From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.6 required=5.0 tests=BAYES_20,FREEMAIL_FROM, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-ArrivalTime: 2001-08-02 12:29:18 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!canoe.uoregon.edu!arclight.uoregon.edu!wn4feed!worldnet.att.net!135.173.83.71!wnfilter1!worldnet-localpost!bgtnsc06-news.ops.worldnet.att.net.POSTED!not-for-mail Message-ID: <3B69996C.856BFD16@yahoo.com> From: CBFalconer Reply-To: cbfalconer@worldnet.att.net Organization: Ched Research X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. References: <%CX97.14134$ar1.47393@www.newsranger.com> <9k9if8$rn3$1@elf.eng.bsdi.com> <9k9nci$1cq$1@nh.pace.co.uk> <9k9s85$s0o$1@elf.eng.bsdi.com> <9kbnvk$nf0$1@nh.pace.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 02 Aug 2001 19:29:17 GMT NNTP-Posting-Host: 12.90.175.140 X-Complaints-To: abuse@worldnet.att.net X-Trace: bgtnsc06-news.ops.worldnet.att.net 996780557 12.90.175.140 (Thu, 02 Aug 2001 19:29:17 GMT) NNTP-Posting-Date: Thu, 02 Aug 2001 19:29:17 GMT Xref: archiver1.google.com comp.lang.ada:11128 comp.lang.c:71727 comp.lang.c++:79448 comp.lang.functional:7222 Date: 2001-08-02T19:29:17+00:00 List-Id: Marin David Condic wrote: > ... snip ... > > A more important question to toss out would be "What is the cost incurred > when someone *does* find a hole to exploit and *does* break in?" If you are > building an OS that is going to be used by web servers, that cost can be > pretty high. If the cost is high, one ought to consider investing in the > stronger lock rather than the dime-store-cheapie that can be got around with > a bobby pin. That's where Microsoft might have a big advantage by developing > an OS using Ada - it doesn't cover all the possible holes, but it sure is > going to cover some non-trivial number of them and that might save them and > their customers a lot of money by preventing some number of attacks. Call it > "Insurance". ** PLEASE do not top-post. I am tired of fixing quotations or losing continuity. A suitable carrot would be responsibility for software performance. If firms refused to buy systems or applications without suitable performance warranties, and sued for failure to meet those warranties, software would rapidly improve. Bottom lines might not (improve) for some shakeout time. -- Chuck F (cbfalconer@yahoo.com) (cbfalconer@XXXXworldnet.att.net) (Remove "XXXX" from reply address. yahoo works unmodified) mailto:uce@ftc.gov (for spambots to harvest)