Re: AMD planning 45nm 12-Core 'Istanbul' Processor ?

Robert Myers wrote:
But theoretical solutions work in theory. Practical ones, while based on
theory, implement that theory in reality. And the problem here is that
theory is severely lacking it this field.

There's a chicken and egg problem. Almost no one pays attention to
the tools that do exist.


Theorists were allways the "protochicken", i.e. they are the ones to
develop theory. The problem here is that event theory is lacking.


This business has a long history of preposterous assessments by those
in the business, and you just made another.

ROTFL! You even didn't get the joke... That statement is not mine, it's
60 years old...

[...]
Nevertheless, the industry has been full of people who missed the
obvious.

Explicit explanation of the joke you didn't get:

It was joke about how "your way" would work.


The Internet almost
certainly would not be what it has become.

That's for sure. It would look like it looked back in eighties at best.
There would be few universities and military institutions connected.

But funnily enough, there would be relatively little security concerns,
as there were 20 years ago.

I'm not certain I know what you're saying here. I think that, in the
Internet, we've created a monster. Everyone wants a piece of that
monster, though. Given that circumstance, I think we should start
regarding Real Player and other similar applications as "critical."

You're suggesting MS-style security patching, i.e. patch the endpoints, not
the core. Real Player newer was, is not and never will be a critical
application.


For example we don't have such basic stuff like
mathematical tools to describe important aspects of systems like
human-machine interaction.

That's a fair point. Maybe we should return to the days of the
mainframe mandarins in their glass houses, rather than having CPU's
everywhere. I've long been an advocate of thin, stateless client as
the safest computing platform for most users.

Maybe we should stay in the caves and on the trees. Not inventing stuff like
weapons (which culminated in nuclear ones), tools which could be turn into
a weapon, etc -- in "must have been safer that way". Sure.


Show me mathematical formula describing good user interface.

The best that we can do at this point is to limit access based on
skill.

Oh, so we should fire all those airplane pilots, as they apparently do not
have the skill to deal with faulty user interfaces (of the plane).

Nonperfect user interface is quite commonly one of the causes of air
disasters. Like the plane which crashed into a mountain in France some
years ago after pilot erronously set descent rate in degrees instead of
ft/s -- while 20 ft/s was ok, 20 degree nose down was not (3 would be about
right). While it was a human (pilot's) error, stupid user interface was a
contributing factor -- descent rate was set using the same knob as nose
pitch attitude and there was little selector switch on the side of the
knob, and tiny light indicator showing the setting but noting more
indicated that -- the value set, whereever it was ft/s or degree displayed
looked the same. If only they displayed degree in white, for example, and
ft/s in green, pilot would see that something doesn't look right. As they
were flying over mountains ground altitude meter (which was the mode of
altitude metering during the approach) was not indicative of the trouble as
it varied wildly.

Or faulty design in early DC-8 where plilots trying to just unlock reverse
thrust (just before landing) were actually turning it on while the plane
was still in air.



IOW you don't know what you're talking about.

You apparently aren't aware of what's going on in the US or how the US
does business in matters that affect national security. Could someone
in Western Pakistan disrupt the electrical grid, or worse? No bombs,
no airplane tickets, just smart people exploiting "non-critical"
software.

You can disruopt national grid by use of 45ft aluminium folding ladder (you
could buy in farmer's store) and 1000 ft of nylon cable. Oh, and good
welders' glasses as multisecond 400kV 10kA discharge watched from 1000 ft
is dangerous for the eyes.

Your national grid is not running on RealPlayer, and machines are at least
firewalled properly.

Issues like that, when they exist, and they do, aren't left
to discussions on Usenet. If you want to continue thinking that I
don't know what I'm talking about, you go right ahead.

To succesfully crack into computer system and do particular damage one must
know it's structure, what software it runs etc. So one must get at least
close to company (or particular workers). So you need your air ticked.
And there is no guarantee you could easily do a synchronised action (and you
would need synchronised action at many points to bring down the grid). It's
much easier to buy few sets of 45ft ladder + 1000ft of nylon cable and set
out to fields.


I lived in socialism long enough to say f..k off to every idiot proposing
it. Or I'd rather send them for 1-2 years to live as normal citizen (not
honourable guest but plain normal citizen) in some socialistic country.
It straightens the view on many things very well.

What has socialism got to do with this discussion?

Whe I wrotre it's capitalism out here you starde with your values and stuff.

The US is a
regulated economy.

Of course, but not totally regulated. The market is generally free -- both
in US as well here in Europe.


http://www.packetstormsecurity.net/
[...]
I'm not an expert on random number generators and I suspect that
neither are you. It's a big problem, as are most assumptions about
the breakability of secure transmission schemes.
[...]
It's a big problem. The potential money involved far exceeds $1
million.

It's all based on beliefs of nonexistence of shortcuts, quality of PRNGs,
and such stuff. Those beliefs are supported by testing, but are not
formally proven.

Good enough reason not to trust them. Maybe packet-switched networks
are not a good way to transmit "secure" data or maybe there has to be
an out of band (e.g. over telephone, preferably circuit-switched)
component.

So what, return to the caves?

[...]
Nope. The difference would be small constant factor. The tools like SPARK
are out there, and while specialists who mastered them are rare and thus
their work must be well paid, this is just a small constant difference
(small means around 3).

It is only useable in systems where level of trust must be so high that
testing would be too costly. And it so happens that those systems are
posible to be specified well, as they are relatively simple and closed.

Speculating about what happens when you change the rules is a
fruitless enterprise. Consider what has happened with CISC vs. RISC.

When low hanging fruits were picked and transistor budgets big enough it
simply does not matter anymore.


You only shows your lack of grip in reality.

That's just wild.

Do you know the history of Long Term Capital management? Do you know
what's happened with derivatives all over the world? Do you know the
current parlous state of financial markets?

If you dont's see the difference between fincncial market (an unpredictable
system full of positive feedback loops, driven by agents working to
completely unknown rules) and complex, but closed and static product, we
heve nothing to talk about.


Derivatives are a good analogy for the problems of estimating risk
inherent in software.

Nope.

One problem is that, just as with software,
human beings are inevitably involved.

Oh. Like in all human activities humans are ivlolved. So picking fruits is
as good an analogy.

[...]

It's questionable, highly questionable, if they know even how to
estimate risk in a way that prevents catastrophic events or even
limits catastrophic events to what is theoretically possible.

You compare stuff which is by the very nature unpredictable (if someone
would predict it the one would influence it in unpredictable way) with
stable (unchanging) stuff with measurable properties.

You are caught up in the overstated claims of financial wizards.
Models of risk are where it's at, and inexpensive computers have put
everyone into a business that hasn't even existed for all that long.
Your faith in the enterprise would be touching if you didn't keep
calling me an idiot because of things that you either don't understand
or do understand but don't want to acknowledge.

That only further demonstrates your lack of grip of reality of software
production. First if all, the risks in software are known. And there is a
well known upper limit as well as good estimates that problems will be
fixed in particular time. If one module of the software was made in 2 weeks
it can be remade in similar time in worst case scenario. This software
module is known to at least partially work (i.e. realise functions it was
actually tried),

Besides products of our company do have an warranty. We are obliged to fix
problems when they appear. If some function has been specified it must work
and if there is a problem it must be fixed in particular time.

[...]
ROTFL! If only Real Player was a MS product...

The shrink-wrap license was an innovation that Real Player didn't
invent. They, and every other software jockey has simply inherited
the idea and the courts bought it.

As there was no other option for the price. You have just an licence to a
product which costs $$$$$$$. And you have that licence for $$$ or less.
Because it's only a license.

becomes a gateway for criminal activity, it's your
problem, not theirs. And that, sir, is the sense in which all
applications are critical applications.

ROTFLMAO!
You don't know squat what is a critical application!

Go reread the conversation between Humpty Dumpty and Alice about
words. You mean that you use "critical application" in a different
way from what I do.

I mean it in widely understood way.

The distinction you want to make is a fiction
that supports your business model.

Nonsense. It's reality. If my software is a solitaire game it's not critical
at all. If it's a departamental email server software it's important but
not critical. If it's a accounting + document flow + store management + hr
management software package for mid size business it's business critical.
If it's a atomic reactor process controller it's life critical.

I don't have to support fictions
and I don't have to support your business model.

You don't have to support reality as well. Relaity doesn't care, neither do
I.


Or maybe hammer I can buy at any farmers shop is a critical device, as it
could be used for criminal activity.

A four pound hammer was at one time a fairly common carpenter's tool.
Repeated use causes elbow injury. If you hand one to a workman in the
US and he uses it and injures his elbow, you're going to have all
kinds of problems.

Yeah,and you propose suing hammer producer... And that's a nonsense (even if
in US it's currently at least advisable to label the hammer with nonsense
stickers like not for children, don't use it to hit yor fingers, don't
leave it when working at height, etc.. its still pure absolute nonsense.


In every other field of human activity, the law puts greater and
greater pressure on manufacturers and vendors to foresee and to limit
risk to the end user.

Which is a nonsense. Hamemr is a hammer and it is dangerous if banged
against someones head.

Not so in software, and we are already paying
the price.

No, we get it cheper that way.


And who pays for all that? Thats you and all other customers.

And yet we still get drugs that are improperly tested and/or sold
without full disclosure.

So? It only shows that all sides can't be covered. Even is such stuff like
drugs which is havily controlled (rightly so).

You're trying to defend an anomalous business practice that arose in
the US through a combination of heavy handed lobbying, some critical
court decisions, and the industry having a much better grasp of the
future than did lawyers.

Nonsense. It could be argued that this business practice is the back to the
roots, the right one. And that the policy to cover everything is a nonsense
and it is impossible to sustain (as groving prices for stuff like dentist
visits show -- you pay for the possible mistake and pay ways more than
expected value of the mistke cost times its probablity).

Fine. Live long and prosper.

Fine. Live long and prosper in your cave denying reality.


Sebastian Kaliszewski
--
"Never underestimate the power of human stupidity" -- L. Lang
.

Relevant Pages

  • Re: more EE Times nonsense
    ... Johm likes to think that since his business makes money, ... allocated a tiny slice of reality. ... declare your opinion imprimatur. ...
    (sci.electronics.design)
  • Re: 8 Myths Teabaggers Will Continue to Believe
    ... Reality: Bush's last budget had a $1.416 trillion deficit. ... 40% of the "stimulus" was wasted on tax cuts ... a wasted form of stimulus. ... A business hires the right number of employees to meet demand. ...
    (rec.gambling.poker)
  • Re: Outlook 2003 Intellisync Hotmail
    ... How Microsoft chooses to deploy their business model is their business. ... reality; a reality that business does not like to publicize but it is ... SYNCHRONIZE the calendar that is on the MSN server with the one that is ...
    (microsoft.public.outlook)
  • Re: Agressive dog
    ... Mary Healey wrote: ... Hattery Nonsense defined is still nonsense. ... observable reality and said that they now create their own ... Global Warming Leads to Record Ice Levels in Antarctica! ...
    (rec.pets.dogs.behavior)
  • Re: OT: The REAL Illegal Citizens of the USA
    ... reality of simply my surname. ... simply pay them the going wage and how they conduct their lives or ... business, not mine, as it should be. ... Are you smokin' dope before you type these response posts? ...
    (rec.outdoors.rv-travel)