You are not accurate at your assumptions. I work with mysql everyday. I know the limitations and I know why the company that I work for picked to use mysql instead of postgres. First and formost mysql is fast for 95% of what our webapps do. We very often join across many tables for front page type stuff and its fast. So if you dont want your users to sit there wait for page to load...
On the other hand having triggers would have been gold. But hey mysql5 now has even those. We could use referential integrity but its not too essential if you code things carefully.
Re:PHP security all relies on the coder
on
Hardened PHP
·
· Score: 1
Sounds like a sloppy system administration. A hardened Linux system (thats being maintained) should not be susceptable to trivial local root exploits.
Everybody knew this implicitly. I lived in NYC for many years I have never seen anyone other then maybe kids playing around with one of those things. Anyone who pushes one will see nothing happens.
I totaly agree. For slashdoters the.org was the place to be.
I noticed that the big corporations like to do the media presentation with some hired gun enthusiasticaly pronounsing the greatness of their products or services. I wondered who are these people who seat though all those boring presentations?
Gentoo had a bunch of gentoo users the "chearleaders" intermixed with the developers. It made the project representation look a bit amaturish although the developers where on hand to answer any techincal questions.
OpenACS and Mambo was presenting their content managment software. The local NYC linux user community was there, nyphp, lispnyc, and nylung and others were all there.
Almost 90% have finger smudges on them. A cotton ball and some isopropyl does the job well.
At least one time some librarian wrote the libraries branch initials in black perminent marker on the data side of the disk. I thought it would be easy to wipe off -- not so. I took 20 minutes of rubbing with alchohol probably one molecule at a time to get it off.
I think just greed is a bad way to describe what causes people to fall such crap. I am sure someone has fallen for some type of scam or been duped by a conman at some point in our lives even if the results were not severe.
The conman plays their role well they can disable persons natural skepticism. After being duped by someone we think "oh shit all the signs were there if only i was thinking". It could be adrenaline rush, could be stress, could be current conditiones , could be many things that disable persons ability too think criticaly.
What is surprising about this case if that after dashing over cash the guy still didnt figure out he was duped after having time to think about it for days. Like the article states most people only lose about $3800 which suggests they only pay out once and getting it. The scammers did a superb job in this case of helping this guy sustain his illutions.
If you were a government agency and someone applied for a job with you who was making three times as much as you could pay him in the private sector would not be suspicious of their intentions? This guy obviously was only trying to get in to satisfy his curiousity. He wanted to wonder the halls of Fort Meade and get a pick at the secrets within. This is exactly the type of people they dont want I would think.
Yes true Windows 9x had many problems and MS realy did blow it and its design is bad in security. Reason for this is partly the early Microsoft culture and ignorace toward such matters. Early Unix also didnt not have proper security mechanisms. Those were the days before the internet popularity and worms.
Windows has separations between processes that run in user mode or administrative mode. Some processes such as the kernel have to run with privilages so they can do privilaged tasks. Unix is no different in this regard. The general solution has been to start with privileges and then to drop then after not needing them anymore. Does the article even mention this? What would be interesting analysis is to say Windows runs so many processes with privilages and does not drop them thereby putting the system at risk. Thats a design issues.
The author claims that windows is insecure by "Design" but he fails to talk at all about the actual design of the system. Design goes to the core of system design and I know security was definatly designed into NT from the start unlike Windos9x.
I dont consider buffer overflows to be particularly a design issue but generaly a coding faults. Every OS has had buffer overflows exploits and design can not prevent them unless automatic protection agains them is designed in which most OS's dont implement.
The author should do a bit of research and not write fluffy articles that have no merit!!
A properly configured server should have not problem handling large amounts of traffic even on a cheap PC. The network is the bottleneck i imagine.
Consider this: 100Mb is approx. 10,000 1K connections / second
If someone actualy had the full 100Mb bandwidth they could achive 10,000 requests a second on a 1Ghz , 512MB machine. Apache may not be ideal for this but it can even do configured to use threads. Zeus,IIS,thttpd could do it too.
If you go to customize feature of Dell Laptop on their website you will come to the following option:
Dell PCs use genuine Microsoft® Windows®4 www.microsoft.com/piracy/howtotell Win dows® XP Home Edition is a consumer operating system and does not support peer to peer networking of more than five computers or advanced networking such as domain authentication.
Microsoft® Windows® XP Home Edition
Microsoft® Windows® XP Professional, [add $79 or $3/month1] Recommended for Students
Microsoft® Windows® XP Home Edition w/ Microsoft® Plus! [add $20 or $0.75/month1]
Microsoft® Windows® XP Pro Edition w/ Microsoft® Plus! [add $99 or $3/month1]
We can clearly see that they want $79 for the difference between XP Home and XP Professional. So what is retail actual difference ? The actual Retail price different of Proffesional and Home i s $100 . So Dell is asking you to pay 80% of the cost. We can then assume that one should get back $160 for XP Home edition.
First the school needs to know which MAC belongs to which students. If the network card was issued by the university its consivable they can point to a name. I doubt even if the school would have this info.
Second the school has to log every single tcp connection and the the associated MAC with that connection. I really doubt any school actualy does this too.
Third the evidence has to provide ip and time of the download. Article says nothing about the time.
Even if all the pieces are available still it would be difficult because for example the NIC could have come from compusa or if students were clever enough (its MIT after all) they could have been tunneling all this trafic through some common machine which everyone disavows of.
FUD/fuhd/ n. Defined by Gene Amdahl after he left IBM to found his own company: "FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering [Amdahl] products." The idea, of course, was to persuade them to go with safe IBM gear rather than with competitors' equipment. This implicit coercion was traditionally accomplished by promising that Good Things would happen to people who stuck with IBM, but Dark Shadows loomed over the future of competitors' equipment or software. See IBM. After 1990 the term FUD was associated increasingly frequently with Microsoft, and has become generalized to refer to any kind of disinformation used as a competitive weapon.
source: www.dictionary.com for complte source inforamtion see: http://dictionary.reference.com/search?q=FUD
Browser technology is 10 years old somewhat and its mature enough in implementing the essential standards that one does not need to code to browser but can code to standard now days.
Javascrip is pretty much implemented by all the browsers and html/css are pretty good too. The only reasons for incompatabilities is if non-standard extentions are used which should nto happend for apps like voting systems anyway.
How hard is it to make make this app work all one needs to do is make a HTML form with a submit button and a bunch of checkbox's.
SSLv3 is good , if i recall correctly sslv1 was dismally insecure. Recent SSL protocol there is no known exploits in the protocol itself only in implementation bugs.
Some of the comments put in this article are totalally sensationalist infering that because any system can be cracked then this will be prime target. I give to them for using cracked instead of hacked.
Anyway I think the author plainly erred in making statement that windows is required. I think what they ment to say is Interent Explorer or just any browser with ssl support.
Army already has a service wide web portal where all you need is ssl browser to access sensitive personal data such as payment records and security clearenses. SSL is secure enough for such purposes and this author is plain wrong i think.
Oh when will wed designers realize that Image text == tiny on high resolution screens !!! Yes as the saying goes "Web designers only care if it looks good they dont actualy read it"
Yes all the points you make are good but.
It all about money. How much will it cost to implement layers of security that is needed to store the CC# safely? A small ecommerce site just dont have the capital to do it.
Things would be much easier if we didnt have to deal with CC numbers directly. PayPal is a way to deal with this but common what ecommerce site will force somebody to get a paypal account anyway. PayPal is not the last work in Finantial Internet Transactions. Hey they are not even a bank.
We are basicaly missing a secure infrastructure to do finantial personal transaction over the internet. At the end of the day we have Good Old CC number + ssl + who knows what.
It would be nice if banks actualy got together and were serious about putting up the funds to create a new infrastructure. We have all the security technology to make it happen we can do authentication, encryption the right way but we dont have banks who want to go through with it.
Ok I first though oh my God this is a great law how come they have not thought it up earlier.
Now i think a bit more now consider this scenerio.
Joe has a bit of investment he want to start a.Com selling a monthly service say a magazin subscription. But he likes to charge by page views.
Joe has a big problem he cant use a third party creadit card gateway without not storing the acutaly creadit card numbers.
The reason is becasue cc# are generaly designed for one time sales at your payless store next door they where never designed for micropayments.
So Joe says ok i can use a service to store the billing info including the cc# on the gateways server so i am not liable !! Opps now i have to pay $$$ to the payment gateway for this extra service but i only have few bucks to start the business.
Ok so Joe will now store the CC#. Considering Joe hires developers with any sence in security they will at the minumun put this data encrypted in a relational database. Where are we going to put the key ? In some file on the same server where the database resides ? What kind of security is this?
Joe needs an auditing trail, cron jobs run by root to read the key files, firewall, ssl, security policy . How much will this now cost ?? $$$. Ok Joe will hopefuly install OpenBSD and the hell with it--I wont get cracked !! maybe
Now secirously if one needs good protection multiple levels of security need to be implemented by professionals in the field. I am afraid that too many small businesses online or even large want to save costs and bypass security. Maybe this law will make then think again.
What i like about *BSD and dont like
on
FreeBSD 5.1 Released
·
· Score: 2, Interesting
I been using NetBSD on my laptop and on some servers lately and its so fat satisfied all my expectations except a few exception.
The port/package system is great and it works perfectly 99% of the time. The 1% of the time it does not work is because the package is not up to date or the build fails for some reason or the package conflicts with another package. When this happens there is no automatic fix you have to usualy modify the Makefile yourself or email the maintener and wait for fixes to be made.
What i also love and cant live without in package system is that it installs things in expected places and sets up and postinstallation steps specific to the OS that need to be done that otherwise would have to be done in a time consuming maner by hand.
What i dont like about the ports/package system is that its not intuative when custom modification need to be made. Its pretty much automatic as far as installing what is offered by the package but if one needs special config options or special needs then there is no uniform config file to modify and you never know where in the Makefile the change you need can be baried.
I cant speak for FreeBSD since i have not used it but i am sure alot of the general things apply to them also.
Let me give an expample in Netbsd where packages dont live up to their expectation and that is when dealing with packages with intall systems that dont fit the standard open source build system. NetBSD is not to blame here but the companies who release this software. Example 1. OpenOffice.
First there is only Linux Binaries because the source can not realy be build for the new version of OpenOffice. Ok this is not a huge problem since Linux emulation is pretty easy to set up. What realy upset me is that since i didnt have the/proc filesystem the OpenOffice crashed without explanation. There was only one way to determine what caused the crash and that is to do trace of the program. Why would i not have/proc filesystem because i like the simple philosopy of BSD that if its not needed dont put it there.
Example 2. Sun Java SDK This is another broken and annoying thing to install. First you need to download binaries yourself. Then you have to also enable Linux Emulation. Then you can install but it will be unstable for some reason. Version 1.3 runs stables but Version 1.4 causes strange lockups. Again this is Sun to blame for not making it easy to adopt their software to BSD.
Overall the install systems is clean. It seems that Gentoo linux has developed a install system similar to this and i hope to explore it.
Next thing that i love about Netbsd is its clean rc.d system. Basicaly not runlevel nonesence and very uniform implementation of all the start scrips. The package software also provides an start scrip.
Last thing i love about NetBSD is that its inovative. Yes maybe not at a frantic pace like Linux or a faced pace FreeBSD but its not sitting around idly either. New exciting features to come in next version like scheduler activations.
Lets not overlook the importance of standard libraries. Now i cant speak for other languages but for C/C++. Those have a very well documented set of standard libraries.
In C yes not much there but still nobody would be crazy enough to rewrite something like fprintf
In C++ the picture gets even better. The C++ standard library is great piece of very good reusable interfaces. Here I present a simple case:
Lets take a somewhat simple algorithm like reverse, Essentialy the algorithm reverses all elements in a container using two iterators the begin and end. In terms of C we can thing of a pointer as being an iterator.
Now if you were a C guy you probably roll your own and probably produce something resonable enough that uses some pointer arithmatic etc.. You version will work fine.
Now lets consider what you get in C++
A mindless C++ programer just writes and does not give much more thought. reverse(v.begin(), v.end());
Nevermind who has demonstarted more virtuoso pointer arithmatic skills. Who has actualy produced the better code? Surprisingly enough it is the C++ programer. Here is the reason why.
The C++ STL library has something called iterator traits which let the writers of the library write three different versions of the reverse algorithm depending on the type of the iterators used. The selection of which implementation is actualy used gets decided at compile time. Because say an array was used and random access was possible this opened up this algorithm for all kinds of possible optimizations.
Depending on how good the writers of the library were they may have went to great length to optimize this algorithm which in reality they realy did. You can look at the implementation included with gcc yourself. Surprisingly enough the actualy implementation uses loop unrolling to achive the needed efficiency which the user of the code probably had no clue about.
I think everybody wins here. The user of the library who had very simple interface and ease of use in addition to a very efficient code that required limited effort.
Slashdot Mirror
You are not accurate at your assumptions. I work with mysql everyday. I know the limitations and I know why the company that I work for picked to use mysql instead of postgres. First and formost mysql is fast for 95% of what our webapps do. We very often join across many tables for front page type stuff and its fast. So if you dont want your users to sit there wait for page to load ...
On the other hand having triggers would have been gold. But hey mysql5 now has even those. We could use referential integrity but its not too essential if you code things carefully.
Sounds like a sloppy system administration. A hardened Linux system (thats being maintained) should not be susceptable to trivial local root exploits.
He thought he could survive a ./ with a php generated page? That reduces the throughput by what 10 times.
Everybody knew this implicitly. I lived in NYC for many years I have never seen anyone other then maybe kids playing around with one of those things. Anyone who pushes one will see nothing happens.
I totaly agree. For slashdoters the .org was the place to be.
I noticed that the big corporations like to do the media presentation with some hired gun enthusiasticaly pronounsing the greatness of their products or services. I wondered who are these people who seat though all those boring presentations?
Gentoo had a bunch of gentoo users the "chearleaders" intermixed with the developers. It made the project representation look a bit amaturish although the developers where on hand to answer any techincal questions.
OpenACS and Mambo was presenting their content managment software. The local NYC linux user community was there, nyphp, lispnyc, and nylung and others were all there.
I take out DVD's from library often.
Almost 90% have finger smudges on them. A cotton ball and some isopropyl does the job well.
At least one time some librarian wrote the libraries branch initials in black perminent marker on the data side of the disk. I thought it would be easy to wipe off -- not so. I took 20 minutes of rubbing with alchohol probably one molecule at a time to get it off.
I think just greed is a bad way to describe what causes people to fall such crap. I am sure someone has fallen for some type of scam or been duped by a conman at some point in our lives even if the results were not severe.
The conman plays their role well they can disable persons natural skepticism. After being duped by someone we think "oh shit all the signs were there if only i was thinking". It could be adrenaline rush, could be stress, could be current conditiones , could be many things that disable persons ability too think criticaly.
What is surprising about this case if that after dashing over cash the guy still didnt figure out he was duped after having time to think about it for days. Like the article states most people only lose about $3800 which suggests they only pay out once and getting it. The scammers did a superb job in this case of helping this guy sustain his illutions.
If you were a government agency and someone applied for a job with you who was making three times as much as you could pay him in the private sector would not be suspicious of their intentions? This guy obviously was only trying to get in to satisfy his curiousity. He wanted to wonder the halls of Fort Meade and get a pick at the secrets within. This is exactly the type of people they dont want I would think.
I am interested in the technical aspecs of these protocols.
Whats the main differences between SIP and Skype ?
What are the advantages of each ?
Yes true Windows 9x had many problems and MS realy did blow it and its design is bad in security. Reason for this is partly the early Microsoft culture and ignorace toward such matters. Early Unix also didnt not have proper security mechanisms. Those were the days before the internet popularity and worms.
The discussion is about NT derived windows.
You are misinformed i think.
Windows has separations between processes that run in user mode or administrative mode. Some processes such as the kernel have to run with privilages so they can do privilaged tasks. Unix is no different in this regard. The general solution has been to start with privileges and then to drop then after not needing them anymore. Does the article even mention this? What would be interesting analysis is to say Windows runs so many processes with privilages and does not drop them thereby putting the system at risk. Thats a design issues.
The claim of the author is bogus.
The author claims that windows is insecure by "Design" but he fails to talk at all about the actual design of the system. Design goes to the core of system design and I know security was definatly designed into NT from the start unlike Windos9x.
I dont consider buffer overflows to be particularly a design issue but generaly a coding faults. Every OS has had buffer overflows exploits and design can not prevent them unless automatic protection agains them is designed in which most OS's dont implement.
The author should do a bit of research and not write fluffy articles that have no merit!!
A properly configured server should have not problem handling large amounts of traffic even on a cheap PC. The network is the bottleneck i imagine.
Consider this:
100Mb is approx. 10,000 1K connections / second
If someone actualy had the full 100Mb bandwidth they could achive 10,000 requests a second on a 1Ghz , 512MB machine. Apache may not be ideal for this but it can even do configured to use threads. Zeus,IIS,thttpd could do it too.
If you go to customize feature of Dell Laptop on their website you will come to the following option:
n dows® XP Home Edition is a consumer operating system and does not support peer to peer networking of more than five computers or advanced networking such as domain authentication.
Dell PCs use genuine Microsoft® Windows®4
www.microsoft.com/piracy/howtotell
Wi
Microsoft® Windows® XP Home Edition
Microsoft® Windows® XP Professional, [add $79 or $3/month1] Recommended for Students
Microsoft® Windows® XP Home Edition w/ Microsoft® Plus! [add $20 or $0.75/month1]
Microsoft® Windows® XP Pro Edition w/ Microsoft® Plus! [add $99 or $3/month1]
We can clearly see that they want $79 for the difference between XP Home and XP Professional. So what is retail actual difference ? The actual Retail price different of Proffesional and Home i s $100 . So Dell is asking you to pay 80% of the cost. We can then assume that one should get back $160 for XP Home edition.
LanMan is not used on win2000 and winXP machines.
NThash dont know, probably not.
This hack is obsolte
First the school needs to know which MAC belongs to which students. If the network card was issued by the university its consivable they can point to a name. I doubt even if the school would have this info.
Second the school has to log every single tcp connection and the the associated MAC with that connection. I really doubt any school actualy does this too.
Third the evidence has to provide ip and time of the download. Article says nothing about the time.
Even if all the pieces are available still it would be difficult because for example the NIC could have come from compusa or if students were clever enough (its MIT after all) they could have been tunneling all this trafic through some common machine which everyone disavows of.
FUD /fuhd/ n. Defined by Gene Amdahl after he left IBM to found his own company: "FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering [Amdahl] products." The idea, of course, was to persuade them to go with safe IBM gear rather than with competitors' equipment. This implicit coercion was traditionally accomplished by promising that Good Things would happen to people who stuck with IBM, but Dark Shadows loomed over the future of competitors' equipment or software. See IBM. After 1990 the term FUD was associated increasingly frequently with Microsoft, and has become generalized to refer to any kind of disinformation used as a competitive weapon.
D
source: www.dictionary.com
for complte source inforamtion see:
http://dictionary.reference.com/search?q=FU
I would have to disagree with you.
Browser technology is 10 years old somewhat and its mature enough in implementing the essential standards that one does not need to code to browser but can code to standard now days.
Javascrip is pretty much implemented by all the browsers and html/css are pretty good too. The only reasons for incompatabilities is if non-standard extentions are used which should nto happend for apps like voting systems anyway.
How hard is it to make make this app work all one needs to do is make a HTML form with a submit button and a bunch of checkbox's.
SSLv3 is good , if i recall correctly sslv1 was dismally insecure. Recent SSL protocol there is no known exploits in the protocol itself only in implementation bugs.
In that case
1. online banking
2. online creadit card purchases
3. any kind online payments
all bad ideas ?
Some of the comments put in this article are totalally sensationalist infering that because any system can be cracked then this will be prime target. I give to them for using cracked instead of hacked. Anyway I think the author plainly erred in making statement that windows is required. I think what they ment to say is Interent Explorer or just any browser with ssl support. Army already has a service wide web portal where all you need is ssl browser to access sensitive personal data such as payment records and security clearenses. SSL is secure enough for such purposes and this author is plain wrong i think.
Oh when will wed designers realize that Image text == tiny on high resolution screens !!! Yes as the saying goes "Web designers only care if it looks good they dont actualy read it"
Yes all the points you make are good but. It all about money. How much will it cost to implement layers of security that is needed to store the CC# safely? A small ecommerce site just dont have the capital to do it. Things would be much easier if we didnt have to deal with CC numbers directly. PayPal is a way to deal with this but common what ecommerce site will force somebody to get a paypal account anyway. PayPal is not the last work in Finantial Internet Transactions. Hey they are not even a bank. We are basicaly missing a secure infrastructure to do finantial personal transaction over the internet. At the end of the day we have Good Old CC number + ssl + who knows what. It would be nice if banks actualy got together and were serious about putting up the funds to create a new infrastructure. We have all the security technology to make it happen we can do authentication, encryption the right way but we dont have banks who want to go through with it.
Ok I first though oh my God this is a great law how come they have not thought it up earlier.
.Com selling a monthly service say a magazin subscription. But he likes to charge by page views.
Now i think a bit more now consider this scenerio.
Joe has a bit of investment he want to start a
Joe has a big problem he cant use a third party creadit card gateway without not storing the acutaly creadit card numbers.
The reason is becasue cc# are generaly designed for one time sales at your payless store next door they where never designed for micropayments.
So Joe says ok i can use a service to store the billing info including the cc# on the gateways server so i am not liable !! Opps now i have to pay $$$ to the payment gateway for this extra service but i only have few bucks to start the business.
Ok so Joe will now store the CC#. Considering Joe hires developers with any sence in security they will at the minumun put this data encrypted in a relational database. Where are we going to put the key ? In some file on the same server where the database resides ? What kind of security is this?
Joe needs an auditing trail, cron jobs run by root to read the key files, firewall, ssl, security policy . How much will this now cost ?? $$$. Ok Joe will hopefuly install OpenBSD and the hell with it--I wont get cracked !! maybe
Now secirously if one needs good protection multiple levels of security need to be implemented by professionals in the field. I am afraid that too many small businesses online or even large want to save costs and bypass security. Maybe this law will make then think again.
I been using NetBSD on my laptop and on some servers lately and its so fat satisfied all my expectations except a few exception.
/proc filesystem the OpenOffice crashed without explanation. There was only one way to determine what caused the crash and that is to do trace of the program. Why would i not have /proc filesystem because i like the simple philosopy of BSD that if its not needed dont put it there.
The port/package system is great and it works perfectly 99% of the time. The 1% of the time it does not work is because the package is not up to date or the build fails for some reason or the package conflicts with another package. When this happens there is no automatic fix you have to usualy modify the Makefile yourself or email the maintener and wait for fixes to be made.
What i also love and cant live without in package system is that it installs things in expected places and sets up and postinstallation steps specific to the OS that need to be done that otherwise would have to be done in a time consuming maner by hand.
What i dont like about the ports/package system is that its not intuative when custom modification need to be made. Its pretty much automatic as far as installing what is offered by the package but if one needs special config options or special needs then there is no uniform config file to modify and you never know where in the Makefile the change you need can be baried.
I cant speak for FreeBSD since i have not used it but i am sure alot of the general things apply to them also.
Let me give an expample in Netbsd where packages dont live up to their expectation and that is when dealing with packages with intall systems that dont fit the standard open source build system. NetBSD is not to blame here but the companies who release this software.
Example 1. OpenOffice.
First there is only Linux Binaries because the source can not realy be build for the new version of OpenOffice. Ok this is not a huge problem since Linux emulation is pretty easy to set up. What realy upset me is that since i didnt have the
Example 2.
Sun Java SDK
This is another broken and annoying thing to install. First you need to download binaries yourself. Then you have to also enable Linux Emulation. Then you can install but it will be unstable for some reason. Version 1.3 runs stables but Version 1.4 causes strange lockups. Again this is Sun to blame for not making it easy to adopt their software to BSD.
Overall the install systems is clean. It seems that Gentoo linux has developed a install system similar to this and i hope to explore it.
Next thing that i love about Netbsd is its clean rc.d system. Basicaly not runlevel nonesence and very uniform implementation of all the start scrips. The package software also provides an start scrip.
Last thing i love about NetBSD is that its inovative. Yes maybe not at a frantic pace like Linux or a faced pace FreeBSD but its not sitting around idly either. New exciting features to come in next version like scheduler activations.
Ok i had enough to say for now.
Lets not overlook the importance of standard libraries. Now i cant speak for other languages but for C/C++. Those have a very well documented set of standard libraries.
In C yes not much there but still nobody would be crazy enough to rewrite something like fprintf
In C++ the picture gets even better. The C++ standard library is great piece of very good reusable interfaces. Here I present a simple case:
Lets take a somewhat simple algorithm like reverse, Essentialy the algorithm reverses all elements in a container using two iterators the begin and end. In terms of C we can thing of a pointer as being an iterator.
Now if you were a C guy you probably roll your own and probably produce something resonable enough that uses some pointer arithmatic etc.. You version will work fine.
Now lets consider what you get in C++
A mindless C++ programer just writes and does not give much more thought.
reverse(v.begin(), v.end());
Nevermind who has demonstarted more virtuoso pointer arithmatic skills. Who has actualy produced the better code? Surprisingly enough it is the C++ programer. Here is the reason why.
The C++ STL library has something called iterator traits which let the writers of the library write three different versions of the reverse algorithm depending on the type of the iterators used. The selection of which implementation is actualy used gets decided at compile time. Because say an array was used and random access was possible this opened up this algorithm for all kinds of possible optimizations.
Depending on how good the writers of the library were they may have went to great length to optimize this algorithm which in reality they realy did. You can look at the implementation included with gcc yourself. Surprisingly enough the actualy implementation uses loop unrolling to achive the needed efficiency which the user of the code probably had no clue about.
I think everybody wins here. The user of the library who had very simple interface and ease of use in addition to a very efficient code that required limited effort.