From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-02 11:06:21 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news.ems.psu.edu!not-for-mail From: cross@augusta.math.psu.edu (Dan Cross) Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Date: 2 Aug 2001 14:06:20 -0400 Organization: Mememememememmeme Message-ID: <9kc4qs$ah0@augusta.math.psu.edu> References: <9kbvsr$a02@augusta.math.psu.edu> <9kc2mo$rbb$1@nh.pace.co.uk> NNTP-Posting-Host: augusta.math.psu.edu X-Trace: boatanchor.ems.psu.edu 996775581 7997 146.186.132.2 (2 Aug 2001 18:06:21 GMT) X-Complaints-To: security@psu.edu NNTP-Posting-Date: 2 Aug 2001 18:06:21 GMT Xref: archiver1.google.com comp.lang.ada:11116 comp.lang.c:71701 comp.lang.c++:79417 comp.lang.functional:7211 Date: 2001-08-02T18:06:21+00:00 List-Id: In article <9kc2mo$rbb$1@nh.pace.co.uk>, Marin David Condic wrote: >If it is true that "The more possible programming related defects you need >to >consider, the more you think about your design" then it stands to reason >that we all ought to go back to programming in machine code. After all, I >can't think of a better way of increasing the number of possible programming >defects than having to worry if the zero you just wrote should have been a >one. Machine code programming ought to result in bullet-proof, perfect >software design! :-) Err, I think you're refering to Daniel Fischer here, not me. Watch the attributions, please. :-) I think there is a definite trend to treat more complex things with more thought. But, I contend that part of addressing the complexity is to use tools that eliminate some of it, including programming language. Therefore, if programming in, say, Ada instead of C reduces some of the complexity of the task, then that's a good thing. >I'm not against someone bench-checking their code for errors - maybe >re-reading it as you tidy up the format and re-thinking your assumptions - >or even just leaning back and thinking about the design and wondering if >there is a better way. I do that all the time. (Of course there comes a time >when you need to shoot the programmers and move along into production.) But >I just don't think it is reasonable to believe that adding automated checks >for errors can be anything *but* a good thing. Part of any software development process should be, IMHO, desk checking code via formal reviews (and design, requirements, etc...). In general, I think we need more rigor, not less, but we also need better tools so that we can apply that rigor to the appropriate places (design sticks out in my mind most clearly) instead of the dull minutae of programming. - Dan C.