested by others. So I don't see where you come off writing that.
It seems in sci.crypt that most of the "hate" I get are from loud-mouth arrogant newbies who don't want to face reality.
I'd rather not contribute in a public forum under my real name than do so repeatedly and incorrectly, have my flaws pointed out, fail to acknolwedge them, and continue being wrong.
So you'd rather not try at all for fear of making a mistake. Hmm, and I'm the one with issues?
As for "making mistakes" you just made a mistake about me posting about ciphers. So should I now find out where you live and staple your post to your forehead too?
And finally as for replying to your posts, yeah they're annoying and piss me off but I honestly don't have anything better todo right now. Otherwise I wouldn't be on
Tom
Wrong about what?!??!?! His program does have a flaw!!!
Have I made mistakes before? Yes. Will I make mistakes again [hopefully not the same]? Yes.
But I think that can be said of everyone. So what is your fucking point? By "yuppy" I mean asshat who contributes shit all nothing to a conversation while trying to rag on anyone with two cents to contribute by attacking everything they say or do.
It's easy to be an armchair critic. Why not try to contribute stuff you pansy-ass little faggot AC posting piece of shit mother fucker!
Tom
What do you know about credibility, other than what it's like having absolutely none? .... he says as he posts as AC ....
Oh, you found a flaw in my analysis of his program? Do share.
Or are you just another yuppy with MSIE and too much time on your hands?
Tom
And why not? If FSF starts supporting platform X and I donate money to further that cause they shouldn't pull support because it's a tuesday and it's the cause of the day. Otherwise they lose credibility. I mean what would I be donating too then?
Same thing when EFF defended Hamidi. He mailbombed intel and the EFF said that Intel shouldn't stretch the law to protect themselves [and why not it wouldn't have set any bad precedent other than making mailbombing a civil offense]
Despite what anyone thinks the FSF will survive even if the 2.4 is crippled. At the worse 2.4/2.5/2.6 would be recalled, the SMP code removed and re-written cleanhouse. There is more GNU software out there than just the kernel.
And before anyone mailbombs my house I too think SCO is full of shit and I hope the CEO dies in a violent car fire. I'm just saying that the FSF pulling support lowers their credibility.
Tom
But then people run your app and can get sploited [well sorta] just the same.
Also "secure coding" shouldn't be a separate process. It should be something you do always.
Like the constant 4096 in your recv is another "booboo". You should have used sizeof() for the buf. That way if you resize the buffer you don't have to search through the code for it.
Similarly whenever you receive a string you should always guarantee that the last byte is NULL. The simplest approach would be to recv sizeof() - 1 bytes and force the next byte read [using the return of recv] to zero.
Tom
Oops, technically that's a bufer overrun attack not overflow.
For the crowd: An overflow attack is when you try to *write* more bytes than you can hold. An overrun is when you try to *read* more bytes.
An overrun is harder to exploit except for segfaulting an application.
Tom
Your program is vulnerable to a buffer overflow attack.
Imagine if you recv 4096 non-null bytes.
Tom
Yeah but when you do anything to the codebase you have to test it out again [or at least responsible developers should]. At a minimum that would take a week or two for people to test the CVS. Then when you add it back you have to test it out again.
Also another argument is if one single SCO user donated to the FSF then the FSF should have no right whatsoever to pull SCO support.
Another argument [made by many others] is the FSF is all about the free speech issues. Removing support for political reasons sets a dangerous precedent.
Tom
GCC has enough problems on its own to work out. Adding the extra trouble of removing and adding SCO support isn't something they should add to the pile of things to fix.
Tom
Normally I would say "you're in public, suck it up". But what did most honest hard working teachers do to deserve this sort of attention.
From my experience in public schooling teachers by far have no more authority to discipline children for fear of the "avenging mother" syndrome.
If anything the teacher should be able to turn the camera on the students at will to show how "little johny" is actually a little loud mouth mother fucker.
Also whatever happend to just having the principle audit a few classes each semester? My schools did peer reviews where teachers would audit each other and I'd like to think it was positive for them.
We don't need to spend education money "spying" on our teachers. We need to spend it buying text books, library supplies and technology.
Tom
insightful?
:-)
Um, neither usb or firewire are rated for the distances of ethernet [cat5]. I think *that* is the point. E.g. your computer in one room and the home stereo + tv + stuff in another.
Plus you can get 30ft of cat5 for about as much as 6ft of usb retail [sick!].
Tom