From: Shark8 <OneWingedShark@gmail.com>
Subject: Re: Heartbleed
Date: Fri, 11 Apr 2014 22:58:29 -0600
Date: 2014-04-11T22:58:29-06:00 [thread overview]
Message-ID: <%J32v.70539$kp1.45343@fx14.iad> (raw)
In-Reply-To: <li9g34$9q8$1@dont-email.me>
On 11-Apr-14 13:33, Simon Clubley wrote:
> On 2014-04-11, kalvin.news@gmail.com <kalvin.news@gmail.com> wrote:
>> As a (embedded) C programmer, I have seen over and over again similar
>> problems appearing in the code I maintain. Also, I do make similar mistakes
>> ie. miss the bounds checking in the functions as I (wrongly) assume that
>> the bounds have been checked in upper levels which will eventually use my
>> functions. Not to mention crappy pointer trickery. I do blame C in many
>> respects, that it allows unsafe constructs and allows sloppy coding
>> practices. I am also surprised (actually dissapointed) that C is used so
>> widely. In my opinion, as a C programmer, C should not be allowed to be
>> used at all. C is broken, C is bad. C++ is also broken and C++ is bad. I
>> would like to see that programmers would adopt to something more secure
>> programming language, which would make creating buggy and sloppy software a
>> bit harder. Whether it is Ada or something else.
>>
>
> I strongly agree with this.
>
> C, even in 2014, is used for critical libraries so there's clearly a
> place for a simpler language with comparable functionality to C, but
> with the functionality done in a type safe way.
>
> Sadly, I agree with a previous post that it's unlikely to be Ada because
> of the vast range of systems these libraries run on and because of the
> major issues around getting Ada (which in this context really means GNAT)
> to run in a new environment.
Well, there are several of us who are looking into ameliorate that
condition w/ new open-source compilers.
> What may be a viable option would be if a simpler Wirth style language
> existed and whose compiler generated object code compatible with gcc
> and used binutils for it's assembling/linking phase.
Oberon?
> That compiler would be written in plain C making it easier to bring up
> in a new environment with foreign compilers.
I disagree; the compilers we build should *not* be dependent on C. --
There are too many easy-to-make errors, mistakes, and
implementation-dependencies to really ensure that such a compiler is
good. Indeed, I would argue that we need compilers built on
formal-methods and verified to be correct.
> For the libraries C is being used for and for which the security issues
> exist, you don't need a huge Ada style runtime with a huge Ada style
> language functionality that's damned difficult to port to a new
> environment.
I wonder about that; is the runtime that difficult to port? What about
having "staged" runtimes, with minimal, reduced, and nominal
functionality? (Perhaps using the restriction pragmas...)
Also, couldn't such a system be made so that the *really* system
dependent stuff is all hidden in a package-body and [relatively] easy to
port?
eg
Minimal : No tasking or protected objects, or unconstrained functions
allowed.
Reduced : No Tasking and Protected objects; but unconstrained functions
are allowed.
Normal : Everything.
> However, to stand a chance of displacing C you need a compiler which runs
> in the same range of environments as C does and you need libraries written
> using this language to be _easily_ callable from C and the other languages
> which currently use C libraries. That's the reality anyone wanting to
> replace C is facing.
I don't know -- it might be time for professionals concerned w/ security
to make a clean break and just use something else -- Eiffel is, from
what I understand, ideal for library-writing with its heavy emphasis on
interfaces [and design by contract].
> BTW, once you have people exposed to type safe programming, then maybe
> you can introduce them to Ada for the large projects. One of the major
> revelations for me over Heartbleed was seeing people discuss the need
> for a safer language and immediately jump to languages like Java.
Hm, good point.
Ada has some *REALLY* good features when it comes to
programming-in-the-large -- the YF-22 integration is astounding:
12 major avionics subsystems, across 650 Ada modules containing millions
of lines of code, coded in 8 geographically distinct locations, took
*three days!*
Source: http://archive.adaic.com/docs/present/engle/comments/tsld033.htm
> The idea that there might be a option in between, a traditional compiled
> language which offered type safe functionality simply didn't seem to
> occur to them. It's as if C, C++ and Java are the only languages most
> people seem to have heard about.
Yeah -- that's rather disgusting. I blame the prevalence of c-style
languages as well as universities 'targeting' them (that is to say
ignoring non-C-style languages).
next prev parent reply other threads:[~2014-04-12 4:58 UTC|newest]
Thread overview: 144+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-11 2:39 Heartbleed Charles H. Sampson
2014-04-11 7:59 ` Heartbleed Maciej Sobczak
2014-04-11 10:50 ` Heartbleed Pascal J. Bourguignon
2014-04-12 1:46 ` Heartbleed Charles H. Sampson
2014-04-11 12:43 ` Heartbleed kalvin.news
2014-04-11 19:33 ` Heartbleed Simon Clubley
2014-04-12 4:58 ` Shark8 [this message]
2014-04-12 7:15 ` Heartbleed Nasser M. Abbasi
2014-04-12 9:28 ` Heartbleed Georg Bauhaus
2014-04-12 9:33 ` Heartbleed Georg Bauhaus
2014-04-12 11:42 ` Heartbleed Pascal J. Bourguignon
2014-04-12 15:37 ` Heartbleed Nasser M. Abbasi
2014-04-12 18:56 ` Heartbleed Pascal J. Bourguignon
2014-04-12 20:29 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-12 20:34 ` Heartbleed Dmitry A. Kazakov
2014-04-12 20:47 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-12 20:53 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-15 10:02 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-15 12:35 ` Heartbleed Dmitry A. Kazakov
2014-04-12 21:57 ` Heartbleed Niklas Holsti
2014-04-13 13:08 ` Heartbleed Georg Bauhaus
2014-04-13 13:55 ` Heartbleed Pascal J. Bourguignon
2014-04-13 15:13 ` Heartbleed Dennis Lee Bieber
2014-04-13 15:36 ` Heartbleed Nasser M. Abbasi
2014-04-12 18:39 ` Heartbleed Simon Wright
2014-04-12 19:15 ` Heartbleed Pascal J. Bourguignon
2014-04-12 19:18 ` Heartbleed Pascal J. Bourguignon
2014-04-12 20:40 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-12 20:44 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-12 21:31 ` Heartbleed Niklas Holsti
2014-04-12 14:58 ` Heartbleed Dennis Lee Bieber
2014-04-12 18:28 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-12 18:22 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-12 18:38 ` Heartbleed Simon Clubley
2014-04-12 20:24 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-12 21:48 ` Heartbleed Simon Clubley
2014-04-17 6:15 ` Heartbleed Jacob Sparre Andersen
2014-04-17 15:55 ` Heartbleed Shark8
2014-04-17 21:01 ` Heartbleed Simon Clubley
2014-04-17 21:51 ` Heartbleed Shark8
2014-04-17 21:54 ` Heartbleed Alan Jump
2014-04-17 22:02 ` Heartbleed Adam Beneschan
2014-04-17 22:35 ` Heartbleed Simon Clubley
2014-04-17 22:55 ` Heartbleed Jeffrey Carter
2014-04-18 8:48 ` Heartbleed Simon Clubley
2014-04-18 18:02 ` Heartbleed Jeffrey Carter
2014-04-18 20:31 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-18 23:16 ` Heartbleed Pascal J. Bourguignon
2014-04-19 18:29 ` Heartbleed Simon Clubley
2014-04-21 22:50 ` Heartbleed Randy Brukardt
2014-04-18 1:38 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-18 14:59 ` Heartbleed Nasser M. Abbasi
2014-04-18 17:12 ` Heartbleed Alan Browne
2014-04-18 17:30 ` Heartbleed J-P. Rosen
2014-04-18 18:04 ` Heartbleed Jeffrey Carter
2014-04-18 18:34 ` Heartbleed Simon Clubley
2014-04-18 20:45 ` Heartbleed Jeffrey Carter
2014-04-18 21:35 ` Heartbleed Dennis Lee Bieber
2014-04-18 22:20 ` Heartbleed Jeffrey Carter
2014-04-18 22:41 ` Heartbleed Adam Beneschan
2014-04-19 15:53 ` Heartbleed Dennis Lee Bieber
2014-04-18 18:37 ` Heartbleed Alan Browne
2014-04-18 20:45 ` Heartbleed Jeffrey Carter
2014-04-18 21:06 ` Heartbleed Alan Browne
2014-04-18 22:20 ` Heartbleed Jeffrey Carter
2014-04-19 14:04 ` Heartbleed Alan Browne
2014-04-18 20:49 ` Heartbleed Shark8
2014-04-18 21:07 ` Heartbleed Alan Browne
2014-04-18 22:56 ` Heartbleed Nasser M. Abbasi
2014-04-19 4:27 ` Heartbleed tmoran
2014-04-18 21:17 ` Heartbleed Shark8
2014-04-19 18:59 ` Heartbleed Simon Clubley
2014-04-19 19:21 ` Heartbleed Shark8
2014-04-18 1:29 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-18 10:42 ` Heartbleed J-P. Rosen
2014-04-19 11:50 ` Oberon and Wirthian languages (was: Heartbleed) Ludovic Brenta
2014-04-19 12:46 ` Oberon and Wirthian languages Georg Bauhaus
2014-04-19 19:17 ` Simon Clubley
2014-04-19 19:25 ` Shark8
2014-04-19 16:35 ` Oberon and Wirthian languages (was: Heartbleed) Yannick Duchêne (Hibou57)
2014-04-19 19:32 ` Simon Clubley
2014-04-19 22:30 ` Dennis Lee Bieber
2014-04-19 22:35 ` Oberon and Wirthian languages Alan Browne
2014-04-19 16:53 ` Georg Bauhaus
2014-04-19 17:32 ` Simon Wright
2014-04-19 17:35 ` Jeffrey Carter
2014-04-19 18:06 ` Yannick Duchêne (Hibou57)
2014-04-19 18:53 ` Shark8
2014-04-19 20:08 ` Simon Clubley
2014-04-19 22:16 ` Simon Clubley
2014-04-21 13:06 ` Oberon and Wirthian languages (was: Heartbleed) Simon Clubley
2014-04-21 18:13 ` Simon Clubley
2014-04-21 18:45 ` Oberon and Wirthian languages Shark8
2014-04-21 23:26 ` Randy Brukardt
2014-04-22 0:21 ` Simon Clubley
2014-04-22 5:48 ` Shark8
2014-04-21 18:16 ` Jeffrey Carter
2014-04-22 0:34 ` Simon Clubley
2014-04-22 3:01 ` Jeffrey Carter
2014-04-22 23:31 ` Randy Brukardt
2014-04-22 6:41 ` Simon Wright
2014-04-22 12:25 ` Simon Clubley
2014-04-22 19:13 ` Niklas Holsti
2014-04-22 20:46 ` Simon Clubley
2014-04-22 23:38 ` Randy Brukardt
2014-04-23 12:16 ` Simon Clubley
2014-04-23 20:55 ` Simon Wright
2014-04-24 0:20 ` Simon Clubley
2014-04-24 13:05 ` Niklas Holsti
2014-04-24 18:51 ` Simon Clubley
2014-04-24 20:11 ` Niklas Holsti
2014-04-25 1:37 ` Randy Brukardt
2014-04-25 21:33 ` Simon Clubley
2014-04-25 21:55 ` Randy Brukardt
2014-04-25 23:16 ` Dennis Lee Bieber
2014-04-26 6:31 ` Niklas Holsti
2014-04-26 0:23 ` Nasser M. Abbasi
2014-04-26 2:46 ` Shark8
2014-04-26 2:52 ` Shark8
2014-04-26 6:37 ` Niklas Holsti
2014-04-26 6:19 ` Georg Bauhaus
2014-04-26 6:35 ` Georg Bauhaus
2014-04-26 6:42 ` Niklas Holsti
2014-04-26 17:15 ` Simon Clubley
2014-04-26 6:29 ` Niklas Holsti
2014-04-26 7:36 ` Dmitry A. Kazakov
2014-04-26 7:52 ` Georg Bauhaus
2014-04-26 8:09 ` Dmitry A. Kazakov
2014-04-26 18:32 ` Simon Clubley
2014-05-08 2:36 ` Randy Brukardt
2014-05-08 17:48 ` Niklas Holsti
2014-05-08 19:22 ` Randy Brukardt
2014-04-26 7:23 ` Simon Wright
2014-04-26 9:27 ` Niklas Holsti
2014-04-26 12:34 ` Simon Wright
2014-04-27 10:38 ` Simon Wright
2014-04-27 15:36 ` Simon Clubley
2014-04-27 14:26 ` Brian Drummond
2014-04-22 23:30 ` Randy Brukardt
2014-04-23 12:17 ` Simon Clubley
2014-05-14 9:39 ` Heartbleed gvdschoot
2014-04-12 22:01 ` Heartbleed Yannick Duchêne (Hibou57)
2014-04-18 17:58 ` Heartbleed Alan Browne
2014-04-18 17:24 ` Heartbleed - attacks? Alan Browne
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox