K
Klaus Kragelund
Guest
This is not on 240V, it's battery operated, can run about 30 meter plywood before needing to be charged. For professional guys on jobs with no access to mains
Cheers
Klaus
Cheers
Klaus
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
K
Klaus Kragelund
Guest
I really don't want to argue with you, but you sure seem beyond reach
What do you want to bet?
What do you want to bet?
L
Lasse Langwadt Christense
Guest
Den fredag den 11. april 2014 23.40.25 UTC+2 skrev k...@attt.bizz:
sure you'll really have to be making some dust to load it that much,
but you don't have to hold it, the wood is "squeezed" between the teeth
and the base plate you only have to push it
-Lasse
On Fri, 11 Apr 2014 00:51:38 -0700 (PDT), Klaus Kragelund
klauskvik@hotmail.com> wrote:
On Friday, April 11, 2014 12:37:39 AM UTC+2, k...@attt.bizz wrote:
On Thu, 10 Apr 2014 15:07:38 -0700, John Larkin
jlarkin@highlandtechnology.com> wrote:
On Thu, 10 Apr 2014 18:50:31 GMT, Jan Panteltje
pNaonStpealmtje@yahoo.com> wrote:
On a sunny day (Thu, 10 Apr 2014 09:16:12 -0700) it happened John Larkin
jjlarkin@highNOTlandTHIStechnologyPART.com> wrote in
asgdk9d29q9ds74218i3r5me51loi12pm5@4ax.com>:
I avoid battery-powered tools. They are wimpy, and the batteries will die in a
year or two.
You have a cellphone?
Sure, a simple one. I charge it about every other week, and I've
replaced the battery once. But it's not a power tool.
You're not going to get a horsepower or so out of a battery for long,
especially when the battery is two years old.
You're not going to get a "horsepower or so" out of a hand tool.
You're in the stationary tool realm at a HP (Craftsman HPs don't
count).
Sure you will
I swear to Festool tools. I am dreaming about this one:
https://www.festool.com/Microsite/Pages/TSC.aspx
Something like 1-2kW, so about 2HP
It's a lie. You will *never* hold that. Think, man!
sure you'll really have to be making some dust to load it that much,
but you don't have to hold it, the wood is "squeezed" between the teeth
and the base plate you only have to push it
-Lasse
J
John Larkin
Guest
On Fri, 11 Apr 2014 09:15:15 -0700 (PDT), George Herold
<gherold@teachspin.com> wrote:
One of my favorite things is my Makita hammer drill. It came with a
bonus angle grinder, both AC powered. The first floor walls of our
cabin is concrete blocks with rerod and concrete fill. The combo makes
holes in that nicely. I may add some windows.
--
John Larkin Highland Technology, Inc
jlarkin att highlandtechnology dott com
http://www.highlandtechnology.com
<gherold@teachspin.com> wrote:
On Thursday, April 10, 2014 1:58:49 PM UTC-4, k...@attt.bizz wrote:
On Thu, 10 Apr 2014 09:16:12 -0700, John Larkin
snip
Try some *decent* LiIon tools. Great stuff.
Hey I need a new cordless drill. (my Makita is ~20 years old.)
With Dad's day coming up some time soon...
(the family never knows what to get me.)
Do you have a favorite?
http://www.makitatools.com/en-us/Modules/Tools/Default.aspx?CatID=4
Geesh... I could do with a lot fewer options!
George H.
One of my favorite things is my Makita hammer drill. It came with a
bonus angle grinder, both AC powered. The first floor walls of our
cabin is concrete blocks with rerod and concrete fill. The combo makes
holes in that nicely. I may add some windows.
--
John Larkin Highland Technology, Inc
jlarkin att highlandtechnology dott com
http://www.highlandtechnology.com
L
Lasse Langwadt Christense
Guest
Den lřrdag den 12. april 2014 01.36.28 UTC+2 skrev k...@attt.bizz:
what force will give you that ride? the teeth push on under side of the
wood the base plate on the top the saw isn't going anywhere
-Lasse
On Fri, 11 Apr 2014 16:15:50 -0700 (PDT), Lasse Langwadt Christensen
langwadt@fonz.dk> wrote:
Den fredag den 11. april 2014 23.40.25 UTC+2 skrev k...@attt.bizz:
On Fri, 11 Apr 2014 00:51:38 -0700 (PDT), Klaus Kragelund
klauskvik@hotmail.com> wrote:
On Friday, April 11, 2014 12:37:39 AM UTC+2, k...@attt.bizz wrote:
On Thu, 10 Apr 2014 15:07:38 -0700, John Larkin
jlarkin@highlandtechnology.com> wrote:
On Thu, 10 Apr 2014 18:50:31 GMT, Jan Panteltje
pNaonStpealmtje@yahoo.com> wrote:
On a sunny day (Thu, 10 Apr 2014 09:16:12 -0700) it happened John Larkin
jjlarkin@highNOTlandTHIStechnologyPART.com> wrote in
asgdk9d29q9ds74218i3r5me51loi12pm5@4ax.com>:
I avoid battery-powered tools. They are wimpy, and the batteries will die in a
year or two.
You have a cellphone?
Sure, a simple one. I charge it about every other week, and I've
replaced the battery once. But it's not a power tool.
You're not going to get a horsepower or so out of a battery for long,
especially when the battery is two years old.
You're not going to get a "horsepower or so" out of a hand tool.
You're in the stationary tool realm at a HP (Craftsman HPs don't
count).
Sure you will
I swear to Festool tools. I am dreaming about this one:
https://www.festool.com/Microsite/Pages/TSC.aspx
Something like 1-2kW, so about 2HP
It's a lie. You will *never* hold that. Think, man!
sure you'll really have to be making some dust to load it that much,
but you don't have to hold it, the wood is "squeezed" between the teeth
and the base plate you only have to push it
"Lasse, this is Sir Isaac." "Sir Isaac, this is Lasse." It *might*
draw that much if you stall the rotor but it's going to be a real ride
and it's not cutting anything.
what force will give you that ride? the teeth push on under side of the
wood the base plate on the top the saw isn't going anywhere
-Lasse
Guest
On Fri, 11 Apr 2014 09:15:15 -0700 (PDT), George Herold
<gherold@teachspin.com> wrote:
I really like the Bosch drivers and drills. The 18V models are great
but they're kinda heavy. The 12V are perfect for anything less than a
#10x3" screw, give or take. The impact drivers are really slick. I'll
never use a drill as a driver again.
<gherold@teachspin.com> wrote:
On Thursday, April 10, 2014 1:58:49 PM UTC-4, k...@attt.bizz wrote:
On Thu, 10 Apr 2014 09:16:12 -0700, John Larkin
snip
Try some *decent* LiIon tools. Great stuff.
Hey I need a new cordless drill. (my Makita is ~20 years old.)
With Dad's day coming up some time soon...
(the family never knows what to get me.)
Do you have a favorite?
http://www.makitatools.com/en-us/Modules/Tools/Default.aspx?CatID=4
Geesh... I could do with a lot fewer options!
I really like the Bosch drivers and drills. The 18V models are great
but they're kinda heavy. The 12V are perfect for anything less than a
#10x3" screw, give or take. The impact drivers are really slick. I'll
never use a drill as a driver again.
Guest
On Fri, 11 Apr 2014 00:53:49 -0700 (PDT), Klaus Kragelund
<klauskvik@hotmail.com> wrote:
I have the TS-55. Nice saw.
>1600W
It's a lie. I'll *bet* you've never actually measured it in use.
Think!
<klauskvik@hotmail.com> wrote:
On Friday, April 11, 2014 4:41:21 AM UTC+2, k...@attt.bizz wrote:
On Thu, 10 Apr 2014 16:42:37 -0700, John Larkin
jlarkin@highlandtechnology.com> wrote:
On Thu, 10 Apr 2014 18:37:39 -0400, krw@attt.bizz wrote:
On Thu, 10 Apr 2014 15:07:38 -0700, John Larkin
jlarkin@highlandtechnology.com> wrote:
On Thu, 10 Apr 2014 18:50:31 GMT, Jan Panteltje
pNaonStpealmtje@yahoo.com> wrote:
On a sunny day (Thu, 10 Apr 2014 09:16:12 -0700) it happened John Larkin
jjlarkin@highNOTlandTHIStechnologyPART.com> wrote in
asgdk9d29q9ds74218i3r5me51loi12pm5@4ax.com>:
I avoid battery-powered tools. They are wimpy, and the batteries will die in a
year or two.
You have a cellphone?
Sure, a simple one. I charge it about every other week, and I've
replaced the battery once. But it's not a power tool.
You're not going to get a horsepower or so out of a battery for long,
especially when the battery is two years old.
You're not going to get a "horsepower or so" out of a hand tool.
You're in the stationary tool realm at a HP (Craftsman HPs don't
count).
120 volts, 15 amps is 1800 watts. Lots of circular saws pull 13 amps,
1560 watts.
Utter nonsense. Show me one with a 14GA cord. Better yet, put a
meter on one and show me where it's drawing anything close to 500W, in
use. They may draw 15A at stall (doubtful), but it'll be an
interesting ride if you do stall one. A stalled saw isn't very
useful, either.
I have this one:
https://www.festool.com/Products/Pages/Product-Detail.aspx?pid=561184&name=Circular-saw-TS-75-EBQ
I have the TS-55. Nice saw.
>1600W
It's a lie. I'll *bet* you've never actually measured it in use.
Think!
Guest
On Fri, 11 Apr 2014 00:51:38 -0700 (PDT), Klaus Kragelund
<klauskvik@hotmail.com> wrote:
It's a lie. You will *never* hold that. Think, man!
<klauskvik@hotmail.com> wrote:
On Friday, April 11, 2014 12:37:39 AM UTC+2, k...@attt.bizz wrote:
On Thu, 10 Apr 2014 15:07:38 -0700, John Larkin
jlarkin@highlandtechnology.com> wrote:
On Thu, 10 Apr 2014 18:50:31 GMT, Jan Panteltje
pNaonStpealmtje@yahoo.com> wrote:
On a sunny day (Thu, 10 Apr 2014 09:16:12 -0700) it happened John Larkin
jjlarkin@highNOTlandTHIStechnologyPART.com> wrote in
asgdk9d29q9ds74218i3r5me51loi12pm5@4ax.com>:
I avoid battery-powered tools. They are wimpy, and the batteries will die in a
year or two.
You have a cellphone?
Sure, a simple one. I charge it about every other week, and I've
replaced the battery once. But it's not a power tool.
You're not going to get a horsepower or so out of a battery for long,
especially when the battery is two years old.
You're not going to get a "horsepower or so" out of a hand tool.
You're in the stationary tool realm at a HP (Craftsman HPs don't
count).
Sure you will
I swear to Festool tools. I am dreaming about this one:
https://www.festool.com/Microsite/Pages/TSC.aspx
Something like 1-2kW, so about 2HP
It's a lie. You will *never* hold that. Think, man!
K
Klaus Kragelund
Guest
On Saturday, April 12, 2014 1:15:50 AM UTC+2, Lasse Langwadt Christensen wrote:
Cheers
Klaus
Den fredag den 11. april 2014 23.40.25 UTC+2 skrev k...@attt.bizz:
On Fri, 11 Apr 2014 00:51:38 -0700 (PDT), Klaus Kragelund
klauskvik@hotmail.com> wrote:
On Friday, April 11, 2014 12:37:39 AM UTC+2, k...@attt.bizz wrote:
On Thu, 10 Apr 2014 15:07:38 -0700, John Larkin
jlarkin@highlandtechnology.com> wrote:
On Thu, 10 Apr 2014 18:50:31 GMT, Jan Panteltje
pNaonStpealmtje@yahoo.com> wrote:
On a sunny day (Thu, 10 Apr 2014 09:16:12 -0700) it happened John Larkin
jjlarkin@highNOTlandTHIStechnologyPART.com> wrote in
asgdk9d29q9ds74218i3r5me51loi12pm5@4ax.com>:
I avoid battery-powered tools. They are wimpy, and the batteries will die in a
year or two.
You have a cellphone?
Sure, a simple one. I charge it about every other week, and I've
replaced the battery once. But it's not a power tool.
You're not going to get a horsepower or so out of a battery for long,
especially when the battery is two years old.
You're not going to get a "horsepower or so" out of a hand tool.
You're in the stationary tool realm at a HP (Craftsman HPs don't
count).
Sure you will
I swear to Festool tools. I am dreaming about this one:
https://www.festool.com/Microsite/Pages/TSC.aspx
Something like 1-2kW, so about 2HP
It's a lie. You will *never* hold that. Think, man!
sure you'll really have to be making some dust to load it that much,
but you don't have to hold it, the wood is "squeezed" between the teeth
and the base plate you only have to push it
Exactly, it's on a guide rail
Cheers
Klaus
K
Klaus Kragelund
Guest
On Saturday, April 12, 2014 1:31:46 AM UTC+2, k...@attt.bizz wrote:
For the Festool one, the FSC, it's a permanent magnet motor with a full inverter drive. SO efficiency is high. That's what seperates Festool from the other manufactors of tools, all their cordless drill use permanent magnet motors.
Cheers
Klaus
On Fri, 11 Apr 2014 16:14:25 -0700, John Larkin
jlarkin@highlandtechnology.com> wrote:
On Fri, 11 Apr 2014 19:03:20 -0400, krw@attt.bizz wrote:
On Fri, 11 Apr 2014 15:38:36 -0700 (PDT), Klaus Kragelund
klauskvik@hotmail.com> wrote:
I really don't want to argue with you, but you sure seem beyond reach
What do you want to bet?
I've already won. You've obviously never measure it or you wouldn't
be spouting such nonsense here. Hint: a full-sized cabinet saw is
"only" 3HP, and weighs 600lbs.
If a saw is rated for 13 amps at 120 volts, they would have to be
lying by a factor over 2 to be below 1 HP.
If it actually delivered 1/4HP in use, I would be *shocked*. It's
likely less than half that. If it were really delivering 2HP, it'd
break your arm. It's a little universal motor, fer chrissakes.
For the Festool one, the FSC, it's a permanent magnet motor with a full inverter drive. SO efficiency is high. That's what seperates Festool from the other manufactors of tools, all their cordless drill use permanent magnet motors.
Cheers
Klaus
L
Lasse Langwadt Christense
Guest
Den lřrdag den 12. april 2014 08.41.41 UTC+2 skrev Spehro Pefhany:
a riving knife is required here, its a slitter that sits behind the blade
so the wood can't pinch the blade, I don't see how it could mark the wood but it can get in the way if you want to do cut that are not all the way through
I can see how something like this: http://www.prettyhandygirl.com/wp-content/uploads/2011/11/anti-kickback_pawl.jpg could scratch the wood
like all power tools it requires respect and attention to safety
-Lasse
On Fri, 11 Apr 2014 18:49:37 -0400, the renowned krw@attt.bizz wrote:
Cordless circular saws (even small 6.5" ones) are close to useless.
Not so. I have a DeWalt that's quite nice on plywood and such. I
also have an older Makita that's great for cedar siding. It sure as
hell beats a 10lb. corded monster when you're trying to trim a piece
of siding, 15' up a ladder on the side of the house. ;-)
I've got a Hitachi one that came in a kit- cut up few ~2" branches
that were felled by an ice storm and it was already dying.
A circular saw used on a tree? You must be suicidal. Cutting a 2"
diameter branch with a 6" saw? You *have* to be! Haven't you ever
heard of a chain saw, or even a reciprocating saw? ;-)
The branches were on the ground. Just cutting them into 3' pieces for
bundling so the city would haul them off. I'm not getting up on a
ladder with a cordless circular saw. ;-)
I don't have a gas chain saw (just an antique electric one without
guards). The Hitachi version of a sawzall might have been better but I
think the blade had gone walkabout.
Cordless drill: Great, especially when you have at least 2 batteries
Cordless sawzall: okay
Cordless circular saw: pretty much useless
Flashlight attachement: Great because it sits up nicely when in the
attic
The power tool that I really don't like using is the table saw. Much
more so the slider radial arm saw, and way more than a lathe or mill.
Apparently the first thing most folks do is remove that stupid thing
that marks up wood and helps keep it from randomly flinging stuff
toward you at high velocity (riving something?).
a riving knife is required here, its a slitter that sits behind the blade
so the wood can't pinch the blade, I don't see how it could mark the wood but it can get in the way if you want to do cut that are not all the way through
I can see how something like this: http://www.prettyhandygirl.com/wp-content/uploads/2011/11/anti-kickback_pawl.jpg could scratch the wood
like all power tools it requires respect and attention to safety
-Lasse
Guest
http://www.theregister.co.uk/2014/04/09/heartbleed_explained
which reinforces what an astonishingly bad programming language c
is.
That just reinforces what an astonishingly poor understanding you - and
many others - have about programming languages, and about bugs in software.
This was a bug in the implementation of the response to "heartbeat"
telegrams in OpenSSL, which is a commonly used library for SSL. The bug
was caused by the programmer using data in the incoming telegram without
double-checking it. It is totally independent of the programming
language used, and totally independent of the SSL algorithms and encryption.
This is really a problem of the go
Guest
On Saturday, April 12, 2014 7:30:59 AM UTC-7, edward....@gmail.com wrote:
This is really a problem of the Government/Industrial leadership (or lack of). This could have been fixed quietly with must less damages. But now, everybody (including criminals) know how to and how easy it is to hack into servers.
If someone discoveres a bug, who are you going to call? NSA, CIA, FBI, etc?
http://www.theregister.co.uk/2014/04/09/heartbleed_explained
which reinforces what an astonishingly bad programming language c
is.
That just reinforces what an astonishingly poor understanding you - and
many others - have about programming languages, and about bugs in software.
This was a bug in the implementation of the response to "heartbeat"
telegrams in OpenSSL, which is a commonly used library for SSL. The bug
was caused by the programmer using data in the incoming telegram without
double-checking it. It is totally independent of the programming
language used, and totally independent of the SSL algorithms and encryption.
This is really a problem of the go
(ghost key pressed)
This is really a problem of the Government/Industrial leadership (or lack of). This could have been fixed quietly with must less damages. But now, everybody (including criminals) know how to and how easy it is to hack into servers.
If someone discoveres a bug, who are you going to call? NSA, CIA, FBI, etc?
Guest
That just reinforces what an astonishingly poor understanding you - and
many others - have about programming languages, and about bugs in software.
This was a bug in the implementation of the response to "heartbeat"
telegrams in OpenSSL, which is a commonly used library for SSL. The bug
was caused by the programmer using data in the incoming telegram without
double-checking it. It is totally independent of the programming
language used, and totally independent of the SSL algorithms and encryption.
Unchecked buffers and stack overflows have been chronic security lapses for
decades now, thousands and thousands of times. Wandering around data structures
with autoincrement pointers is like stumbling in a mindfield, blindfolded. With
various-sized mines.
The c language and, more significantly, the c language culture, will make this
sort of thing keep happening.
Data should be stored in declared buffers, and runtime errors thrown if attempts
are made to address outside the buffer. Items should be addressed by named
indexes, not by wandering around with pointers.
There is already something like that: server side Java. But think for a moment how that would impact performance of servers with hundreds and thousands of clients. For servers, every bit of performance count.
And it's crazy for compilers to not use MMUs to prevent data and stacks and code
from being all mixed up.
Remapping MMU hundreds or thousands times for every program? Impractical!
L
Lasse Langwadt Christense
Guest
Den lřrdag den 12. april 2014 04.32.24 UTC+2 skrev k...@attt.bizz:
no I haven't stalled a saw that would be pointless, I back off when I
can hear it bog down
ok, I'm dense, please explain in what direction that force will be?
-Lasse
On Fri, 11 Apr 2014 17:35:40 -0700 (PDT), Lasse Langwadt Christensen
langwadt@fonz.dk> wrote:
Den lřrdag den 12. april 2014 01.36.28 UTC+2 skrev k...@attt.bizz:
On Fri, 11 Apr 2014 16:15:50 -0700 (PDT), Lasse Langwadt Christensen
langwadt@fonz.dk> wrote:
Den fredag den 11. april 2014 23.40.25 UTC+2 skrev k...@attt.bizz:
On Fri, 11 Apr 2014 00:51:38 -0700 (PDT), Klaus Kragelund
klauskvik@hotmail.com> wrote:
On Friday, April 11, 2014 12:37:39 AM UTC+2, k...@attt.bizz wrote:
On Thu, 10 Apr 2014 15:07:38 -0700, John Larkin
jlarkin@highlandtechnology.com> wrote:
On Thu, 10 Apr 2014 18:50:31 GMT, Jan Panteltje
pNaonStpealmtje@yahoo.com> wrote:
On a sunny day (Thu, 10 Apr 2014 09:16:12 -0700) it happened John Larkin
jjlarkin@highNOTlandTHIStechnologyPART.com> wrote in
asgdk9d29q9ds74218i3r5me51loi12pm5@4ax.com>:
I avoid battery-powered tools. They are wimpy, and the batteries will die in a
year or two.
You have a cellphone?
Sure, a simple one. I charge it about every other week, and I've
replaced the battery once. But it's not a power tool.
You're not going to get a horsepower or so out of a battery for long,
especially when the battery is two years old.
You're not going to get a "horsepower or so" out of a hand tool.
You're in the stationary tool realm at a HP (Craftsman HPs don't
count).
Sure you will
I swear to Festool tools. I am dreaming about this one:
https://www.festool.com/Microsite/Pages/TSC.aspx
Something like 1-2kW, so about 2HP
It's a lie. You will *never* hold that. Think, man!
sure you'll really have to be making some dust to load it that much,
but you don't have to hold it, the wood is "squeezed" between the teeth
and the base plate you only have to push it
"Lasse, this is Sir Isaac." "Sir Isaac, this is Lasse." It *might*
draw that much if you stall the rotor but it's going to be a real ride
and it's not cutting anything.
what force will give you that ride? the teeth push on under side of the
wood the base plate on the top the saw isn't going anywhere
Oh, good grief, you're dense. The same force that turning the blade,
or not, in this case. If the saw is using 2HP (just frappin' silly by
any standards), it's doing something. You're going to get a good
chunk of that. Have you ever stalled a saw? No, you really are
talking through your ass. Do yourself a favor and measure the
current. You'll see that it's nowhere *close* to 16A.
no I haven't stalled a saw that would be pointless, I back off when I
can hear it bog down
ok, I'm dense, please explain in what direction that force will be?
-Lasse
Guest
On Saturday, April 12, 2014 8:53:54 AM UTC-7, John Larkin wrote:
The technology is already there, but at what cost? What you are saying is really putting JVM like sand boxes on all servers. Performance hits could be 70% to 90%, on my conservation estimate.
On Sat, 12 Apr 2014 08:15:03 -0700 (PDT), edward.ming.lee@gmail.com wrote:
many others - have about programming languages, and about bugs in software.
This was a bug in the implementation of the response to "heartbeat"
telegrams in OpenSSL, which is a commonly used library for SSL. The bug
was caused by the programmer using data in the incoming telegram without
double-checking it. It is totally independent of the programming
language used, and totally independent of the SSL algorithms and encryption.
Unchecked buffers and stack overflows have been chronic security lapses for
decades now, thousands and thousands of times. Wandering around data structures
with autoincrement pointers is like stumbling in a mindfield, blindfolded. With
various-sized mines.
The c language and, more significantly, the c language culture, will make this
sort of thing keep happening.
Data should be stored in declared buffers, and runtime errors thrown if attempts
are made to address outside the buffer. Items should be addressed by named
indexes, not by wandering around with pointers.
There is already something like that: server side Java. But think for a moment how that would impact performance of servers with hundreds and thousands of clients. For servers, every bit of performance count.
And it's crazy for compilers to not use MMUs to prevent data and stacks and code
from being all mixed up.
Remapping MMU hundreds or thousands times for every program? Impractical!
Reliable, secure code? Impractical!
The technology is already there, but at what cost? What you are saying is really putting JVM like sand boxes on all servers. Performance hits could be 70% to 90%, on my conservation estimate.
Guest
On Saturday, April 12, 2014 1:10:18 PM UTC-4, John Larkin wrote:
So how to protect against this threat?
I just got an email from a friend's yahoo address, saying that this person
had been in an accident and needed me to send $1300 to a western union in Rome,
Italy. All false of course.
What to do? - practical steps?
tia
j
routinely check it. It's disgraceful.
We have a checklist for PCB layouts. Why don't programmers have a checklist for
code?
--
John Larkin Highland Technology Inc
So how to protect against this threat?
I just got an email from a friend's yahoo address, saying that this person
had been in an accident and needed me to send $1300 to a western union in Rome,
Italy. All false of course.
What to do? - practical steps?
tia
j
D
David Brown
Guest
On 12/04/14 04:58, John Larkin wrote:
This is the best illustration of the flaw I have seen - thanks for that
link.
That just reinforces what an astonishingly poor understanding you - and
many others - have about programming languages, and about bugs in software.
This was a bug in the implementation of the response to "heartbeat"
telegrams in OpenSSL, which is a commonly used library for SSL. The bug
was caused by the programmer using data in the incoming telegram without
double-checking it. It is totally independent of the programming
language used, and totally independent of the SSL algorithms and encryption.
It is possibly arguable that the recent "goto fail" flaw in Apple's code
is due to C syntax, but even there the main error was poor development
practices and poor use of static error checking tools (i.e., if the
developers had enabled the compiler's warnings and checks, the bug would
have been found immediately).
Some types of security errors and bugs turn up more often in C
programming than when working with more "managed" languages, and it is
certainly easy to write code with memory leaks, buffer overflows, etc.,
in C. But in this case, it was a design flaw and could have been made
just as easily in any language.
On Fri, 11 Apr 2014 20:24:01 -0700, josephkk
joseph_barrett@sbcglobal.net> wrote:
See Link:
http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/
?;..((
Here is the technical analysis:
http://xkcd.com/1354/
This is the best illustration of the flaw I have seen - thanks for that
link.
And some details:
http://www.theregister.co.uk/2014/04/09/heartbleed_explained
which reinforces what an astonishingly bad programming language c
is.
That just reinforces what an astonishingly poor understanding you - and
many others - have about programming languages, and about bugs in software.
This was a bug in the implementation of the response to "heartbeat"
telegrams in OpenSSL, which is a commonly used library for SSL. The bug
was caused by the programmer using data in the incoming telegram without
double-checking it. It is totally independent of the programming
language used, and totally independent of the SSL algorithms and encryption.
It is possibly arguable that the recent "goto fail" flaw in Apple's code
is due to C syntax, but even there the main error was poor development
practices and poor use of static error checking tools (i.e., if the
developers had enabled the compiler's warnings and checks, the bug would
have been found immediately).
Some types of security errors and bugs turn up more often in C
programming than when working with more "managed" languages, and it is
certainly easy to write code with memory leaks, buffer overflows, etc.,
in C. But in this case, it was a design flaw and could have been made
just as easily in any language.
Guest
So how to protect against this threat?
I just got an email from a friend's yahoo address, saying that this person
had been in an accident and needed me to send $1300 to a western union in Rome,
Italy. All false of course.
What to do? - practical steps?
Do you have your friends linked with social media like google+, facebook, twitter, linkedin, etc? People in some countries have plenty of time and motive to find links in social media. Social media is fun, but really dangerous. I stay away from them and people should be more careful using them. No wonder social media stocks are crashing.
J
John Larkin
Guest
On Sat, 12 Apr 2014 15:40:04 +0200, David Brown <david.brown@hesbynett.no>
wrote:
Unchecked buffers and stack overflows have been chronic security lapses for
decades now, thousands and thousands of times. Wandering around data structures
with autoincrement pointers is like stumbling in a mindfield, blindfolded. With
various-sized mines.
The c language and, more significantly, the c language culture, will make this
sort of thing keep happening.
Data should be stored in declared buffers, and runtime errors thrown if attempts
are made to address outside the buffer. Items should be addressed by named
indexes, not by wandering around with pointers.
And it's crazy for compilers to not use MMUs to prevent data and stacks and code
from being all mixed up.
Given the compute horsepower around these days, most programmers should be
running interpreters, Python-type things, that can protect the world from the
programmers.
ADA has better protections than c, but requires discipline that most programmers
don't have time for.
--
John Larkin Highland Technology Inc
www.highlandtechnology.com jlarkin at highlandtechnology dot com
Precision electronic instrumentation
wrote:
On 12/04/14 04:58, John Larkin wrote:
On Fri, 11 Apr 2014 20:24:01 -0700, josephkk
joseph_barrett@sbcglobal.net> wrote:
See Link:
http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/
?;..((
Here is the technical analysis:
http://xkcd.com/1354/
This is the best illustration of the flaw I have seen - thanks for that
link.
And some details:
http://www.theregister.co.uk/2014/04/09/heartbleed_explained
which reinforces what an astonishingly bad programming language c
is.
That just reinforces what an astonishingly poor understanding you - and
many others - have about programming languages, and about bugs in software.
This was a bug in the implementation of the response to "heartbeat"
telegrams in OpenSSL, which is a commonly used library for SSL. The bug
was caused by the programmer using data in the incoming telegram without
double-checking it. It is totally independent of the programming
language used, and totally independent of the SSL algorithms and encryption.
Unchecked buffers and stack overflows have been chronic security lapses for
decades now, thousands and thousands of times. Wandering around data structures
with autoincrement pointers is like stumbling in a mindfield, blindfolded. With
various-sized mines.
The c language and, more significantly, the c language culture, will make this
sort of thing keep happening.
Data should be stored in declared buffers, and runtime errors thrown if attempts
are made to address outside the buffer. Items should be addressed by named
indexes, not by wandering around with pointers.
And it's crazy for compilers to not use MMUs to prevent data and stacks and code
from being all mixed up.
Given the compute horsepower around these days, most programmers should be
running interpreters, Python-type things, that can protect the world from the
programmers.
ADA has better protections than c, but requires discipline that most programmers
don't have time for.
--
John Larkin Highland Technology Inc
www.highlandtechnology.com jlarkin at highlandtechnology dot com
Precision electronic instrumentation