From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00,TO_NO_BRKTS_FROM_MSSP autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 107f24,582dff0b3f065a52 X-Google-Attributes: gid107f24,public X-Google-Thread: 103376,bc1361a952ec75ca X-Google-Attributes: gid103376,public X-Google-Thread: 109fba,582dff0b3f065a52 X-Google-Attributes: gid109fba,public X-Google-Thread: 1014db,582dff0b3f065a52 X-Google-Attributes: gid1014db,public X-Google-ArrivalTime: 2001-08-03 12:56:11 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!feed.textport.net!newsranger.com!www.newsranger.com!not-for-mail Newsgroups: comp.lang.ada,comp.lang.c,comp.lang.c++,comp.lang.functional From: Ted Dennison References: <3b690498.1111845720@news.worldonline.nl> <9kbu15$9bj@augusta.math.psu.edu> <3b6a453c.1193942215@news.worldonline.nl> <9keejl$fhj@augusta.math.psu.edu> Subject: Re: How Ada could have prevented the Red Code distributed denial of service attack. Message-ID: X-Abuse-Info: When contacting newsranger.com regarding abuse please X-Abuse-Info: forward the entire news article including headers or X-Abuse-Info: else we will not be able to process your request X-Complaints-To: abuse@newsranger.com NNTP-Posting-Date: Fri, 03 Aug 2001 15:56:02 EDT Organization: http://www.newsranger.com Date: Fri, 03 Aug 2001 19:56:02 GMT Xref: archiver1.google.com comp.lang.ada:11260 comp.lang.c:71988 comp.lang.c++:79793 comp.lang.functional:7276 Date: 2001-08-03T19:56:02+00:00 List-Id: In article , Preben Randhol says... > >If an app uses 10 seconds more to startup or 5% longer to complete a >task, where is the hurt? I am pretty sure that if you also put into >the equation all that time that is spent after a program has crashed >etc.. you will find that you don't loose time on software with better >quality. Perhaps, but I think all this talk overstates the case on the supposed speed penalty of array bounds checks. It usually isn't that much. First off, it doesn't affect all code, just array indexing. Secondly, optimizers can often get rid of the checks, or hoist them out of loops (something that is probably more difficult, if not impossible, for checks you put in yourself manually in C). Thirdly, if you find it *is* a real impact in some instance, you can just turn them off (locally, or for the whole program). So really we are talking about trading a *theoretical* minor speed difference (which may not even exist in reality, and can be gotten rid of with a little work if it *does* exist) for safety (in the aggregate, a guaranteed lower occurance of bugs and security breaches). That's not much of a trade in my book. The "black-hat" security experts at CotDC seem to agree. :-) --- T.E.D. homepage - http://www.telepath.com/dennison/Ted/TED.html home email - mailto:dennison@telepath.com