[Cryptography] "NSA-linked Cisco exploit poses bigger threat than previously thought"

Tom Mitchell mitch at niftyegg.com
Fri Aug 26 19:28:52 EDT 2016 

On Thu, Aug 25, 2016 at 3:21 AM, Jerry Leichter <leichter at lrw.com> wrote:

> [Description of cool features in Rust.  I'm really going to have to go
> look at it now]
> > What other languages are suitable for "I need every drop of performance
> and control", yet are this safe? Serious question. A question we should be
> asking.
> Many of the ideas in Rust that you describe seem to have evolved (or were
> independently reinvented - I have no idea) from Modula-3.  Small, fast,
> extensively type-checked, ability to explicitly write unsafe code.  All
> there.
>
> The Modula-3 guys had an interesting approach to keeping the language
> small:


I recall a conversation between N.W. and another about Modula-2 and the
lack of a standard
library for I/O.    Niklaus Wirth was adamant that a standard lib was not
part of the language.

Lacking a standard lib set was both good and bad.  I happen to like his
point but
it hurt the adoption of a good language.

On the good side well designed libraries can replace the initial
"get-er-done" libraries.
Improved functionality could be coded and could replace previous libraries.
Both ABI and API issues... apply.
If standard I/O and the like are baked into the standard the

Most if not all  languages do not have "deprecation" as a primary feature
of the language and system.   A current compiler system should be able to
deprecate libraries and versions  of libraries.

Shared libraries put the same bug in lots of applications all at the same
time
and can remove a bug from many applications...

Google Go had potential and still does but many programmers what access to
libraries of features that they already know.   It is hard to construct a
wrapper
that makes ill designed old libs safe.

Performance... inside an application programmers try to run fast by
removing
bounds checks and "assert(all-data-is-good-here)".  Most have no quality
idea
how to check that the assertion is true and test it in a correct and safe
way.
The difficulty in making a quality assert() is evident in the way to common
bogus
assert related bugs i.e. these are often hard.

Programmers and mechanical engineers have much the same problem...
Example: A high speed cutter exposed and unprotected is dangerous.
Correctly
used and surrounded with guards and interlocks inside a machine all is good
as long as the feeds and exits are safe.


-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160826/759eb545/attachment.html>

More information about the cryptography mailing list