Running a business while going to university, while being very exciting, is already hugely frustrating. You permanently feel you're underachieving in all cathegories:
1. I feel I am not as good a mathematicians as I could (should) be, due to time constraints imposed by programming and running the business.
2. I feel I am not as good a programmer as I could (should) be, due to time constraints imposed by studying and running the business.
3. I feel I am too slow in dealing with business paperwork etc. etc. due to time constraints imposed by programming and math.
Anyhow, I guess that's the price of trying to be a jack-of-all-trades (or at least being unwilling to give up two of the three things I am doing).
What is good though: We finally finished SABRE BinNavi, and I personally think we brought
debugging into the 2000's. Very few people realize that debuggers have been stuck in the 80's for a long while (here is your registers window, here is your data window, here is your code window), and BinNavi is definitely a step forwards. Now I need to get Jython tied in to v1.1, so I can have the scriptable debugger I always wanted to have.
(blatant plug: check these flash movies to see what I mean, specifically Chapter 4)
Aside from that I have been reading Forster's Lectures on Riemann surfaces, and slowly getting back into it. The good thing about working on Navi was that it has made me unapologetic about drawing lots of pictures to clarify math situations, even though most mathematicians I talk to look down on visualisation.
Still on my to-read-list: Rudeanu's "Lattice Functions and Equations" and a larger volume here on computer algebra and various (surprising) applications for Groebnerbases.
I still have a stack of IDAPython crap that I wanted to post to OpenRCE. Hrm. I need longer days.
Anyhow, back to Forster.
Friday, September 30, 2005
Thursday, August 18, 2005
There seems to be some odd blog war going in a triangle between Thomas Ptacek, Some guy called Lindstrom, and Adam Shostack.
Lindstrom's posts can be seen here:
If you read his posts, you can see that he clearly has no clue about code auditing. Anyone who has a passion for bugs and has done some serious work on finding bugs will agree that in high-exposure programs such as OpenSSH or IIS it is getting harder and harder to find decent bugs. And there would not be a hacker-side anti-disclosure movement if this wasn't the case.
It is amusing how everybody and his dog tries to dress up their ideas in fake-economic-speech, too. Economics has gotten to be an interesting form of science -- someone comes up with an idea and then tries to build "science" arguing in his direction. The empirical part is usually showing that at least one set of data does not contradict the claim and then deduce generality. Bloody brilliant.
Ahwell. Reading the discussion makes me tired. Anyone who thinks that bugs are not getting rarer in core internet daemons is living in a parallel universe or hasn't audited in recent years.
Lindstrom's posts can be seen here:
If you read his posts, you can see that he clearly has no clue about code auditing. Anyone who has a passion for bugs and has done some serious work on finding bugs will agree that in high-exposure programs such as OpenSSH or IIS it is getting harder and harder to find decent bugs. And there would not be a hacker-side anti-disclosure movement if this wasn't the case.
It is amusing how everybody and his dog tries to dress up their ideas in fake-economic-speech, too. Economics has gotten to be an interesting form of science -- someone comes up with an idea and then tries to build "science" arguing in his direction. The empirical part is usually showing that at least one set of data does not contradict the claim and then deduce generality. Bloody brilliant.
Ahwell. Reading the discussion makes me tired. Anyone who thinks that bugs are not getting rarer in core internet daemons is living in a parallel universe or hasn't audited in recent years.
Sunday, August 07, 2005
I have to admit I really enjoy reading Thomas Ptacek's blog. It's refreshingly honest in a security industry full of smokes, mirrors, and sockpuppets.
Friday, August 05, 2005
Reverse Engineering C++ code is always a bit of a pain because it is so unobvious which language constructs generate what assembly-level code. Contrary to what a C compiler does a C++ compiler has to jump through all sorts of odd hoops in order to make the "OO" part work.
After posting a question about this to www.openrce.org, I got a few replies with some VERY useful links which I'd like to share here:
(thanks to Erlend & Igorsk for the links ! :)
Doc1
Doc2
Doc3
After posting a question about this to www.openrce.org, I got a few replies with some VERY useful links which I'd like to share here:
(thanks to Erlend & Igorsk for the links ! :)
Doc1
Doc2
Doc3
For those of you that speak german, this is an interesting link:
http://www.bsi.de/ausschr/einkauf/auftrag27684.htm
Basically, the german government wants to purchase a device to find bugs that
communicate with the outer world via infrared/optical means.
For me as somebody totally clueless about surveillance/eavesdropping devices,
I am intrigued by the idea of using infrared for communication with the outside
world: One the one hand, since the beam can be so highly direction, I'd assume
it is going to be extremely hard to detect it (aside from putting lots of smoke/
particles into the air), and can also be minituarized significantly (as one doesn't
need much of an antenna to emit the waves).
Interesting.
http://www.bsi.de/ausschr/einkauf/auftrag27684.htm
Basically, the german government wants to purchase a device to find bugs that
communicate with the outer world via infrared/optical means.
For me as somebody totally clueless about surveillance/eavesdropping devices,
I am intrigued by the idea of using infrared for communication with the outside
world: One the one hand, since the beam can be so highly direction, I'd assume
it is going to be extremely hard to detect it (aside from putting lots of smoke/
particles into the air), and can also be minituarized significantly (as one doesn't
need much of an antenna to emit the waves).
Interesting.
Subscribe to:
Posts (Atom)