-----BEGIN PGP SIGNED MESSAGE-----
On Jan 26, 2005, at 4:32 PM, Dassi, Nasser wrote:
> Your disrespectfully condescending tone aside, yes I understand OS
> security. As a matter of fact, I just might understand software
> security better and/or more in-depthly than yourself.
Yes, I agree it's possible that you know more. But I've seen no
evidence of that today.
YOU sent an email to the Subversion users list with the subject
"Bug? FSFS revision control"
There are two things about that subject that make me pretty certain
that what may be true about your paragraph is not true.
1) It's CLEARLY not a bug
2) It has NOTHING to do with FSFS per se.
> Please make sure to read my statement about MS SQL Server data file
> access; you may finally learn a thing or two about an attempt to secure
> a working environment in an otherwise unsecure one.
That was a nicely attempted rebuttal to (everyones?) response that your
statements in your first email were half-baked at best. However, since
Subversion is not a continuously running daemon (in most instances)
how in the world could it keep a lock on the file?
So, try this: Stop the SQL server, modify it's files, and start it
And, I think you'll find that using Microsoft was a pillar of software
quality will not get your arguments heard in most crowded rooms of
After all, Microsoft is clearly NOT the poster child of security these
days. Hell, most of their security issues are due to half-baked attempts
to "secure a working environment in an otherwise unsecure(sic) one."
Additionally, your initial email was all about obscuring the data
representation in a plain text file. It's been clearly demonstrated
that Unixen are more secure, by far, than Windows. Which of those
two systems are more likely to use plain text configuration files?
So, if plain text files are a security problem, as YOU stated, explain
how it is possible that Windows is less secure than Unixen?
> And as far as "no historical precedent", I get the notion from 2 of the
> largest software firms in the world. Microsoft (as exemplified in the
> SQL Server reference) and IBM. 2-3 years ago IBM explained how they
> intended to deploy self-aware/self-healing software applications.
> Similarly, IBM is not the first to make such a feat their objective;
> the past 10-15 years corporations have been actively researching more
> developer-friendly ways of attaining the goals of self-healing without
> going broke. At the very least, their objectives are to do just that:
> operate as securely in an otherwise insecure operating environment.
IBM was speaking to making the applications self-healing, mostly by
keeping two copies of necessary items around and "fixing" themselves
With respect to MS, remove a few .DLLs from a system directory and
see how well it heals itself. Pay particular attention to this case
if you have replaced that .DLL with a later version by the installation
of another application.
Throw away or modify anything in your "My Documents" folder and see if
Windows fixes it for you.
> Of course if you believe that none of the 100,000+ combined
> developers/employees of either Microsoft or IBM have anything worth
> sharing and learning, then I believe you should start professing how MS
> and IBM are doing things the wrong way.
Your logic is really off. I certainly never said anything that indicates
what you said above.
I just don't think *you* have presented anything worth sharing or
*today*. Here's hoping we'll all get along better tomorrow. Don't worry,
I'll keep an open mind and continue to listen in the hopes of learning.
- -- Tom Mornini
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
-----END PGP SIGNATURE-----
To unsubscribe, e-mail: firstname.lastname@example.org
For additional commands, e-mail: email@example.com
Received on Thu Jan 27 03:04:41 2005