Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: SERVICE_CLASS parameter is SID_DISC in listener.ora

Re: SERVICE_CLASS parameter is SID_DISC in listener.ora

From: Vladimir M. Zakharychev <vladimir.zakharychev_at_gmail.com>
Date: 23 Jun 2006 09:48:10 -0700
Message-ID: <1151081290.183914.275500@u72g2000cwu.googlegroups.com> 






Brian Peasland wrote:


> Vladimir M. Zakharychev wrote:

> > Brian Peasland wrote:

> >>> Speaking more generally, isn't the whole

> >>> point of science to reverse-engineer the universe? Do gods and

> >>> deities prohibit reverse-engineering their creations? :)

> >> Since when did reverse-engineering proprietary software become

> >> "science"? Maybe the OP should try the above arguments at his defense

> >> trial....

> >>

> >> Cheers,

> >> Brian

> >>

> > Define the term "science" then. You seem to be falling into

> > the same trap Don Burleson did with "Oracle scientists." :)

> > By the way, some call reverse-engineering an art... Irrespective

> > of the target. But of course, common sense has nothing to do

> > with modern copyright laws and software license agreements.

> > Which is not to say that I do not obey the laws I don't like.

> > Dura lex, sed lex.

> >

> > Regards,

> >     Vladimir M. Zakharychev

> >     N-Networks, makers of Dynamic PSP(tm)

> >     http://www.dynamicpsp.com

> >


>




> My definition of science can be found here:


>




> http://www.athabascau.ca/html/services/advise/geninfo.htm#science


>




> Typically, the body of work is for one of the accepted

> sciences....mathematics, biology, chemistry, physics, etc.


>




> One could use the definition of science found on Wikipedia:


>




> http://en.wikipedia.org/wiki/Science


>




> in where in its broadest sense, science is a systematic, repeatable

> process used to gain knowledge. But even this definition has at its

> foundation, the understanding that science is gathered through

> "research" (http://en.wikipedia.org/wiki/Research) where the results of

> that research contribute to practical applications through laws and

> theories.


>




> Reverse engineering (RE) is more taking something apart to see how it

> works. RE applies to one specific product. Taking a Honda Accord apart

> to see how it works does not give you immutable facts on how all motor

> vehicles work. All RE has done in this case (and in the OP's case) is to

> see how the specific instance of something works. While one could apply

> scientific methods to their process, how does this contribute to the

> body of science as a whole? Even if scientists use RE to figure out how

> something works, they would not create laws and theories based on the

> results of the RE effort. They would need something more to convert

> their theories into laws and theorems. While RE is a tool a scientist

> uses, by itself, it is not science.



>



Well, your arguments are of course valid, RE is not a science,
but a scientific tool. This being agreed upon, does Honda
prohibit disassembling their engines? Don't think so. Copy
them - yes, that's prohibited, but simply taking them apart to
see how they work and possibly repair them if they don't work
as they should or look for potential problems?



Further, if knowledge is gained through research, then how
software security research differs from any other scientific
research? And reverse-engineering is an intergal part of
this research. After all, we are not interested in theoretic
flaws possible in software. We are interested in specific
bugs in widely used software which pose real-world problems
and endangers its users. Applied science, but still science.



That RE applies to one specific product I disagree, too. That it
can be applied to one specific product doesn't limit its application
to that specific product only. You can RE any other software
product using the same systematic approach and tools.
You can even use certain patterns to detect problematic
code without reverse-engineering the whole product. Actually,
definition of such patterns and creation of the tools that
apply them to detect flaws in software is an academic
research topic.



On practical side - would you rather know that the flaw exists
and the vendor works on/has a fix for it or pretend that there
is no flaw and wait until some black hat discovers it and uses
it to wreak havoc or steal information from your system? RE is
not evil, RE of commercial proprietary software isn't evil
either - it keeps pressure on its vendors to improve their
products and fix dangerous defects in them. And I simply
can't imagine a black hat openly announcing in c.d.o.* that
he's trying to crack Oracle software - unless it's some very
smart social engineering attempt. :)



Regards,


   Vladimir M. Zakharychev


   N-Networks, makers of Dynamic PSP(tm)
   http://www.dynamicpsp.com
Received on Fri Jun 23 2006 - 11:48:10 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US