[Info-vax] Variable declarations, was: Re: improving EDT

johnwallace4 at yahoo.co.uk johnwallace4 at yahoo.co.uk
Tue Nov 22 11:19:06 EST 2016 

On Tuesday, 22 November 2016 13:48:15 UTC, Scott Dorsey  wrote:
> Simon Clubley  <clubley at remove_me.eisner.decus.org-Earth.UFP> wrote:
> >On 2016-11-21, Arne Vajhøj <arne at vajhoej.dk> wrote:
> >> On 11/21/2016 8:39 AM, Simon Clubley wrote:
> >>>
> >>> I wouldn't hold up either of those languages as an example of how
> >>> programming languages should be implemented. :-)
> >>
> >> People use those two languages. Most of the people have also
> >> tried working with a static typed language. Those two
> >> languages obviously meet a market demand.
> >>
> >> Are there any better examples for products than to meet
> >> market demand?
> >
> >Yes. The languages in question allow programmers to create
> >applications quickly. Unfortunately, that same market also
> >says little about creating those applications securely.
> 
> And, more importantly in many cases, it results in code that is absolutely
> unmaintainable.  It is just cryptic mush, and making any changes to the code
> requires spending more time reverse-engineering what it's supposed to be doing
> than actually making the changes.  
> 
> >Also, which market demand ? The market demand by programmers
> >just wanting to churn something out quickly or the desire
> >by people who care about such things to see those products
> >created securely ?
> 
> Unfortunately there is a much larger market for the first than the second.
> If people actually wanted security, it would be built into the hardware with
> tags and capabilities...
> --scott
> 
> -- 
> "C'est un Nagra. C'est suisse, et tres, tres precis."

Quite a few people and organisations would say they cared
about security. They especially say this after they've been
publically breached.

Fewer people and organisations actually consider (let alone
invest in) real security upfront. 

For certain specific applications, ARM's TrustZone seems to
have some applicability:
https://www.arm.com/products/security-on-arm/trustzone

Intel have been trying to achieve something similar on 
specific x86-based systems, with little visible effect to
date:
https://software.intel.com/en-us/sgx
https://en.wikipedia.org/wiki/Software_Guard_Extensions

And back in the day, didn't Intel have a capability-based
chip? The ill-fated iAPX 432?
https://en.wikipedia.org/wiki/Intel_iAPX_432

If people actually wanted security, we wouldn't be reading
about obvious exploit after obvious exploit on the latest
devices from the Interweb of Trash. Or something.

More information about the Info-vax mailing list