From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-ArrivalTime: 2001-08-02 17:34:50 PST Path: archiver1.google.com!news2.google.com!postnews1.google.com!not-for-mail From: mjsilva@jps.net (Mike Silva) Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: 2 Aug 2001 17:34:50 -0700 Organization: http://groups.google.com/ Message-ID: <5267be60.0108021634.27840dfc@posting.google.com> References: <5ee5b646.0108010949.5abab7fe@posting.google.com> <%CX97.14134$ar1.47393@www.newsranger.com> <9k9if8$rn3$1@elf.eng.bsdi.com> <9k9nci$1cq$1@nh.pace.co.uk> <$Id63yuv4BjB@eisner.encompasserve.org> <9kbqea$obt$1@nh.pace.co.uk> NNTP-Posting-Host: 209.239.198.59 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 996798890 2264 127.0.0.1 (3 Aug 2001 00:34:50 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 3 Aug 2001 00:34:50 GMT Xref: archiver1.google.com comp.lang.ada:11154 comp.lang.c:71781 comp.lang.c++:79517 comp.lang.functional:7232 Date: 2001-08-03T00:34:50+00:00 List-Id: "Marin David Condic" wrote in message news:<9kbqea$obt$1@nh.pace.co.uk>... > The "Any *competent* programmer..." argument never holds up when the number > of programmers needed to do the job gets much beyond "1" - and probably not > even then. Here's a simple fact of life: People are stupid from time to > time. Some more than others. Some more frequently than others. Some in a > continuous state of stupidity. When you have to hire 1000 programmers for > some job at hand, you can bet your life that the staff is not going to be > 100% "A-Team" players. If you are counting on everyone being 100% at all > times in order to not produce stupid errors, then you're living in a fool's > paradise. Once I watched two drivers "disagree." After a bit, one of the drivers simply began responding "Because you're stupid!" to everything the other driver said. Whenever I read "any *competent* programmer..." or the like I'm reminded of "Because you're stupid!" Yes, even the most competent person is stupid, to a greater or lesser degree, from moment to moment. As Nancy Leveson drolly stated in "Safeware" (slight paraphrase): "Telling not to make mistakes in not productive." I can think of no logical reason not to use tools that can catch common human programming errors, whether at compile time or runtime (and for those who complain about a few percent performance hit at runtime, it's almost certainly not a real issue, but if it is (a) wait a week and buy faster hardware, or (b) turn off the most time-critical checks). It really is time to get past the "real programmers vs. sissies" attitude I see in so many of these discussions. Mike > "Larry Kilgallen" wrote in message > news:$Id63yuv4BjB@eisner.encompasserve.org... > > At a 50,000 foot level, it is better to equip the troops with tools that > > have safety guards on them. They may remove the guards from time to time, > > but that is better than for a giant corporation to pretend it is capable > > of only hiring people who are so skilled that they would never need a > > safety guard.