M$ Denigrates Hackers

From M$’s latest 10-Q:
“Hackers develop and deploy viruses, worms, and other malicious software programs that attack our products and services and gain access to our networks and data centers. Groups of hackers may also act in a coordinated manner to launch distributed denial of service attacks, or other coordinated attacks.”

see Form 10-Q.

Hackers also innovate and try things. I consider myself a hacker and I have never written or deployed malicious software deliberately. I used to do that regularly when I ran M$’s OS because it was designed with no security whatsoever in mind and welcomed malware back in the day.

For the definitive work on “hacking” see Eric S. Raymond’s How To Become A Hacker:
“There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first time-sharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you’re a hacker.”

I became a hacker when I was preschool. I never failed to take my toys apart even if I failed miserably to put them back together… When integrated circuits and microprocessors came along, I had already been hacking on mini-computers and main-frames so I just kept going.

My latest hacking was poking around in the code of a FLOSS application, GEBC (GNU External Ballistics Computer):

  • I love its inputs and outputs. They are nearly perfect for my shooting/hunting activity.
  • I wanted to reformat the fonts to be more friendly to my eyes.
  • The thing uses FLTK and every corner of every box and every font-size was given in decimal numeric pixels….
  • I doubled a bunch of those numbers and the programme became easier to use. I even doubled the pixels used to draw lines to make them more visible.
  • I will rewrite this thing in PASCAL using scaling variables…

So, take that M$. We hackers will not be cowed by your defamation. We proudly reserve the right to explore technology and make it better.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged . Bookmark the permalink.

59 Responses to M$ Denigrates Hackers

  1. That Exploit Guy says:

    You have no idea what I’ve learned. You weren’t there.
    Given what has transpired here, I think I have already got a fairly good idea of you (don’t) know.

  2. oiaohm says:

    Dr Loser
    –No, there is no such requirement. Perhaps you have heard of this novelty called a “criminal justice system?” The remedies you seek are already in place.–
    Criminal justice system cannot help you. Lets say I sell you an exploit. I have not used that exploit I am not legally responsible for how that exploit is used.

    Dr Loser what it has cost Microsoft by creating there own term. Is is the loss of understanding the class of people they are dealing with.

    White Hats will act for the common good. Even if it is harmful to Microsoft.
    Grey Hats will act more for there own good but will take the more legal and morally safe path if it pays.
    Black Hats will take what ever path or paths that will get them either fame or money. Yes truly or they can want both. They have no moral limits.

    This is the problem master black and grey hats don’t commit the offences themselves. They take money from those who do. Contract law is your only defence against this.

    –1) You and others have led us to believe that, with FOSS, the ability to fix bugs is its own reward. I guess you’ve just thrown that notion out the window, haven’t you?–

    In fact Dr Loser you need to read back what I said. You will find I have never said fixing bugs is it own reward. I have said ability to fix bugs can be to your own advantage.

    Also I have never said FOSS developers work for free. In fact I have argued against you on this point many times. Like point out how much of FOSS projects are commercial paid programs. Its you Dr Loser who has been pushing this stupid point.

    –2) Pretend, for a moment, that you are an accomplished Black Hat.–
    First thing here a Black Hat does not care about the contract you just formed with them. They already have other offences against them. Little contract breach is not a problem. Grey hat will care about a contract breach.

    And Dr Loser White hats who have not been paid for exploits and the Exploits have not been fixed have also resulted in the White Hats releasing the exploit into the wild. Again by law not legally responsible for damages that happen.

    I love the fact you are guessing. What are you going to keep on guessing Australian states until you guess where I am. I am sorry to disappoint you I have a house in every state of Australia. I have not been in northern NSW for years.

    Yes Dr Loser you have stated the mistake Microsoft it making thinking criminal law is any effect against Hackers. There are many countries where the are no laws against computer crime as well. Contract law does apply in those countries.

  3. TEG wrote, “you damn well should have learnt much more than you had”

    You have no idea what I’ve learned. You weren’t there.

  4. That Exploit Guy says:

    That is not the purpose of programming. I program to solve problems.
    Yes, that’s why you would want to sharpen and expand your skillset at every opportunity. If computer programming had been your bread and butter for 50 years, you damn well should have learnt much more than you had.

  5. Dr Loser says:

    I have more important challenges to deal with, oiaohm, but whilst I’m dealing with them, let me just admit the following:

    Your command of the English language is so far ahead of your command of basic IT concepts that it isn’t even funny.

    There you go. Don’t let it be said that I never encourage total morons to improve themselves.

  6. Dr Loser says:

    Once again, I see your fabled ability to dredge up irrelevant links from Google has failed you, oiaohm.

    There is requirement for terms to include take back of money. So parties who only get part payment consider twice before selling the next bug to criminal.

    No, there is no such requirement. Perhaps you have heard of this novelty called a “criminal justice system?” The remedies you seek are already in place.

    Minor error in contract cause disasters. You provide money you provide reason for people to research your product for flaws. So now more people are researching your product than would have been otherwise.

    Absent a link, you have no evidence either of error or disaster. But let’s examine your latest preposterous notion, shall we?

    1) You and others have led us to believe that, with FOSS, the ability to fix bugs is its own reward. I guess you’ve just thrown that notion out the window, haven’t you?

    2) Pretend, for a moment, that you are an accomplished Black Hat. (As opposed to your current status of talentless motor-mouth.) What’s your financial motivation? Clue: it isn’t the remote possibility that M$ will hand over a six-figure sum. It’s …. oooohhhh, I feel an attack of pure evil coming on … Nurse, the tablets!

    3) Pretend, for a moment, that you are an accomplished White Hat. (Or colour to suit. You keep changing that colour. Whatever goes with your eyes, I guess.) Here’s your career decision: sign on (even as bounty hunter) for a large corporation — financial security for life. Sign on with criminals — Pokey for life. And remember, you’re a White Hat. You already made that decision.

    You’re making even less sense than usual, aren’t you?

    Now if Google or IBM or any other party with a proper built bug bounty program was complaining about this they would have grounds.

    But they’re not, are they? The evidence suggests that a single noble little feller in northern NSW is the only fantasist “complaining” about this hitherto unheralded “problem.” I sure hope that Google and IBM appreciate your efforts. Or even notice them.

    Yes Dr Loser the issue Microsoft is complaining about in 10-Q is part Microsoft own fault. We will not know how much until Microsoft fixes their bug bounty program.

    Once again, an evidence-free assertion. Can you, perhaps, attempt to quantify Microsoft’s failure in this area? What have their own Multi-Coloured Hats cost them? Can you say zero dollars, oiaohm? Because I can.

    However, let’s just say you pick a figure like $123,456,789 out of thin air. Good for you. Now let’s see you explain why Microsoft is obliged, either legally or morally, to keep quiet about the issue and not stun the world by inserting a paragraph or two on page 50 of a 10-Q?

    Bottom line: as usual, you have failed to provide evidence of “funding evil,” in the context of hackers and hacking. Why? Because there is no evidence to provide.

    And what’s more, not a single person out there agrees with you. Funny, that.

  7. TEG wrote, “to learn as much of them as humanly possible.”

    That is not the purpose of programming. I program to solve problems. In the case of GEBC, I program to fix the bugs in an otherwise very useful piece of software, not to learn anything more about C. I wrote my own application years ago in Pascal, but GEBC is more precise for long range shooting and atmospheric effects and it is FLOSS. It is GEBC I am studying, not C. I know the physics. I know the maths. I know how to program. I don’t need to know how to code in C.

  8. That Exploit Guy says:

    Most of humanity does not programme in C.
    Most of humanity does not go onto the Internet and claim they have 50 years experience in computer programming, either.
    In fact, if every programmer programmed in C then there would be no other languages
    False dichotomy much?
    There are thousands of programming languages.
    And we are talking about having 50 years, not 15, to learn as much of them as humanly possible. Like I said, with that much time, you could have learnt how to fly a helicopter on the side, but somehow you are telling me, of all possibilities, you have missed one of the most influential languages that even your favourite operating system founds itself upon?
    That’s not quite 50 years well spent there, is it?

  9. Kevin Lynch wrote, “It’s not uncommon for software on platforms like Linux to use modules written in multiple languages.”

    Yes. I would like to see the distributions in language used in Debian’s huge repository. Of course C* is huge but so is PHP, Java, BASH, perl, python etc. Just for curiosity, I would like to know how much Pascal is in there… FreePascal, itself, is written in Pascal so it’s easy to bootstrap on just about anything.

    Debian reports that Free Pascal programmes are about 1.5 times slower than C but the difference may be just run-time checking. I have examined the code and it’s good enough for me. Who cares if the idle loop on our machines gets 90% of the time or just 85%? There may be roles where that matters but there certainly are many where that does not. I would rather waste cycles checking stuff than crashing.

  10. Kevin Lynch says:

    COMAL, BASIC and Turbo Pascal were the first programming languages I learned. Pascal is probably most famous for it’s use in the Delphi developer suit. Which in my opinion was far more useful than Visual Basic.

    When it comes to choosing a language to write software in. You pick the one that works best for the job you’re doing. It’s not uncommon for software on platforms like Linux to use modules written in multiple languages.

  11. oiaohm says:

    Dr Loser Microsoft problem with being attacked so much is partly how there bug bounty program is designed. Or for a long time a complete lack of bug bounty program.

    There is requirement for terms to include take back of money. So parties who only get part payment consider twice before selling the next bug to criminal.

    Calling all hackers evil and not wanting to deal with them has been Microsoft problem. Sections of Microsoft management are still not using correct terms and the 10-Q shows this.

    Dr Loser the problem is something does not have to sound very evil to be causing lots and lots of evil to happen. Microsoft Blue Hat model is almost right. Problem is almost right is still no good. In fact almost right is worst than having no program at all.

    Like giving out cheep prescription medicines. Sounds like a good idea right. If you don’t have a system to prevent those being abused it causes a lot of harm.

    Same thing applies to bug bounty systems. They can sound very good. Appear very good. Minor error in contract cause disasters. You provide money you provide reason for people to research your product for flaws. So now more people are researching your product than would have been otherwise. If they get pissed off with what you are paying then can sell to criminals without any bad side effect you are in trouble.

    Yes Microsoft really need to look at there own actions how to relates to the issues they re suffering from.

    Google does not take part in pwn to own on browsers because the terms Google wants pwn to own did not allow. pwn to own is only declare successful attacks google wants all attacks successful or not. Yes there are vast differences in the different company bug bounty systems. IBM and Google are two of the most strict.

    Yes Dr Loser the issue Microsoft is complaining about in 10-Q is part Microsoft own fault. We will not know how much until Microsoft fixes their bug bounty program.

    Now if Google or IBM or any other party with a proper built bug bounty program was complaining about this they would have grounds.

    Interesting one with Game Consoles. Very few hacks existed for Play-station 2 to run games copied games while the white hat hackers could use the device how ever they wanted.

    There is evidence out there that highly suggests that a lot of computer crime is tracing to white hats frustrated and turning into grey hats and black hats. Prevent this happening and most of the criminal element are not that smart.

  12. oiaohm says:

    Dr Loser I have already giving a link that covers blue hat hackers terms and conditions.

    Sorry Dr Loser again you are asking me for links I have already provided. Asking for the Google and IBM link come on they are a simple Google. What do you need everything handed to you on a silver platter completely unable todo any of your own research Dr Loser. No wonder you use the title Dr Loser.

  13. TEG wrote, “I can tell you one thing: if your “experience” does not involve C – a language that your favourite operating system use for its native API – then certainly that you are not really that much of a programmer, “

    Most of humanity does not programme in C. In fact, if every programmer programmed in C then there would be no other languages. QED

    There are thousands of programming languages. Programmers use one or more of them as do I. A programmer is defined by what he does, not by what language he uses.

    I happen to detest C for very good reasons. It’s just too complex and squishy. Look what happens every time a new version of GCC comes out. I’d rather define my programmes rather than have the compiler define them. 8 assignment operators! Weak type-checking causing no end of problems and heavy dependence on pointers flushes lots of software down the drain. Pascal is a RISC-like programming language. It does what’s necessary in a tidy way. I like that.

  14. That Exploit Guy says:

    … many assemblers, Fortran II, IV, Watfiv, Algol 60 & 68, PL/I, Modula-2, Pascal…
    “Chuckle”, as you said, since all you are proving with these obsolete languages is that all the experience you had was between 1960s and 1970s, not fifty years as you want to stretch it. Fifty years can afford a professional programmer to learn much more than it – with flying a helicopter as a side hobby, even. Why not throw in Lisp-variants in the mix while you are at it? Though I can tell you one thing: if your “experience” does not involve C – a language that your favourite operating system use for its native API – then certainly that you are not really that much of a programmer, and one must wonder if you are actually as proficient in all those languages you have listed as you claim.
    Chuckle. B2? You know, those things that fly around the world and drop bombs down chimneys?
    Again, “chuckle” indeed. Here’s a ad from JP Morgan Chase offering positions for
    COBOL programmers maintaining systems that handle millions of dollars of transactions per day. The only problem here is: if anyone was given a choice between COBOL and C-variants for a completely brand new system, no one would choose COBOL as the implementing language. No one. The only reason JP Morgan Chase has COBOL-based software to begin with is that the software has already been there for a long time – decades, even. Eventually, when a system gets too old and too expensive to maintain, it gets dropped and replaced by something else – just like how Northrop dropped JOVIAL for C.So, dream on about how relevant you are with software programming, if that’s what help you sleep at night.

  15. Dr Loser wrote, “I am desolated to have to explain this to you, it is no longer extant in a didactic sense.”

    So what? I use it and many others do. It works.

    Here’s the resume of a guy who started out learning Fortran and Pascal. Now he’s senior scientist at JPL. Pascal worked for him. It’s working for me. BTW, I never studied Pascal formally as a student but took it up as my third language as an undergraduate student of physics. My first two languages were Fortran and Assembler.

  16. Dr Loser says:

    PASCAL is still certainly useful for teaching computer science because it is so easily learned and easy to use by students. That is probably its biggest use but obviously people are using it just about everywhere for everything considering the platforms on which it runs.

    Well, you’ll be pleased to learn that the standard teaching language at Cambridge in 1985 was, indeed, Pascal. (Martin Richards of BCPL fame was agin it, as I recall.)

    Unfortunately, and believe me, I am desolated to have to explain this to you, it is no longer extant in a didactic sense.

    The skills one derives from being a Pascal expert are, however, still in great demand. There’s TurboPascal (on Microsoft Windows). There’s Delphi (on Microsoft Windows), created by Anders Hejlsberg. Delphi has GUI bindings. Might be useful when you get around to porting GEBC to Pascal.

    And Anders Hejlsberg was and I think still is the prime mover for C#.

    Do please continue with your determination to take Pascal wherever it leads you, Robert.

    But I’m not entirely sure you will like the results.

  17. Dr Loser says:

    Basically it would be good if you did learn some of the limits of your level of english skill Dr Loser.

    Wise words for us all, I think.

  18. Dr Loser says:

    Some people compute and some people learn programming languages. I did use a multitude of languages (many assemblers, Fortran II, IV, Watfiv, Algol 60 & 68, PL/I, Modula-2, Pascal, and a few others I forget at the moment, but now I have settled on the one I like. Why should I code in anything else? I can link to C libraries easily and use an abundance of code without knowing any C and in a pinch I can figure out what a C-programme is doing and change it.

    That’s all very well, Robert, and it’s an impressive list of languages for back in the day. (I started with Basic and Fortran IV around about 1974, so I’m roughly in line with you here.)

    But it’s not really relevant to either “hacking” or FOSS, is it?

    As I pointed out, the use of Pascal is at best sheer self-indulgence. The GUI bindings just aren’t there. (And as an aside, you should probably have implemented a scaling factor relative to the size of the window, rather than just an arbitrary doubling of the font size.)

    What you are proposing, and I realise it’s just a theoretical proposal that you’d put more work into, is simply absurd in either a hacking or a FOSS context.

    You’re not starting ab initio (in which case, hey, use Pascal if you want). You’re working with a trivially small, yet still extant, code base in C++.

    A hacker would hack on the C++.

    A FOSS advocate might choose to move to PHP for the Web, or a GNU/Linux/Android app.

    Why? In both cases, the Four Freedoms again. You would be giving back to the community, in some sense.

    By rewriting the thing in Pascal, you would be taking away from the community. You’d be taking something that makes sense to that community and can be supported by that community, and turning it into something that for 99.999% of that community might just as well be written in Urdu.

    A little self-indulgent, don’t you think?

  19. Dr Loser says:

    Just found this hilarious boast:

    The problem is what I wrote was not gibberish it is in fact a level of english above you understanding. I do have Mensa level comprehension skills.

    Mensa? BWAHAHAHAHAHA! How very sad, yet at the same time comical beyond belief.

    And “comprehension,” oioahm, is very far indeed from the ability to write in a way that can be “comprehended.” No doubt you can parse that verb for us.

    Not to harp on your pathetic standards of written English, but don’t you think

    it is in fact a level of english above you understanding

    … might be better, or at the very least accurately, rewritten as …

    it is in fact a level of english above *your* understanding?

    You’re not a misunderstood genius, oiaohm.

    You’re just a careless ignorant slob.

  20. Dr Loser says:

    Dr Loser I guess you have never read all the terms and conditions of bug bounties.

    Naturally you, oiaohm, have; in which case you will no doubt be delighted to furnish us with a link.

    Yes Microsoft is one of the ones that does allow grey hats to sell other bugs to criminals without losing rights to money.

    Proof?

    IBM and Google bug bounties have contracts terms forbidding it. Yes requirement to refund all money if you wish to deal with the criminal element.

    Stop fantasizing. Proof?

    Sorry MS blue hat program is funding evil. Because its contracts are incorrectly designed.

    Proof? Here’s an example of how the Blue Hat program works.

    Doesn’t sound terrifically evil to me.

    Dr Loser so yes you have opened Pandora.

    I don’t think a constant barrage of senseless babble qualifies as a “Pandora’s Box,” oiaohm. But we still have Hope.

    The reality I was being nice and writing it in a hard to see form.

    In other words you were completely obfuscating whatever simple point you were trying to make.

    In general, such behaviour is unlikely to win you any arguments.

    When I write complex sometimes It is a clear warning leave alone. There is something there.

    How about you just “write simple” and attach a big red notice saying “Beware of the Imbecile?” I think that might be more efficacious.

    But a percentage of the funds going to pay Blue Hat hackers will be ending up in the hands of people we don’t want to be giving money to.

    And a percentage of my wages ends up in the hands of people I don’t want to be giving money to.

    So what?

    Your standards for “evil” are lamentably low, oiaohm.

  21. bw says:

    Some people compute and some people learn programming languages.

    For simple stand-alone programs such as the “bullet drop” calculation that you referenced, language is immaterial. Pick what you want. That is why VB is so popular. Anyone can use these languages.

    When you get into something complex, however, it is a whole new story. Business systems used java and evolved to C# and F# today. They have taken over from C++ in most new product developments. Our products were migrating from C++ to C# section by section.

    It is fairly clear that the distinction between “programmer” and “developer” is lost on most of the people here.

  22. oiaohm says:

    Dr Loser I guess you have never read all the terms and conditions of bug bounties.

    Yes Microsoft is one of the ones that does allow grey hats to sell other bugs to criminals without losing rights to money. IBM and Google bug bounties have contracts terms forbidding it. Yes requirement to refund all money if you wish to deal with the criminal element.

    Sorry MS blue hat program is funding evil. Because its contracts are incorrectly designed. Also Microsoft mixes White Hackers term with Grey Hackers to form the Blue Hackers term.

    Reality we want Black and Grey hackers fairly much neutralised.

    Dr Loser so yes you have opened Pandora. The reality I was being nice and writing it in a hard to see form. You had to question my english.

    When I write complex sometimes It is a clear warning leave alone. There is something there.

    Ok Microsoft Blue Hat hacker program is better than no program. But a percentage of the funds going to pay Blue Hat hackers will be ending up in the hands of people we don’t want to be giving money to.

    Denigrates Hackers and Paying criminal hackers are foolish things for companies to be doing.

  23. TEG wrote, “If you actually possessed 50 years of computer programming experience, you would not only be fluent in a multitude of languages (including C-variants), you would also not be considering porting the software in question to a language that had already been relegated to the history book since the late 90s.”

    Indeed. I have been programming since 1968 when I started on IBM mainframe and minicomputers and DEC minicomputers at the U of Manitoba. I had a natural attraction to computers and it fit well with physics where number-crunching and graphing was a big part. Personally, after leaving university, I have written many data-collection and analysis programmes for science, technology, ballistics, education and servery. In 1984, I wrote the control system for a cyclotron control room in Saudi Arabia, and later when teaching I wrote and modified many web applications for educational purposes like generating reports, taking attendance, and management of classrooms and schools. These days I don’t often code but in the dark days of winter I may have time on my hands to do some more. The rest of my year is spent watching the grass grow and fighting weeds.

    Some people compute and some people learn programming languages. I did use a multitude of languages (many assemblers, Fortran II, IV, Watfiv, Algol 60 & 68, PL/I, Modula-2, Pascal, and a few others I forget at the moment, but now I have settled on the one I like. Why should I code in anything else? I can link to C libraries easily and use an abundance of code without knowing any C and in a pinch I can figure out what a C-programme is doing and change it.

    PASCAL is currently in development and growing as shown by packages in Debian. Assembler is still widely used and languages don’t get much older than that. It’s actually an advantage for PASCAL to be an old language: stuff written stays written and continues to run, and PASCAL is available on many operating systems and hardware. “Operating systems:
    Free Pascal runs on a large number of platforms, inlcuding DOS, Win32 (no UNIX porting layer needed), Linux, FreeBSD, NetBSD, OS/2, BeOS, Mac OS X, on the following architectures: x86 (32 and 64 bit), SPARC, PowerPC (32 and 64 bit), ARM, Java Virtual Machine (under development), and MIPS (under development). GNU Pascal runs basically on any system that supported by GCC, and for which the build process was verified. “

    PASCAL is still certainly useful for teaching computer science because it is so easily learned and easy to use by students. That is probably its biggest use but obviously people are using it just about everywhere for everything considering the platforms on which it runs. There are even a few operating systems written in Pascal. After all folks are writing lots of applications in Java/Dalvik, so just about anything is possible with Pascal. I like it because it works for me and it’s easy to use it to make correct programmes. C on the other hand breaks with every new release of a compiler. What’s with that?

    UPDATE Here’s a current job Ad by Northrop:
    “B-2 Mission Planning Software Engineer 2

    BS degree in a science, technical, engineering or mathematics related field plus at least two years of related experience in Software development experience with Ada, Pascal, C or a similar structured language. An active secret clearance is required. “

    Chuckle. B2? You know, those things that fly around the world and drop bombs down chimneys? They don’t care what language one uses to get the job done as long as it’s done right. Pascal can do the job.

  24. Dr Loser says:

    Some times my error is not incorrect english. Its wrong skill level english for people who will be reading. Yes I did fully rewrite in simple that one line I provided that was complex English.

    Aw, isn’t that cute?

  25. Dr Loser says:

    Any dismal little thoughts on M$ “funding evil,” oiaohm?

    Thought not.

  26. oiaohm says:

    Dr Loser Hackers are more often not paid straight up wages. Take a close look at how many companies do pay bounties. Lot the high level security auditing people make a good income collecting the bounties that are on offer.

    There is a problem Dr Loser. People are Blue Hat Hackers can also be selling the faults they find to other criminals.

    There is a reason why the Hacker world had three defines. Black Hat, Grey Hat and White Hat.

    So yes Microsoft paying out Blue Hat bounties can be funding assaults. But not paying out Blue Hat bounties there would be more Assaults.

    Please read the payment Dr Loser. $100,000 USD for one successful demoed Fault. This is the thing White hat and Grey Hat hackers can be doing(that could be both doing Blue Hat submissions) can earn a million dollars a year wages in a few reports to different companies.

    Yes Blue Hat Hackers are not your normal salaries staff.

    –Yes indeed. Everybody pays these people straight-forward salaries, once they’re brought under some sort of management structure, oioahm. The Feds, IBM, presumably Red Hat … everybody.–
    This is your level incompetence.

    Blue Hat Hackers are not paid salaries. Why do they want Salaries when a few bugs a year gives them all the money they need.

    Most of the exploit finding hackers are brought under limited term contracts only effecting what they are being paid for. So any new discovery they are free to sell to another party who might pay more. Never brought under Management. They are always looking to sell to a higher paying buyer.

    You say I am making a fool out of my self. If you had gone to the wikipedia page followed the reference link to what a blue hat hacker is you would have worked out very quickly they are not normal staff.

    Yes it would not be hard to find a Grey Hat Hacker that Microsoft has called a Blue Hat Hacker and linked Microsoft paid money to going to funding evil acts.

    You always need to remember when doing a deals with devils don’t insult them.

    You do notice in the FOSS world bounties existing not just for exploits but for feature improvements.

    Dr Loser I guess you were not on 1 million + wage per year. That is the level wages you are talking about to interest the security auditing elite. Normally 1 million dollars would be a cheep employment.

    Selling a flaw into the criminal underworld can make multi millions income. So $100 000 per bug is still being cheap.

    Really you had to have been a lowly contractor Dr Loser. Who was not high enough to get briefings about the faults that had been discovered.

  27. oiaohm says:

    Dr Loser I do admit my limits of english skill.

    Some times my error is not incorrect english. Its wrong skill level english for people who will be reading. Yes I did fully rewrite in simple that one line I provided that was complex english..

  28. oiaohm says:

    Dr Loser funny due to your poor understanding of english you are attempting to make me prove something as true that does not have to be.

    http://www.microsoft.com/security/msrc/report/bypass_bounty.aspx

    It is also included on the wikipedia page I first linked to. No need to Google or search at all. Apparently you don’t read links Dr Loser.

    The problem is what I wrote was not gibberish it is in fact a level of english above you understanding. I do have Mensa level comprehension skills.

    This is one of my problems. What reads as simple english to me is still very complex.

    Still does not change that BLue Hat Hackers is a Microsoft term.

    Dr Loser as you say you stick to understanding just simple english. This does mean you miss understand complex documents all the time. Like investor reports.

    Basically it would be good if you did learn some of the limits of your level of english skill Dr Loser.

  29. That Exploit Guy says:

    @Aieee a Ballhogg
    ESR has proposed using the glider as an emblem for hackerdom.
    Cute. A chest-thumping exercise for the small-minded.
    @Pogson
    I taught as well and have programmed since the 1960s.
    Between 1960s and 1970s, maybe. If you actually possessed 50 years of computer programming experience, you would not only be fluent in a multitude of languages (including C-variants), you would also not be considering porting the software in question to a language that had already been relegated to the history book since the late 90s. Try stretching the meaning of “since” as much as you want, but remember – there will always be people here that can see right through your rubbish in an instant.

  30. Dr Loser says:

    I’m really looking forward to the point where oioahm, master of both simple and complex English conjugation, posts a link to Blue Hat bounties, btw.

    They’re trivial to find on Google, little man. I’ve found them. You’ll need to dig much deeper unless you want me to embarrass you,.

    Enjoy!

  31. Dr Loser says:

    One library call requests space for 9 integers but only 8 are used. That looks strange…

    Lots of things look “strange.” This one is hardly a poster-child for memory corruption, is it?

    My posts were quite serious. I’m not suggesting that the C++ version is at all well-designed.

    I am simply observing the following trivial points:

    1) There’s no need to move it out of C++. Just fix it.
    2) If you have to move it out of C++, then don’t use Pascal. Nobody else does. The GUI bindings almost certainly do not exist.
    3) Out in the local woods, I’m fairly confident that you would want something available on a small smart thingie. Which is to say, a mobile phone or a tablet. Which is to say, an app- or web-based solution.
    4) And here’s the most important point.

    Again, I don’t wish to be rude, Robert, but there is no way in Hell that you are ever going to “hack” on this stuff, is there?

    If it makes you feel any better, the original “hacker” gave up five years ago. That would be about par for the course when you’re not being paid to update stuff.

  32. Dr Loser wrote, “There is no possible way that I can envisage you ever hacking this perfectly useable bit of ballistics-related software into anything at all that would be useful to anybody but you, personally.”

    Silly! This website is ample proof that I provide for others. I taught as well and have programmed since the 1960s.

    Usually hunters will develop a load and stick with it for years so the ballistics, once calculated can be carried around on paper or memorized as needed. A web-application is interesting though. That’s a bigger project I could do. GEBC does export HTML already. It wouldn’t be much of a job to make the input a form. Instead of the graph and tables being separate, they could be delivered on one page… Something to do over the winter after hunting and before planting and between snow-storms.

    PASCAL is certainly able to run a local application or a web-application. A rewrite may be the fastest way to eliminate the memory-corruption in the current version. It crashes from time to time in response to clicks. I’ve looked at the code and nothing obvious appears. A scan of the code revealed a bunch of inline type-conversions and the use of pointers. I suspect the problem is in there somewhere. One library call requests space for 9 integers but only 8 are used. That looks strange… It would be trivial to use a fixed array on the stack instead of an explicit pointer using PASCAL. The programme goes to great lengths to make lists variable in length but then crashes a lot. Fixing this is on my ToDo list. Programmes of this complexity that I write don’t crash, ever. In PASCAL limits can be explicitly declared and checked. There’s no need for a low-volume application like this not to do that. It’s not really a number-cruncher or data-mover. Most of the time it sits there displaying stuff so it hardly matters whether a few microseconds are wasted checking stuff during the operation. There isn’t really a need to keep data in linked lists or variable-length arrays because the total memory requirement is tiny and it’s only used briefly. Used longer, it could be swapped out. It’s more reliable to keep the code simple. The whole thing is about 3600 lines of C code. I could probably write it in 1000 with no lost features and a few added. For example, the plotting routine actually draws axes and such instead of just calling PGPLOT5 (non-commercial use) or GNUPLOT (BSDish licence) or other. That would save ~800 lines of code, nearly 1/4 of the job.

    UPDATE I ran the C debugger and got a clue:
    “(gdb) run
    Starting program: /home/pogson/bin/gebc
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library “/lib/x86_64-linux-gnu/libthread_db.so.1”.

    Program received signal SIGSEGV, Segmentation fault.
    0x00007ffff6b28a59 in free () from /lib/x86_64-linux-gnu/libc.so.6

    So, it’s almost certainly a pointer to a dynamic variable being screwed up.

  33. Dr Loser says:

    Is it valid to call Blue Hat Hackers just Hackers it is.

    The is the problem Dr Loser understand the complex now.

    I think I’ll stick with understanding “the simple,” oiaohm.

    You can cloak your ignorant and ineffectual simplicity in whatever gibberish you wish to cloak it.

    But, rest assured, almost everybody out here understands and sympathises with “the complex.”

    Just out of interest, which of many complexes do you suffer from?

    I have funds. I am charitable. I can contribute.

  34. Dr Loser says:

    And (drum roll, please, Paul), Number Five!

    If you’re going to port it at all, why not port it to the Web? That’s what most users would want. Correct me if I’m wrong, but if you’re in the local woods, and you’re lining up on your prey, you probably need to check the ballistics on the Web.

    (Or an App. Your choice of platform. But either way, a small smart thingie. Not something that requires Pascal to get past first base.)

    Here’s the good news on that one. Building a website is fun! Also, there’s every chance that you could get a gun club to sponsor you/pay for it/host it. I loathe PHP, but in this case I would suggest that PHP is the way to go.

    And here’s the bad news, Robert.

    You don’t actually give a stuff about hacking, do you?

    There is no possible way that I can envisage you ever hacking this perfectly useable bit of ballistics-related software into anything at all that would be useful to anybody but you, personally.

    Well, maybe the font adjustment was handy.

  35. Dr Loser says:

    Number four, and here we get into areas of hacking that might actually HELP.

    This is mostly a set of static tables defining a small number of variables across the weapons involved, plus obviously distance and atmospheric conditions and so on.

    Hey! Sounds like a spreadsheet application to me!

    Nope, you don’t need to use M$ Office to do this, Robert. You could easily port it to Libre Calc.

    There’s a personal benefit here and a community benefit. Personally, you would learn something new, ie Libre Calc macros. And the community would have a solution whereby they could just drop the relevant data into the relevant static tables, and hey presto!

    Works for everybody, no farting around required!

  36. Dr Loser says:

    Number three on the list? Leave it alone.

    That’s what the original author did. It hasn’t been updated since 2008 or so.

    Apparently it does its job. Nobody is complaining. Nobody needs an update. There are better ways to spend your twilight days than reinventing the wheel.

  37. Dr Loser says:

    Number two on the list: accept that GEBC is written in C++. Improve it.

    This one is close to being reasonable. Having examined (Free!) the code, the design is appalling, even though the engine (helpfully concealed as lib/ballistics/ballistics.cpp is only 17,000 lines long.

    There are several other horrible bits in there that completely ignore inheritance, templates, generic anything.

    Definitely needs a re-design, though. Go do that magic voodoo!

  38. Dr Loser says:

    Have you downloaded GEBC yet? I have. Good.

    Now, the completely clueless option is to “port” the thing to Pascal. Here’s why.

    It’s sheer self-indulgence. There is no possible benefit for anybody bar the author to gain from porting a perfectly operational C++ program into Pascal.

    Furthermore, at worst, you are going to introduce new bugs. At best, you are going to make it very, very difficult for anybody who doesn’t have a Pascal compiler (or 30-year-old Pascal knowledge) to exercise the Four Freedoms.

    But even given those minor issues, you’re still going to have to work around the Pascal bindings for the GUI.

    Are there any?

    This one rates a big fat Zero, I’m afraid. Humorous, but nothing much more than that.

  39. Dr Loser says:

    Well, anyway, I have time to spare, and since Robert’s actual subject (no matter what others might believe) was constructive *nix FOSS-style hackers, I thought I’d contribute in some sort of way to “hacking.”

    Specifically, in order to be useful, I decided that the most valuable way to do this was to analyse the possibilities of “hacking on” GEBC. As always in FOSS, this is an open discussion, so I’m just going to present the five opportunities that occur to me and accept alternative viewpoints. One per post, to keep this manageable. I’m going to order them in a completely arbitrary way — that is, in my arbitrary opinion, the first one is completely clueless and the final one might make some sort of sense.

    Here we go.

  40. Dr Loser says:

    Dr Loser funny you claim you worked for Microsoft yet you don’t know this.

    Yes, somehow I missed out on being interviewed by all 90,000 employees before being given a job. I must be a very special person.

    Go on, humour me. Provide the link again.

    Microsoft Offers bounties for Blue Hat Hackers. So yes Microsoft pays them.

    Yes indeed. Everybody pays these people straight-forward salaries, once they’re brought under some sort of management structure, oioahm. The Feds, IBM, presumably Red Hat … everybody.

    Kindly explain how this equates to “Microsoft funding evil.” Go on. It will do you good. At the very least you could find some tortured, yet admirably complex, contrast in English between the “evil” that Microsoft “funds” and the similar, yet so entirely different, “evil” that everybody else does.

    I believe, such as it was, that this “funding evil” was your pitiful little point.

    And your pitiful and still unproven little point has nothing to do with Robert’s assertion that Microsoft is being offensively rude to “hackers (type 1),” does it? So why are you bothering to repeat it? Oh, I know, Trolls. It’s your very favourite word, isn’t it? Of course, it’s entirely devoid of meaning when you use it. Typical sample:

    For troll usage it does not have to be 100 percent true.

    You do realise that you are effectively accusing yourself of being a Troll here, don’t you, oiaohm?

    Perhaps not.

  41. oiaohm says:

    Dr Loser already included a link define blue hat hackers. Follow the black hat link from the prior post and go 5 defines down.

    Microsoft invented the term Blue Hat Hacker.

    Dr Loser funny you claim you worked for Microsoft yet you don’t know this. Did you never attend Microsoft security review briefing. I know they are performed for bing and the term Blue Hat Hacker is in them.

    Dr Loser I did not call them blue hackers either. The term is exactly Blue Hat Hackers.

    Blue Hat Hackers are a sub branch of Hackers. They are part of the formal group that are Hackers. So Microsoft has insulted people they depend on as well.

    Microsoft Offers bounties for Blue Hat Hackers. So yes Microsoft pays them.

    For troll usage it does not have to be 100 percent true.

  42. Dr Loser says:

    This is my problem my english is not always bad. Its sometimes too complex for normal readers.

    I’m of the opinion, based upon years of reading it, that your English is indeed always bad. However, that opinion is irrelevant. What is relevant is that almost nothing you say, in whatever language, has any noticeable contact with reality. On your latest excursion:

    Then you pull up where MS has employment contracts employ who they call Bluehat Hackers…

    … the best that can be said for this is that it is completely irrelevant to Robert’s post.

    Furthermore, if this proposition demonstrates that Microsoft in the context of hackers and hacking are “funding evil,” then I believe you need two links at least: one to define what “Blue Hackers” might be, and one to explain how in the world this could be construed as “funding evil.”

  43. oiaohm says:

    Dr Loser the clue was the line before and you did not take the context. This is my problem my english is not always bad. Its sometimes too complex for normal readers.

  44. oiaohm says:

    –This is the problem you could play by Microsoft miss usage of words that they are funding evil.–
    This is a complex sentence.

    One you have MS claims that
    –Hackers develop and deploy viruses, worms, and other malicious software programs that attack our products and services and gain access to our networks and data centers. Groups of hackers may also act in a coordinated manner to launch distributed denial of service attacks, or other coordinated attacks.–
    Then you pull up where MS has employment contracts employ who they call Bluehat Hackers.

    Play does not mean the statement is valid. Someone now has all the means to Troll Microsoft that they employ evil hackers due to miss defining the word.

    Is it valid to call Blue Hat Hackers just Hackers it is.

    The is the problem Dr Loser understand the complex now.

    Incorrect usage of terms opens the doors to Trolls and companies should avoid it.

  45. Dr Loser says:

    It’s a gentle prod by using your own assertion against you, oiaohm. Nobody’s English is perfect, I agree. But most of us avoid making stupendously silly and brainless comments like

    This is the problem you could play by Microsoft miss usage of words that they are funding evil.

    That’s not the world’s finest example of a coherent English sentence, either. Parse it any way I try, however, it appears be a claim that, in the context of hackers and hacking, Microsoft is somehow “funding evil.”

    Quite a long way away from the quote Robert derived from the 10-Q, I would say. And, as is your wont, completely uncorroborated.

  46. oiaohm says:

    Dr Loser
    –Fear not, oiaohm, it’s still possible to learn it. Even at your advanced age.–
    Really even you have flawed english. Really the truth is no one really can use English perfectly.

  47. Dr Loser says:

    Correct english would be such a god send at times.

    Fear not, oiaohm, it’s still possible to learn it. Even at your advanced age.

  48. oiaohm says:

    http://en.wikipedia.org/wiki/Black_hat_hacking#Black_hat

    There is a formal term for evil form of Hackers. They are the Black Hats.

    Classifications are important.

    Even Microsoft employs Blue Hat hackers.

    This is the problem you could play by Microsoft miss usage of words that they are funding evil.

    Correct english would be such a god send at times.

  49. Dr Loser says:

    Why even use the term “hacker” when they meant “evil programmer”?

    Because, Robert, outside of anime and James Bond movies, that would just sound silly and unprofessional. Here, let me demonstrate by inserting it into your quote from the 10-Q in question. (Incidentally, it’s rather low down on page 50, which suggests that it’s basic boilerplate, but whatever.)

    Threats to information technology (“IT”) security can take a variety of forms. *Evil programmers* develop and deploy viruses, worms, and other malicious software programs that attack our products and services and gain access to our networks and data centers. Groups of *evil programmers* may also act in a coordinated manner to launch distributed denial of service attacks, or other coordinated attacks.

    Don’t you see how ridiculous that makes your claims sound? Think of me as your PR guy. You sound like an absolute berk in this instance. Stop doing it.

    Oh, and about that precipitous drop from $4 billion to ~$3 billion?

    Even allowing for your underestimate of the $4 billion, it never actually happened, did it?

    Doesn’t matter to me either way. I just earn a crust from whatever drops out the other end of the cheese-grater.

  50. That Exploit Guy says:

    Of course they do. They want to spread the FUD that hackers are amateurs and that FLOSSies are amateurs.
    Strange. I thought they worked for Google or some such.

  51. Dr Loser wrote, “Does Microsoft conflate “hackers (1)” and “hackers (2)”? Of course they don’t!”

    Of course they do. They want to spread the FUD that hackers are amateurs and that FLOSSies are amateurs. They’ve done that for decades. Why even use the term “hacker” when they meant “evil programmer”? They chose an ambiguous term. I didn’t. Go scold M$.

  52. Dr Loser says:

    bw, maligning millions of decent human beings …

    Oh, you’re absolutely right, Robert, he did. Maybe tens of thousands rather than millions, but your hyperbole is understandable. bw has his own perspective, however.

    Which brings us back to yours, doesn’t it? Is there a distinction between “hackers (1)” and “hackers (2)”? Of course there is!

    Does Microsoft conflate “hackers (1)” and “hackers (2)”? Of course they don’t!

    This quite straightforward point renders your entire post moot. Sometimes it is best just to admit to an excess of enthusiasm, rather than to keep digging the hole deeper and deeper.

  53. That Exploit Guy says:

    If, as was done by Microsoft with defending the Windows image…
    Brand-wise, that seemed to only amount to “not much”, but I digress.

  54. bw, maligning millions of decent human beings wrote, “A hacker today is an evil entity.”

  55. Dr Loser says:

    Apparently, M$ does not get the distinction.
    Your evidence for this being, what?
    It clearly isn’t the paragraphs you cite, which do not stray one millimetre from definition number 1.
    There are arguments to be made regarding Microsoft’s attitude towards hackers (definition 2) and Linux in general. You’d be better off making those arguments, I think, than you are in projecting a wishful dream of what you would like Microsoft to believe.

    (For the record, incidentally, Microsoft employs hundreds, probably thousands, of “hackers” by the second definition. They don’t discriminate on the basis of favourite OS.)

  56. bw says:

    Currently, “hacker” is used in two main conflicting ways

    That Wikipedia definition is itself biased by a sort of dweebness that strives for hair-splitting definition. The vernacular almost universally paints a hacker as a malicious person who delights in cracking security schemes and either stealing information/money or vandalizing someone’s computer or website. Ask 100 random people and you will get the same sort of answer. When some SSN’s are stolen, it is always “hackers” that broke in. And so on.

    Hobbyist hackers who want to cling to the label as sort of a badge of honor and achievement have to realize that they lost the brand through years of failing to defend it. If, as was done by Microsoft with defending the Windows image, they had aggressively defended what they believe to be a mis-characterization of the term, they might be more respected today and the perpetrators may be termed vandals, or felons, or information terrorists or some other popular label. But they were too lazy and have to suffer the consequences. A hacker today is an evil entity.

  57. Dr Loser wrote, “This distinction is universally acknowledged”.

    Apparently, M$ does not get the distinction. You would think that they would be more precise in their language considering the consequences of false statements to the SEC and the public.

  58. Dr Loser says:

    A little disingenuous, Robert?

    Currently, “hacker” is used in two main conflicting ways

    1.as someone who is able to subvert computer security; if doing so for malicious purposes, the person can also be called a cracker.

    2.a member of the Unix or the free and open source software programming subcultures, or one who uses such a style of software or hardware development.

    This distinction is universally acknowledged — in fact I seem to recall that ESR makes it himself, somewhere. Given such a distinction, your thesis seems to fall apart.

    (It would be churlish of me to mention the third meaning of “hacker,” which applies to weekend golfers and the like. For the purposes of discussion, let’s pretend that this definition does not exist.)

  59. Aieee a Ballhogg says:

    ESR has proposed using the glider as an emblem for hackerdom.
    http://www.catb.org/hacker-emblem/faqs.html

Leave a Reply