On Sun, 23 Dec 2007 01:06:39 -0600 "David Higgs" <[EMAIL PROTECTED]> wrote:
> On Dec 22, 2007 5:53 PM, Rico Secada <[EMAIL PROTECTED]> wrote: > > > It is my understanding that C is the hackers tool while Ada is the > > tool of the engineer. I think it is mostly because of tradition. > > Your understanding is wrong. I suspect that many professional > engineers using C (and/or other languages) would strongly disagree > with your offhand characterization. Any yet many would agree. > > You find Ada in almost all of Boings airplanes, and in most industry > > critical systems. Ada was written with compile time protection > > against bugs such as buffer-overflows and so on. > > Didn't I read a Slashdot article about the NYSE going to Linux? What > language is medical software written in? What about the competing > companies that aren't using Ada? How does their track record of > software faults compare? Lets address your question here: http://www.adacore.com/home/ada_answers/lookwho > Compile time protection isn't worth the time it takes to run them if > your specification has flaws, your code doesn't match the spec, or the > compiler has errors. There are MANY other types of errors that can > never be caught at compile-time. Just because these errors SHOULD be > accounted for in the program's spec doesn't mean that they WILL be. No but it sure makes a big difference, or maybe Airbus, Boing, EADS and BAE Systems are wrong on their choice? > > But like many has stated, what makes programs good and secure is the > > programmer, but IMHO the tools and languages are important too. > > > > You cannot use something like C in a really security demanding > > situation, and here I think about humans lives, like in spacecrafts. > > Completely false. You can use any tool you want with an appropriate > model of the system; this includes your tools and code. The software > for the original US moon missions was written in assembly code; > portions may still be in use today because of its extreme reliability. Did you post a list somewhere or did I miss it? Ofcourse you can use any tool you want, but that's not the point. Let me rephrase what I wrote: you can use any tool you want, but you should not use something like C if your life depends on it. Again lets ask Boing. > > A simple buffer overflow might crash the plane, and you have to have > > some ways of eliminating that completely. That is why Ada was > > designed the way it was. You can read about the history of Ada on > > Wikipedia. > > > > Why so much is written in C on Unix-like systems, I think its mainly > > tradition. IMO Ada would be much better from a security point of > > view. > > Your opinion means nothing without code. Even with code, the OpenBSD > project likely won't care anyways. You are barking up the wrong tree. I am not barking at OpenBSD. > > I agree that it would be better if OpenBSD or any other system for > > that matter was written in Ada rather than C, and they could just > > as well, but re-writing something as huge as OpenBSD is a MAJOR > > task, and what would the real benefits be in this situation? > > > > The OpenBSD team knows exactly what they are doing hence the extra > > security of Ada becomes almost un-necessary, but again I agree, had > > OpenBSD been in Ada from day one, that would save them a LOT of > > time! Bugs would be caught on compile time and bad-coding would > > almost be eliminated. > > Go back to Wikipedia. OpenBSD was a fork and essentially worked from > day one. However, as you say, rewriting something as big as OpenBSD > is a MAJOR task in the timeframe of years or decades. Instead of > improving security in a known system, all those years would be > "wasted" reinventing the wheel and playing catch-up with the > pre-existing feature set of modern operating systems. Yes you are right. > Your insistence on equating compile-time checks with secure > programming is incorrect, and indicates your inexperience in secure > programming. Academic questions like this should be googled or asked > on comp.lang.ada. I did not equate compile-time checks with secure programming. Like I wrote: "But like many has stated, what makes programs good and secure is the programmer, but IMHO the tools and languages are important too." Combining the two surely doesn't hurt. No matter how skillful you are at programming securely, you are going to fail sooner or later in catching a bug, and having the compiler "save" you from that is like have an airbag on you car. The driver still has to know how to drive, but having a safe car doesn't decrease the risk! > Good luck. > > --david
