Driver to drive?

[Cursitor Doom]

On Sat, 12 Apr 2014 10:39:03 -0700, John Larkin
<jjlarkin@highNOTlandTHIStechnologyPART.com> wrote:

Working in c, always check every buffer for size errors. Study every pointer.
Don't just write the code, READ it.

I don't think that helps. You can study and study and study a chunk of
code over and over and over again and still not see where a possible
problem lies. Computer Guru extraordinaire Steve Gibson (grc.com) has
warned programmers about this phenomenon many times. Our thought
processes simply don't work that way.

 

[Cursitor Doom]

On Sun, 13 Apr 2014 01:46:50 -0700 (PDT), haiticare2011@gmail.com
wrote:

I don't either - but Facebook is really "Fakebook." Fakebook likes and Fakebook
"friends" are a falsity. Similar to people one meets in a bar.

I don't go near any of it. The people who have the most to say about
themselves are the most vacuous, self-obsessed, narcisistic, boring
and uninspiring of individuals; well worth avoiding having any contact
with.

 

[Cursitor Doom]

On Sun, 13 Apr 2014 11:19:25 -0400, krw@attt.bizz wrote:

Not 100% true. Extending your bar analogy a bit further, it's also a
place for friends (and family) to meet.

At least in a bar you can see for yourself if the other person is of
the age, sex and race they claim to be. Online you could be
communicating with *ANYBODY* - a scary thing to contemplate. Social
meja is a scammer's paradise.

 

[Cursitor Doom]

On Sat, 12 Apr 2014 20:28:33 -0400, "Maynard A. Philbrook Jr."
<jamie_ka1lpa@charter.net> wrote:

I too, do C/C++ programming and that sort of bug to me is not
accidental.

I can think of only one reason to have an additional buffer length in
the message package and have the software ignore the primary buffer
length.

The problem here is, the OpenSSL should of tested for that from day one
or totally ignore any data in the buffer for size parameters.

Sorry, sounds a little fishy to me.

+1

 

[Spehro Pefhany]

On Sun, 13 Apr 2014 11:14:50 -0400, the renowned krw@attt.bizz wrote:

Something like 1-2kW, so about 2HP

You just show how clueless you are. That's the maximum current, i.e.
locked rotor, so 0HP.

AKA "Sears Horsepower"


Best regards,
Spehro Pefhany
--
"it's the network..." "The Journey is the reward"
speff@interlog.com Info for manufacturers: http://www.trexon.com
Embedded software/hardware/analog Info for designers: http://www.speff.com

 

[Cursitor Doom]

On Fri, 11 Apr 2014 20:24:01 -0700, josephkk
<joseph_barrett@sbcglobal.net> wrote:

See Link:

http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/

?;..((

This scare seems wonderfully well-timed to coincide with Widows XP
support stopping. Some ruse to panic people into upgrading to Win8,
possibly? Just a guess.

 

[josephkk]

On Fri, 11 Apr 2014 19:22:44 -0700, Jim Thompson
<To-Email-Use-The-Envelope-Icon@On-My-Web-Site.com> wrote:

On Fri, 11 Apr 2014 20:24:01 -0700, josephkk
joseph_barrett@sbcglobal.net> wrote:


See Link:

http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/

?;..((


Only if you're dumb enough to use Yahoo, gmail, or any Micro$hit
product.

...Jim Thompson

It is much wider spread than that. It impacts over half of web sites that
use https, ssl, or tls for secure communications and allows for massive
snooping. Read some more on heartbleed.

?-)

 

[josephkk]

On Sat, 12 Apr 2014 07:48:53 -0700, John Larkin
<jjlarkin@highNOTlandTHIStechnologyPART.com> wrote:

On Sat, 12 Apr 2014 15:40:04 +0200, David Brown <david.brown@hesbynett.no
wrote:

On 12/04/14 04:58, John Larkin wrote:
On Fri, 11 Apr 2014 20:24:01 -0700, josephkk
joseph_barrett@sbcglobal.net> wrote:


See Link:

http://arstechnica.com/security/2014/04/critical-crypto-bug-exposes-yahoo-mail-passwords-russian-roulette-style/



?;..((


Here is the technical analysis:

http://xkcd.com/1354/


This is the best illustration of the flaw I have seen - thanks for that
link.


And some details:

http://www.theregister.co.uk/2014/04/09/heartbleed_explained

which reinforces what an astonishingly bad programming language c
is.


That just reinforces what an astonishingly poor understanding you - and
many others - have about programming languages, and about bugs in software.

This was a bug in the implementation of the response to "heartbeat"
telegrams in OpenSSL, which is a commonly used library for SSL. The bug
was caused by the programmer using data in the incoming telegram without
double-checking it. It is totally independent of the programming
language used, and totally independent of the SSL algorithms and encryption.


Unchecked buffers and stack overflows have been chronic security lapses for
decades now, thousands and thousands of times. Wandering around data structures
with autoincrement pointers is like stumbling in a mindfield, blindfolded. With
various-sized mines.

The c language and, more significantly, the c language culture, will make this
sort of thing keep happening.

Data should be stored in declared buffers, and runtime errors thrown if attempts
are made to address outside the buffer. Items should be addressed by named
indexes, not by wandering around with pointers.

And it's crazy for compilers to not use MMUs to prevent data and stacks and code
from being all mixed up.

Given the compute horsepower around these days, most programmers should be
running interpreters, Python-type things, that can protect the world from the
programmers.

ADA has better protections than c, but requires discipline that most programmers
don't have time for.

Wrong on both counts. C has more and better tools than Ada. In unix/linux
and C their use is optional and clearly beneficial. In Ada their use is
mandatory and not so clearly beneficial.

?-)

 

[josephkk]

On Sat, 12 Apr 2014 08:15:03 -0700 (PDT), edward.ming.lee@gmail.com wrote:

Data should be stored in declared buffers, and runtime errors thrown if attempts
are made to address outside the buffer. Items should be addressed by named
indexes, not by wandering around with pointers.

There is already something like that: server side Java. But think for a moment how that would impact performance of servers with hundreds and thousands of clients. For servers, every bit of performance count.

And it's crazy for compilers to not use MMUs to prevent data and stacks and code
from being all mixed up.

Remapping MMU hundreds or thousands times for every program? Impractical!

Actually on any server that is used much the MMU is partially remapping
thousands of times a second to 10,000s of times a second, the caches even
more so.

?-)

 

[John Larkin]

On Sun, 13 Apr 2014 20:47:34 +0200, Cursitor Doom <cd@spamfreezone.net> wrote:

On Sat, 12 Apr 2014 10:39:03 -0700, John Larkin
jjlarkin@highNOTlandTHIStechnologyPART.com> wrote:


Working in c, always check every buffer for size errors. Study every pointer.
Don't just write the code, READ it.

I don't think that helps. You can study and study and study a chunk of
code over and over and over again and still not see where a possible
problem lies. Computer Guru extraordinaire Steve Gibson (grc.com) has
warned programmers about this phenomenon many times. Our thought
processes simply don't work that way.

So, write code, compile and run, ship it, but don't bother to check it?

I read my own programs and tweak the code, the formatting, and the comments. I
find more bugs that way than by testing. Testing is a very bad way to find bugs.
Letting a few million web sites find the critical bugs is even worse.


--

John Larkin Highland Technology Inc
www.highlandtechnology.com jlarkin at highlandtechnology dot com

Precision electronic instrumentation

 

[John Larkin]

On Sun, 13 Apr 2014 20:54:31 +0200, Cursitor Doom <cd@spamfreezone.net> wrote:

On Sun, 13 Apr 2014 11:19:25 -0400, krw@attt.bizz wrote:


Not 100% true. Extending your bar analogy a bit further, it's also a
place for friends (and family) to meet.

At least in a bar you can see for yourself if the other person is of
the age, sex and race they claim to be. Online you could be
communicating with *ANYBODY* - a scary thing to contemplate. Social
meja is a scammer's paradise.

Most facebook stuff is friends and family, people who know one another.


--

John Larkin Highland Technology Inc
www.highlandtechnology.com jlarkin at highlandtechnology dot com

Precision electronic instrumentation

 

[Tim Williams]

"Cursitor Doom" <cd@spamfreezone.net> wrote in message
news:j6nlk95u5hfai3tpu7ab3errt1bpdv17oo@4ax.com...

At least in a bar you can see for yourself if the other person is of
the age, sex and race they claim to be.

Even a bar in Thailand?...

Tim

--
Seven Transistor Labs
Electrical Engineering Consultation
Website: http://seventransistorlabs.com

 

On Sun, 13 Apr 2014 10:17:04 -0700 (PDT), Lasse Langwadt Christensen
<langwadt@fonz.dk> wrote:

Den sřndag den 13. april 2014 04.46.11 UTC+2 skrev John Larkin:
On Sat, 12 Apr 2014 17:58:25 -0400, krw@attt.bizz wrote:



On Sat, 12 Apr 2014 09:42:20 -0700, John Larkin

jjlarkin@highNOTlandTHIStechnologyPART.com> wrote:



On Sat, 12 Apr 2014 11:32:44 -0400, krw@attt.bizz wrote:



On Fri, 11 Apr 2014 22:19:00 -0700, John Larkin

jjlarkin@highNOTlandTHIStechnologyPART.com> wrote:



On Fri, 11 Apr 2014 20:04:25 -0400, krw@attt.bizz wrote:



On Fri, 11 Apr 2014 17:00:17 -0700, John Larkin

jlarkin@highlandtechnology.com> wrote:



On Fri, 11 Apr 2014 19:31:46 -0400, krw@attt.bizz wrote:



On Fri, 11 Apr 2014 16:14:25 -0700, John Larkin

jlarkin@highlandtechnology.com> wrote:



On Fri, 11 Apr 2014 19:03:20 -0400, krw@attt.bizz wrote:



On Fri, 11 Apr 2014 15:38:36 -0700 (PDT), Klaus Kragelund

klauskvik@hotmail.com> wrote:



I really don't want to argue with you, but you sure seem beyond reach



What do you want to bet?



I've already won. You've obviously never measure it or you wouldn't

be spouting such nonsense here. Hint: a full-sized cabinet saw is

"only" 3HP, and weighs 600lbs.



If a saw is rated for 13 amps at 120 volts, they would have to be

lying by a factor over 2 to be below 1 HP.



If it actually delivered 1/4HP in use, I would be *shocked*. It's

likely less than half that. If it were really delivering 2HP, it'd

break your arm. It's a little universal motor, fer chrissakes.



Do you think my circular saw, rated 13 amps, dims the lights, warms

the extension cord, has a 1/8 HP motor? It inertia-torques pretty hard

when you pull the trigger. It slices through a 2x4 in under 2 seconds.



Sorry, can't believe it's 1/8 HP.



I'm sorry if you think you can hold onto a tool (or lift) a tool with

a 2HP motor. Hint: Don't try this at home.



It's air cooled, all exposed, intermittent duty. It can do a HP or so, but not

continuously. An enclosed induction motor, like on a bench saw, will be far more

reliable in continuous use, and many times the mass, of an open construction

series/brush motor. Very different animal.



Nope. HP is torque (given the same tool).





****** Power is NOT torque! ********



******Power is torque X RPM! ******** Like tools have similar RPM,

so...



You couldn't hold onto a

saw delivering 2HP to the blade.



If the motor shaft were welded to some big object, it would be hard to hold the

saw. But the reaction torque is mostly applied to the wood being cut.



Without reaction from the wood, there is little reason for power.



1/8 HP is silly.



Wrong.



http://en.wikipedia.org/wiki/File:Timber_Framing_Circular_Saw.jpg



At least you've admitted that you've lost the argument.



That seems to be your pattern: be wrong and declare victory.


you forgot his usual ramblings about everyone who disagrees
being leftist and lying

Well, you proves my case without my saying anything. Leftists always
do.

 

On Sun, 13 Apr 2014 15:13:27 -0400, Spehro Pefhany
<speffSNIP@interlogDOTyou.knowwhat> wrote:

On Sun, 13 Apr 2014 11:14:50 -0400, the renowned krw@attt.bizz wrote:


Something like 1-2kW, so about 2HP

You just show how clueless you are. That's the maximum current, i.e.
locked rotor, so 0HP.

AKA "Sears Horsepower"

That's what I've been saying all along, "Craftsman HP".

 

On Sun, 13 Apr 2014 13:22:28 -0700 (PDT), Klaus Kragelund
<klauskvik@hotmail.com> wrote:

On Sunday, April 13, 2014 5:14:50 PM UTC+2, k...@attt.bizz wrote:
On Sat, 12 Apr 2014 23:56:10 -0700 (PDT), Klaus Kragelund

klauskvik@hotmail.com> wrote:



Quoted:



On Friday, April 11, 2014 12:37:39 AM UTC+2, k...@attt.bizz wrote:

On Thu, 10 Apr 2014 15:07:38 -0700, John Larkin



jlarkin@highlandtechnology.com> wrote:







On Thu, 10 Apr 2014 18:50:31 GMT, Jan Panteltje



pNaonStpealmtje@yahoo.com> wrote:







On a sunny day (Thu, 10 Apr 2014 09:16:12 -0700) it happened John Larkin



jjlarkin@highNOTlandTHIStechnologyPART.com> wrote in



asgdk9d29q9ds74218i3r5me51loi12pm5@4ax.com>:







I avoid battery-powered tools. They are wimpy, and the batteries will die in a



year or two.







You have a cellphone?







Sure, a simple one. I charge it about every other week, and I've



replaced the battery once. But it's not a power tool.







You're not going to get a horsepower or so out of a battery for long,



especially when the battery is two years old.







You're not going to get a "horsepower or so" out of a hand tool.



You're in the stationary tool realm at a HP (Craftsman HPs don't



count).



Sure you will



I swear to Festool tools. I am dreaming about this one:



I like Festools, too. Great stuff. You are dreaming about your

knowledge of motors.



https://www.festool.com/Microsite/Pages/TSC.aspx



I own one. I can *guarantee* you that it does *NOT* develop anywhere

close to 2HP. It's actually a rather wimpy saw (my DeWalt is far more

powerful) but also quite useful. Its purpose is to cut sheet goods;

not an incredibly demanding job.


You bought one? Ha, imagining stuff now, eh?

Yes, I've owned a TS55 for three or four years, with several of the
attachments (two 55" rails, a 106", and a parallel guide
w/extensions). I've said as much. I also own a 1400EQ router and a
500Q Domino. Unlike your blathering, I do know a little about the
things. Your can resume your lies now.

 

On Sun, 13 Apr 2014 20:54:31 +0200, Cursitor Doom
<cd@spamfreezone.net> wrote:

On Sun, 13 Apr 2014 11:19:25 -0400, krw@attt.bizz wrote:


Not 100% true. Extending your bar analogy a bit further, it's also a
place for friends (and family) to meet.

At least in a bar you can see for yourself if the other person is of
the age, sex and race they claim to be. Online you could be
communicating with *ANYBODY* - a scary thing to contemplate. Social
meja is a scammer's paradise.

Think of it as an interstate, or trans-continential bar, where all
your friends and family hang out on a Saturday night. It's not just
strangers. My wife keeps me up on all of the nieces, nephews, their
kids, and friends in a dozen states.

I don't do Facebook or Twitter, but I'd rather do that than talk on
the phone. I'd prefer email but that doesn't seem to interest the
rest and I would miss the ancillary conversations. I see the point
but I also agree that it's a little strange seeing some pretty private
and personal things out there for anyone to see.

 

On Sun, 13 Apr 2014 20:51:37 +0200, Cursitor Doom
<cd@spamfreezone.net> wrote:

On Sun, 13 Apr 2014 01:46:50 -0700 (PDT), haiticare2011@gmail.com
wrote:


I don't either - but Facebook is really "Fakebook." Fakebook likes and Fakebook
"friends" are a falsity. Similar to people one meets in a bar.

I don't go near any of it. The people who have the most to say about
themselves are the most vacuous, self-obsessed, narcisistic, boring
and uninspiring of individuals; well worth avoiding having any contact
with.

You don't do any of it but you know what everyone is saying. Well...

 

[Cursitor Doom]

On Sun, 13 Apr 2014 14:44:33 -0700, John Larkin
<jjlarkin@highNOTlandTHIStechnologyPART.com> wrote:

On Sun, 13 Apr 2014 20:47:34 +0200, Cursitor Doom <cd@spamfreezone.net> wrote:

On Sat, 12 Apr 2014 10:39:03 -0700, John Larkin
jjlarkin@highNOTlandTHIStechnologyPART.com> wrote:


Working in c, always check every buffer for size errors. Study every pointer.
Don't just write the code, READ it.

I don't think that helps. You can study and study and study a chunk of
code over and over and over again and still not see where a possible
problem lies. Computer Guru extraordinaire Steve Gibson (grc.com) has
warned programmers about this phenomenon many times. Our thought
processes simply don't work that way.

So, write code, compile and run, ship it, but don't bother to check it?

Step-thru debugger.

 

[Cursitor Doom]

On Sun, 13 Apr 2014 18:43:03 -0400, krw@attt.bizz wrote:

On Sun, 13 Apr 2014 20:51:37 +0200, Cursitor Doom
cd@spamfreezone.net> wrote:

On Sun, 13 Apr 2014 01:46:50 -0700 (PDT), haiticare2011@gmail.com
wrote:


I don't either - but Facebook is really "Fakebook." Fakebook likes and Fakebook
"friends" are a falsity. Similar to people one meets in a bar.

I don't go near any of it. The people who have the most to say about
themselves are the most vacuous, self-obsessed, narcisistic, boring
and uninspiring of individuals; well worth avoiding having any contact
with.

You don't do any of it but you know what everyone is saying. Well...

That is correct. Throughout my life I've noticed the most interesting
people are the ones who are highly reluctant about discussing what
they've done and what they plan to do. Those are precisely the kind of
people I'd like to get to know, but they obviously won't go near
Faecesbook, and so that's why I myself don't bother with it, never
have and never will.

 

[Maynard A. Philbrook Jr.]

In article <j6nlk95u5hfai3tpu7ab3errt1bpdv17oo@4ax.com>,
cd@spamfreezone.net says...

On Sun, 13 Apr 2014 11:19:25 -0400, krw@attt.bizz wrote:


Not 100% true. Extending your bar analogy a bit further, it's also a
place for friends (and family) to meet.

At least in a bar you can see for yourself if the other person is of
the age, sex and race they claim to be. Online you could be
communicating with *ANYBODY* - a scary thing to contemplate. Social
meja is a scammer's paradise.

True, you could be talking to BIG BUBBA, in the pen, that just
wants to love someone, anyone!

Jamie