From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,8623fab5750cd6aa
X-Google-Attributes: gid103376,public
Path: 
 g2news1.google.com!news1.google.com!news.glorb.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!elnk-atl-nf1!newsfeed.earthlink.net!stamper.news.atl.earthlink.net!newsread2.news.atl.earthlink.net.POSTED!d9c68f36!not-for-mail
Message-ID: <40CA0032.3010103@noplace.com>
From: Marin David Condic <nobody@noplace.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
 rv:1.0.1) Gecko/20020823 Netscape/7.0 (OEM-HPQ-PRS1C03)
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Re: Improving Ada's image - Was: 7E7 Flight Controls Electronics
References: <40b9c99e$0$268$edfadb0f@dread16.news.tele.dk>
 <ubrk5lwoo.fsf@obry.org>
 <pan.2004.05.30.18.03.35.769965@n_o_p_o_r_k_a_n_d_h_a_m.abyss2.demon.co.uk>
 <40ba315a$0$254$edfadb0f@dread16.news.tele.dk>
 <oLwuc.17575$be.14510@newsread2.news.pas.earthlink.net>
 <04udnR-eHNChzSbdRVn-vw@gbronline.com>
 <vfSuc.8469$hB2.7817@nwrdny03.gnilink.net>
 <7J0xc.7371$8k4.269106@news20.bellglobal.com>
 <1086630278.542788@master.nyc.kbcfp.com>
 <8xlxc.27603$sS2.845496@news20.bellglobal.com>
 <1086715817.122983@master.nyc.kbcfp.com>
 <Sspxc.21282$8k4.550716@news20.bellglobal.com>
 <1086733411.736049@master.nyc.kbcfp.com>
 <3Auxc.11998$XY6.1296622@read2.cgocable.net>
 <Ygyxc.21522$QT3.4694@nwrdny01.gnilink.net> <40C85035.4020706@noplace.com>
 <qShyc.51846$8k4.1132952@news20.bellglobal.com>
 <Akmyc.11948$wi2.7228@nwrdny01.gnilink.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Date: Fri, 11 Jun 2004 18:56:15 GMT
NNTP-Posting-Host: 165.247.66.89
X-Complaints-To: abuse@earthlink.net
X-Trace: newsread2.news.atl.earthlink.net 1086980175 165.247.66.89 (Fri,
 11 Jun 2004 11:56:15 PDT)
NNTP-Posting-Date: Fri, 11 Jun 2004 11:56:15 PDT
Organization: EarthLink Inc. -- http://www.EarthLink.net
Xref: g2news1.google.com comp.lang.ada:1402
Date: 2004-06-11T18:56:15+00:00
List-Id: <comp.lang.ada>

So if the protocol is weak and is the source of security errors, then 
how does implementing the same protocol in Ada gain anything? Or would 
it be "interesting" to watch a bunch of guys try to make it so by 
rewriting the exact, same logic flaws in Ada? :-)

OTOH, if you come up with a whole *new* protocol that is designed to add 
security and other beneficial features, then perhaps you have that 
elusive "Enhanced App" that adds genuine value? But, of course, the 
value didn't get added just because it was written in Ada.

MDC

Hyman Rosen wrote:
> 
> Check out this paper, back from 1995, on the security issues of BIND.
> <http://www.usenix.org/publications/library/proceedings/security95/full_papers/vixie.txt> 
> 
> 
> You will notice that most of the problems mentioned have to do with
> attacks against the protocol, by forming messages in various unexpected
> ways, by spoofing fields, and by mucking about with connections. Using
> a language like Ada (or Java, for that matter) will certainly protect
> against buffer overflows, but not against the logical errors described.
> 
> That's why it would be really interesting to see an Ada version of BIND.


-- 
======================================================================
Marin David Condic
I work for: http://www.belcan.com/
My project is: http://www.jsf.mil/NSFrames.htm

Send Replies To: m   o   d   c @ a   m   o   g
                    c   n   i       c   .   r

     "Face it ladies, its not the dress that makes you look fat.
     Its the FAT that makes you look fat."

         --  Al Bundy

======================================================================