From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-ArrivalTime: 2001-08-01 15:40:07 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.direct.ca!look.ca!pln-w!spln!dex!extra.newsguy.com!newsp.newsguy.com!elf.eng.BSDI.COM!not-for-mail From: Chris Torek Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: 1 Aug 2001 14:27:33 -0700 Organization: None of The Above Sender: torek@bsdi.com Message-ID: <9k9s85$s0o$1@elf.eng.bsdi.com> References: <%CX97.14134$ar1.47393@www.newsranger.com> <9k9if8$rn3$1@elf.eng.bsdi.com> <9k9nci$1cq$1@nh.pace.co.uk> NNTP-Posting-Host: p-409.newsdawg.com Xref: archiver1.google.com comp.lang.ada:10996 comp.lang.c:71444 comp.lang.c++:79182 comp.lang.functional:7117 Date: 2001-08-01T14:27:33-07:00 List-Id: In article <9k9nci$1cq$1@nh.pace.co.uk> Marin David Condic writes: >Well, that's rather assuming that there will be some constant level of bugs >in all software regardless of language of implementation. No, not at all. I agree that there are (more or less) objective measures that show that the defect rate in some languages (e.g., Ada) is far lower than the defect rate in other languages (C, assembler, etc). I will even agree with one who argues that it would be harder to break into a system with 100 defects than one with 1000. But as far as actual breakins go: >There you will find additional evidence that language choice *does* >make a difference in terms of productivity and defects. Until you get the number of defects close to zero -- I am not sure "how close" is required; obviously zero suffices, given an appropriate definition of defects; but I think zero is also unachievable unless given an inappropriate definition :-) -- there will still be "exploitable bugs" in systems. My argument is that, if we somehow achieved this more perfect world, the crackers would simply change their tactics: instead of using easily-cracked buffer overflow bugs, they would use more-difficult (but available today) tricks like TCP session record and replay. The "real world" analogy of locks is useful here. Locks can keep "mostly-honest" people honest, and the better the locks, the greater this effect becomes. It is certainly foolish to say: "well, this cheap lock does not stop some thieves, therefore we should eliminate all locks" -- but it is equally foolish to say "aha, this more-expensive lock stopped that particular thief, therefore we should all just use this lock and decree perfection". In other words, I do not dispute that code written in Ada tends to be better; I just think it is a mistake to go from there to "if only Microsoft wrote in Ada, there would be no more Code-Reds." -- In-Real-Life: Chris Torek, Wind River Systems (BSD engineering) El Cerrito, CA, USA Domain: torek@bsdi.com +1 510 234 3167 http://claw.eng.bsdi.com/torek/ (not always up) I report spam to abuse@.