Originally posted by starshipeleven
View Post
Announcement
Collapse
No announcement yet.
F2FS Hit By Three Security Vulnerabilities: Memory Corruption, Possible Code Execution
Collapse
X
-
-
Originally posted by oiaohm View PostThis is interesting right. Rust will prevent some errors but not them all. Even with rust we will need static analysis tools.
- Likes 2
Comment
-
Originally posted by caligula View PostThe truth is, people wrote buggy code, people are writing buggy code as we speak, people will write even more buggy code in the future. There is a constant flow of new bugs as old software becomes obsolete and new stuff hits the shelves. This process is broken by design. Better languages and static analysis tools are pretty much the only hope we have unless this "cowboy coding" style will stop and people begin to expect formal methods from any normal sw project. Types are a lightweight version of formal methods. Developers should learn to embrace them.
I do give sel4 and other data61 works as examples of how formal mathematically secure development can be done. Looking to a programming language as a magic bullet to problems is wrong. Looking to have high quality testing and formal proofs of quality should be the goal. Even using rust you should still have formal proofs of the logic in your for the code to be secure. Reality you can choose any program language you like as long as you do the formal proofs and the proper testing the resulting program will be secure and bug free.
This is what pisses me off about people saying why don't use rust. Rust is a very limit solution and if you depend on rust and don't do the formal proofs and testing time will go forwards and rust code will become the new home to bugs like C has been. End result change very little.
Now if we change people mind set to doing software development so they do it right then we will get somewhere.
- Likes 1
Comment
-
Originally posted by starshipeleven View Postno. The answer is make decent automated testing suites and running them very often and fix up the shit that crops up.
Rust is better than C but you need automated testing anyway.
Comment
-
Originally posted by bug77 View Post
Is there ever time for proper or even decent automated testing?
There's an expression, when it comes to software development you can have fast, good, and cheap: pick any two.
OSS project maintainers usually have to pick "good" and "cheap" because they don't have the money to ensure the manpower or the skill sets which could make development fast on their budget. Ensuring "cheap" is pretty easy when you have a $0 budget. So then ensuring "good" becomes their primary responsibility. All languages are equally secure if we take the time to design, implement, and test. Picking a language with a crutch such as automatic type safety doesn't ensure "good". Test Driven Development ensures "good". Specifying that the project shall have a comprehensive test suite and no code shall be merged which doesn't extend and pass that test suite appropriately. People generally don't naturally enjoy double checking their work. If you have some enthusiastic contributors who really don't understand the processes and value of TDD, then the maintainer is going to have to mentor/encourage their contributors, or the maintainer is going to have to do the testing themselves, which is typical. I remember acutely, and with some embarrassment, how much I relied on Hans de Goode when I first began contributing to one of his projects in the mid 90's. Luckily his patience matched my enthusiasm. :-)
Automated testing is a crutch too. Just because something passes lint and build and a test suite doesn't mean it doesn't have backdoors or errors. There's no substitution for vigilance.Last edited by linuxgeex; 09 August 2017, 07:14 AM.
- Likes 1
Comment
-
Originally posted by linuxgeex View Post
ROFL, well said.
There's an expression, when it comes to software development you can have fast, good, and cheap: pick any two.
As for your other arguments, I deal with the "we have tests that can be run on demand, thus we must have unit tests" or "it's too expensive to do code review" mentality way too often to want to think about it again.
Comment
-
Originally posted by bug77 View Post
That's not about software development, that's management's iron triangle: https://en.wikipedia.org/wiki/Projec...ement_triangle
As for your other arguments, I deal with the "we have tests that can be run on demand, thus we must have unit tests" or "it's too expensive to do code review" mentality way too often to want to think about it again.
There's also this:
captioned "The First Law of Software Development". And it goes on to make all the same points you and I are making, lol.
One of the best analogies I enjoy is the programmer turning to the project manager and saying "I'm your doctor. I've diagnosed you with malignant testicular cancer, you have 2 months to live if it isn't removed immediately. My intern can try it this week, or you can book me for next week. Oh, you'd like a discount? I think I might have a free spot 3 months from now."
Last edited by linuxgeex; 09 August 2017, 09:35 AM.
Comment
-
Originally posted by garegin View PostNo one said to throw code away. Rust is a good idea if you are starting a new project. no one is holding their hand from using testing tools. C apologists are like people who drive a Ford Pinto and say that we need safer driving.
Comment
-
The point is that we are already "being responsible". The big names like MS, Google and HP are already running every fuzz test and memory profiler and we still have security holes. All things being equal we need safer languages. C fans are strawmanning Rust advocates that we think safer languages are a cure all. They are NOT. About 70% of holes are memory errors. The rest are probably not gonna be caught with static analysis.
We are forgetting that not every dev is a security nut/programming enthusiast. My aunt has been programming in C++ since late 80s and didn't even know what lint is. The testing is probably done by a different team.
there's also gonna be trashy code written for some Taiwanese webcam. In fact most code is of subpar quality.
Comment
Comment