Re: AES trickery ;-)
From: Tom St Denis (tomstdenis_at_gmail.com)
Date: 11/18/04
- Next message: Valery Pryamikov: "Re: .NET DES CFB - useless interface?"
- Previous message: Tom St Denis: "Re: AES trickery ;-)"
- In reply to: Randy Howard: "Re: AES trickery ;-)"
- Next in thread: Randy Howard: "Re: AES trickery ;-)"
- Reply: Randy Howard: "Re: AES trickery ;-)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Nov 2004 19:30:06 -0500
Randy Howard wrote:
> In article <qv-dnd-9GPHY6QbcRVn-qA@rogers.com>, tomstdenis@gmail.com says...
>
>> From my experience often "perfect programmers" are ...
>
>
> There is no such thing. Unfortunately, there are quite a few that think
> they are, and they are the most dangerous of all.
>
> There used to be a saying that the way to tell a UNIX guru was he was the
> one that did *not* claim to be one. Only the truly stupid ever call
> themselves an expert, for they don't know enough to realize how much they
> do not know.
Shhh don't tell Thomas that. Afterall he makes no mistake. Because if
he made a mistake then we can infer from that that he's a sub-par employee.
>>>Technically, unless your products run on a slew of platforms (most software
>>>does not), it is not a quality issue. It certainly doesn't hurt, but
>>>using __this_is_my_favorite_variable_name is incredibly unlikely to cause
>>>a compiler conflict, although being incorrect from the viewpoint of the
>>>standard. People that do tend to worry about such minutiae tend to also
>>>worry about a lot of other items, and in the whole, "Pedantic Programmers"
>>>tend to make fewer mistakes, simply because they pay more attention.
>>
>>One huge flaw in the thinking here is perfectly ISO C programs can be
>>insecure.
>
>
> Sorry, but I did not claim otherwise. Nothing in the above paragraph
> implies what you are claiming is "flawed thinking". You seem to be
> inserting a random alternate soapbox.
I was refering specifically to the attitude that Thomas has in this
thread. That because I used __ in program we should write off LTC.
My point is there is a LOT MORE to LTC than correcting a subtle bug that
isn't really a problem that affects people. And that because I don't do
handstands everytime I have to correct small bugs I've actually had the
time to write code that is useable, flexible and generally secure [plus
or minus a few bugs here and there].
>>More importantly is the "out on a limb issue" I take offence with.
>
>
> I'm also not sure what this is about.
Arrg. I don't know how I can articulate this any clearer.
Ok I will tell you my perspective on this thread. I hope nobody takes
offense but at least you will know what I'm thinking [as opposed to what
I was holding back].
To me, Thomas Pornin is some prick who just happen to know a part of the
ISO C specs I didn't know. Then he proceeded to tear apart myself and
code I wrote in all of a few minutes which I neither claimed was field
ready nor ISO C compliant. Being the prick with time on his hands he is
he decided to proceed and tear into me as well with his sly remark "I
wouldn't want this code on my servers" as if I'm incapable of developing
software that is reliable and accurate.
I don't know Thomas from a hole in the ground. From my perspective he's
just some prick who has ZERO experience writing crypto software. From
what I gather he assumes that making code ISO C compliant is the only
issue for a cryptographer. That the myriad of security concerns [and
corner cases] that are VERY important in crypto software are totally
secondary to being ISO C. That writing, maintaning and updating a set
of libraries takes zero time which leaves all the time in the world to
concentrate on mastery of the ISO C language.
Not only did I not disagree with Thomas originally [other than his tone]
but he then proceeded to tell the group about how rude, ignorant and
stubborn I am. That a public belittling is the only way to get results
when the CLEAR OPPOSITE is the truth [take a friggin look at my change
logs...]. That I have a track record for 24 hour fixes [with releases
depending on the urgency] and am VERY OPEN about security flaws bears no
never mind on Thomas.
So when I'm "rude with Thomas" it isn't because I'm angry and must be
rude. It's because without justification I was placed on the defense
over something I neither gave a first nor second thought to. So let it
be known. All mistakes that Thomas Pornin ever makes is not because he
has other things to think of. That the inflection of his voice during a
sentence or conjugation in flight reflect his intelligence. That all
written words represent the best of his ability to master the domain of
written language. That ....
I'm all for a good "tearing into" when the person on the receiving end
deserves it. But lest ego or id tell me otherwise I'd like to think I'm
a contributor to the field who deserves at least a heads up before
getting "told" in public. I think I've earned that much.
Tom
- Next message: Valery Pryamikov: "Re: .NET DES CFB - useless interface?"
- Previous message: Tom St Denis: "Re: AES trickery ;-)"
- In reply to: Randy Howard: "Re: AES trickery ;-)"
- Next in thread: Randy Howard: "Re: AES trickery ;-)"
- Reply: Randy Howard: "Re: AES trickery ;-)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
