[pro] Heartbleed?

Pascal J. Bourguignon pjb at informatimago.com
Mon Apr 28 22:40:09 UTC 2014 

William Lederer <william.lederer at gmail.com> writes:

> Regarding the question
>
> What would you personally fly, software written in C or software
> written in Common Lisp? 
>
> In the reality of today's fly-by-wire, the modern planes you fly in
> are likely to have C in some critical component. Ada is likely there
> as well.
>
> But let's just examine a few software related disasters to see if
> they are attributable to programming language:
>
>     Ariane 5 rocket explosion: from the official report: This loss of
>     information was due to specification and design errors in the
>     software of the inertial reference system.
>     Mars Climate Orbiter: one system used metric units, another used
>     English
>     Therac 5: improper understanding of multi-tasking code
>     Heartbleed: Overly complex protocol combined with being able to
>     read beyond allocated memory
>
> Of these, only heartbleed can credit language as a contributing
> factor.

Not at all.


  * Programmed in Common Lisp, either the fixnum in the Ariane 5 would have
    been converted into a bignum, or an condition would have been
    signaled, which could have been handled.  This would have taken
    time, which could perhaps have "exploded" the real time constraints,
    but it is better to control your rocket slughishly than not to
    control it at all.

  * Programmed in Common Lisp, instead of using raw numbers of physical
    magnitudes, you'd use objects such as: 

      (+ #<kilometer/hour 5.42>  #<foot/fortnight 12857953.0> )
      --> #<meter/second 4.7455556>

    and Mars Climate Orbiter wouldn't have crashed.

  * Programmed in Common Lisp, the Therac-5 bug wouldn't have occured:

      "The defect was as follows: a one-byte counter in a testing
       routine frequently overflowed; if an operator provided manual
       input to the machine at the precise moment that this counter
       overflowed, the interlock would fail."

    since again, incrementing a counter doesn't fucking overflow in
    lisp!

  * Programmed in Common Lisp, heartbleed wouldn't have occured, because
    lisp implementors provide array bound checks, and lisp programmers
    are conscious enough to run always with (safety 3), as previously
    discussed in this thread.


What I'm saying is that there's a mind set out-there, of using modular
arithmetic to approximate arithmetic blindly.  Until you will be able to
pay $1.29 for 3 kg of apples @ $2.99, people should not program with
modular arithmetic!


> And I again point out a software non-disaster qmail, whose author
> offered a bug bounty. Secure programs can be written in C.

postfix too is architectured to deal with security.

You can also write secure software on a Turing Machine.



> And if the flight safety of an aircraft depended upon the current
> Lisp version of Ironclad's impenetrability, we would be in trouble.

This is another question, that of the resources invested in a software
ecosystem, and that of programming language mind share.   Why the
cryptographists don't write their libraries in Common Lisp and choose to
produce piles of C instead?


-- 
__Pascal Bourguignon__
http://www.informatimago.com/
"Le mercure monte ?  C'est le moment d'acheter !"

More information about the pro mailing list