Daniel J. Bernstein

From Quotes
Life is a rollercoaster. Try to eat a light lunch.
David A. Schmaltz
Jump to: navigation, search

Daniel J. Bernstein (known among users of his software and members of his mailing lists as simply "djb") is a professor at the University of Illinois at Chicago, a mathematician, a cryptologist, and a programmer, noted as the author of the computer software qmail and djbdns.

  • "The great thing about attackers is that there are so many to choose from!" [1]
  • "I like it." (when asked why he always dresses in black) [2]

On testing

  • "Of course, the test difficulty depends on what you're doing, and on how you're doing it. I'm constantly asking "How much would I have to screw this up to write an incorrect function that passes these simple tests?" Occasionally the answer is "Not much," so I'll throw the code away and start over. It was probably perfect code, but that's not good enough." [3]
  • "I often see people saying 'Nobody has produced an invulnerable software system; therefore, nobody will ever produce an invulnerable software system.'

    "By the same bogus reasoning, nobody will ever reach Mars; nobody will ever find MD5 collisions; nobody will ever cure cancer; nobody will ever prove the Poincare conjecture; nobody will ever clone a human; nobody will ever build a 1GHz CPU; nobody will ever find SHA-1 collisions; nobody will ever break the sound barrier; etc." (15 January 2005) [4]

  • "So it's tempting to incorporate a smaller resolver library into qmail. [...] I'd no longer be able to blame the BIND authors and vendors for the fact that attackers can easily use DNS to steal mail." [From the file "THOUGHTS" of the qmail distribution]


Bernstein is well-known for his debating style on various electronic fora. He does not suffer fools gladly, and in refuting them, has produced many a turn of phrase found by others to be amusing or pithy. A selection of quotations from his messages to various mailing lists in 1997 follows.

  • Just because it's automatic doesn't mean it works.
  • Anyway, I'm interested in what works, not in philosophical bullshit.
  • (In response to another poster's assertion that "As today's unices are very stable, crashing operating systems are not an issue.") Don't be silly. Every minute there's a UNIX system crashing somewhere.
  • There's an engineering term for systems like that: "garbage".
  • I'm not interested in security through obscurity. I want real security mechanisms, solutions that work for _everybody_. Yes, that's a lot more difficult than randomly blowing away "suspicious" portions of the Internet mail infrastructure, but it's the Right Thing To Do.
  • Be careful what you wish for you just might get it.
  • That section of the fetchmail man page is wild speculation; it has never had any relation to reality.
  • From a security perspective, if you're connected, you're screwed.
  • I don't care where you think your resources are going. If you know, show me the measurements. If you don't, stop wasting my time.
  • CAPS has surpassed ETRN in the "Most absurd use of port 25" contest.
  • Some parts of RFC 821 are simply too absurd to tolerate.
  • Make up your mind. Do you want to declare that your filters are effective, or do you want to find out how effective they actually are?
  • In general, the Internet was not designed to accommodate deliberate failures to communicate.
  • (In response to another poster's assertion that Windows NT is easier to configure than an otherwise-similar Unix system) Indeed. With NT, I can usually see in a matter of minutes that what I'm trying to do simply can't be done with the available software.
  • Profile. Don't speculate.
  • Compression saves bandwidth. What a surprise.
  • I don't have much respect for the people who run the Internet, but as a practical matter there are certain lines that can't be crossed without their approval.
  • The average user doesn't give a damn what happens, as long as (1) it works and (2) it's fast.
  • I'm not saying that this is how things should be. I'm saying that this is how things are.
  • I do engineering, not religion.
  • Duh-duh-duh... Buffer Overflow!
  • I thank God for not making me a computer scientist.
  • It seems some people do not have atomically synchronized watches and some do
  • I will be starting the lecture in SEVEN ... SIX ... FIVE ... ...
  • This is UNIX. Stop acting so helpless!
  • The new glue is, unfortunately, ignored by recent versions of the BIND cache; the detailed technical explanation for this is that the BIND company is a bunch of idiots.
  • I have discovered that there are two types of command interfaces in the world of computing: good interfaces and user interfaces. Source
  • Unless you have a hundred unanswered questions in your mind you haven't read enough...

External links

Wikipedia has an article about: