[luau] Dvorak: Is Linux your Next OS?
Ray Strode
halfline at hawaii.rr.com
Tue Mar 19 16:04:14 PST 2002
>
>
>Security defects are usually a result of human errors. As long as humans
>continue to write software and are not responsible for damages that these
>softwares cause, then I do not see any possible improvements in security.
>
I agree. To a certain extent this is a problem with languages, too. Humans
are imperfect and even the most experienced programmer will occasionally
free() a pointer twice or allocate 1 less element than needed for an array,
or do printf(foo) instead of printf("%s", foo) (despite what the slashdot
crowd will have you believe). We all know and love C, (it's really my
favorite
language), but it's dangerous to use. I'm not saying programmers should
stop
using C and other "unsafe" (languages that give direct access to
memory), but programmers really need to carefully audit their own source
before releasing
code. And any code that is going to be really widely used should be
audited by
other independant parties too. This is where Open Source and Free Software
really shines. The problem is people have come to depend on pre-1.0
software from the Open Source and Free Software camps. This software
usually
hasn't been audited and so as the bugs are found people are affected.
>But, there is an advantage to free/open source software over proprietary
>software. With free/open source software, you are allowed to audit the
>source code. With proprietary software, you are at the mercy of the
>vendor.
>
Yup!
>The military is now asking/telling Microsoft to improve their software
>security. They wouldn't need to ask, if they had the source code.
>
It's true, but on Microsoft's behalf they did say they were going to
focus on
security. Hopefully that wasn't a marketing move. They have already
released
some patches since then.
More information about the LUAU
mailing list