But theoretical solutions work in theory. Practical ones, while based on
theory, implement that theory in reality. And the problem here is that
theory is severely lacking it this field.
There's a chicken and egg problem. Almost no one pays attention to
the tools that do exist.
ROTFL! You even didn't get the joke... That statement is not mine, it's 60
years old...
Perhaps if you'd cited the "quote" correctly, I would have seen what
you thought you were about. Alas, if Thomas J. Watson ever said that
about _five_ computers, no one can find the source. It's most likely
urban legend:
http://en.wikipedia.org/wiki/Thomas_J._Watson
Nevertheless, the industry has been full of people who missed the
obvious.
That's for sure. It would look like it looked back in eighties at best.
There would be few universities and military institutions connected.
But funnily enough, there would be relatively little security concerns, as
there were 20 years ago.
I'm not certain I know what you're saying here. I think that, in the
Internet, we've created a monster. Everyone wants a piece of that
monster, though. Given that circumstance, I think we should start
regarding Real Player and other similar applications as "critical."
For example we don't have such basic stuff like
mathematical tools to describe important aspects of systems like
human-machine interaction.
That's a fair point. Maybe we should return to the days of the
mainframe mandarins in their glass houses, rather than having CPU's
everywhere. I've long been an advocate of thin, stateless client as
the safest computing platform for most users.
Show me mathematical formula describing good user interface.
The best that we can do at this point is to limit access based on
skill.
IOW you don't know what you're talking about.
You apparently aren't aware of what's going on in the US or how the US
does business in matters that affect national security. Could someone
in Western Pakistan disrupt the electrical grid, or worse? No bombs,
no airplane tickets, just smart people exploiting "non-critical"
software. Issues like that, when they exist, and they do, aren't left
to discussions on Usenet. If you want to continue thinking that I
don't know what I'm talking about, you go right ahead.
I lived in socialism long enough to say f..k off to every idiot proposing
it. Or I'd rather send them for 1-2 years to live as normal citizen (not
honourable guest but plain normal citizen) in some socialistic country. It
straightens the view on many things very well.
What has socialism got to do with this discussion? The US is a
regulated economy. I don't know of any unregulated economies
anywhere, unless it is dealing in drugs.
There are people in the US who are opposed to any regulation of any
kind. They are written off as nut cases. If I don't write you off as
a nut case, it's only because you are obviously coming from a very
different perspective. If you want to say that that's all very well
for the US, go right ahead. The US is the largest, most highly-
developed economy in the world, even if it isn't going to stay that
way.
Reality bites. It's simply, plain impossible to make only risk estimators
take the risk, and no one else. Or everyone would be just risk estimation
specialist, and there would no one to make actual product to begin with
It's an illogical utopia.
You're battling a straw man from the past. No one that I know of
believes in Utopia. There are many who are unhappy with the system of
tort claims in the US, but, in a bizarre sort of way, it works. Risk
is systematically being reassigned to those who actually create it.
Has it gone too far the other way? Maybe, but democracies work those
problems out in legislatures and the voting booth.
So what?
Funnily you show that link. It so happend that the first security advisory
there says: "Luciano Bello discovered that the random number generator in
Debian's openssl package is predictable."
That fits nicely here. You want to specify good random number generator and
implement that according to the specification. So show how to describe one
formally, as neither "good" nor "predictable" is useable.
I'm not an expert on random number generators and I suspect that
neither are you. It's a big problem, as are most assumptions about
the breakability of secure transmission schemes.
The point of offering the packetstorm link is to highlight the
regularity with which software vulnerabilities are discovered.
Well, if you can there is 1 million $ lying out there
As it so happens
that mere proof of existence of such good pseudorandom number generator
means nonuniform-P is a proper subclass (i.e. is different) of NP, and it's
a simple fact that P is a subclass (no one knows if its proper or not, but
it does not matter here) of nonuniform-P which would mean that P <> NP and
there is nice round $1 million waiting for one who proves (or disproves)
that
So far with formal verification of security
It's a big problem. The potential money involved far exceeds $1
million.
It's all based on beliefs of nonexistence of shortcuts, quality of PRNGs,
and such stuff. Those beliefs are supported by testing, but are not
formally proven.
Good enough reason not to trust them. Maybe packet-switched networks
are not a good way to transmit "secure" data or maybe there has to be
an out of band (e.g. over telephone, preferably circuit-switched)
component.
But he didn't suggest to stop making other software. He wanted to improve
methods as theory better covering things was developed.
I'm not suggesting stopping software development. Neither have I
suggested that formal methods are a magic bullet. I claim that the
business at it is now is reckless for historical reasons and that it
doesn't have to be that way. I think that Dijkstra would agree.
Software can and should be much more transparent and less susceptible
to error. It can be done.
Nope. The difference would be small constant factor. The tools like SPARK
are out there, and while specialists who mastered them are rare and thus
their work must be well paid, this is just a small constant difference
(small means around 3).
It is only useable in systems where level of trust must be so high that
testing would be too costly. And it so happens that those systems are
posible to be specified well, as they are relatively simple and closed.
Speculating about what happens when you change the rules is a
fruitless enterprise. Consider what has happened with CISC vs. RISC.
Human beings can be very, very clever when pushed to it. No one has
pushed on this issue, or at least not enough.
You only shows your lack of grip in reality.
That's just wild.
Do you know the history of Long Term Capital management? Do you know
what's happened with derivatives all over the world? Do you know the
current parlous state of financial markets?
When you claimed that you were working with people who know how to
estimate risk, I almost fell off my chair. The failures have been
colossal, and they can all be traced to hubris about estimating risk,
or, in the case of derivatives, making the setup so complicated that
risk is, in practice, obscured from the buyer. In any other business,
that would be called fraud, except that the buyers in this case are
presumed to know what they're doing. Who are the buyers? Financial
institutions.
Derivatives are a good analogy for the problems of estimating risk
inherent in software. One problem is that, just as with software,
human beings are inevitably involved. Suppose there are _no_ buyers
for your security for reasons that your model didn't include? What do
your estimates of risk mean then? Suppose you own securities that are
worth something (probably), but no one knows what?
You compare stuff which is by the very nature unpredictable (if someone
would predict it the one would influence it in unpredictable way) with
stable (unchanging) stuff with measurable properties.
You are caught up in the overstated claims of financial wizards.
Models of risk are where it's at, and inexpensive computers have put
everyone into a business that hasn't even existed for all that long.
Your faith in the enterprise would be touching if you didn't keep
calling me an idiot because of things that you either don't understand
or do understand but don't want to acknowledge.
Time resource like others. All resources cost money.
Financial markets are a bit different, in that the game isn't so much
about intrinsic value as about what you think the other guy is going
to do. That makes time important in a way that the maxim "time is
money" doesn't capture.
ROTFL! If only Real Player was a MS product...
The shrink-wrap license was an innovation that Real Player didn't
invent. They, and every other software jockey has simply inherited
the idea and the courts bought it.
ROTFLMAO!
You don't know squat what is a critical application!
Go reread the conversation between Humpty Dumpty and Alice about
words. You mean that you use "critical application" in a different
way from what I do. The distinction you want to make is a fiction
that supports your business model. I don't have to support fictions
and I don't have to support your business model.
Or maybe hammer I can buy at any farmers shop is a critical device, as it
could be used for criminal activity.
A four pound hammer was at one time a fairly common carpenter's tool.
Repeated use causes elbow injury. If you hand one to a workman in the
US and he uses it and injures his elbow, you're going to have all
kinds of problems.
In every other field of human activity, the law puts greater and
greater pressure on manufacturers and vendors to foresee and to limit
risk to the end user. Not so in software, and we are already paying
the price.
And who pays for all that? Thats you and all other customers.
And yet we still get drugs that are improperly tested and/or sold
without full disclosure.
You're trying to defend an anomalous business practice that arose in
the US through a combination of heavy handed lobbying, some critical
court decisions, and the industry having a much better grasp of the
future than did lawyers. There is nothing about it that is natural or
inevitable. It can't be traced to Goedel's theorem, intractable
aspects of human nature, or some kind of cosmic struggle between
capitalism and socialism. It's bad policy, that's all. You come
along, years later, far from the action, and invent your own
mythology. Fine. Live long and prosper.
Robert.
