Re: [DNG] [OT] Nasty Linux systemd security bug revealed
Anno domini 2021 Sat, 31 Jul 11:23:54 -0400 Hendrik Boom scripsit: > On Sat, Jul 31, 2021 at 04:53:01PM +0200, Dr. Nikolaus Klepp wrote: > > Anno domini 2021 Sat, 31 Jul 12:05:28 +0200 > > Antony Stone scripsit: > > > On Saturday 31 July 2021 at 12:02:47, Hendrik Boom wrote: > > > > > > > I like to use the safest programming language that is compatible with > > > > the functions the program is to perform. > > > > > > Do you have a list of languages ranked by safety :) ? > > > > It's sufficient to talk fluently scheme/lisp. > > A statically typed version of scheme would be good. Racked offers ist - if you really want it (I don't): https://docs.racket-lang.org/ts-guide/ Nik > > -- hendrik > > > > > Nik > > > > > > > > > > > Antony. > > > > > > > > > > > -- > > Please do not email me anything that you are not comfortable also sharing > > with the NSA, CIA ... > > ___ > > Dng mailing list > > Dng@lists.dyne.org > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Nasty Linux systemd security bug revealed
On Sat, Jul 31, 2021 at 04:53:01PM +0200, Dr. Nikolaus Klepp wrote: > Anno domini 2021 Sat, 31 Jul 12:05:28 +0200 > Antony Stone scripsit: > > On Saturday 31 July 2021 at 12:02:47, Hendrik Boom wrote: > > > > > I like to use the safest programming language that is compatible with > > > the functions the program is to perform. > > > > Do you have a list of languages ranked by safety :) ? > > It's sufficient to talk fluently scheme/lisp. A statically typed version of scheme would be good. -- hendrik > > Nik > > > > > > > Antony. > > > > > > -- > Please do not email me anything that you are not comfortable also sharing > with the NSA, CIA ... > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Nasty Linux systemd security bug revealed
Anno domini 2021 Sat, 31 Jul 12:05:28 +0200 Antony Stone scripsit: > On Saturday 31 July 2021 at 12:02:47, Hendrik Boom wrote: > > > I like to use the safest programming language that is compatible with > > the functions the program is to perform. > > Do you have a list of languages ranked by safety :) ? It's sufficient to talk fluently scheme/lisp. Nik > > > Antony. > -- Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Nasty Linux systemd security bug revealed
On Saturday 31 July 2021 at 12:02:47, Hendrik Boom wrote: > I like to use the safest programming language that is compatible with > the functions the program is to perform. Do you have a list of languages ranked by safety :) ? Antony. -- What makes you think I know what I'm talking about? I just have more O'Reilly books than most people. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Nasty Linux systemd security bug revealed
On Fri, Jul 30, 2021 at 11:32:51PM +0200, Arnt Karlsen wrote: > On Fri, 30 Jul 2021 16:35:52 +0200, Didier wrote in message > <74e5400a-5e8c-4a22-d673-5f181644e...@in2p3.fr>: > > > Le 29/07/2021 à 20:10, Andreas Messer a écrit : > > > On Wed, Jul 28, 2021 at 03:58:02PM +0200, Didier Kryn wrote: > > > > > >> Similarly, more investment should be put in software so as to > > >> make a review of available languages suited for mssion-critical > > >> applications and invest in learning the chosen language. C and C++ > > >> are so error-prone that they are really not suited. > > > Well, you can implement bugs in any kind of language. To be honest, > > > crashes are the most easy ones to find. I know there are other > > > languages outside but here applies the same as above: I'm not the > > > one to decide. > > Not all language are equal. Some really discourage bad > > programming, meaning it takes a big effort to actually program > > badly/unsafely, while it is still possible. Others open traps under > > your feet everywhere. > > ..2 lists on these 2 kindsa programming languages would be nice. I like to use the safest programming language that is compatible with the functions the program is to perform. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Nasty Linux systemd security bug revealed
On Fri, 30 Jul 2021 16:35:52 +0200, Didier wrote in message <74e5400a-5e8c-4a22-d673-5f181644e...@in2p3.fr>: > Le 29/07/2021 à 20:10, Andreas Messer a écrit : > > On Wed, Jul 28, 2021 at 03:58:02PM +0200, Didier Kryn wrote: > >> With all respect due to your work, I tend to think that with > >> such expensive and dangerous machines, more investment should be > >> put into hardware so as to get controllers with a decent ram. And > >> maybe the firmware could take safety action when software > >> crashes. > > Sure, but I'm not the boss :-) > Your boss is the ultimate responsible person in case of human > hazard, at the condition s?he is properly educated, and it might be > your responsibility to educate her/him. ...or walk out the door and Blow The Big Whistle in Prime Time Media if said Twin Haired Bosses don't wanna get it. Or defect to a Safe country where such whistles Can be blown. > > > >> Similarly, more investment should be put in software so as to > >> make a review of available languages suited for mssion-critical > >> applications and invest in learning the chosen language. C and C++ > >> are so error-prone that they are really not suited. > > Well, you can implement bugs in any kind of language. To be honest, > > crashes are the most easy ones to find. I know there are other > > languages outside but here applies the same as above: I'm not the > > one to decide. > Not all language are equal. Some really discourage bad > programming, meaning it takes a big effort to actually program > badly/unsafely, while it is still possible. Others open traps under > your feet everywhere. ..2 lists on these 2 kindsa programming languages would be nice. > > I can just give hints and try to push in some direction. But > > embedded software development is still driven by myths like "C is > > faster than C++" and its hard overcome these. Maybe a generation > > thing. > Myths actually. The advantage of C and C++ is to be easily > portable to every paltform since the compiler and runtime are always > available by default. But, when you develop a private application, > you can invest in building the necessary environment. > > > > My personal way to push through this is to run as much (automated) > > firmware tests in our hardware-in-the-loop test system as possible. > > And to have a testcase for every single requirement, situation, > > sequence or ever seen bug in the software. We end up to have 20-30 > > testruns a day distributed among different test setups, SoC cpu > > generations, operating systems. The only missing thing is kind of > > developer slap robot to punish the developer who made the bad > > commit automatically :-) > Not sure that works (~: Would make the programmers nervous. > Stress-based human management causes bad surprises. ..it did work pretty well for Stalin until March 1'st 1953. ;o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Nasty Linux systemd security bug revealed
Le 29/07/2021 à 20:10, Andreas Messer a écrit : > On Wed, Jul 28, 2021 at 03:58:02PM +0200, Didier Kryn wrote: >> With all respect due to your work, I tend to think that with such >> expensive and dangerous machines, more investment should be put into >> hardware so as to get controllers with a decent ram. And maybe the >> firmware could take safety action when software crashes. > Sure, but I'm not the boss :-) Your boss is the ultimate responsible person in case of human hazard, at the condition s?he is properly educated, and it might be your responsibility to educate her/him. > >> Similarly, more investment should be put in software so as to make a >> review of available languages suited for mssion-critical applications >> and invest in learning the chosen language. C and C++ are so error-prone >> that they are really not suited. > Well, you can implement bugs in any kind of language. To be honest, > crashes are the most easy ones to find. I know there are other languages > outside but here applies the same as above: I'm not the one to decide. Not all language are equal. Some really discourage bad programming, meaning it takes a big effort to actually program badly/unsafely, while it is still possible. Others open traps under your feet everywhere. > > I can just give hints and try to push in some direction. But embedded > software development is still driven by myths like "C is faster than C++" > and its hard overcome these. Maybe a generation thing. Myths actually. The advantage of C and C++ is to be easily portable to every paltform since the compiler and runtime are always available by default. But, when you develop a private application, you can invest in building the necessary environment. > > My personal way to push through this is to run as much (automated) > firmware tests in our hardware-in-the-loop test system as possible. And to > have a testcase for every single requirement, situation, sequence or ever > seen bug in the software. We end up to have 20-30 testruns a day > distributed among different test setups, SoC cpu generations, operating > systems. The only missing thing is kind of developer slap robot to punish > the developer who made the bad commit automatically :-) > Not sure that works (~: Would make the programmers nervous. Stress-based human management causes bad surprises. -- Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Nasty Linux systemd security bug revealed
On Wed, Jul 28, 2021 at 03:58:02PM +0200, Didier Kryn wrote: > With all respect due to your work, I tend to think that with such > expensive and dangerous machines, more investment should be put into > hardware so as to get controllers with a decent ram. And maybe the > firmware could take safety action when software crashes. Sure, but I'm not the boss :-) > Similarly, more investment should be put in software so as to make a > review of available languages suited for mssion-critical applications > and invest in learning the chosen language. C and C++ are so error-prone > that they are really not suited. Well, you can implement bugs in any kind of language. To be honest, crashes are the most easy ones to find. I know there are other languages outside but here applies the same as above: I'm not the one to decide. I can just give hints and try to push in some direction. But embedded software development is still driven by myths like "C is faster than C++" and its hard overcome these. Maybe a generation thing. My personal way to push through this is to run as much (automated) firmware tests in our hardware-in-the-loop test system as possible. And to have a testcase for every single requirement, situation, sequence or ever seen bug in the software. We end up to have 20-30 testruns a day distributed among different test setups, SoC cpu generations, operating systems. The only missing thing is kind of developer slap robot to punish the developer who made the bad commit automatically :-) > This went far off topic. I have more on the initial topic but am > getting tired (~: Haha, sure :-) cheers, Andreas -- gnuPG keyid: 8C2BAF51 fingerprint: 28EE 8438 E688 D992 3661 C753 90B3 BAAA 8C2B AF51 signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [OT] Nasty Linux systemd security bug revealed
Le 25/07/2021 à 11:45, Andreas Messer a écrit : > Why I'm so critical about letting it crash: I typically deal with stack > sizes of no more around 2-8kB in automation devices and have to be careful > with that. You can't simply let a newspaper printing machine's motor control > crash, 1000's of newspaper pages would be trashed. Once we had a crash in > simple limit switch device. As a result the high-rack robot pushed a > pallet in 15m height out of the rack. Fortunately, it was just another > robot which was destroyed (stood just below) - not a human being. Still > a very expensive case for the company. So I'm used implement a lot of > checks :-). (Actually we even don't use heap allocation after booting > the firmware) Note that not only a crash might cause this effect. C (and libc) is a language where "undefined behaviour" may happen at the corner of every streets, as mentionned everywhere in the mans. With all respect due to your work, I tend to think that with such expensive and dangerous machines, more investment should be put into hardware so as to get controllers with a decent ram. And maybe the firmware could take safety action when software crashes. Similarly, more investment should be put in software so as to make a review of available languages suited for mssion-critical applications and invest in learning the chosen language. C and C++ are so error-prone that they are really not suited. This went far off topic. I have more on the initial topic but am getting tired (~: -- Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
