Re: If you use Kazaa (P2P) do yourself a favor and read this......
From: Walter Roberson (roberson@ibd.nrc.ca)Date: 06/18/02
- Next message: Kevin McGrath: "Where Does Mr. Clarke Get His "Digital Pearl Harbors" Data From?"
- Previous message: Sami Sihvonen: "Re: If you use Kazaa (P2P) do yourself a favor and read this......"
- In reply to: Sami Sihvonen: "Re: If you use Kazaa (P2P) do yourself a favor and read this......"
- Next in thread: Carsten Gerhardt: "Re: If you use Kazaa (P2P) do yourself a favor and read this......"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: roberson@ibd.nrc.ca (Walter Roberson) Date: 18 Jun 2002 13:16:09 GMT
In article <nnrtgugpu07grp78t3f13koe3k9nmh4jn9@4ax.com>,
Sami Sihvonen <ss@janiika.com> wrote:
|In article <ae9u36$f0p$1@canopus.cc.umanitoba.ca>,
|roberson@ibd.nrc.ca (Walter Roberson) wrote:
|> In any modern programming language, source code can be written
|> in such a way that the only way to figure out what it *means*
|> is to execute it. Perhaps execute 'mentally', yes, but most people
|> aren't willing to take the time to mentally execute more than
|> a dozen or so complex steps.
|If you are unable to read complex source code, there are tools
|that can be used to make it easier.
I take it, Sami, that you have never formally studied Turing Machines,
Turing Equivilency, The Halting Problem, or Goedelization, and that you
haven't spent much time working with Information Theory [e.g., you
don't hang around the theory people in comp.compression.]
To summarize:
A) Any "sufficiently powerful" programming language with a
fixed (i.e., non-random) finite instruction set, can be used to write
any program that can be computed with fixed finite instruction sets.
B) There is no meaningful distinction between "instructions" and
re-writable data.
C) There is no way to write a program X that, given another program Y
as input, can determine in a finite time whether program Y will
terminate for all inputs [as opposed to just executing for a long time]
D) Hence, given any particular programming language, I can write
a program too obscure for any analysis tool to determine the meaning of
in any finite time. All I have to do is build operators that have
inherent side effects and hide the choice of operator sequence in data that
is compressed and encrypted. Effectively the only way to find out
what the program *does* would be to execute it.
In other words, no matter HOW good your tools are, there are solid
theoretical reasons why having access to the source code is not
always good enough to be able to determine the security of the program.
You thus either need to take such a program on faith, or you have
to avoid programs that you haven't done detailed studies on.
|> Who would use anything without source code anyhow?
I think it highly likely that you *often* go ahead and execute
programs before having read the source. Otherwise, you would have
already found all the security bugs in the OS and tools that you use.
- Next message: Kevin McGrath: "Where Does Mr. Clarke Get His "Digital Pearl Harbors" Data From?"
- Previous message: Sami Sihvonen: "Re: If you use Kazaa (P2P) do yourself a favor and read this......"
- In reply to: Sami Sihvonen: "Re: If you use Kazaa (P2P) do yourself a favor and read this......"
- Next in thread: Carsten Gerhardt: "Re: If you use Kazaa (P2P) do yourself a favor and read this......"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
