From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-10 08:39:51 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newshub2.home.com!news.home.com!news1.rdc2.on.home.com.POSTED!not-for-mail Message-ID: <3B73FEA5.D4B46E89@home.com> From: "Warren W. Gay VE3WWG" X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: How Ada could have prevented the Red Code distributed denial of References: <9kpo9r$415@augusta.math.psu.edu> <5drpk9.l0e.ln@10.0.0.2> <9krhd2$6po@augusta.math.psu.edu> <3B7225A1.DC95C8A6@home.com> <3B73378B.EF7E2C10@home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Fri, 10 Aug 2001 15:32:44 GMT NNTP-Posting-Host: 24.141.193.224 X-Complaints-To: abuse@home.net X-Trace: news1.rdc2.on.home.com 997457564 24.141.193.224 (Fri, 10 Aug 2001 08:32:44 PDT) NNTP-Posting-Date: Fri, 10 Aug 2001 08:32:44 PDT Organization: Excite@Home - The Leader in Broadband http://home.com/faster Xref: archiver1.google.com comp.lang.ada:11769 Date: 2001-08-10T15:32:44+00:00 List-Id: Ted Dennison wrote: > In article <3B73378B.EF7E2C10@home.com>, Warren W. Gay VE3WWG says... > >Bart.Vanhauwaert@nowhere.be wrote: > >> Don't be silly. Nothing is perfect. Any serious decision is a > >> trade-off. > > > >You are correct that there are trade-offs. I guess what annoys > >me is just how low the standard is for "good enough" in so > >many circles. Microsoft's being one of the most offensive. > > As near as I can tell, they actually take software design theory *far* more > seriously at Microsoft that most folks give them credit for. You may be right about this, but it's hard for us on the outside to see much evidence of it ;-) > I think the issue > here is that Microsoft happens to be the world's biggest believers in the > time-tested "Worse is Better" design philosophy. (see > http://www.ai.mit.edu/docs/articles/good-news/subsection3.2.1.html ). This is > great for Microsoft, but no so great for things that need to be carefully > designed in, like security and reliablity. But then, they are a publicly-traded > company, so "great for Microsoft" trumps all other considerations for them. :-) Quite true. This is why they also don't give much consideration to fixing problems on their platforms. They don't have to care, so it is easy for them to say "just reinstall your software". Instead, they'll offer some small tweak in the next version (for you to buy), that somehow placates the poor locked in customer.. > Again, great for Microsoft, crappy for security. I think this is one _downfall_ that will eventually force them to put more "quality" in. Before the Windows platform had TCP/IP access, this was of no concern to them, and they pretty much could ignore security (what a simple life it is, when we can do that on any platform ;-) Now that M$ has to keep coming out with rapid patches to holes that keep being exploited, they may finally get to the point some day where they may want to improve their image on this point, and treat security with greater care. But it is likely going to require more competition before they'll bring themselves to this point, so one keeps hoping that Apple will get their act together as competition. On the server side, I do believe that they are feeling some pressure from Linux in this regard, though Red Hat (by default) has been pretty lame in security, from what I can see. In this vein, I'd love to see sendmail and bind/named done in Ada. That would not solve all of the security issues, but at least would eliminate most, if not all of the code exploit issues. -- Warren W. Gay VE3WWG http://members.home.net/ve3wwg