Re: Public disclosure of discovered vulnerabilities
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Public disclosure of discovered vulnerabilities

From: Bryan Olson <fakeaddress@nowhere.org>
Date: Thu May 26 2005 - 08:13:40 CEST



Douglas A. Gwyn wrote:


 > Bryan Olson wrote:


 >> [...] is honesty too much to ask? Since when


 >> has your position been that C code is fine as long as it


 >> survives in the well-known implementations, even if it induces


 >> undefined behavior according to the standard?


 >


 >


 > Apparently honesty is not your strong suit.


 > Again you have attributed statements to


 > opponents that are not what they actually


 > said.



Please do cite any attribution I made that was incorrect.



That was you who wrote:



     The toupper function has an int argument, not char, and it


     is perfectly safe to feed it any character code (or EOF).



in:



 


http://groups-beta.google.com/group/sci.crypt/msg/46da0c7d6e4f9da3?as_umsgid=iMCdnbvy2IICLw7fRVn-tA@comcast.com


   <iMCdnbvy2IICLw7fRVn-tA@comcast.com>



wasn't it? If it was a forgery, please let me know. I was kind


of taken aback by the utter incompetence in C displayed in that


post.



 > Is that because you truly don't


 > understand what was being said or because


 > you don't have a valid argument and thus


 > must set up a "straw man" to knock down?



Is your news server missing posts? I gave a point-by-point


defense of my account -- the one that prompted you (or perhaps


that forger) to say "Olson has mischaracterized the issue, as


usual." I carefully showed where the author of that post went


wrong.



   http://groups-beta.google.com/group/sci.crypt/msg/3b4a32274d91f5d8


   <pOPke.1265$rY6.1066@newssvr13.news.prodigy.com>



Was that not you? Did I misquote you? Are you slipping or did


you never understand how sign extension works?



Hey, let me clue you in to a great debating trick: when someone


shows I'm wrong, I change my position. Clever, huh?



I too had thought toupper() was defined for any char value, but


when 'infobahn' quoted the standard showing otherwise, well,


that was that. "I stand corrected," I wrote.  I also followed up


to get the error corrected in Harbison & Steele. Ended up taking


quite a bit of time to get the details right, so I expect you'll


understand that it annoys me when some careless know-it-all says


I mischaracterized the issue and gives an utterly wrong


description of the problem.



-- 
--Bryan


Received on Thu Sep 29 21:38:46 2005