From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-08-07 16:56:38 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newshub2.home.com!news.home.com!news1.sttln1.wa.home.com.POSTED!not-for-mail From: "Mark Lundquist" Newsgroups: comp.lang.ada References: <3B6555ED.9B0B0420@sneakemail.com> <87n15lxzzv.fsf@deneb.enyo.de> <3B672322.B5EA1B66@home.com> <3B682D53.5F32CDD1@gascad.at> Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Message-ID: Date: Tue, 07 Aug 2001 23:55:36 GMT NNTP-Posting-Host: 24.248.56.237 X-Complaints-To: abuse@home.net X-Trace: news1.sttln1.wa.home.com 997228536 24.248.56.237 (Tue, 07 Aug 2001 16:55:36 PDT) NNTP-Posting-Date: Tue, 07 Aug 2001 16:55:36 PDT Organization: Excite@Home - The Leader in Broadband http://home.com/faster Xref: archiver1.google.com comp.lang.ada:11559 Date: 2001-08-07T23:55:36+00:00 List-Id: "Karl Heinz Buchegger" wrote in message news:3B682D53.5F32CDD1@gascad.at... > > > Preben Randhol wrote: > > > > The point is that if you look at the security bugs in Linux or Microsoft > > software they consists mainly of buffer overflow bugs. This comes from > > using languages such as C and C++ which allow buffer overflow due to > > their design. > > This comes from having programmers, which are unaware of what > they are doing. True enough... > > > Other languages eliminate this problem to a large extent. > > Better education and taking care of that problems helps a lot. > No need to change tools if you know how to work with them. I understand the notion here, and I disagree. You're right that people should understand the tools they work with. But the desire to change tools can come when you realize that the tool you're using is a PAIN IN THE BUTT. :-) Having to code my own array bounds checking would be a PitB. The whole point of computing is to automate things. If it can be automated "for free", then it should be. I know about the string classes in C++. But the cool thing about constraint checking (including array bounds checking) in Ada is that the subtype constraint rules work in such a way as to allow the compiler to optimize away the checks when it can prove that they are not necessary. You can only get that if bounds checking is part of the language. You might have a good tool, and you understand to work with it. Then you say, "I understand this tool, and it is good!". Or you might have a crappy tool, and you understand it, too. Then you say, "I understand this tool, and it sucks! Give me something better." That's what I'd say, anyway... :-)