Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: SERVICE_CLASS parameter is SID_DISC in listener.ora
Vladimir M. Zakharychev wrote:
> Brian Peasland wrote:
> > Vladimir M. Zakharychev wrote:
> > > Brian Peasland wrote:
> > >>> Speaking more generally, isn't the whole
> > >>> point of science to reverse-engineer the universe? Do gods and
> > >>> deities prohibit reverse-engineering their creations? :)
> > >> Since when did reverse-engineering proprietary software become
> > >> "science"? Maybe the OP should try the above arguments at his defense
> > >> trial....
> > >>
> > >> Cheers,
> > >> Brian
> > >>
> > > Define the term "science" then. You seem to be falling into
> > > the same trap Don Burleson did with "Oracle scientists." :)
> > > By the way, some call reverse-engineering an art... Irrespective
> > > of the target. But of course, common sense has nothing to do
> > > with modern copyright laws and software license agreements.
> > > Which is not to say that I do not obey the laws I don't like.
> > > Dura lex, sed lex.
> > >
> > > Regards,
> > > Vladimir M. Zakharychev
> > > N-Networks, makers of Dynamic PSP(tm)
> > > http://www.dynamicpsp.com
> > >
> >
> > My definition of science can be found here:
> >
> > http://www.athabascau.ca/html/services/advise/geninfo.htm#science
> >
> > Typically, the body of work is for one of the accepted
> > sciences....mathematics, biology, chemistry, physics, etc.
> >
> > One could use the definition of science found on Wikipedia:
> >
> > http://en.wikipedia.org/wiki/Science
> >
> > in where in its broadest sense, science is a systematic, repeatable
> > process used to gain knowledge. But even this definition has at its
> > foundation, the understanding that science is gathered through
> > "research" (http://en.wikipedia.org/wiki/Research) where the results of
> > that research contribute to practical applications through laws and
> > theories.
> >
> > Reverse engineering (RE) is more taking something apart to see how it
> > works. RE applies to one specific product. Taking a Honda Accord apart
> > to see how it works does not give you immutable facts on how all motor
> > vehicles work. All RE has done in this case (and in the OP's case) is to
> > see how the specific instance of something works. While one could apply
> > scientific methods to their process, how does this contribute to the
> > body of science as a whole? Even if scientists use RE to figure out how
> > something works, they would not create laws and theories based on the
> > results of the RE effort. They would need something more to convert
> > their theories into laws and theorems. While RE is a tool a scientist
> > uses, by itself, it is not science.
> >
>
Interesting example, as some other Japanese automobile companies filched other automakers designs - to the point that internal engine parts were interchangeable. Copying parts is only prohibited by patent law - which varies by jurisdiction, in duration, details, and by treaties.
>
Agree it can be an applied science using the scientific method. Whether it is used that way is problematic. There have certainly been non-scientific hacks.
>
Agree that it is a worthy academic research topic. Personally, I think the bigger crime is making legitimate research a crime.
>
This is where things get hinky. I know _I_ want to know how the blackhats will get into my systems, before they do get in. I know _I_ don't trust Oracle to fix things in a timely manner, not to mention Symantec, F-Prot (who I've idolized for years, by the way), etc.
It becomes a fundamental issue - do you let people know, and how and when? There have been accusations that security researchers are simply self-promoting by publishing these things. Whether true or not, that has verisimilitude. There is no denying that there are script-kiddees who otherwise wouldn't do these things without being spoon-fed. Shouldn't DBA's have the same opportunities on their own systems? Making reverse-engineering illegal really doesn't help - that's one of those things that hurts the good guys more than the bad, and since there is no World Government can get silly. But the plain fact is, it is illegal in some places, and violates Oracle's adhesion contract everywhere contract law is subscribed to.
As to keeping pressure on the vendors - there certainly is validity to that since any economic pressure is too little too late... but do you think forcing out production patch code under pressure is a going to lead to a better code situation? Do you really think releasing the attack to the black hats before the vendors patch is the right kind of pressure? Doesn't that unfairly transfer pressure to customers? And how can you know if anyone is a black or white hat anyways? Maybe there's a bunch of guys standing in a circle taking their hat off and putting it on the next guy...
As to cdos... I guess you haven't been paying attention, there have been some very stupid social engineering attempts. There are also periodic questions where it is groaningly obvious some student thinks he can write better code in his fantasy world, doesn't know about Concepts Manual. Everyone's a security researcher, riiiiight...
jg
-- @home.com is bogus. "...to write on the web itself, not on a web page. Disappear from any central location; instead, inhabit the web as a sort of spirit. My personality, commentary, reflections, stories, notions popping up on other web sites." - Justin HallReceived on Fri Jun 23 2006 - 13:58:05 CDT