[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: T-Shirts



Hey Perry, I think this is pushing it a bit too far:

"Perry E. Metzger" <[email protected]> writes
>[email protected] writes:
>>         Ya but a multi million dollar corp like netscape should be paying
>> big bucks for those bugs....Or the mob might...ya get my drift....Alot of
>> people give personalized T-shirts but not everyone can jeapordize a corps
>> existed?
>
>If you are looking to make money off of this sort of thing, get a
>reputation and start consulting or selling security software.  If your
>interest is just in being obnoxious, please crawl back under your
>rock. Either way, you are way out of line.
>
	Sorry, but I think the guy has a point. And all his rights to
expose it. Do you read sci.crypt? Looks like you don't. I've lost track
(nor do I try to keep it) of the amount of typical answers of the likes
of:
	> Can you break my algorithm?
	Yeah. Send the source and offer a good reward so someone thinks it
	worth breaking it.

	So far so good! And then someone comes asking why should anybody
do consultancy work for a multimillion corporation (e.g. MicroSoft) with
no access to sources for free or just a "high-quality T-shirt" that can't 
be worth more than 100$ and all he gets is a kick in the ass.

	Well, I agree that discovering the Pentium bug was great. But it
would have been better if it didn't exist. Many companies invest zillions
of dollars in testing. Why should I save that money to a greedy company?

	By the same rule, you may as well propose that we leave the Gov'ts
do as they wish with cryptography. Why should they try to make thing right
from the first time? Let people discover mistakes later, and complain. If
they can.

	The point is: regarding cryptography and security as with anything
else: one should be sure his/her solutions work before wasting other people's
time. Like, e.g. before asking if his ROT16 algorithm is safe. Isn't it
embarrassing that any corp. asks for testing of programs before even having
made sure they check for array overflows?

>Oh, and you might want to learn how to spell and how to write in
>standard English grammar if you want to be taken seriously.
>
	And that's the best part of all! Well, I'm not a native English
speaker. So may be I shouldn't be in this list. As neither any other
foreigner. More so since I think contents are more important thn the way
they are expressed.

	For that sake we could also give away crypto. It isn't reputable
and standard English, so it can't be taken seriously.

	I don't want to start a flame war. I'd just prefer to discuss
other topics, in any 'spaghetti -or scrambled- language' as long as I can 
understand it.

				jr
--
These opinions are mine and only mine. Hey, man, I saw them first!