[Gllug] (no subject)

t.clarke tim at seacon.co.uk
Fri Nov 7 13:12:13 UTC 2003 

Richard Jones <rich at annexia.org>  wrote:-
>On Fri, Nov 07, 2003 at 12:27:09PM +0000, Richard wrote:
>[Bill [Gates?] waffle about "securotics".]
>
>I think the point Mr Gates might be making is a valid one: languages,
>compilers, operating systems and hardware should be performing more
>automatic checks.
>
>There's really no excuse in 2003 to be writing critical infrastructure
>in a language which doesn't support bounds checking, strong typing and
>data tainting. There's not much more excuse for using a system which
>doesn't have strong security mechanisms such as capabilities or ACLs,
>all enforced by the hardware.
Not being a computer-science graduate I am not at all sure what strong typing
and data tainting is, although I can have a fair guess at 'bounds checking'.

How does one in the compiler prevent the program at runtime from using a value
in an index which is out of range, other than detecting the error and bombing
out ?

>
>Neither Linux nor Windows perform adequately when measured against the
>standards of the best of systems from the 70s.
>
>Interesting paper on a similar subject:
>
>http://www.cs.bell-labs.com/who/rob/utah2000.ps
Interesting - will read with interest.




On a more general point, Rich's sentiments would seem very laudable, but bearing
in mind M$'s record to date, I would have grave doubts that shoving more
responsibility on the O-S is at all a good idea.  To me, the concept appears to
be more about locking people in to the O-S.  I take the view, rightly or wrongly
and probbaly from the perspective of the ill-educated in these matters, that
the OS should stick to talking to the hardware, scheduling, managing filesystems
etc and leave the applications to do all the other clever stuff mentioned.
That might well mean less 'interoperability' as M$ sees it, but it also leaves
users free to run what software they like, rather than software expensively
produced to interface to an over-complex and probably fragile O-S.

Tim

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug

More information about the GLLUG mailing list