2014-05-05 12:17 GMT+02:00 Magnus Therning mag...@therning.org:
On Mon, May 5, 2014 at 10:20 AM, Cecil Westerhof cldwester...@gmail.com
wrote:
2014-05-05 8:21 GMT+02:00 Magnus Therning mag...@therning.org:
any language ;) However, choosing language wisely will allow you to
concentrate
2014-05-05 19:48 GMT+02:00 Brian Craft craft.br...@gmail.com:
I would never have guessed modularity as a reason to worry about security
in fp.
I worry about immutability in fp, wrt security. Security requires
mutability in order to remove sensitive data from memory, and from app
history. A
On Tue, May 6, 2014 at 9:45 AM, Cecil Westerhof cldwester...@gmail.com wrote:
2014-05-05 19:48 GMT+02:00 Brian Craft craft.br...@gmail.com:
I would never have guessed modularity as a reason to worry about security
in fp.
I worry about immutability in fp, wrt security. Security requires
Reading this thread convinced me.
I will not write any information on
any support except my brain cells
and will not share it to avoid any
leaks.
I will also forget it immediately so
no one can scrub my brain to
recover it
Going to erase everything I wrote and
learned in
the last past 30 years
Seriously, when concerns about
security reaches the garbage collector
which operates in live memory,
I wonder why we bother entering
any information in a computer...
On a desktop probably not an issue, but on a server that can run for a
very long time and has a lot of more hands touching
My 'Network Security' Professor once said to the class, 'There is no
security without physical security'. Protecting data from being read in
memory means you've already lost.
On Tue, May 6, 2014 at 5:19 AM, Luc Prefontaine lprefonta...@softaddicts.ca
wrote:
Reading this thread convinced me.
If you want a friend, get a dog. If you want security, get a big
mean-looking dog who barks a lot.
Sorry, couldn't resist.
On Tue, May 6, 2014 at 11:04 AM, Gary Trakhman gary.trakh...@gmail.comwrote:
My 'Network Security' Professor once said to the class, 'There is no
security without
On Monday, May 5, 2014 3:20:41 AM UTC-5, Cecil Westerhof wrote:
That is why I do not understand that (where I live) they think you can
only be a good programmer if you only program in one language.
If I had to come up with a rule of thumb along this dimension it would be:
Any truly
On Mon, May 5, 2014 at 12:13 AM, Evan Rowley rowley.e...@gmail.com wrote:
The question we have to ask is: Would use of a (specific?) functional
language prevented these? My opinion:
Probably not in the case of Mt. Gox because their problems had more to do
with their application design.
There
I would say the transaction model of datomic would have saved Mt Gox from
its problems dealing with atomic transactions, however that's more due to
datomic's design and poor design of the Mt Gox system than a clojure
specific thing.
On Monday, May 5, 2014 6:21:47 PM UTC+12, Magnus Therning
2014-05-04 17:40 GMT+02:00 Evan Rowley rowley.e...@gmail.com:
Most functional languages have design features that enhance their
security. I'm referring to Clojure, Haskell, and Erlang, but this won't be
limited to those three. As someone who was hired to handle cyber security
needs of a
2014-05-04 21:59 GMT+02:00 Adam Saleh adamthecam...@gmail.com:
Well, what does it mean to write secure programs? Citation needed :)
Well, the statement was that for secure programming you needed to program
modular. It was hinted that when you program functional you can not program
modular. I
2014-05-04 23:40 GMT+02:00 Magnus Therning mag...@therning.org:
On Sun, May 04, 2014 at 09:24:08AM +0200, Cecil Westerhof wrote:
I heard the stand that functional programming made it difficult to
write secure programs. I do not know enough of functional
programming yet to determine the
2014-05-05 5:48 GMT+02:00 Wei Hsu yayits...@gmail.com:
Perhaps Cecil is referring to this article, Clojure web security is worse
than you
thinkhttps://hackworth.be/2014/03/26/clojure-web-security-is-worse-than-you-think/,
describing
the immature state of Clojure's web security libraries. I
2014-05-05 8:21 GMT+02:00 Magnus Therning mag...@therning.org:
any language ;) However, choosing language wisely will allow you to
concentrate on solving the 'real' problem at hand, and relieve you
from solving unrelated problems (memory management, dealing with
pointers, etc). It will also
On Mon, May 5, 2014 at 10:09 AM, Cecil Westerhof cldwester...@gmail.com wrote:
2014-05-04 23:40 GMT+02:00 Magnus Therning mag...@therning.org:
On Sun, May 04, 2014 at 09:24:08AM +0200, Cecil Westerhof wrote:
I heard the stand that functional programming made it difficult to
write secure
2014-05-05 12:05 GMT+02:00 Magnus Therning mag...@therning.org:
On Mon, May 5, 2014 at 10:09 AM, Cecil Westerhof cldwester...@gmail.com
wrote:
2014-05-04 23:40 GMT+02:00 Magnus Therning mag...@therning.org:
On Sun, May 04, 2014 at 09:24:08AM +0200, Cecil Westerhof wrote:
I heard the
On Mon, May 5, 2014 at 5:05 AM, Magnus Therning mag...@therning.org wrote:
On Mon, May 5, 2014 at 10:09 AM, Cecil Westerhof cldwester...@gmail.com
wrote:
2014-05-04 23:40 GMT+02:00 Magnus Therning mag...@therning.org:
On Sun, May 04, 2014 at 09:24:08AM +0200, Cecil Westerhof wrote:
I
On Mon, May 5, 2014 at 10:20 AM, Cecil Westerhof cldwester...@gmail.com wrote:
2014-05-05 8:21 GMT+02:00 Magnus Therning mag...@therning.org:
any language ;) However, choosing language wisely will allow you to
concentrate on solving the 'real' problem at hand, and relieve you
from solving
I would never have guessed modularity as a reason to worry about security
in fp.
I worry about immutability in fp, wrt security. Security requires
mutability in order to remove sensitive data from memory, and from app
history. A FIPS review, for example, requires demonstrating where in your
I heard the stand that functional programming made it difficult to write
secure programs. I do not know enough of functional programming yet to
determine the value of a statement like this. What is the take here about
it?
--
Cecil Westerhof
--
You received this message because you are
I've never heard anyone express that sentiment before. If anything the
opposite is true.
A large part of writing secure code is about avoiding errors, so any
language feature that helps you write error-free code is good for security.
Functional programming eliminates mutable state as a source
that helps you write error-free code is good for security.
Functional programming eliminates mutable state as a source of errors,
which is one less thing that can go wrong in your secure code. Functional
languages often have more sophisticated static typing as well, which is yet
another potential aid
Well, what does it mean to write secure programs? Citation needed :)
I remember a lengthy discussion with coleague of mine about writing
cryptography primitives in haskell.
I suggested, that haskells strong typing and syntax well suited for
expressing mathematics, combined with good speed
On 4 May 2014 20:59, Adam Saleh adamthecam...@gmail.com wrote:
He thought, that using the language would make it harder to avoid cache
based and timing attacks due to nature of strict/lazy sequences.
That's a good point, and one I hadn't considered.
However, I can't think of any timing or
On Sun, May 04, 2014 at 09:24:08AM +0200, Cecil Westerhof wrote:
I heard the stand that functional programming made it difficult to
write secure programs. I do not know enough of functional
programming yet to determine the value of a statement like this.
What is the take here about it?
It
The most serious security vulnerabilities I've heard about for 2014 are
Apple's SSL/TLS/HTTPS vulnerability, the OpenSSL Heartbleed vulnerability,
FreeBSD's TCP bug, and of course the Mt. Gox bug that resulted in the
company's bankruptcy.
The Mt. Gox bug was caused by a flaw in the way they
Perhaps Cecil is referring to this article, Clojure web security is worse
than you
thinkhttps://hackworth.be/2014/03/26/clojure-web-security-is-worse-than-you-think/,
describing
the immature state of Clojure's web security libraries. I don't think the
language itself has much to do with this,
28 matches
Mail list logo