4466. Anonymous (194.42.43.134) –
21 Apr 2006 08:44:49
[ B & S? ]
I found it to buy on a site named arabian towers...but i guess they only have it in their own language not in english...It was about 56€....
|
| |
My mistake 32bit color is not more colors in RGB. And yes I see what you mean. I guess I did not this this all the way through. |
| |
I eagerly await Tom7BSD, where all the code is proved to be correct.
No, I'm sure your work has value, but for the time being, I don't see anyone using it to write operating systems. And you say you have "damning" evidence against OpenBSD as though you've exposed them as a bunch of frauds. Show me the more secure OS that I can use today. If you can't do that, don't try and sink their work and say it's a waste of time.
In theory, your way might be better once it gets out of the research phase, but that's just speculation, isn't it? In practice, the bad code in your examples would be easily spotted.
You said some stuff that's downright silly. For example: "...protections... make it more difficult (but seldom impossible) to exploit the bug." That's simply not true; they do make a lot of attacks impossible. Then you say "the OpenBSD methodology of code scrutiny simply doesn't work" based on "security patches... for BSD (and Linux, etc.)". The other BSD projects and Linux etc. are obviously not using the OpenBSD methodology. My one-year-old release of OpenBSD (3.7) has in fact only had eight security patches, which is not that much. You're not being realistic with your criticisms.
Finally, regarding your mentions of PhD work, following Bugtraq, etc., please look up "argument from authority." (Spoiler: It's fallacious.) I don't think proof-carrying code is worthless -- I would lose that argument. But that doesn't make your attacks on OpenBSD any less ridiculous.
So how near term do you expect this proof stuff to enter the mainstream? 5 years? 20 years? When hell freezes over?
Say, here's a challenge for you. Make an AAD using sound synthesis software written and proven correct in the same day. Can you do it? I've been thinking of trying the same, except without the proof part.
|
| |
They're coming out of the woodwork! I suspect Google is involved here...
Seriously though, I think we can agree that the current state-of-the-art in developing exploit-free code involves some kind of combination of the following:
1.) Code Reviews
2.) Testing
3.) Static Analysis Tools
Each one of these has its drawbacks. Code reviews certainly can find exploits, but their primary drawback is that they don't scale very well. The result is that they are used on large software projects, but will only cover a small percentage of the actual code-base (when doing formal code reviews) or don't usually cover it very thouroughly (in more ad-hoc style code reviews).
The point is that even now code reviews must be combined with other techniques. The patchwork of different techniques can lead to relatively well performing software, depending on how well they are each done. I think OpenBSD does a relatively good job because they've tried to focus their attention on security. But this is certainly is not an ideal solution.
I eagerly await proof carrying code and provably correct software. For now, we can just use what seems to work best. |
| |
dc-dc: Sure, I know about all of that stuff. What makes you think I don't? But they are just last resorts for handling broken C code. By that I mean, in the case that a C program goes wrong, protections like StackGuard or PAX or whatever just make it more difficult (but seldom impossible) to exploit the bug. Fine, that does add some security in practice, but it's not nearly as secure as writing correct code in the first place. Moreover, they do nothing to protect against maliciously concealed backdoors except to modestly limit the variety of techniques that can be concealed. I claim the OpenBSD methodology of code scrutiny simply doesn't work--this is easily seen by the number of security patches that continue to be released for BSD (and Linux, etc.) and BSD software like openssh. I know, I subscribe to bugtraq, and I have been rooted on an up-to-date system running minimal services.
I don't know if you're actually interested in having a dialogue about this, or if you're just spitting venom, but my criticism is in fact based on knowledge and study of the problem. I'm studying for my PhD in Computer Science on a related problem, even. If you'd like to respond to my actual points, perhaps by explaining why you think Proof Carrying Code is an inappropriate solution, or how code scrutiny can scale to larger and larger programs despite its apparent failings on current code, I am listening. I promise a level-headed reply. Honestly, my guess is that you don't actually know what PCC is about, but I wouldn't criticize you for that as it is more a failing of the academic community for not making these ideas accessible to the mainstream. Still, if my guess is right, you do yourself a disservice by being so dismissive of it. Mathematics is nothing but clear thought, and clear thought is precisely what is required for the analysis of complex programs. |
| |
Yuck!! I was in the bathroom washing my face when I looked down and saw a mushroom growing from the base of the toliet. I freaked out and made my husband come see it!! I am really suprised at how fast it showed up, because I just cleaned the bathroom a few days ago. And when I cleaned the bathroom I made sure that I cleaned under the toilet and around the base. I just can't believe that it popped up so fast. My husband took a picture and then cleaned it up, I refused to touch it. The mushroom released a black fine dust around the base, so I am guessing we will probably see more in the future. I have never ever heard of such a thing!! If it continues I will be calling the company we rent from and have them fix it. |
| |
Your slander against OpenBSD is quite ridiculous. I might skim these code entries and think they were okay, if rather poorly written, but they would hardly hold up to "substantial scrutiny." Furthermore, auditing is not at all the only thing OpenBSD does. Have you not heard of W^X, ProPolice, or the recent randomized mmap()/malloc() work? Why are you commenting on something you know nothing about?
My advice is, go back and stick to your proof toys. Whatever floats your boat. But spitting on people who provide real security -- which you have demonstrated your ignorance of -- will only make you look like a joke. |
| |
4459. dsidnsudbwu (cpe0010b5780bbc-cm000e5c701b5a.cpe.net.cable.rogers.com) –
19 Apr 2006 16:22:49
[ Space Names! ]
gbrrf |
| |
4458. Anonymous (nott-cache-5.server.ntli.net) –
19 Apr 2006 14:00:41
[ FLAMING TEXT ]
BATTY BOI
|
| |
4457. RIGBY (nott-cache-5.server.ntli.net) –
19 Apr 2006 14:00:16
[ FLAMING TEXT ]
IT GD BUT THE HTML CODES SOME OF DEM DONT WORK BUT A GD WEB SYT!!!
|
| |
> Was the Scrambled-Hackz thing by Brian Whitman? Just a guess.
No. That guy looks pretty cool, though. |
| |
max: ok, so it is a simple idea, but a very good one. |
| |
Was the Scrambled-Hackz thing by Brian Whitman? Just a guess. |
| |
jcreed: http://www.linuxdevices.com/articles/AT9665830722.html
Tom can attest to the fact that this is almost exactly the same design as my invention!! |
| |
> Often when I have a good idea it is in fact the case that it has already been invented.
Yeah - something like that happened to me just a couple hours ago. One day several years ago at Aladins you asked if there was some computer vision technique that could be adapted to make a good cubase (or whatever) plugin and I was like "apply Bill Freeman's VISTA to make one thing sound like some other thing", and today i saw a Wired article for something called "sCrAmBlEd?HaCkZ!" which is sort of the same idea. Except VISTA is still much cooler than S.C. because it forces the adjacent sound clips to blend naturally together using a markov random field, in addition to just sounding like the original. Hopefully it would sound a lot more like the source database. |
| |
|
|
| |
Is there something more to what "electronic sheet music" that I should know about? Alls I'm picturing is, like, Finale or something. |
| |
4449. Tom 7 (pool-70-17-170-4.pitt.east.verizon.net) –
18 Apr 2006 20:05:23
[ UPD: Escape Beta 3 ]
It might be counterintuitive, but it's not really that unusual. Programs usually perform better in 32-bit color mode, the reason being that 32-bit computers are most efficient at manipulating 32-bit values. In fact, despite what the number of colors says, 32 bit graphics is usually the same as 24-bit with an extra eight bits tucked in and wasted, just to make each pixel the same as the word size of the machine. And actually, there's pretty much no reason for a modern computer to use anything other than 32-bit color, so I don't even really know why it's an option any more. |
| |
Yeah my inventions keep getting invented too. See: two-door mailbox, electronic sheet music, etc. |
| |
|
|
| |
I just discovered something very interesting. Escape performs much differently under different color depth settings. But not what one might expect. By performance I mean playing a level (with animations on). The perfromance difference is considerable. It is literally 3 times faster between 32 bit vs 16bit. Here are the settings in the order of performance.
1. 32bit("True Color" or 4294967296 colors)
2. 8 bit (256 colors)
3. 24bit("True Color" or 16777216 colors)
4. 16bit("High Color" or 65536 colors)
Very odd??
This might just be a pc specific issue (like video card/drivers os ect...). I will test this other machines as well and let you know what I find, if you are interested.
|
| |
4445. Anonymous (dsl-151.niagara.com) –
18 Apr 2006 11:39:13
[ FLAMING TEXT ]
this is cool |
| |
Nice photos!
Did you like, do anything for Passover? Like, it was a major holiday season: Passover, Easter, Taxes. |
| |
ha! funny. =) I will post soon, I've just been busy! |
| |
how is everything going? you haven't posted in awhile. :) |
| |