In message [EMAIL PROTECTED]
om, [EMAIL PROTECTED] writes:
PS: Worm? Virus? Who wrote this up concisely first?
Shockwave Rider by John Brunner
No -- When Harlie was One, by David Gerrold. It was published in
1972; Shockwave Rider was from 1975. (Source: catalog.loc.gov)
Gerrold, btw,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
From: E.B. Dreger [EMAIL PROTECTED]
ML No, it isn't, as is doing buf_t[x] rather than pointer
True. I just like having a struct so I may pass a single
variable in function calls instead of a whole mess of them.
The problem is not pointers,
PS: Worm? Virus? Who wrote this up concisely first?
Shockwave Rider by John Brunner
Is it still in print, I wonder?
--Michael Dillon
From: Simon Waters
40 years of experience says it is unreasonable to expect the programmer to
get it right 100% of the time.
A modern server or Desktop OS is measured in hundreds of millions of lines
of code, what is an acceptable error rate per line of code?
Perhaps I'm missing it, but is
On Thu, 30 Jan 2003 [EMAIL PROTECTED] wrote:
PS: Worm? Virus? Who wrote this up concisely first?
Shockwave Rider by John Brunner
Is it still in print, I wonder?
most recent edition was in the early 90's.
--Michael Dillon
--
On Tue, 28 Jan 2003, Steven M. Bellovin wrote:
They do have a lousy track record. I'm convinced, though, that
they're sincere about wanting to improve, and they're really trying
very hard. In fact, I hope that some other vendors follow their
lead.
Of course we need to be honest with
On Wed, Jan 29, 2003 at 03:32:41AM -0500, Sean Donelan wrote:
FORTRAN/COBOL array bounds checking. Bell Labs answer: C. Who wants
the computer to check array lengths or pointers. Programmers know what
they are doing, and don't need to be constrained by the programming
language. Everyone
On Wednesday, January 29, 2003, at 02:32 AM, Sean Donelan wrote:
On Tue, 28 Jan 2003, Steven M. Bellovin wrote:
They do have a lousy track record. I'm convinced, though, that
they're sincere about wanting to improve, and they're really trying
very hard. In fact, I hope that some other
A world before buffer overflow exploits ?
The first (Fortran) programming course I ever took at MIT on the first
day of lab they said
1.) If you set an array index to a sufficiently large negative number
you would overwrite
the operating system and crash the system (requiring a reboot from
Though it was written nearly two years ago, John
Quarterman's Monoculture Considered Harmful
remains the very best exposition of this issue.
//www.firstmonday.org/issues/issue7_2/quarterman/
Peter
On Wed, 29 Jan 2003, Richard A Steenbergen wrote:
On Wed, Jan 29, 2003 at 03:32:41AM -0500, Sean Donelan wrote:
FORTRAN/COBOL array bounds checking. Bell Labs answer: C. Who wants
the computer to check array lengths or pointers. Programmers know what
they are doing, and don't need
In a message written on Wed, Jan 29, 2003 at 03:32:41AM -0500, Sean Donelan wrote:
Multics security. Bell Labs answer: Unix. Who needs all that extra
security junk in Multics. We don't need to protect /etc/passwd because
we use DES crypt and users always choose strong passwords. We'll make
On Wed, Jan 29, 2003 at 08:50:56AM -0500, Marshall Eubanks wrote:
A world before buffer overflow exploits ?
The first (Fortran) programming course I ever took at MIT on the first
day of lab they said
1.) If you set an array index to a sufficiently large negative number
you would
On Wed, Jan 29, 2003 at 05:26:06PM +, E.B. Dreger wrote:
If you check before each byte. Checking for sufficient space
first (is there room for a 245-byte string?) is much faster.
Besides, looking at all the bloated code using indirect function
calls[*] and crappy code using poor
RAS Date: Wed, 29 Jan 2003 12:36:22 -0500
RAS From: Richard A Steenbergen
RAS Note I'm making a distinction between fixing the string
RAS libraries to handle overflow situations better, and changing
RAS the entire OS to do array bounds checking. One is good, the
RAS other is not.
Okay. I'll
In message [EMAIL PROTECTED], Sean
Donelan writes:
On Tue, 28 Jan 2003, Steven M. Bellovin wrote:
They do have a lousy track record. I'm convinced, though, that
they're sincere about wanting to improve, and they're really trying
very hard. In fact, I hope that some other vendors follow
At 08:27 AM 1/29/2003 -0600, Alif The Terrible wrote:
FORTRAN/COBOL array bounds checking. Bell Labs answer: C. Who wants
the computer to check array lengths or pointers. Programmers know what
they are doing, and don't need to be constrained by the programming
language. Everyone knows
ML Date: Wed, 29 Jan 2003 11:07:59 -0800
ML From: Mathew Lodge
ML It doesn't have to be, if your compiler is worth its salt.
ML Take a look at the GNU Ada compiler implementation of bound
ML checking -- incredibly efficient.
s/compiler/programmer/
How about:
struct buf_t {
Richard A Steenbergen [EMAIL PROTECTED] writes:
(pointers ARE your friend god damnit :P)
Most C programmers have no clue about the C pointer semantics, I'm
afraid, so this powerful feature is often abused.
--
Florian Weimer[EMAIL PROTECTED]
University of Stuttgart
Richard A Steenbergen [EMAIL PROTECTED] writes:
I said exploits, not ways to get outside your proper address space and
crash the OS. Any sufficiently powerful language presents an opportunity
to do bad things to an ill prepared OS, but the answer isn't to make the
language less powerful.
ML Date: Wed, 29 Jan 2003 12:58:58 -0800
ML From: Mathew Lodge
ML No, it isn't, as is doing buf_t[x] rather than pointer
True. I just like having a struct so I may pass a single
variable in function calls instead of a whole mess of them.
ML arithmetic, but the *practical* problem is that
On 29.01 03:32, Sean Donelan wrote:
... Multics security. Bell Labs answer: Unix. Who needs all that extra
security junk in Multics. .
[reader warning: diatribe following]
Gee, there once were a handflul of people;
their principle goal was to make an OS for their own use.
They
, 2003 12:14 AM
Subject: Re: Bell Labs or Microsoft security?
|
|
| On Thu, 30 Jan 2003, Daniel Karrenberg wrote:
|
| PPS: Plan 9 anyone?
|
| Anything but _THAT_! At some period of my life I was paid to make
| something resembling production system out of Plan 9... it has all the
| quality features
23 matches
Mail list logo
