Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: SERVICE_CLASS parameter is SID_DISC in listener.ora
Brian Peasland wrote:
> Vladimir M. Zakharychev wrote:
> > Brian Peasland wrote:
> >>> Speaking more generally, isn't the whole
> >>> point of science to reverse-engineer the universe? Do gods and
> >>> deities prohibit reverse-engineering their creations? :)
> >> Since when did reverse-engineering proprietary software become
> >> "science"? Maybe the OP should try the above arguments at his defense
> >> trial....
> >>
> >> Cheers,
> >> Brian
> >>
> > Define the term "science" then. You seem to be falling into
> > the same trap Don Burleson did with "Oracle scientists." :)
> > By the way, some call reverse-engineering an art... Irrespective
> > of the target. But of course, common sense has nothing to do
> > with modern copyright laws and software license agreements.
> > Which is not to say that I do not obey the laws I don't like.
> > Dura lex, sed lex.
> >
> > Regards,
> > Vladimir M. Zakharychev
> > N-Networks, makers of Dynamic PSP(tm)
> > http://www.dynamicpsp.com
> >
>
>
>
>
>
>
>
Well, your arguments are of course valid, RE is not a science, but a scientific tool. This being agreed upon, does Honda prohibit disassembling their engines? Don't think so. Copy them - yes, that's prohibited, but simply taking them apart to see how they work and possibly repair them if they don't work as they should or look for potential problems?
Further, if knowledge is gained through research, then how software security research differs from any other scientific research? And reverse-engineering is an intergal part of this research. After all, we are not interested in theoretic flaws possible in software. We are interested in specific bugs in widely used software which pose real-world problems and endangers its users. Applied science, but still science.
That RE applies to one specific product I disagree, too. That it can be applied to one specific product doesn't limit its application to that specific product only. You can RE any other software product using the same systematic approach and tools. You can even use certain patterns to detect problematic code without reverse-engineering the whole product. Actually, definition of such patterns and creation of the tools that apply them to detect flaws in software is an academic research topic.
On practical side - would you rather know that the flaw exists and the vendor works on/has a fix for it or pretend that there is no flaw and wait until some black hat discovers it and uses it to wreak havoc or steal information from your system? RE is not evil, RE of commercial proprietary software isn't evil either - it keeps pressure on its vendors to improve their products and fix dangerous defects in them. And I simply can't imagine a black hat openly announcing in c.d.o.* that he's trying to crack Oracle software - unless it's some very smart social engineering attempt. :)
Regards,
Vladimir M. Zakharychev
N-Networks, makers of Dynamic PSP(tm)
http://www.dynamicpsp.com
Received on Fri Jun 23 2006 - 11:48:10 CDT